Hacker News new | comments | ask | show | jobs | submit login
Lavabit abruptly shuts down (lavabit.com)
1831 points by cstuder on Aug 8, 2013 | hide | past | web | favorite | 640 comments

For the unfamiliar: Lavabit was a webmail service, that (claimed to) encrypt emails in such a way that they literally did not have access to the content stored on their own servers. The linked email would lend some credence to those claims. It was originally designed in contrast to gmail scanning your email for targeted advertising, but my imperfect memory says that their system should also have been resilient to "we have a warrant, hand over the data."

Edit: I was a PM on Exchange and Exchange Hosted Encryption for some time, so it looks like Lavabit tried to fight the government on whether they are required to release private keys. I've seen one other customer try to fight, and it was not pretty either. The US government in these cases are serious.

Takeaway for fellow hackers: If you are building a system that stores user-generated data, prepare for the eventuality that someone other than the user will demand to see it.

In general, the prevailing theory is that all companies are required to release private keys or passwords needed to unlock evidence. As a consequence of Lavabit fighting, they likely got slapped with some pretty harsh contempt of court rulings, including a demand to record all private keys needed for decryption going forward. The worst case (that I can talk about) I saw involved requiring a specific employee be demoted due to improper care of a company's systems.

What's sad is that because Lavabit was such a small service provider, they never had the previous rounds of government threats and must have been caught off guard. As I've said in past posts (before Snowden), it is common knowledge among large-scale service providers that the local government can always come in to take a look. Doesn't matter if you are in the US, EU, or China, you have to comply. I've seen the US DOJ threaten pretty harshly a customer who simply asked about 'options' of how to comply.

Past post with explanation: https://news.ycombinator.com/item?id=5754641

P.S. Right or wrong is a separate conversation...

The worst case (that I can talk about) I saw involved requiring a specific employee be demoted due to improper care of a company's systems.

Would you expand on this? Are you saying that a court was meddling directly with an individual company's hierarchy?

(Forgive a 5-year-old memory of one of many cases -- I probably have the numbers wrong) It went something like this: The director of engineering approved a log retention plan that kept access logs for 7 days or something. They wanted to reduce costs and issues with log files were the top reasons for getting called to support the service. The government needed to demonstrate that someone had accessed the service 14 days ago, and the government could not understand why the 'minimum' of 30-day access logs were not present. I think something else was missing, too. There was a back-and-forth, and since the company couldn't produce the logs as requested the government got a contempt of court with the understanding that the director would be demoted to an IC and not be anywhere near the production service. I think the company lawyers agreed to the conditions to make a worse outcome go away.

If it's not clear, there were strong personalities involved. One way to tell the story is the director went out of his way to poke a bear and got mauled. Another way to tell the story is that a bear went walking down main street looking for trouble ("How do we know you didn't change the retention policy to protect the individual?"). In both cases the guy lost his hand and the bear is still loose.

Is there a legal precedent for minimum time that logs must be kept, say for an email service or messaging service? I'm talking about US policy, if that makes it more clear.

Generally speaking unless you are specifically required to keep records for a regulatory purpose (i.e. tax), you don't have to keep logs at all. Lavabit used to keep logs for a limited time (I think a week?).

More concerning are key disclosure laws [1] and their crazy penalties that seem to be creeping in all over the world.

[1] https://en.wikipedia.org/wiki/Key_disclosure_law

No, but you must follow your own policy.

You also need to take reasonable measures to preserve relevant data when you have reasonable cause to suspect that litigation or an investigation will begin.

Not having a policy can hurt you. If you have no deletion/retention policy, and happen to destroy data for some random reason when a litigation begins, you or your company may be in trouble.

Note: IANAL, and different industries or data categories have specific legal requirements or best practices for retaining things.

It was likely agreed on (possibly via contract) to meet the compliance policy of the government agency. So I could see breach of contract. I don't know about legal precedent for logs per se, but there is precedent for retention of other files. For instance HIPAA involves some well known regulations around keeping and destroying medical data.

Software/technology is quickly becoming a place full of dangerous legal landmines.

so no matter how good encryption gets, government will simply ratchet up the penalties; financial and/or prison time; to keep pace.

we simply can be guilty hiding the nothing we have to hide

Don't be so bleak. If you're going to do something that will get the attention of any government, here's a simple rule to follow. Don't use 3rd parties. And if you must, do it in a way that can never be traced back to you in the "real world". It isn't hard and it isn't even illegal.


Step 1: Don't buy a book called "How to be Invisible" from Amazon.

Yup, nothing new, even in Europe (Finland). http://en.wikipedia.org/wiki/Penet_remailer

ziplip shut down in 2005 citing an inability to maintain user privacy in light of new legislation. Their servers were in Ireland, I think.

I think the worst they can realistically do is 1) threaten contempt if you can comply but don't and 2) threaten to disrupt your business operations by seizing servers. There are gag orders on certain legal requests, but you don't have to talk about it to not comply (if you can't comply).

As long as you can't comply, I don't think there's an uncounterable risk in the US, since we don't have any key disclosure requirements (the exception being CALEA, which only applies to the PSTN; I'd skip CALEA for an interconnected VOIP system and fight them in the courts/media, personally). Presumably they could put other weird pressure on you like threatening to investigate your nanny's immigration status or whatever, but enh.

I still maintain that if you do things properly, you can operate safely in the US while resisting pressure from USG. You can't literally wipe your ass with an NSL in front of the agents, but if you don't have it, and can't get it, they're at worst a DoS. Forcing a provider to implement a huge new logging infrastructure would be an interesting 14A issue, and one could have a system where even that wouldn't recover customer keys.

IANAL of course.

Could you name some examples from Europe? Cases when police physically takes servers are common. But I never heard of case where police would require encryption keys for 'maybe we will needed it'.

Regulation of Investigatory Powers Act (RIPA) in the UK is relevant here.


Also, what prevents the guy from setting up that service in a European country (Switzerland is not subject to EU laws)?

I don't see why his 10 years of work would be lost.

He might not want to relocate.

It's risky to relocate the servers in another country. You will have to obey the other country's laws, but the US gov will still claim jurisdiction if the staff and/or owner is in the US. The US will even claim jurisdiction as soon as you use a ".com" domain [1]

Of course the hosting nation will also claim jurisdiction. So relocating your servers to one country while staying in another will expose you to two national laws as well as any international agreements between these nations.

[1] Richard O’Dwyer, a UK citizen who ran a UK-based web site, was facing extradition to the U.S. because he used a .com domain. - http://www.theguardian.com/law/2011/jun/17/student-file-shar...

He could still just sell it to someone in another country. Neither the service nor his 10 years of work would be lost.

Depending on how bad the government wants the data, that's essentially just charging a high premium to get all the data instead of a specific user's data.

If the purchasing party is less scrupulous, you've thwarted nothing. In extreme cases (or for smaller companies), the purchaser could even be a government front.

I'm pretty sure there are known entities offshore you could sell to who are unlikely to be government fronts. Imagine selling to someone Wikileaks affiliated...

> P.S. Right or wrong is a separate conversation...

No it's not. This is wrong, plain and simple. Wrong is wrong, and black is black.

Well, he may not have been able to hand over the old data, but he may have been asked to include an exploit for all mail going forward. That could have been as simple as the authorities inserting some middleware.

This actually did happen with hushmail. It's hosted in Canada, but the US leaned on them hard enough that they ended up backdooring the client to let the feds snoop on the targeted user.

That is not quite what happened. As the link below says, it was not an exploit. Users were warned that using pure IMAP access and/or webmail, which was a convenience feature and continues to be with them, would require your private key. It was recommended you do not do that, and use the provided Java applet or mobile app. The person in question in those criminal proceedings used one of those convenience functions, if memory serves.

Not that defend Hushmail. I do not, fuck 'em for that. There are plenty of services like Lavabit that avoid that problem, but that requires intelligent users/criminals/what-have-you.

