Lavabit Legal Defense Fund
10387 Main Street, Suite 205
Fairfax, VA 22030
The story is the FBI asked for Snowden's emails and correspondence. Lavabit said they would not hand over the information(but admitted they had the technical capability ... it was server side encryption after all). Only after that refusal did the FBI start taking more drastic action.
This is, if that story is true, about on par with a Bank complaining that the FBI ransacked the safe all their safety deposit boxes were stored in. Expect the bank neglects to mention that the only reason the FBI had to break open the safe and be put in the position of being able easily break open all the safety deposit boxes was because the Bank failed to to hand over one box when given a valid court order.
This is particularly problematic in Lavabit's case because a major cornerstone of the argument against the NSA's warrantless surveillance is that there are legal means to compel access to data when it is actually necessary and that those means make it totally illegal to do what the NSA was doing. This is really a hard point to argue when those means don't work because other's thumb their nose at the law as well.
That's not the story that you linked.
From the article you linked: "The filings show that Lavabit was served on June 28 with a so-called “pen register” order requiring it to record, and provide the government with, the e-mail “from” and “to” lines on every e-mail, as well as the IP address used to access the mailbox. Because they provide only metadata, pen register orders can be obtained without “probable cause” that the target has committed a crime."
Then the fed's got an order from a Judge for it. Lavabit still refused.
Finally, the Feds, got a court order to the keys to the kingdom so to speak. At this point Lavabit is willing to implement a pen register. The fed's don't trust them to do it, so they stick with the final order. Lavabit shuts down.
I just don't understand how that makes sense. "You wouldn't give us Snowden's info so now we get everyone's info!" Why can't the FBI or the court further compel Lavabit to give up just the information they were authorized to get?
Now, why is that the outcome and not just forcing Lavabit to hand over select information via say the US Marshal's. Because Lavabit said that would take a while to implement and by this point the Feds think Lavabit is dicking around with them, the Feds decided this option won't work.
The feds obviously don't know the code base and can't implement the requested functionality themselves even if they somehow gained access to the service without taking it down. But they can ask for the SSL keys. That's a tangible piece of information the court can force Lavabit to hand over immediately. It makes sense that the government would request it. And it makes some sense that a federal judge would allow it after Lavabit itself rejected the option that preserved the privacy of the rest of it's users.
TinyURL allows previewing of links by adding 'preview' as a subdomain, like so: http://preview.tinyurl.com/m65n4ko
Now we can see where your link really takes us, to a PayPal donate page: https://www.paypal.com/cgi-bin/webscr?cmd=_s-
This way, you can still have your (unnecessary) click tracking while still giving the reader choice. I think you used a link shortener only to track clicks, since there is no 140 character limit here on HN. Ask yourself if this practice is really necessary.
Here you can donate by other means: https://rally.org/lavabit
Many would have just given up the moment things escalated, but Ladar Levison never gave in and fought for the privacy of his users at the cost of his profitable business and life. The cards are stacked against him, but he didn't let it get in the way of trying to fight the case and have it made publicly.
How many other companies have secretly complied with similar requests we don't know about? United States of America, the land of the free, right?
It remind me of the case of "Free" a French ISP, they were forced like others ISP to send to the government the customer information related to IPs caught on P2P networks .
But the law did not specified how the data had to be sent, so to troll the government they sent everything by fax. And the volume was around multiple thousand queries a day.
- Baked into cuneiform
- Wax tablets. "Oh, sorry, it got hot in my car and they're a little runny..."
- In the form of a crossword puzzle.
- Knitted into a scarf. "Perl one, skip two..."
Best to have hardware from which it is impossible to export a key.
Its trivial to make a system where the content of the messages can only be read by the recipient. PGP and GPG email is an example of this end-to-end encryption.
The weakness in these schemes is two-fold: the update mechanism for the software (e.g. if its web-based, do you trust the server that serves the page?) and authentication: how do you know that the credentials you have for the recipient are accurate?
Its less trivial to make a system where who-is-corresponding-with-whom is obscured. Onion Routing (e.g. TOR) is in this direction, but there are laborious ways to peel the onion.
All in all, a hard problem.
How is that best? Just hand over the hardware.
This shouldn't present much of a problem to the NSA.
From the HN guidelines:
'Please submit the original source. If a blog post reports on something they found on another site, submit the latter.'
I hope it will stay the way it is. Probably not, seeing how the public is ignoring and/or is not caring about the issue at all.
...this is the Internet we're talking about. It's almost completely unrecognizable from the way it was 5 years ago.
I for one welcome the new holographic internet cats shared by our minds and made entirely of pastas that are shaped into code. So long as those pastas are open.
What did you do?
That would take an intern less than an hour to digitize. Maybe three interns if you needed redundancy. This seems like a completely useless action on Levison's part since it end up giving the FBI the information they wanted but will still piss them off.
That's pretty misleading - they make it sound like if they press the wrong key once it'll destroy the FBI's entire system.
Anyway, as he decided to give the SSL key, pulling this kind of prank seems bit childish. On the other hand, he must have been under a heavy pressure, so can't blame the guy for not thinking 100% straight.
Sad, that people are sidetracked to talking about the font size instead of warrantless wiretapping.
You should have at least hinted at viable OCR solutions.