
Demands on Lavabit violated Fourth Amendment, lawyers say - Libertatea
http://www.theguardian.com/technology/2013/oct/11/fbi-demands-lavabit-violated-fourth-amendment-levison
======
interstitial
What a quiet, unassuming hero Ladar Levison has turned out to be. This guy had
a calling, and stuck to it. Without this incident the majority of us would not
have known how deeply principled and committed to freedom he is. Our society
is better because of him, I wonder how many more Ladars are out there? I'm sad
to say, I'm not sure I would have endured so much duress for so little reward.

~~~
bebna
Yeah, it would be so much better if we wouldn't need Ladar and co in the first
place.

~~~
reginaldjcooper
We'll always need people to fight for freedom. It would be so much better if
the masses were half as impressed with him as we are. They don't even care
enough to opt-out of airport scanners, though.

~~~
erichocean
In the last week I've read _1984_ and _Brave New World_ , and what struck me
most about both was the strict segmentation of people groups.

I've heard people say, as you do, that "the masses" will never do such and
such, and I agree. But in the past, I haven't really been willing to separate
"the masses" into their own group. Instead, I've considered myself, and you,
and others on HN, as _part of_ "the masses".

Anyway, I wonder now if I'm wrong. Maybe we _should_ think of the masses as if
they are proles (85% of the population in _1984_ )? Are "the masses" actually
just a large group of people who are—literally—no help whatsoever is securing
and protecting a just and free society for themselves and others? And worse,
completely _unaware_ that they are no help?

Perhaps the masses should be ignored, since their opinions—when they have
any—are politically powerless.

~~~
reginaldjcooper
I think they don't like the situation but not enough to turn off their TVs?
Maybe they feel powerless. Maybe they feel like the government is the good
guys and the ends justify the means. Nobody they know personally has been
waterboarded.

In my ideal society the majority has more respect for education and
rationality and ergo they would have thought, "hm, maybe this PATRIOT Act and
increased surveillance is exactly in line with the goals expressed by the
terrorists."

Or they'd at least think, "what's going on with these congressional districts,
some sort of _Uzumaki_?"

But what seems to be happening is that nobody is angry enough to even vote
differently. So I'll probably move to Canada or something.

------
pflats
The more I think on this, the more I actually start to side with the
government's argument. I hate it, but I think they're justified.

Lavabit intentionally structured their service such that there were only two
ways to get at a criminal's email: obtain a copy of the suspect's private key
or compromise the entire service. Lavabit _was capable of reading the suspect
's email_, but only by slurping from the firehouse and reading everyone's
email.

What Lavabit set up to be their greatest strength ("Nobody can read your email
unless they somehow have our SSL key") turned into a terrible systemic
weakness ("If the government want to exercise its legal right to obtain a
warrant and read a suspect's email, then the only way it can do that is to get
the key to everyone's email").

My personal real-world analogy is a safe deposit box that opens either with a
key the suspect has _or_ with a master key that opens everyone's lockbox. The
bank would defintely be required to turn over the master key. The fact that
the only key that opens the suspect's lockbox also opens every other
customer's lockbox is a fault of the bank's own devising.

(Of course, who the suspect is in the investigation is irrelevant to
everything else.)

~~~
3pt14159
The government shouldn't have the right to COMPEL someone to hand over data.
They should have the right to ASK and they should have the right to complain
publicly that AT&T or Google isn't cooperating with a specific case, but as
communications get more international it is silly to suggest that they have
the ability to intercept every communication.

This way there is some actual balance to this madness. If Google refuses to
help track down Osama, then the government can announce this, and people will
be outraged at Google. Snowden is a different matter, many people don't
believe he did anything wrong, so it is hard to take the government's side of
things.

~~~
mikeyouse
The US Government absolutely has the right (under court order) to compel a US-
based company to hand over data about a US citizen.

Do you really think that if Google had access to OBL's whereabouts and
wouldn't comply with court orders to provide the information, that the
acceptable outcome would be the CIA whining about Google on TV?

    
    
        If Google refuses to help track down Osama, then the
        government can announce this, and people will be outraged
        at Google. Snowden is a different matter, many people
        don't believe he did anything wrong, so it is hard to
        take the government's side of things.
    

Are you really suggesting that our laws should be based on public opinion?

~~~
malandrew
If giving up Osama Bin Ladin's location also required giving up the privacy of
everyone that uses Google to the CIA, then I would say that act would become
OBL crowning achievement.

He already succeeded in destroying an icon of our economy and taking thousands
of lives with it. Are you really suggesting that its acceptable for us to
debase one of the basic human rights that are the foundation of this country
in order to capture one man? This is exactly what is happening with Lavabit.

I don't think any law should be based on public opinion, but when the
interpretation of a law is potentially unconstitutional, then that
interpretation becomes a matter of public opinion that should be decided in
the US Supreme Court.

