On Dec 16, 2013, at 4:50 PM, Andrew Sullivan <ajs@xxxxxxxxxxxxxxxxxx> wrote: > I claim that the first of these is not one of the forms of "attack", > as long as the users affected know that this is happening (because, > for example, the existence of the tool is disclosed as part of the > corporate policies). In the case of corporate email, the "user" is the corporation, including, but not limited to, the person who is the intended recipient of the mail. So the "user" is not under attack, because the "user" is the only entity looking at the mail. In the case of an email service, the situation is a bit different, but still essentially you are signing up for a service which includes certain features, which you agree to, and then they happen. The concern here is not about "surveillance" that happens with the user's knowledge and consent. It is not even about surveillance that is done overtly, but without the user's intent. It is specifically with surveillance that is done covertly, without the user's consent. At least, that's how I understood it.