

Edward Snowden’s Email Provider Shuts Down Amid Secret Court Battle - bcl
http://www.wired.com/threatlevel/2013/08/lavabit-snowden/

======
mpyne
"Court records show that, in June, Lavabit complied with a routine search
warrant targeting a child pornography suspect in a federal case in Maryland.
That suggests that Levison isn’t a privacy absolutist. Whatever compelled him
to shut down now must have been exceptional."

Wow. Now I'm even more interested at what the NSL/court order was looking for
here.

~~~
cheald
I will put dollars to donuts they were after Snowden's contact list. They want
to know about his deadman's switch, who holds the keys, and who they have to
squeeze to defuse that particular landline.

~~~
shasta
They're not asking for any particular information that lavabit has now. If
they were, shutting down wouldn't be a solution to not handing it over. They
are asking for additional access going forward.

~~~
cheald
I know, but I don't think it's unreasonable to expect that Snowden may be in
contact with people that his pursuers are not yet aware of. Tapping his
communications would give them a much larger attack surface.

------
oo7jeep
TL,DR: "This experience has taught me one very important lesson: without
congressional action or a strong judicial precedent, I would _strongly_
recommend against anyone trusting their private data to a company with
physical ties to the United States."

~~~
conductor
If this is happening in the USA with its famous constitution, then well, I
think the end of this statement can be easily converted just to _any_country_.

~~~
RyanMcGreal
What makes the American Constitution exceptional is not its content but the
fact that it was written in the late 18th century. In the intervening two
centuries, several other industrialized liberal democracies have adopted
constitutions that are broader and more inclusive than the Bill of Rights.

~~~
AnthonyMouse
There are very few countries with as broad a constitutional protection for
speech as the United States.

The problem now is that we have a government which has discovered effective
work arounds for those protections. The government can pressure intermediaries
who don't have the right incentives to vigorously defend their users by going
to court, and then the actual targets of First Amendment violations never
encounter a court proceeding in which to raise a constitutional defense, they
just get cut off by the "private" service provider. The government can try to
gag everyone involved so that, again, the people whose privacy or right to
anonymous speech is invaded are never told and so they can't challenge the
constitutionality of the invasion.

If any of this could be challenged in a public court proceeding there is a
good chance the courts would find it unconstitutional. That's why they're
twisting themselves into such contortions to make sure that never happens.

~~~
jivatmanx
With "Parallel Construction", we see an explicit attempt to avoid Judicial
Review, with the DEA mysteriously dropping charges whenever a case goes to
court. Which is bad, as we've now trusted the constitution entirely to
Judicial Review - congress has washed their hands of a responsibility to
uphold it.

I suppose you could argue that the DEA knows it's unconstitutional and is
willfully violating, and that raises even more troubling questions.

I also wish the constitutionality of FISC court itself could be challenged, as
I think it clearly doesn't fall under article 3. But I have no idea how this
would be done.

Some countries, like Germany, have Supreme Courts with more interventionist
abilities, and more recourse against willful violations.

------
ChuckMcM
So for those of you wondering about Jury nullification, the way it would work
in this case is that Levison would reveal that the NSA was hounding him with
NSL letters, they would charge him with violating the terms of the NSL and the
jury would acquit him anyway.

I hope we can get a case like that to move that aspect of the conversation
forward. It helped get bad laws off the books in the civil rights cases and it
would help here.

~~~
oleganza
Who would risk their own life to do that for "the good of many"? People like
Snowden are exceptions, not a rule, because the guns are out there pointed to
everyone. Why don't we instead of asking individual heroes to fight a killing
machine called "the state", do that:

1\. Acknowledge the evil of the state. 2\. Find practical non-violent ways to
boycott it. E.g. blacklist personally everyone involved in violent aggression.
Switch off USD to Bitcoin. Expose violence of the state consistently in every
relevant circumstance etc.

~~~
jlgreco
I doubt, even in our current situation, that Jury members would become targets
if they refused to convict.

~~~
jmomo
It would never get that far. The "jury selection" process weeds out average
people and leaves only the most boring, dumb, and/or untruthful jurors.

------
lawn
Extensive discussion here:
[https://news.ycombinator.com/item?id=6181081](https://news.ycombinator.com/item?id=6181081)
and here
[https://news.ycombinator.com/item?id=6180846](https://news.ycombinator.com/item?id=6180846).