"It was recommended you do not do that, and use the provided Java applet"

Which is equally insecure, as the company could easily insert a back door the next time you load the applet. Hushmail was and is snake oil.

I think Hushmail are pretty up front about being no protection if the person who wants access has a court order. I would not go so far as to say 'snake oil'.

From wikipedia: "The issue originally revolved around the use of the non-Java version of the Hush system. It performed the encrypt and decrypt steps on Hush's servers and then used SSL to transmit the data to the user. The data is available as cleartext during this small window; additionally the passphrase can be captured at this point. This facilitates the decryption of all stored messages and future messages using this passphrase."

"Hushmail has stated that the Java version is also vulnerable in that they may be compelled to deliver a compromised java applet to a user.[5][7]"

In [7] "Brian" working for hushmail responds to a wired journalist agreeing that the applet was an attack vector and Brian even points to a schneier.com article stating the same[2]. He did weasel around a bit about "viewing applet/HTML source" which he admits is no use for determining the validity of the applet as it is compiled.

[1] https://en.wikipedia.org/wiki/Hushmail#Compromises_to_email_...

[2] https://www.schneier.com/essay-191.html

[5] http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.htm...

[7] http://web.archive.org/web/20071019225245/http://blog.wired....

"I think Hushmail are pretty up front about being no protection if the person who wants access has a court order"

It is not just about having a court order. The court order is not some kind of secret key that decrypts messages, it is just a way to compel Hushmail to decrypt those messages. Pointing a gun at a sysadmin would work just as well. Paying a sysadmin would also work. Getting a spy to work for Hushmail would also work.

Let's say you are trying to protect the names of activists in China. There is no reason to think that the Chinese government could not find a sympathetic Chinese immigrant / national with an IT background who is willing to pass on some messages every so often. You can imagine other scenarios -- maybe you have highly valuable business secrets, maybe you are running a political campaign, etc.

Snake oil is the right term for Hushmail, because that is what they deliver. The only term that is more polite than snake oil is "key escrow," but why should we be polite here?

For sure, but can I fault idiots for inability to read the documentation and caveats? Maybe, but not really lest most on this site could not "do computers" professionally.

Unfortunately, the trust problem you mention is pervasive. It was a signed applet IIRC, but we both requires you trust the original and modified applets from the developer. I am wishing someone released an auto-encrypting PGP service and client, open-sourced on purpose.

We all know only four people would read the source of that, and two of those would verify the dev key given with the release. :-)

The correct way to do a signed applet or signed extension is to give the signing key to a third party who has responsibility for auditing it, or at least being "out of the subpoena chain" so when bad stuff happens, they suddenly stop signing new versions.

I kind of wish there were a (well armed) organization which did this for other projects.

Well, it looks like we got ourselves a reader.


Unfortunately, I cannot find a clip of this from the movie Ronin. One of my favorites with Robert DeNiro as a criminal or spy, and not even his own gang of crooks are trusting of him. Among my many favorite quotes (I am reviewing all of them and laughing; the movie is a goldmine [0]):

Spence: You think too hard. Sam (DeNiro): Nobody ever told me that before.

[0] http://www.imdb.com/title/tt0122690/quotes

"I'm try'n to think, but nuthin happens!" -Curly Joe


In my eyes a backdoor is a subcategory of exploit. But the term used doesn't matter. The point is that they altered the software used by their clients to not only encrypt emails with the key, but to forward copies to be given to the government.

The warning they gave out was to point out lower security, it does not absolve them of the obligation to try to keep their severs secure.

The feds wanted to install a prism device on his network, not sure if he shut everything down to prevent that from happening or if there are other factors at play.

The guy who runs the service is one of my best friends. He's the kind of guy who would burn the server farm to the ground before he did something that violated the terms dictated in his privacy policy.

If true, you probably shouldn't put these details here (especially mentioning that he's one of your best friends).

I was curious to know, of course, but I'm afraid that this could somehow be used against him later.

Perhaps such a request is why they have shut down?

That's reasonable. And while you can get already in trouble for not having stored user data in the past, you cannot really refuse to store user data from now on. Ergo probably this surprise shutdown now … :(

And this reads as if someone was trying to force him to install means to spy on his users, and it wouldn't be surprising if the aim was to spy on Snowden directly (if he really used this service).

It may be simpler than that. Even if Snowden has walked away from this service, the publicity may have attracted a lot of people the authorities find interesting, including legitimate (whatever that means) persons of interest.

The political backlash attached to slapping an NSL on "Snowden's email provider" would have looked obvious to a 5-year-old, and any real player worth its salt would have run from Lavabit as soon as it hit the news.

No, this has nothing to do with common criminals and everything to do with Snowden.

NSL's come with a gag order. There wouldn't have been any backlash as no one would have known about it.

He shut it down because that was the only way to legally prevent the government from spying on his users.

Good point. While controversial, this is exactly why, too. (Fed's don't want to tip their hand).

Haven't NSL gag orders been found unconstitutional?


I wonder why he didn't challenge it.

Because challenging it from a solitary confinement cell might not sound that appealing.

Somebody running a service like Lavabit woild be a very motivated individual, civil disobedience was a real risk.

Didn't Italy nail a mob boss a few years ago because they were using a common substitution cipher?

What I find interesting is that the lavabit homepage says that the owner has been fighting this for 6 weeks, but the reporter that released Snowden's email address did it July 13th.

The Government has been trying to get into Lavabit longer than that.

Although, perhaps they already knew that Snowden was using Lavabit and started the process immediately after his flight to HK.

His Lavabit address has been in PGP key servers since April: http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x4DB8A...

That's exactly what happened. He can't afford to continue fighting the feds in court, so he's shutting everything down. His lawyer is expensive and he will go bankrupt if he stays the course.

If anyone can recommend someone who can provide counsel pro-bono let me know and I'll forward the message along.

More likely he was compelled to turn over emails relating to the case, and he doesn't want to have to be forced to do that again, so he's shutting down the service.

Possible, but unlikely given the nature of the service. It sounded like he wouldn't have been able to do that.

The data may have been protected, but the senders and recipients probably were not. Similarly to SSL, it encrypts the traffic, but does not hide which websites you use.

I bet that data are still valuable to the government.

I have been thinking of starting a business in the privacy space. This has shown me that that all customer data needs to be periodically obliterated in safe way and that a kill switch or nuke button is needed as well to destroy everything on a moment's notice.

Where and how to host is a major concern. Cloud, etc., is obviously out of the question.

Apparently a business where some guy is moving paper mail icognito from one point to the ther could be a possible business. I guess lawyers may want this, especially lawyers working to defend issues related to abuse of privacy breach or executive actions. Of course it will be hard to advertise such business.

If you'll be trying to keep this secrect by creating small cells of people not knowing each other and smart mailboxes preventing people exchanging t identify each other, you'll become suspect of supporting spying activity.

So you better work for the minimal number of clients and charge a lot to remain sustainble.

My understanding is that as long as keep the info concentrated in one spot (i.e. Paper mail) it is easy to grab it. If you dilute and spread the info using shared secret and hide it smartly in images or random text, this info would be much harder to catch but could use conventionnal transport means.

Extending this idea further, turn the mail network into one big world wide hologram. The information would then be spreaded, available from everywhere, very hard to censor, and private since you need some specific reference signal to extract the info. It's like shared secret.

Note however that the need to catch evil people using such communication system for evil means is needed. Just considering our own privacy regardless of what can go wrong with such system is in my opinion selfish. We will always need method to protect against abuses.

Reminds me of the plot in the game Mirror's Edge, where couriers would physically deliver data instead of electronically, since there is no way to be sure that it isn't being intercepted. Such a thing might already be in practice already.

So... there would be market for a secure email service that ran on a ship/vessel that was permanently in the middle of international waters?

(might have to have multiple vessel's for redundancy purposes)

IANAAL, but I'm guessing the U.S. would just pressure your flag state to revoke your license. Then they'll arrest you for piracy or something. Or even better issue a letter of marque and reprisal so private citizens can hunt you down and take your stuff.