~~~
mikeyouse
Lavabit had the option of providing access to only Snowden's account. They
declined that option. The FBI then escalated their demand to get the data they
were entitled to.

This 'unconstitutional' demand from the FBI was Lababit's creation by being
obstinate to begin with. Did they just expect the government to give up after
Lavabit told them they couldn't access that data?

~~~
kingkilr
The government doesn't get to escalate, that's not how it works. The
government has structural, fundamental, limitations on its power:
[http://alexgaynor.net/2013/oct/02/thoughts-
lavabit/](http://alexgaynor.net/2013/oct/02/thoughts-lavabit/)

------
dlitz
One fact that people seem to be ignoring is that SSL private keys are used for
_authentication_. Having an SSL private key doesn't automatically give you
access to a user's data; it gives you the ability to impersonate a trusted
person/site, which can have the effect of fooling users into handing over
their data.

Has anyone analyzed whether the government has the authority to compel you to
help them impersonate you? From what I can tell, that's central to the private
key issue.

[Edit: Yes, you can passively eavesdrop if you're not negotiating a TLS
ciphersuite with forward secrecy. Added "automatically" to clarify.]

~~~
dec0dedab0de
They would also be able to decrypt intercepted traffic.

------
mjn
Fwiw, law prof Orin Kerr doesn't think this is a strong appeal:
[http://www.volokh.com/2013/10/11/lavabit-challenges-
contempt...](http://www.volokh.com/2013/10/11/lavabit-challenges-contempt-
order/)

~~~
caf
In regards to the subpoena power, a point that Kerr doesn't address is that
the subpoena power is to compel the production of _evidence_ (as his _US v
Calandra_ quote illustrates). In this case, the SSL private key is not itself
evidence - it is merely an artifact that the investigators require in order to
look for evidence.

Is it the equivalent to using a subpoena to force a third party to produce the
physical key to a safe in which the investigating authority believes evidence
will be found.

~~~
bradleyjg
FTA:

 _The key itself is not evidence, contraband, fruits, or instrumentalities of
crime, Lavabit argues, but is merely a way to get to evidence, contraband,
fruits, or instrumentalities of crime. This is a clever argument pressing an
undeveloped aspect of Fourth Amendment law, but I don’t think it ultimately
works. It’s pretty standard for computer warrants to authorize the seizure of
passwords, encryption codes, operating manuals, “and other information
necessary to access the computer equipment, storage devices or data.” I
haven’t seen a Fourth Amendment challenge to such provisions, but I would
think they are okay because they involve instrumentalities of crime. That is,
the password or encryption key is part of the tool used to commit the crime,
so it is part of the instrumentality of crime and can properly be obtained in
a search warrant._

~~~
lambda
I'm not sure you could reasonably claim that Lavabit's private key is an
instrumentality of crime, since Lavabit's private key is in the control of and
used by Lavabit, the service provider, not the alleged criminal. This would be
like claiming you could seize the entire phone network because someone
somewhere used it to commit a crime.

Now, you may be able to demand that Lavibit hand over the user's password or
encryption keys, if it is able to do so. Those could likely be considered
instrumentalities of crime. But handing over Lavabit's own private keys goes
beyond that, to something that Lavabit merely uses to keep it's communications
private with all of its customers, the people under investigation and everyone
else.

Asking for Lavabit's private key is like asking for the master key to let you
into any room the building, when only one tenant is actually under
investigation. It goes beyond what is necessary to investigate the actual case
in question.

~~~
bradleyjg
If the landlord uses identical locks on all the apartment doors, he can't turn
around and complain that turning over the key to the apartment being
investigated would open all the doors.

As for the instrumentality of the crime, even though it's Lavabit's SSL key
the government's contention is that Snowden made use of it in his alleged
crimes (by for example encrypting leaked data with the public half of the key
for transmission to lavabit's web to email gateway, where it would ultimately
be decrypted by lavabit using the private key, and then emailed to the a
recipient.) Suppose a criminal rented a car and used it as a getaway vehicle
and then returned it. The police could get access to the car for forensic
evidence from the rental company, notwithstanding the fact that the car
belonged to the rental company who was not accused of any crime.

~~~
raganwald
_If the landlord uses identical locks on all the apartment doors, he can 't
turn around and complain that turning over the key to the apartment being
investigated would open all the doors._

Why?

When setting up a business, are you required to organize it in such a way that
in the future, the government can come along and perform a certain kind of
search/and/or seizure? It that your _obligation_ , failing which all of your
customers must suffer?

It's one thing to have a law that states the government can ask for things.
But I haven't heard anybody argue that the law requires you to organize your
affairs in such a way that you can comply with requests like this "cleanly."

~~~
bradleyjg
>It that your obligation, failing which all of your customers must suffer?