------
siculars
Distributed cryptography/services in multiple jurisdictions is the only
permanent solution or as a delaying tactic at a minimum. Where keys or parts
of data or multiple onion style encryption rests in a chain of services
distributed globally in multiple jurisdictions. Something like the Ceph file
system but for everything.

~~~
betterunix
Sounds like anonymous remailers to me. Unfortunately it is impractical to run
a remailer in many countries, the USA included, because of the approach law
enforcement agencies take to remailers (basically, "attack the datacenter with
a team of soldiers").

------
mililani
So, since HN is filled with smart engineers, how should one build a
sustainable, fully encrypted email service untouchable by the Feds?

~~~
betterunix
It already exists. Use PGP, send messages through anonymous remailers. If you
cannot use anonymous remailers, post messages to Usenet in
alt.anonymous.messages using Tor. If not Tor, then via a proxy server. If none
of the above, just make sure you are not doing it from your house. If even
that is impossible, know that traffic analysis will be possible.

Why is this something that needs to be repeated to the technically skilled
people on HN?

~~~
sillysaurus
Tor is funded directly by the US govt. Something like 60-80% of their annual
million-dollar budget.

Maybe being superstitious isn't helpful, but in this instance, I'm not so sure
Tor is able to be relied on.

A proxy server won't work for the same reason a personal server wouldn't work.
It's tied to you eventually, either through a paper trail or a packet trail.

Oh, and drop the condescending attitude, okay?

~~~
betterunix
"Maybe being superstitious isn't helpful, but in this instance, I'm not so
sure Tor is able to be relied on."

Tor has been analyzed extensively by cryptographers and security researchers;
there is literally a mountain of published research about it. It is operated
by an independent organization. I would be more cautious about the Linux
kernel, a vastly larger codebase that could and probably does have numerous
back doors, than about Tor.

"A proxy server won't work for the same reason a personal server wouldn't
work. It's tied to you eventually, either through a paper trail or a packet
trail."

Which is why it is below anonymous remailers and Tor on my list. Proxy servers
are better than nothing at all.

~~~
sillysaurus
_Tor has been analyzed extensively by cryptographers and security researchers;
there is literally a mountain of published research about it._

And that research says that if an entry node and an exit node are both under
control of an adversary, then that adversary can deannonymize the target.

I don't know enough about it, but I know that deannonymizing someone is a
matter of resources, not a matter of ability. And the USG has a _lot_ of
resources.

~~~
jborica
Much in the same way that communicating insecurely with 90% of your contacts
is not going to help PGP keep your emails encrypted, requesting sites from
outside of the tor network is not going to help keep your internet usage
anonymous. It's a problem of behavior and adoption rate

------
conductor
If you are looking for an alternative to Lavabit, try RiseUp [1].

There is a nice read in their "About Us" page [2]

[1] - [https://riseup.net/en](https://riseup.net/en)

[2] - [https://help.riseup.net/en/about-us](https://help.riseup.net/en/about-
us)

Added:

Though, it is based in Seattle, so what happened to Lavabit can happen to them
too, unfortuneately.

~~~
grote
There's also [https://mykolab.com](https://mykolab.com) hosted in Switzerland.
What's more: It is 100% Open Source, so you can host it yourself decentrally.

~~~
mpyne
And you probably should, if you want to maximize your legal protections
against governments where third-party access to your data gives the government
easier access to your data.

------
mjfl
So what happens if this guy starts telling people what happened in that
courtroom? He gets arrested? What happened to freedom of speech?

~~~
wmeredith
It has been passed over in favor of fighting the terrorist boogieman.

~~~
roc
... Harry Wayne Casey?

------
mtgx
" _after_ secret court battle"?

I got the impression the court battle hasn't started yet over this. Or is he
talking about that child porn subpoena? But the headline is confusing.

~~~
grey-area
His letter states that he has already made representations twice to the
authorities (the FISA court?), but is obliged to keep those secret:

 _As things currently stand, I cannot share my experiences over the last six
weeks, even though I have twice made the appropriate requests._

[https://lavabit.com/](https://lavabit.com/)

~~~
dragonwriter
> His letter states that he has already made representations twice to the
> authorities (the FISA court?)

A Foreign Intelligence Surveillance Court order wouldn't be appealed to the
Fourth Circuit Court of Appeals, it would be appealed to the Foreign
Intelligence Surveillance Court of Review and from there to the US Supreme
Court; from the context, then, its likely either a District Court under the
Fourth Circuit or the Fourth Circuit itself (possibly both, given the "twice
made the appropriate requests") to which application has been made.

Which would make sense if Snowden was targetted, since he is a US person, and
an order for surveillance targetting him would go through the regular District
Courts, not the FISC/FISCR.

------
logn
Do not use webapps.