Why bring in privateers? They'd complicate it, and mean reneging on public commitments. Just label the boat as terrorist and send the Navy or Coast Guard.

By "better" I just meant it would be "cooler", in the sense of invoking old, rarely used provisions of the Constitution. But you're right, Navy/Coast Guard would be much more effective.

So guarantee you will be regarded as a "terrorist" and then put yourself somewhere in the middle of international waters?

At least when the ship disappeared off the face of the earth it would be easy to figure out what happened.

Pretty sad world we live in that this is entirely realistic.

I suppose, but looking at it another way: for the first time in human history we can imagine a world where this wouldn't be the case. We are closer to that world than we've ever been, even if right now the west is moving away from it again.

People have thought about this, and Sealand actually hosted a very secure datacenter.

The problem is that you have to connect up to the Internet somewhere, and they can always get you there. Either tapping and listening in on sessions, or just plain disconnecting you.

It seems like the most secure way to send a message these days might be snail mail. While I know the feds to open it from time to time in specific cases, they definitely don't open all.

no, they don't open the mail, but they scan all the addresses as part of their routing process. We should assume that all postal "metadata" is stored forever.

As a veteran of the USPS software industry, I wouldn't worry too much.

hilarious!! since we on the subject, are there any veterans of NSA software industry who can share some insight?

I assume they would be under some sort of NDA.

LOL :)

There is a lot to be said for Snail Mail in that regard. There are far more privacy guarantees (i.e. clearly defined requirements for warrants, and stricter terms) relative to electronic forms of communications.

They take a photo of the front and back of every piece of mail that is sent. Your content is safe, but they still get the metadata.

Couldn't you just leave off the return address? In this case there's not much metadata to collect except for the recipient address.

I did a fun experiment once. I wrote the actual recipient address in the return address place, and put a non existant address in the front. I also didn't stamp it. It did arrive to the recipient 2 weeks later, with a "return to sender" banner.

Working in the mailing business and dealing with the USPS carriers; they are not dummies (the usual people warning here) and if someone gets curious on why so many pieces arrive at a certain address w/o postage, I would expect that address to get flagged for a special looksee.

You can also fake the "from" address in an e-mail, and send it from somewhere in the world via vpn

It wouldn't be resilient to interception of mail going to and coming from lavabit however, since email is essentially a plaintext public protocol.

This is somewhat true. RFC3207[1] describes opportunistic TLS encryption for SMTP communications. Our postfix deployment uses this and a fair amount of our email is sent over TLS-encrypted SMTP.

Of course, an MITM attack could hide the STARTTLS option and there are questions around the strength of the CA cert infrastructure, but SMTP is not just plaintext.

[1] https://tools.ietf.org/html/rfc3207

The problem is that you don't sent to the destination SMTP server. You send to your SMTP server. That goes at least one hop via SMTP and eventually ends up on the destination's domain server.

So even if I setup and host my own SMTP server, and even if I verify the TLS certs on my side, I have no way to verify that I'll get (1) A TLS connection (2) with an authenticated cert all the way to the ultimate destination.

It's beyond my control to ensure that I'm secured when emailing to an arbitrary domain with arbitrary configuration.

It's quite likely however that Lavabit, being a service that focusses on privacy, delivers enough emails directly to the target server over a secure protocol to cause problems for the NSA in this investigation.

The problem is that all of the people you correspond with use gmail, which participates in PRISM. No amount of transport encryption or storage encryption on your own end will stop Google from sharing that data with US authorities.

Well anything that hits an MTA or MDA and sits in a queue somewhere on rust is liable to be snagged. That's usually every host between you and the destination MUA.

The whole protocol and mail delivery system is fucking hopeless.

As an ex-ISP mail architect and ex-operations guy, I hope the whole existing email protocol suite and architecture dies in a fire.

The problem is that, left to market forces, we would end up with an email solution that looks like (or is) Facebook.

I'd rather we stopped talking electronically than ended up with Facebook.

Your username combined with your claimed former work experience is utterly hilarious--thank you for the levity in this dark time.

The name came after many years of filling in paperwork :)

"Participates" is the wrong characterisation, they are under the jurisdiction of FISA orders, if the NSA wants to call that PRISM, it's their business. Also worth mentioning is that providers in non-US countries are subject to their respective country's surveillance efforts, so either way it's a red herring argument.

"Participates" is a perfectly acceptable word for silently complying with a law. Especially for an international company that could have changed jurisdiction of the relevant servers.

"Participates" is not at all an acceptable word for actions taken under duress, and for an international company, changing jurisdiction of the relevant servers would have made no difference whatsoever. As long as your flesh-and-blood body is located in the US, or in a country that chooses to enforce US law in such matters (or will ever be so located in the future, even for a stopover on an international flight), your servers could be on the moon for all it matters; you still have to obey the government.

There are different levels of duress. Nobody pointed a gun at Google. They could have refused if they truly wanted to.

Can the US serve a warrant to a server in Europe run by Europeans? I was assuming the answer was no, in which case you don't need violate any laws or worry about repercussions.

...which is why you encrypt the contents before you send it, yes?

Considering that most other people don't use email encryption, no.

This is why the speculation that even with encrypted emails, to and from address is in the clear and that could be valuable info to government. So we're back to meta data in plain text both in transit and storage.

What? I don't think this is true at all. Plaintext data, email or not, can be protected with robust encryption. Your end security is the main consideration, but that has nothing to do with the protocol or content, really.

The difficulty is that most recipients of your message will not be willing to use whatever crypto technology you've chosen. PGP is probably the most popular email encryption system, but good luck finding people who use it. I work in the software industry, and I don't regularly correspond with a single person whom I know to use PGP.

It'll be interesting to see whether companies start to shift to using encrypted email over the next few decades - it's not that hard to set up if you know the counterparty will be using encryption of the same kind, and if it's not a service bought in from an external company you can fairly sure it is secure.

Companies could at least insist that intra-company email is encrypted, which would be a huge amount of their normal communications, and then extend that outside their boundaries with partners who also accept (say) S/MIME.

At present I sign my mails but like you have no clients who use encryption.

Key exchange is still a huge issue. Sure, you can post a public key online, but I have no guarantee it is actually your key. How do I do business with somebody new?

The core problem with widespread crypto use today is not encryption, it's trusted key exchange.

Put the fingerprint in your business cards? In fact, maybe we finally found a reasonable use for QR codes.

Fingerprint in hex at the bottom of the business card is something I've done for the past 15 years -- pretty much the only reason I even bother with business cards these days.

This is a really interesting problem that needs to be solved. We need some sort of P2P secure protocol to exchange keys between people. Bypassing all sorts of stuff and connecting directly and sharing over an encrypted channel. This sounds really tough the way the internet works right now but I think solutions will come up now that there is a real need for them.

Exchange/Outlook already does intra- and extra-company encryption.

This comment implies you actually trust Microsoft's crypto implementation.

Nope, only that companies trust Microsoft's crypto implementation.

But as it happens, yes, I trust our crypto developers. They're much better at it than most of HN.

I don't. I've seen the source (via shared source) and there is a big fucking hole where the CSPs should be.

And the rest of the code is pretty shitty in places.

Thanks, I didn't know that.

"encrypt emails in such a way that they literally did not have access to the content stored on their own servers"

how is that possible? I'm curious to know as to how they achieved that technically. I mean if the user is reading an email in their browser, then it would've had to have been created on the server first.

Lavabit's explanation of their security, via the Wayback Machine: http://web.archive.org/web/20130530023856/http://lavabit.com...

It's just how encryption works; you don't store the plain passwords or keys the users submit to decrypt their stuff, thus you have no way to access it.

It all happens on the client side. Servers only store the encrypted emails and have no idea what the contents or the keys are.

The same server(s) also control the JavaScript code run by the client/browser. They could serve special code (to any one the government wanted to spy on) that returned their password to the server.

That's exactly why LavaBit shut down, looks like they were forced to do that.

right, but incoming and outgoing emails from lavabit servers won't necessarily be encrypted, unless the other party is using GPG or whatever - it's just the way they're stored.