> It's one thing to have a law that states the government can ask for things.
> But I haven't heard anybody argue that the law requires you to organize your
> affairs in such a way that you can comply with requests like this "cleanly."

Generally you don't have to set up your business in such a way as to comply
with requests cleanly, though there are exceptions for certain telecom
providers (not applicable here). But by the same token your inability to
comply cleanly doesn't absolve you of the responsibility to comply.

So our landlord hypothetical the landlord certainly is allowed to use the same
lock on every door, but he still has to turn over the key when it is demanded.

As for the collateral consequences to third parties the court will not assume
that the government is going to abuse their access to search more than they
are authorized to. That seems to be the biggest disconnect. The judge didn't
think that the ability to decrpyt all the traffic was a pertinent harm because
his order didn't allow the agents to look at it. Whether or not that's a
reasonable assumption as a matter of fact is an empirical question, but it is
certainly a reasonable, perhaps even compelled, one from a legal standpoint.

~~~
raganwald
One of the reasons I Am Not A Lawyer is this:

If the business is allowed to send its customers a form letter telling them
that hey has given the master key to the government, I would understand the
position that the interests of the other customers were reasonably
safeguarded.

If, for example, one of them was discussing some business and then suspicious
trading occurred, she might ask whether a government employee abused the
master key and was doing some insider trading on the side.

But if the business is not allowed to tell the customers that their privacy
has been compromised, I would not want to give the government the "benefit of
the doubt" about their use or abuse of a master key.

Trust, but verify, as they say. How does one verify when these security
letters are handed out like candy?

------
MrZongle2
Sorry fellow Americans, you don't have Fourth Amendment rights anymore.

You've got Fourth-Amendment-As-Defined-By-A-Government-Lawyer-In-A-Secret-
Court rights. They're similar, except that Federal agencies can snoop the
_hell_ out of whatever you're doing.

You know, to keep our children safe from terrorists.

------
sdoering
> " [...] a move he said would have compromised the personal details of all
> his 40,000 clients [...]"

Funny, as the number is 10 times higher, als stated by the guardian itself in
the linked post.

Not that it matters, 40.000 would be just as bad.

~~~
notdonspaulding
If the number is "1 of his other clients" it is just as bad.

This is the educational problem we face ('we' being people who have the
particular libertarian bent that Ladar is showing with his actions here). The
masses, on all sides of the political spectrum, do not understand just how
truly special our constitution is, and how offended they _should be_ that the
current holders of office are trampling it underfoot in so many ways. The 4th
amendment could be paraphrased as "if officers of the state don't have good
reason to think you're guilty, they have no right to invade your person in any
way".

If we were talking about a fluke whereby the FBI, in the process of
intercepting Snowden's communications, mistakenly saw the SMTP traffic of an
innocent user of lavabit, OK, mistakes happen. But that's not what's going on
here. The FBI requested, and was granted by a federal judge, the ability to
search people for whom it had no probable cause of criminal action. Ladar's
side brings this up in hopes that the judge will understand that more narrow
measures would be just as useful to the FBI, without violating anyone's 4th
amendment rights (including Snowden's since he _did break the law_ ) and
without destroying the core of his business.

At least for citizens of the US, if the government isn't prepared to arrest
you and press charges against you, it's supposed to leave you the heck alone.

~~~
swalkergibson
> including Snowden's since he did break the law

As far as I know, Edward Snowden has not been tried and convicted in any US
jurisdiction that I am aware of. I typically do not like being pedantic, but I
can say if I was on that jury I would be hard-pressed not to push for jury
nullification
([http://en.wikipedia.org/wiki/Jury_nullification](http://en.wikipedia.org/wiki/Jury_nullification)).

~~~
tedunangst
If you want to be pedantic, per your link jury nullification occurs in cases
where the jury agrees the defendant is guilty but deserves to be acquitted
nevertheless. Or in other words, did break the law.

------
pfortuny
Pity is, 'lawyers' say that, we all agree on it BUT, and this is the big BUT,
as longs as the secret 'court' thinks otherwise, we are completely helpless.

If (another big IF) this case goes to the SCOTUS and they (after quite a bit
of money) they support Ladar and all of us, then you can take it for granted
that a new 'decision' will take place in a secret 'court' which 'reinterprets'
the facts.

~~~
csandreasen
There is no secret court involved in this case. The initial case was overseen
by the US District Court for the Eastern District of Virginia and is currently
in appeals at the 4th Circuit Court of Appeals [1]. The Foreign Intelligence
Surveillance Court has no part in this decision.

[1]
[http://www.wired.com/threatlevel/2013/10/lavabit_unsealed/](http://www.wired.com/threatlevel/2013/10/lavabit_unsealed/)

------
ffrryuu
We are all Texans now.

