
Lavabit founder offered to log users' metadata if FBI paid him $3,500 - d4nt
http://www.theguardian.com/technology/2013/oct/09/lavabit-metadata-log-3500-offer
======
ajarmst
Wow. Even for The Guardian, that's an amazingly misleading lede (can I
trademark 'mislede'?) What he did was propose a way that he could comply with
the legal order that he was given in a way that would minimize the exposure of
his clients, rather than the absurdly broad fishing expedition that was
demanded. He also noted that in order to comply with the order, he would need
to do extra work and that he should be compensated for that work (and $3500
for a custom coding job is hardly extravagant).

The Guardian (quite consciously) implies that he was instead selling his
clients' secrets on the open market, which is pretty much exactly the opposite
of what really happened.

~~~
tptacek
I donated to the Levison pledge drive thing. But can I sound a note of caution
about the rush to hero worship here?

What seems to have happened is, Levison got screwed by the DOJ when he refused
a request for information about Snowden's account, after having established a
track record of cooperation in the past. The original demand was for targeted
metadata. After Levison refused, the DOJ upped the ante, declared Levison
untrustworthy, and demanded keys.

It seems clear to me that Levison was the victim of an injustice, and, once
that injustice was inflicted on him, he followed through with the only ethical
option available to him. I have no trouble seeing why he's deserving of
support.

But Levison did cooperate with law enforcement. When he decided not to, it
seemed to have been in support of his own politics. When his politics became
too expensive, he seems to have backed down from them.

The lede of this article appears to be accurate.

~~~
andrewljohnson
_When his politics became too expensive_

You make it sound like he sold out, but what you mean is that _under the
extortionist threat of financial ruin and bankruptcy_ , he acceded to the
government's demand.

~~~
wglb
As a point of reference, here is
[http://en.wikipedia.org/wiki/Kathy_Kelly](http://en.wikipedia.org/wiki/Kathy_Kelly),
whose principles are not open for compromise, despite the threat of repeated
incarceration.

------
koenigdavidmj
Move the apostrophe in the title one character to the left.

He would have cooperated (as he had in the past) with a lawful request to log
a _particular_ user's metadata in an auditable manner.

Which isn't itself good; a better system would be one that makes it
_impossible_ for the service provider to fulfill such requests.

~~~
d4nt
This is the title of the actual Guardian article, and the convention on HN is
to use the linked article's title.

~~~
hnha
its not a fixed rule and clickbait should be reworded to something neutral in
my opinion.

------
Fzzr
That's really misleading. He offered to write the monitoring code so he'd be
able to trust it not to be doing more than required, and asked to be paid
$3,500 for the effort.

------
Glyptodon
This is exactly what I said in a previous thread - that they were demanding
development time from him for free. Levison comes across as a very reasonably
guy who made every reasonable effort to comply.

~~~
wmf
The feds do routinely pay service providers to cover their compliance costs,
but I guess the price was just too high in this case.

~~~
Glyptodon
At minimum it would be reasonable for them to cover both flat development,
storage, transmission, and system costs, as well as opportunity costs for all
involved. If you make me stop what I'm working on to build your pet project of
the day, it's costing more than just my time to build your pet project, but
also the time and delay that are being imposed on my other priorities.

------
CJefferson
Is this kind of thing common? When the police ask for physical files, can you
charge them for the time taken to gather and photocopy them?

~~~
DerpDerpDerp
There's some question about if the government can legally make you do work for
free, except as a punishment for a crime.

~~~
sejje
I always assumed that even then you had to be paid, like the guys who get pay
measured in double-digit-cents-per-hour to make license plates or whatever.

Although I guess forced community service could be thought about the same way.

~~~
bmm6o
I don't know much about the inner workings of the penal system, but the 13th
amendment (which generally abolished slavery) specifically allows for
involuntary servitude as punishment for a crime.

------
nicholassmith
Standard rules, never work for free. He had a request he had to comply with,
that didn't compromise the security of the service for all users, and decided
to make sure he was paid.

Easy way to make sure someone is genuinely committed? Ask them to pay. If i
was in his shoes I'd have billed much higher. Much, much higher,

~~~
wmf
There is a realpolitik at work here; if your charge for handling a
subpoena/warrant is higher than the FBI's cost to install a Carnivore/Omnivore
box, guess what they're going to do.

------
debacle
As far as I could tell, it was "user's", not "users'."

I may be wrong, but that's what I read.

------
Chirael
I don't think he should have asked for the $3,500. He was the one who designed
the system, why should the government have to pay him for him to comply with a
lawful order, which he supposedly didn't oppose (metadata for one specific
user), simply because he made it difficult to do in that system (requiring
custom coding)?

This is, IIRC, the exact point that the judge made - just because you made
something difficult/impossible in the system, doesn't mean you get to ignore a
lawful request / court order. It's not the government's fault that he designed
the system to make it hard to do something, requiring extra coding.

~~~
jonknee
Because that's how these things work. Why should anyone have to work for the
Feds for free? Google, Yahoo, Apple, Microsoft, AT&T, Verizon, Sprint,
T-Mobile, etc etc all get paid for costs incurred to aide law enforcement.
It's actually a tidy little business.

Also, $3,500 isn't worth discussing. The hearing to deny the motion cost more
than the money involved. The Feds simply wanted access to more data than they
were wanting to officially claim.

~~~
TheLegace
But then the question is why should you work for the Feds. At what point can
they force you to implement something no matter what. Your not their employee,
and you should have the right the refuse what you feel is unethical. There is
nothing wrong with that. I took an entire class on the Engineering Ethics and
now that $800 course which I loved is a waste of money for anyone that is
forced to do work against their will.

------
frank_boyd
> in an effort to appease the authorities.

That is really naive.

------
AsymetricCom
Not surprising at all. If you read between the lines of any of this guy's
public statements, it's clear that he's a manipulative black hat out for power
and money and couldn't give a shit less about his customer's security.

~~~
venomsnake
And now read the article, not only the headline.

~~~
AsymetricCom
I've read all the previous articles as well. This single article is not going
to change my impression. It's by piecing together all available information
while maintaining grasp of the obvious to we get the whole picture. But
somehow you think specific instances of this guys rhetoric, not his actions,
carry more truth than the results.

"but he was just trying to get compensate" is completely ignorant argument
because you've thrown away all context in making that argument. What is he
getting compensated for exactly? Writing a script to CRUD data in his system?
Wow, what a noble deed I can identify with! So how does this "revelation" FTFA
contradict my assertion? It doesn't, in fact, it's more evidence for it.

So why am I downvoted? Probably because it's contrary to the popular narrative
that this guy is some kind of freedom fighter when all evidence shows that
this is not true. But nevermind evidence, his actions, etc., this guy wrote "I
wouldn't do business with American IT firms" Spicy, salacious! I mean, he ran
a business in America so he'd know not to trust himself. I guess we can give
him internet points for telling us no to trust him in a roundabout way.

~~~
venomsnake
As everyone that has worked with any government knows taking money out of them
is hard and slow and full of paper process. I think he was using it as a delay
tactic, not as a personal enrichment scheme.

The color of the hat of the guy is unimportant - he could be wearing Walter
White's fedora for all I care.

He shattered his business instead of betraying his own customers. At any point
he could have just complied.

If you read between the lines - he obviously is trying to make money out of
his business. He is not a freedom fighter or crypto anarchist. But he put his
customers first.