Hushmail is a similar service. There's been some speculation that authorities could compel the owners to perform a sort of internal phishing scam to get the passwords.

It's not speculation:


> a federal prosecution of alleged steroid dealers reveals the Canadian company turned over 12 CDs worth of e-mails from three Hushmail accounts, following a court order obtained through a mutual assistance treaty between the U.S. and Canada.

it sounds like they were asked to modify their system to retain data

So he pretty much does say why he's shutting down, the US gov. has demanded access and he said no. Kudos for standing up for his users, and he does raise an interesting point at the end:

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.

The worst thing about this situation is that other governments like the UK, France and Germany are equally guilty.

For history on lavabit, see the cache, this page is now gone:


> Kudos for standing up for his users,

Where did you get this one from? I think its a bit of a stretch to say he is "standing up to his users". I would rather say he is standing up against the GOV, and that's nice for a change, but we have no idea what has happened with all the emails residing on their servers.

Knowing just a bit that I know how the us gov operates, I am pretty sure he was given two options at exact the same time: either you accept our black box, OR you will not. If you not, then you are not allowed to delete or alter any messages on your servers. Given the business lavabit was in, I am sure Feds will punish him to the extends of the law (or more) if he decides to "stand up to his users" and delete content of their mailboxes.

Hello, I didn't say stand up to, but for (i.e. on behalf of) . The most he can do is stand up to the government, for his users, in court, deleting servers would not be a wise move, and I wouldn't expect it of him, would you? Just standing up and saying no in a climate like this takes some courage, for which I admire him.

by the time he is done wish courts defending their users, Feds will be given chances to copy all users data over and over again about 250 times. So it doesn't matter whether he loses or wins. Not a bit.

I thought it was encrypted. If they are, they can copy user data as much as they want, they will get nothing. However if it was still running, they could ask him to intercept password, network traffic, etc...

Well, I can't agree with that. I do believe the only way to fight this sort of overreach is in the courts, and in the court of public opinion. Publicly standing up to bullying like this is the only way to provoke larger discussions, and ultimately to stop such actions in the future. In addition he doesn't have permission to just unilaterally wipe all his users' data, even if he wanted to.

It was too late for his users' data the moment representatives of the government walked through the door of their data centre/offices, but their rights he can stand up for, which is what he has done.

Yep. Now I naturally have to e-mail all my friends and work contacts (from my throwaway Gmail address), not to mention the person I know who opened a personal Lavabit account on my recommendation, announcing to all that my e-mail address is changing - and such a message wouldn't be complete without mentioning the reason why, venting a little of my shock and disappointment, and perhaps dropping in a little potted history of the recent developments in government net snooping leading up to this with newspaper article links. Messages that I wouldn't have otherwise sent without this justification, for fear of boring my dear friends, having assumed that any of them who are likely to care about this stuff, will already have read about it themselves without me telling them.

Despite the annoyance of not being able to use my e-mail the past couple of days, and the possibility that the US Gov may have some copies of my e-mail (which I imagine will be perfectly useless to them) I am immensely gratified at the stand Lavabit's owner appears to have taken, and having chosen them in the first place due to these values which I am in broad alignment with, I feel it confirms that it was a good choice, despite the fact that I now have to find another provider. I am sorry for the guy that he's effectively had his business - perhaps his livelihood - pulled out from under him, and I will be donating to his defense fund out of sympathy, though I am not an American.

I'm in the process of moving any Saas offerings I use off USA-affiliated companies, but it's actually more difficult than I first thought. I believe there might even be a very profitable market in simply duplicating the functionality of Saas offerings at a higher price with security/privacy guarantees in Germany/HK/etc. Might be the next hot business to be in? You'd be surprised as to the number of people seeking alternatives at this point.

EDIT: Relevant XKCD for people calling for technical solutions to the problem: http://xkcd.com/538/

It's not just going to be hosting providers that are affected by this. It's going to lawyers, software engineers, sys admins, writers and graphic designers who are going to lose work/business from SAAS companies. Software is one of the few areas where the US economy is growing somewhat sustainably (as opposed to banking/gambling/housing speculation/medical expenses for elderly). The NSA and all those NSA contractors are taking money out of our hands and destroying our professions. We should be fighting this tooth and nail.

- Politically, we should punish anything associated with the NSA.

- Socially, we should shun everyone from this date forward who works directly with or as a contractor for anything associated with NSA/FBI/CIA/DEA/DIA. We should not hire any programmer who, from this date point forward, has worked in those capacities. They are destroying our profession and businesses.

- On the engineering front, we should be designing technologies for evading the NSA et al, and spread those technologies. We need to do everything possible to make them easy to use and make them widespread.

- Any person or company who stands up to these organizations should be lionized and we should try to patronize their businesses or employee them. Especially if the suffer consequences like jail and torture.

- Facebook, Google, especially Palantir are known collaborators and we should treat them as such

The nails are already in the coffin for US internet behemoths. Any non-NSA cooperating country has strong interests in keeping their search engines, social networks, and cloud software internal to their country.

Google, Microsoft, and Facebook basically have had billions of dollars shaved off of their future market capitalization -- though I have not seen anyone say this yet.

For everyone abroad who is technically adept and talented, the vaults of wealth have been unlocked for you; just copy the successful offerings of American companies. Don't worry about software patents or trademarks unless your country is complicit, you'll have the autonomy of a oligarch (said with some sarcasm.)

There is one solution here: open source, distributed software. If you want to build a company to promote real security this is your only option.

Agreed. The nails are in for the current system, but that is not The System, just one of many potential ones.

If you are non-US citizen and your customers request a product similar to US product please do exactly as AJ007 says. It will help you, the world, and the US long term. I say this as US citizen and SW dev. Please take our jobs and customers! We don't deserve those customers if we can't protect them and their data.

However, you should only build it if customers are requesting SAAS (or other offerings). Be very careful about blindly copying US business b/c many are successful simply b/c they are almost "Apparatchik" entities, supplying and protected by the US Gov. For example, if you copy Palantir or even Google/Facebook you may not succeed b/c you won't have customers in the same way the US does. But overall, this is a great opportunity for devs from Switzerland (and the like) to get some new customers.

Caveat: If you are planning to follow the above advice, and you think your country will not enforce the wishes of the US government on such matters, check that assumption carefully before you bet your fortune and your life on it.

Thus the caveat I added in the original comment: unless your country is complicit.

Simply not true. There aren't enough people who care. Maybe 1% care. Everyone is going to keep using windows, facebook, and google. There are no nails in any coffin for any of these companies.

It is a major national security issue to any country to have foreign countries spying on them. The only controversy in the US is that the NSA is spying on American citizens in America. Any and all communication by foreigners at home and abroad is fair game. There is a reason why Google & Facebook are not market leaders in either China & Russia -- vkontakte, baidu, yandex, etc.

Likewise, this is also very bad news if you are a Chinese or Russian internet company and expect to become a dominant player in the US consumer web/digital/mobile market place.

I guess the obvious question to this post is:

What are you doing on your own checklist? Those are some pretty extremist notions.

If part of your hiring criteria was to exclude anyone who had worked for a contractor or directly for a government organization, I doubt many people would want to work for you. Not because they had violated your criteria, either.

Generally, I won't be hiring them, in hiring interviews I'd recommend against them for ethical reasons, and I'll avoid doing work for them if possible.

I'm referring to a very small percentage of the government and contract workers who are involved in security and surveillance. I'm not talking about VA or even the regular marines/navy/police.

I won't be doing this explicitly.

Whether people would want to to work in a place that explicitly will not work with former NSA contractors depends on the area. In SF, Boston, NYC, Portland, maybe LA it would probably help you hire good workers. Obviously, in DC or Houston it would be more controversial and hurt the company. Remember these organizations/contractors are destroying our jobs, especially in silicon valley.

The safeguards for foreigners are much less than those for US citizens. For example, the NSA doesn't need to go through FISA court to spy on non-citizens. So if you store your data on a non-US server, you're probably just making it easier for them to get to it, not harder.

Not to mention, most countries will pretty much cooperate with the US when it comes to intelligence. The only ones that might not are countries like Russia or China that have their own military-industrial complexes, which are just as eager to get at your data and a lot less scrupulous about using it.

I'd love to believe that the authorities in Germany are not also tapping lines like France or the UK. Do we have any proof that is the case? I agree this has made me think twice about hosting in the us, but also about crossing national boundaries full stop without encrypting traffic.

Encrypting is a given - obviously you'd want to only be using Saas services in Germany etc that are fully encrypted. The problem in using USA services is that even if everything is fully encrypted, the USA can and will send goons around to take your data. Encryption is simply useless when dealing with a company in the USA who is forced to hand over the keys and whose data-centers can be legally entered and modified by thugs. Once someone has physical access to the server, the game is over.

Germany is a better bet. While they are no doubt tapping lines, Germany and the EU have made no moves to actually perform hostile interventions into data-centers or private servers. This means that encryption is still a very viable security measure for protecting your data in the EU. The EU simply has a far better track record with privacy related issues.

It's not about perfect security, it's about getting the best security you can hope for - and that means moving away from anything USA hosted.

Don't choose Germany. We may have strict privacy laws here, but we also have the BND cooperating with the NSA, tapping directly into the main internet nodes (Frankfurt). And don't forget that part of the method of the NSA is to use a mule inside the target company, which would be very easy in Germany given its status of being a wannabe ally of the USA and the longstanding sympathy of the german public for the USA.

And Germany has also laws which force every mail provider to install an access point to the German authorities and intelligence agencies. I am not sure if also a generic saas platform would have to do it, but it is quite possible.

Better pick Switzerland or Island.

"And Germany has also laws which force every mail provider to install an access point to the German authorities and intelligence agencies. I am not sure if also a generic saas platform would have to do it, but it is quite possible."

Thanks for the heads up - as I said in the OP, it really is a difficult task. Those kind of laws are exactly what need to be avoided when choosing a country to host in. I don't believe that this kind of thing can be carried out in absolute silence though, so if a country is actively modifying and silencing hosts it's fairly likely that word of it will leak somewhere.

If I get a chance, I might try to put together a red/orange/green overview of known laws and practices in different countries that would affect hosting services there. Unless someone is already working on that and needs a hand?

Since there seems to be some interest, I put together a very simple map with a couple countries filled in at random with shaky data.

It's up on github, so hopefully everyone can submit pull requests with data and we can crowd source ourselves a very informative map.


EDIT: I also submitted a link to it on HN. Hopefully interested people will see it and can help out with data.


I was surprised to see Canada green on that map.

We have a great privacy commissioner ( http://www.priv.gc.ca/index_e.asp ) but the office holds no power so far as I can see, and the Canadian government has a pretty solid track record of being obsequiously cooperative with u.s. interests

Canada is green simply because nobody familiar with Canada's security politics and policies has chimed in yet and there does not seem to be any evidence of foul play that is visible from an outsider's perspective.

Cooperative with U.S. interests is generally assumed by almost any country - this map is more about the (hopeful) safety of your servers in data centers in different countries.

I think you can pretty much colour the Echelon Five Eyes countries (USA, Canada, UK, Australia, New Zealand) red right off the bat. If they don't have totally intrusive surveillance legislation yet they will have soon - New Zealand is currently trying to implement it.

Please do this! This would actually be very useful..

Please do. If there's anything I can do to help, reply to this comment as I don't have any contact info on my profile.

If you do that, could you send me a mail? I'd be interested.

It took me a while to understand that you probably mean Iceland.

I did - Island is german name. Happens from time to time that I mix languages.

EU is a very generic term here. There is very little consistency across member states on this topic; UK laws, for example, are probably worse than US ones in most cases. I'm not 100% sure, but I believe Italian ones aren't much better atm.

The short-term answer is to encrypt everything users have to store, and don't handle their keys, but it's a stop-gap: the only real answer is political and that's where things have to be fixed for good.

Then the most obvious answer to me seems to use technology to affect the political landscape.

How that actually manifests itself, depends on how desperate people become to retain some sovereignty over their livelihoods… which begs the question, where are we now and who could provide the resources/environment to foster the type of change that is needed?

Where exactly are these keys going to be stored?

Users can not and will not securely manage key material.

The EU has minimum standards for surveillance and most EU member states are clearly American vassals. Even France proved to a vasall in forcing the Bolivian president's aircraft to make an unplanned stopover in Vienna … and even the neutral countries are full in favor of surveillance – Switzerland for example is just revising its surveillance laws and many other legal areas, for example copyright, see an increased level of surveilance too.

I thought France disavowed that involvement? Wasn't it just Austria bloviating, or was it hasty ass-covering by France?

Germany sends goons to take data as well, as does every country in Europe.


Line tapping is pretty much a given. Looks like the BND has the possibility to do so. But this is still not officially confirmed. However a german blogger (fefe) had some examples for overly detailled dementi from german companies. E.g. no foreign intelligence service can read your traffic...

But in regards to cryptography and chances for legally fighting against such orders it could be better. At least on paper. The most likely outcome if lavabit would be hosted in germany would be a police raid that would take all servers for investigation with them. This happenend e.g. for poeple running Tor exit nodes.

If you're German, would you prefer to be surveilled by the German government or by both the US and German governments?

If you're in the US it seems kinda pointless to try to move to overseas hosting; the NSA will probably just focus on the client side.

Under data sharing agreements, if the NSA takes an interest, your data will probably go to them without questions or oversight. Drone bases (Ramstein) and listening stations (Dagger Complex) are located in Germany, and Germany was one of the most targeted locations in the boundless informant set of slides. It's probably illegal, and hopefully will be challenged in court, but it does apparently go on on a massive scale, with or without our consent.


Accountability and culture. German intelligence services are "weaker" in the sense that they (seemlingly) still are under the control of the legislative body (secret contracts with the Western Allies sadly nonwithstanding). They are also regarded with deep distrust by large parts of the populace and by a significant segment of the legislature.

It is quite possbible that, come September, some of the government parties might lose a few percentage points due to the citizens being annoyed about the erosion of the rule of law. We'll see.

>Accountability and culture

The culture that brought us the SS and the Stasi.

This may be the most ignorant comment I've ever -- and I mean ever -- read on a web discussion board. And I frequent many discussion boards.

Current German culture is equivalent to German culture under the Third Reich? Really?

Is current American culture equivalent to early-through-mid 19th century American culture? Should we discount everything the USA does because you once kept/traded/abused black people as property? Then continued to legislate such thinking via Jim Crow well into the 20th century?

Now that I look, I notice your post history is littered with anti-German racism rooted in complete historical ignorance. I'm wondering what your angle is.

No, it's the reverse. The nazi era and the Stasi have resulted in a modern Germany that is fiercely oppositional to anything that leads in this direction.

There are very strong open source, transparency and anti surveillance movements in Germany. Stasi is the entire reason WHY we have strong privacy laws here.

As Goebbels pointed out, all it takes is the right kind of threat, either real or manufactured ("Think of the children!"), and those "transparency movements" you speak of will fade out more rapidly than the grandparent post.

That doesn't work as well if the culture has been inocculated.

How does one do that?

Well, I don't know if this is still done today, but when I was in 7th or 8th grade, they (school) drove us, by the busload, to visit a concentration camp.

We were shown the lampshades and wallets made of human skin. The place to stand where inmates would be executed during what they thought were medical examinations. And so on and so on.

It is quite possible that the next "Western" genocide will happen somewhere in Europe. But as somebody who has grown up here, I can assure you it won't be in Germany.

I just wish that history was thaught like this everywhere.

I have to agree. I spent two days in Berlin this week and went to the Holocaust memorial, etc. I was impressed with the way these things are talked about with such openness - to make sure that this stuff never happens again. Also, I've traveled to several european countries and found Germans to be quite open minded regarding race, religion, etc. since I think the past has a lot to do with that. Happy that the german education system and culture appears to have a strong culture of 'learning from mistakes'. Clearly that isn't the case for the US with Vietnam, Afghanistan and now Iraq.

To be fair there are still lots of racist and intolerant people here. And nazis, though the antifa usually kick their asses.

But the tolerant and open minded strain is pretty dominant. Germany is 9% foreigners. Frankfurt is like 30%

  The culture that brought us the SS and the Stasi.
Really? Really? With an account that is as old as yours you cannot avoid posting a comment like this? Do you consider that mature? Useful? Reasonable?

I don't. You just disqualified yourself from any meaningful discussion, ever.

My wife treated people with mental issues for some time and I have the utmost respect for people that can handle this stuff.

You, instead, are without protection. You post stuff like this and shout out to the world that you have no clue, that you have no idea what your are talking about, what the topic of this thread is and .. just show that HN really should provide a feature to ignore other people.

Please - go away. You didn't contribute and you're a sad, sad idiot.

Bad memories of those periods are a non-trivial part of why they are surveillance adverse today.

The difference is that the authorities in Germany don't have the legal framework to force someone to do this and threaten them to stay silent.

Ostensibly the US doesn't have that framework either, the Constitution would seem to preclude it (I realize we are talking about a myriad of offenses at this point so it may get hazy). But as you can see, shit gets ignored. Secret government agencies in Germany could ignore laws there just as easily as the NSA does in the US.

There are no countries where you are allowed to go public on surveillance measures applied to your customers, user etc. – at least not before the surveillance has been completed. And while traditional surveillance measures have an end, today's +/- total surveillance is continous.

At some point, maybe the citizens of the world will understand that laws don't apply to the people who make them. They never have, and they never will.

Moving services off USA-based companies is like using two bicycle locks instead of one. A determined government is still going to get your data, they just need to spend a bit more time.

Focus instead on encryption.

The goal is not necessarily security (I have nothing to hide (I still do hide as much as possible))-- the goal is political change. That's the only real way out of this mess. By not using US companies, you incentivize those to lobby for better laws.

Political change on it's own won't work. They will still keep the infrastructure in case they need to spy on someone(with a court order). But if they have the infrastructure , conceptually it's just a press of button again to full blown illegal surveillance.

there has been infrastructure to read snail mail contents for 200 years. Doesn't matter, the US Gov isn't routinely reading snail mail because of politics. I think he's right, make it a political issues. Actually, more: make it political issue, encryption issue, hosting issue, social issue (denied nsa contracting recently based on Snowden), I mean total war - make their life as difficult as possible using all means possible. As long as it's legal of course.

Mass reading of snail-mail has traditionally been a question of manpower. You don't just flip the switch on that without anybody noticing.

Doesn't really matter. To read a regular mail you just need so much more in legal terms compared to reading somebody's email that it's just not worth contemplating no matter what. It's not like with emails where after 6 months they automatically are open to the Government sniffing. Because of the political reasons it's not even worth contemplating -- look -- you need regular court order, not some BS whatever rubber-stamp.

Much of the data traveling over the internet passes through NAPs controlled and owned by the USA.

Did you respond to the right comment? He said the goal was not security, it was political change.

It is just as bad or worse. You have to move the data in/out of the country. It definitely isn't protected when it leaves the country. The only advantage I see is that it punishes US businesses for failing to protest.

I don't blame the companies; they're about as much a victim of USgov as we are IMHO. That being said, if all the online-storage/cloud-server/email-providers/social-whatever companies in US start going out of business because nobody trusts them I strongly suspect something will have to change. It's just too bad we have to do a "scorched earth"[1] to bring about change.

1. http://en.wikipedia.org/wiki/Scorched_earth

> I don't blame the companies; they're as much a victim of USgov as we are IMHO.

While it's true that they are victims, they are in a far better place to demand change or to defend themselves. Money buys the ears of lawyers that the average person couldn't even afford to speak to.

This is where I disagree. I do blame companies like Google for not fighting this more. At the very least they make users aware that these laws exist, even if they cannot detail specifics related to their surveillance involvement.

See this comment : https://news.ycombinator.com/item?id=6182179

Fighting the USgov isn't a decision to take lightly regardless of how much money & resources you have. I cannot condemn a company that backs down from that battle. It could hurt an employee(s) significantly, or the whole company. While I agree they have the most resources to fight it, they're not immune to harm from USgov.

Do you remember google asking for your telephone number? They knew what they were doing.

You can't convincingly make that argument since you don't know what lawyers have been doing behind the closed doors of secret court rooms nor do you have knowledge of their relevant lobbying, you're just assuming things. No to forget that Google was the first to publish a transparency report in which it publishes the number of NSLs, so there is that - it's not correct to use "Google" as a shorthand for "US tech companies".

You say that as an American obviously. It makes a lot of sense for everyone else.

>It makes a lot of sense for everyone else.


Dual US/Polish citizen here. Just wanted to say that in many cases abroad (i.e. Poland) the case isn't about the laws protecting your privacy but rather about the Government having no means (technical, resources, know-how, etc) to enforce ridicolous things like reading and storing email contents of all the people. Even with court order just to read stuff in your inbox, I would imagine that the Polish police would have big time difficulties doing anything. These are guys making 700usd a month and the Government doesn't have money and/or the need/desire to hire folks who could execute these things. And I can just imagine that in places like Ukraine the law may say whatever but what happens is this what the highest bidder asked for ;-) Remember, not the whole world works the way the first world or the USA does.

Unless of course, what you referred to is that most of the traffic goes via the US soil anyway. But then again, why to stay in the US? Move whole business and yourself abroad :-)) Ironically, I found much, much, much more freedom in post communistic Poland than - oh irony! - Land of the Free.

I second to that. If you want security (at least on a servers/ISP level) choose some 3rd world country which government (preferably not very fond of USA) does not have technical means on surveillance. I live in a small EU country and government’s IT forces are just laughable, so I can just imagine that in less civilised countries it should be close to non-existent. Combined with strong encryption to protect data in broad Internet it should do, at least for a while..

I understand what you mean but I think the term '3rd world country' could be a bit discouraging to some of our American friends who might not have a clear picture about realities in our part of the world.

For example I also live in a small EU country. By no means this is a 3rd world country - we have pretty strong IT industry (e.g. some globally successful antivirus companies etc.) and the country is certainly developed enough to host companies providing SAAS. Yet we have certain advantages against the US:

1. our government is way weaker than the US government - their resources are obviously not even close and they would not be able to do what US government does even if they wanted to. But we are still an EU state and we can use EU as a shield when Americans come knocking.

2. it is a post-communist country and people still remember the experience of living in totalitarian/authoritarian country. Opposition against any sign of 'bad old times coming back' seem to be much stronger than the opposition of common American people against recent freedom-stripping. For example there was a proposal that our internet providers should be required to block un-licensed online gambling. The public backslash against 'censorship' was so big that the plan had to be abandoned in few days and the politician who proposed it had to apologize. Many things that are now normal in US or UK and some other western countries would not be possible here.

3. we are still an 'American ally' but the US are not nearly as popular with common people as they used to be here and anti-Americanism seem to be growing. Many politicians exploit that and see opposing to American requests as an easy way to score political points (we have seen this for example when US government wanted to build a part of their missile defence system here).

Hah, good point. I bet most of Americans (no offence here) imagine that "3rd world" means "people still live in caves and hunts wild animals for food". However, a very good counter example is Skype which went worldwide even though started in a small, 3rd world country known as Estonia.

Although I really hope that nobody would label Estonia (or any other EU country) as '3rd world' country now.

Are you czech by any chance ? I think it's a great place and completely understand why your people would be against government surveillance. The days of asking random people for IDs just to make sure they aren't spies still aren't forgotten there.

Yep. And thanks. And to be honest, I think that asking random people for IDs was the smallest thing. People from always-free countries do not realize how much authoritarian regimes damage society. It's not just that some people became victims of the regime. Maybe the worst thing (at least in my opinion) is that society in an authoritarian regime is set in such ways that the system rewards dishonesty and cowardice and the most unscrupulous people get to the top... and stay there even after the regime falls.

Yes, however, all of the mobile internet providers are censored with the infamous Wikipedia-blocking UK internet filter, and it can't be turned off.

This is only because our mobile market is so small that we only have 3 providers and they are all subsidiaries of global companies (O2, T-Mobile and Vodafone) with headquarters under different jurisdictions. This is not enforced by our government and if anyone wanted to circumvent this filter (which would be easy - VPN would do) AFAIK it would not be illegal here.

Some countries have a problem with bribery and corruption. Routing sensitive data through those countries risks that data being exposed by anyone in the chain who is willing to take a bribe.

I am much more worried by corrupt workers in my ISP or telephony provider than I am about my government.

That's an issue with plain text data. However, nowadays absolutely no sensitive data should be transferred/stored unencrypted. The problem is, that it seems like eavesdropping is not enough for some certain governments and now they require physical access / backdoors to companies' servers in order to bypass encryption and/or other security means. What I, and few others have suggested is to move services away from such countries so their governments would have harder times to obtain physical access.

> The problem is, that it seems like eavesdropping is not enough for some certain governments and now they require physical access / backdoors to companies' servers in order to bypass encryption and/or other security means. What I, and few others have suggested is to move services away from such countries so their governments would have harder times to obtain physical access.

Many governments are much worse than the US; they not only snoop on data but they imprison or kill people as a result of the things they find.

I'd be interested to hear about countries who will i) stand up against the US & ii) not be at large risk of corrupt employees.

(http://www.freedomhouse.org/report/freedom-net/2012/egypt) etc.

The problem is that most 3rd world countries will just come knocking on your doors and take everything away, if the US goverment requests it.

After all, those countries wouldn't be 3rd world countries, if they had the power to resist US threats/requests. Or they are part of the "axis of evil" (or whatever the current propaganda term is), in which case the internet connection to that country could either be cut off, or be heavily censored, if it isn't already happening.

But they still need proper, court issued warrant. At least there would be no invisible laws or secret agencies involved.

I would imagine that for example in Ukraine US may request stuff, but then the low level chief of the Police in the town where you reside would give you a hint in exchange for money. That's how it rolls there. What US is going to do about that? Bribe the Ukrainian police to bring you to their Embassy? ;-)

That's a good point but don't assume that the CIA/US-govt is above bribing or even threatening/blackmailing agencies in foreign countries. They do this all the time!

No, do both.

Focus on encryption, to keep ahead and protect the data.

Move out of the US, because it sucks, is far from 'the land of the free' anymore and needs to learn that its place in the digital world is not at the top, but more around the center. Between lots of other states that fail and fail again, in terms of surveillance..

Yep, as an added bonus you stop financing the US war and terror machine.

There's not even the time factor. Western countries at least might theoretically not spy on their own citizens but the exchange data with partners intelligence services. And the US is by far not the only country that mandates surveillance cooperation for providers etc.

Encryption is OK but doesn't solve the problem. There's always metadata and whom can your trust with your encryption? You have to assume that hardware and software you use has backdoors. Mobile phones for example has even official backdoors, your SIM card can be remotely changed and so on …

> Western countries at least might theoretically not spy on their own citizens but the exchange data with partners intelligence services.

Hoping that this is true, moving to services from one’s home country would make some sense. Of course, this is more easily possible for people from larger countries than, say, Luxembourg.

I saw a frustrating article the other day on a mainstream news site that was saying that the economic damage to the US for the Snoden leaks was in the tens of billions of dollars because of all the non US business that will be leaving US based cloud providers.

That's infuriating. It's the same as having an insecure system and then charging a hacker millions of dollars in restitution to re-architect the system to do it right.

Those firms wouldn't have to leave the US cloud providers if they had assurances that the US wasn't spying on them for no good reason.

Infuriating? It's awesome (if you extend it out further). Pocketbook damage is the only thing that governments and mega-corps understand.

I will take mine government over yours. I can atleast try to deal with mine.

Customers and law may demand that the data is stored in the EU. For businesses with demands hosting in the US is simply not an option.

This was a concern earlier but my guess is that this will only increase in the near future.

Not quite. Storing ciphertext and keys in legal jurisdictions (like the US) that can be forced to turn over both is a bad idea.

Also, practical key management is still an unsolved problem. The web of trust never took off and the PKI is fucked. Encryption is only as useful as the keys being used to encrypt.

Encryption is useless when the government knocks on their door and says give us a backdoor to your system.

If enough people leave US based companies for foreign companies it will put pressure on the government. I have a feeling this pressure is already underway.

I had the impression that government does not need to decrypt anything. They just request it from a company, and the company has to comply.

It would be really unfortunate if people started getting polarized into encryption / social / legal camps. All these things are necessary.

The problem with encryption in this case when it comes to US companies is that the US can compel US companies to install custom backdoors while pretending they are still secure and not notify their customers that this happened.

Considering what just happened to LavaBit, your advice doesn't make any sense.

If they were outside of US-and-friends jurisdiction, they wouldn't be shut down and there wouldn't be a gag order.

> I'm in the process of moving any Saas offerings I use off USA-affiliated companies, but it's actually more difficult than I first thought.

You should try finding a SSL cert retailer that's outside of the US. The only ones I could find that would actually sell me certs without a phone call charged at least $200 for a basic certificate. https://swisssign.com/en were the most sensible looking ones I could find.

This part doesn't matter. Where your cert comes from is irrelevant.

It has implications for certificate pinning (like that used in Chrome) if you can only pin to CAs that operate in a single regulatory domain.

Indeed, I hadn't considered that.

Though, if you are pinning in an app and not just in-browser, you can bundle your internal CA cert in the binary and sidestep the whole mess.

This is what I advise my customers that have security-sensitive stuff do. The PKI can no longer be trusted.

"No longer"? It could never be trusted, and many of us said so when it was first introduced. It's just taken a while for everyone else to realise that we were right.

There's StartCom (StartSSL) from Israel. Have you tried them? They even offer free SSL certs, by the way.

They are from Israel, a good friend of the US, and for free. What part of that does not scream 'run for the hills' exactly?

Lulzily, a browser trusted CA can actually fuck a customer of that CA slightly less than a non-customer, since you'd at least be vaguely aware of multiple certs issued for the same site from the same CA with different keys (maybe). No one would know if Iran were using a pet CA to go after specific users going to sites which normally used a cert from another CA.

from what I know you never give your private key away, they just sign your public one. so that would be irrelevant.

Somebody call the Samwer brothers!

How about a local cloud? I understand that this may seem pointless, as you're owning and paying for all the hardware, but it would really help in deployment, scaling and maintenance just like a "classic" cloud service can.

That sounds great. What if there were an email client that included an email server? If families left one desktop on 24/7 they could all use it as an email server. An open source email client could also include built in PGP or OTR encryption. Anyone know if it's feasible from a deliverability standpoint? Domain registration and DKIM signing may be tricky for the average user. As well as dealing with blacklisting, of course. But if it became prevalent maybe all of these difficulties could be overcome by instituting a new, truly decentralized infrastructure. Key exchange would still be an issue but could be achieved using a mobile app with QR code scanning.

The US government is destroying one of the few bright spots in the American economy with its out of control military. It is unconscionable. And the sad thing is it has been enabled by the betrayal by many of the web 2.0 giants, Facebook, Google etc. Google especially is sad to see since they were willing to forgo the Chinese market on principle, but then decided that taking on the authoritarian US government was too lucrative for principle to be involved. If Google had done what Lavabit just did we would be living in a freer country today.

Agreed, these US Gov contractors and agencies systematically destroying our industry and our prospects.

As a community, let's shun and shame all those who continue work for those agencies (NSA/CIA/FBI/DIA/DEA) both directly and as contractors from this date forward. If you didn't quite in August 2013, we don't want to hire you. If you quite now in disgust, we should view that in a positive light. If you or your company stand up to the US Gov, that should view that in a VERY positive light and we should be looking to hire them.

Let's shun and shame FB, Google, et all as collaborators. Let's make it a point to avoid google app engine and other Google services.

Seriously, why are they doing this?

It would be one thing if Google, Facebook, Microsoft, and other big firms were selling out their customers' privacy for money. They do it all of the time for advertising. I wouldn't like that, but it would be somewhat understandable that a big uncaring firm would look at their bottom line as the only determining factor. But are they making more money by being the government's snitch?

The really weird thing here is that what's going on isn't even in these companies' self-interest because they're going to make people and businesses not trust online storage of their data in any way. So all of these cloud services, all of these online storage services, anything that impacts peoples' privacy in any way is going to be put at risk of customers choosing other options for managing their data.

Should I still use Golang? Would making crypto-software in Golang make it less secure? Would the irony be worth it? Is it a worthy language?

Go is open source so anyone is free to inspect it for backdoors. I would be very surprised if Google, on behalf of the NSA, tried to sneak anything in like that. It would also be fairly obvious if it used the underlying OS's networking to send info back.

Obviously you're being somewhat facetious. If you're good/confident enough to write your own crypto, go seems fine as it's open source so you can inspect it. I don't trust myself to write my own crypt for important things, so obviously I would not use Golang for that and I would pause before using the Golang crypto module, but that's probably a bit paranoid. In general, I would probably use Golang on projects. I use Angular.s and Python and those have been funded in ways by Google.

Things like Google App Engine/Data store are an issue b/c your backend is Google's backend...fundamentally the same issue Gmail faces. If the NSA/FBI/DEA/TSA mistakenly fingers one of my customers as a drug dealer or "terrorist" or thinks they are associated with a drug dealer/whistleblower/"terrorist", google will hand over all my apps data.

Good analysis, I largely agree.

Then again, you hear about Microsoft or Sun/Oracle passing notes to the NSA about insecurities in the OS or JVM so that they can go about their stealthy ways. I wouldn't be surprised if the same happened with Go. But good point, it's open source.

There is also an issue with Go dependencies that may make it easier to introduce vulnerabilities. The solutions are discussed here: http://kylelemons.net/blog/2012/04/22-rx-for-go-headaches.ar...

Good point about the dependencies. If it was something that someone's life depended on, especially mine, I'd do the encryption operations in a vetted C/C++ library due to possible dependency issue in GOLANG. I just don't know enough about GO or even encryption for that matter.

I shun and shame the people I know that work for "the machine". They're equally culpable, as they choose to work for evil.

I wrote an article a year or two ago entitled "Don't Be Evil, or comply with the PATRIOT Act?"

The companies with the ability to move all operations out of US jurisdiction/coercion who don't do so are complicit in all of this.

Which companies would that be?

I can imagine what would happen to Google if, through some dark miracle, their leadership decided to do this.

Most of their top engineers live in America. So do the leaders, but ignore them, we've already decided they want this. The employees don't, though: There are eleven thousand people, there, who'll need to be relocated to - where? Europe, probably Ireland, where many of them have never been.

Certainly not where they have roots, or where their family is.

Google has deep pockets. They can afford to pay massive relocation bonuses, and they'll have to do so. Still, this is eleven thousand people; we're probably talking about a billion plus, just to get a reasonable number of them to follow. After all, most of these engineers would be perfectly capable of finding work at a different company.

Okay, so they've done that. They lost a lot of good people; probably a lot of their best people, the ones that care least about money. Still, they're now in Europe.

Now what?

Most of their infrastructure is still in the US. Compute clusters, god only knows how many. Storage clusters. User data, placed in the US under safe harbor provisions because an attempt at keeping it in Europe is unfeasible given the rather diverse tapestry of privacy laws here.

They'll need to move it all to Europe. They'll need to figure out a place to put it, and they'll need to pay billions - quite a few - to rebuild and expand their infrastructure here.

By the time this is all done, they'll have new problems. Realistically, they'll go bankrupt somewhere in the middle. And that's not mentioning possible reactions from the US government.

It would be great if leaving the US was an option, but it really.. just isn't.

The would do far better to spend a billion on lawyers and lobbyists.

Would you want to be the one who makes that stand against them? You can be guaranteed that you are from that day onwards a marked man. Everything you do, everywhere you go, and every person you talk to will be monitored. They will look for the tiniest chin in your armour, and once shown they will hang you out to dry. This explains why companies like Google and Yahoo had little choice but to comply. It might also explain why Obama so drastically changed hs beliefs.

If Google et al are facing major potential economic loss due to a widespread lack of confidence in the security of their data, they had better come up with a plan to combat that loss.

The actions of Lavabit actually caused me to cancel my account with Google Play All Access today (proof: http://i.imgur.com/KbmaBnS.png, if anyone cares), that I've had since day one.

It's not that I didn't know that Google was ok with the spying before, but seeing the difference between the reaction of Lavabit, to the non-reaction from Google -- well THAT gave me the final push to stop doing business with the company.

I really like Google's products. I really like All Access, but I don't think I'll be supporting the company financially anymore.

It probably won't matter much, but it's still something.

It's exactly this kind of sacrifice more people need to make if they want to see some real change.

Lavabit was a tiny private operation. If you think that a publicly traded multi billion dollar company with millions of users and customers can just shut down to avoid complying with government requests then you are a deluded moron.

I never suggested that it was feasible for Google to shut down, but that doesn't mean that I have to just accept what they are complicit in. I no longer choose to do business with them. That hardly makes me a deluded moron.

The burden isn't on Google (I'm not sure why you are singling out Google) their hands are tied from a legal and practical standpoints.

They receive warrants and subpoenas with which they have to comply to keep doing business, if you don't care for that blame the politician and the legal system, focusing on Google is not only missing the point, it's unfair

I'm only "singling out" Google, because it's something I had paid for online, that I no longer pay for. I don't subscribe to anything else online.

If you are seriously suggesting that abandoning the US market is a realistic option, especially for a multibillion dollar corporation, then you are (and I'm not using this word lightly) an idiot.

Not to mention that there is no US equivalent to the rampant human rights violations and censorship in China.

The US certainly has many more prisoners per capita and in total than China does.

Also, the U.S. government is censoring Ladar Levison of Lavabit and others in his situation.

I've never been to China to see anything for myself, so I won't make further comparison, but prison state thing definitely bothers me.

I've never been to China to see anything for myself...

Yep, I can tell. I can tell you haven't read about it either.

Numbers, facts, anything. Please substantiate your comment, instead of adding nothing but snark to the discussion. Here, i'll start: http://www.nytimes.com/2008/04/23/world/americas/23iht-23pri...

Censorship and monitoring are a given in China. The US was supposedly a bastion of freedom with a long history of protecting individual rights.

I'd say that's exactly what they want everyone to think.

Of course we see more violations in china, but who's to say you don't have 10 times more of that from the US?

Just because they don't do it to US citizens (in most cases) it doesn't mean they don't do it.

Believing the other side is worse just cause you "see" more of that stuff, ends up being just blissful ignorance. Every party has it's faults and I have no doubt in my mind that the US has the most.

But we shouldn't worry... that's all to "protect the american citizens from terrorism" :D

>Not to mention that there is no US equivalent to the rampant human rights violations and censorship in China.

So that makes it okay for them to systematically spy on their own citizens and violate their own constitution?

Saying "this country is worse" doesn't make it okay in the US.

Bad logic.

There are plenty of human rights violations that the US commits as a matter of policy, due to its "War on Terror" - drone strikes and Guantanamo Bay are two major ones.

The US violates human rights and then pretends that they don't, because "waterboarding isn't torture".

Yup. Tax benefits of being in the us are huge. Easy to bribe politicians, no corporate income tax, huge rebates.

As to the US market - meh. The US is third world in terms of purchasing power. Only reason to base there is the pro-corporate corruption.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact