Hacker News new | comments | show | ask | jobs | submit login
How Snowden's Email Provider Tried To Foil The FBI Using Tiny Font (npr.org)
212 points by bernardom 1269 days ago | hide | past | web | 55 comments | favorite

How can you not love this guy? Please donate to his defense fund:



Lavabit Legal Defense Fund 10387 Main Street, Suite 205 Fairfax, VA 22030 (703) 291-1999

Because, if this article is correct[0], his refusal to obey a court order is the only reason the FBI made him hand over private keys.

The story is the FBI asked for Snowden's emails and correspondence. Lavabit said they would not hand over the information(but admitted they had the technical capability ... it was server side encryption after all). Only after that refusal did the FBI start taking more drastic action.

This is, if that story is true, about on par with a Bank complaining that the FBI ransacked the safe all their safety deposit boxes were stored in. Expect the bank neglects to mention that the only reason the FBI had to break open the safe and be put in the position of being able easily break open all the safety deposit boxes was because the Bank failed to to hand over one box when given a valid court order.

This is particularly problematic in Lavabit's case because a major cornerstone of the argument against the NSA's warrantless surveillance is that there are legal means to compel access to data when it is actually necessary and that those means make it totally illegal to do what the NSA was doing. This is really a hard point to argue when those means don't work because other's thumb their nose at the law as well.

[0] http://www.wired.com/threatlevel/2013/10/lavabit_unsealed/

After studying the requirements Lavabit said they could write code to do it for $3500. But the FBI said they didn't trust Lavabit to do it right and thought it cost too much. They demanded direct access. http://imgur.com/A3RNQWY

Why is scp redacted? And only partially so...

I think whoever created that imgur image had the word highlighted when they captured it. If you look at the pdf it's not there. (page 100 http://s3.documentcloud.org/documents/801182/redacted-pleadi...)

Because it refers to http://www.scp-wiki.net/scp-087

> The story is the FBI asked for Snowden's emails and correspondence.

That's not the story that you linked.

From the article you linked: "The filings show that Lavabit was served on June 28 with a so-called “pen register” order requiring it to record, and provide the government with, the e-mail “from” and “to” lines on every e-mail, as well as the IP address used to access the mailbox. Because they provide only metadata, pen register orders can be obtained without “probable cause” that the target has committed a crime."

Yes and No. Yes they originally wanted a so called pen register.I should have been clearer with that. This request was without a warrant. Lavabit refused.

Then the fed's got an order from a Judge for it. Lavabit still refused.

Finally, the Feds, got a court order to the keys to the kingdom so to speak. At this point Lavabit is willing to implement a pen register. The fed's don't trust them to do it, so they stick with the final order. Lavabit shuts down.

Just because the FBI did not get the specific information they wanted as quickly as they would have liked should not entitle them to gather information on people not included in the original warrant... people who the FBI had no probably cause and no justification for grabbing their data.

I just don't understand how that makes sense. "You wouldn't give us Snowden's info so now we get everyone's info!" Why can't the FBI or the court further compel Lavabit to give up just the information they were authorized to get?

I agree the FBI shouldn't get access to everything. From the perspective of a Federal judge,however, there he cannot allow Lavabit to just not comply. So giving the FBI access and maintaining "safeguards" to prevent them from abusing it is an acceptable outcome. (Note, I don't trust those safeguards)

Now, why is that the outcome and not just forcing Lavabit to hand over select information via say the US Marshal's. Because Lavabit said that would take a while to implement and by this point the Feds think Lavabit is dicking around with them, the Feds decided this option won't work.

The feds obviously don't know the code base and can't implement the requested functionality themselves even if they somehow gained access to the service without taking it down. But they can ask for the SSL keys. That's a tangible piece of information the court can force Lavabit to hand over immediately. It makes sense that the government would request it. And it makes some sense that a federal judge would allow it after Lavabit itself rejected the option that preserved the privacy of the rest of it's users.

Why conceal the donate link behind a link shortener? And on yet another creepy surveillance related story. I can't be the only one that sees the irony here.

TinyURL allows previewing of links by adding 'preview' as a subdomain, like so: http://preview.tinyurl.com/m65n4ko

Now we can see where your link really takes us, to a PayPal donate page: https://www.paypal.com/cgi-bin/webscr?cmd=_s- xclick&hosted_button_id=7BCR4A5W9PNN4

This way, you can still have your (unnecessary) click tracking while still giving the reader choice. I think you used a link shortener only to track clicks, since there is no 140 character limit here on HN. Ask yourself if this practice is really necessary.

Sorry - The shortened link was copied from his Facebook post. I thought it appeared sketchy but when I tried to expand it and paste it into HN it got corrupted (just like in your post). I was too lazy to figure a workaround. Sorry.

maybe so, but have you noticed that your paypal link is only partly clickable?

I can't use Paypal in my country

I wouldn't use Paypal anyway. They repeatedly stood out in the past for closing donation funds for non-profits for dubious reasons and other forms of being shitty. I don't trust them to use my money in the way I inteded it to be used.

Here you can donate by other means: https://rally.org/lavabit

Wouldn't the FBI have the technical capability to use optical character recognition to digitise the keys to actual text? Or maybe it's too small to be legible to a high DPI scanner? I really admire Lavabit here, they're not dealing with your average Joe, they're dealing with the American Government and that costs money. Everyone has the chance to help potentially make history by supporting Lavabit and donate to its legal fund.

Many would have just given up the moment things escalated, but Ladar Levison never gave in and fought for the privacy of his users at the cost of his profitable business and life. The cards are stacked against him, but he didn't let it get in the way of trying to fight the case and have it made publicly.

How many other companies have secretly complied with similar requests we don't know about? United States of America, the land of the free, right?

A simple character flip in a single letter would make the key unusable. ocr is fairly good, but it's not uncommon that you get a handful of errors. That's usually fine if the result is meant for humans, but here, 99.9% correct is not enough, you need 100% correctness.

Not totally related:

It remind me of the case of "Free" a French ISP, they were forced like others ISP to send to the government the customer information related to IPs caught on P2P networks [0].

But the law did not specified how the data had to be sent, so to troll the government they sent everything by fax. And the volume was around multiple thousand queries a day.

[0] http://en.wikipedia.org/wiki/HADOPI_law

Once again, if you want to support Lavabit, please donate to the defense fund either at http://lavabit.com/ or https://rally.org/lavabit.

Other wonderful delivery methods:

- Baked into cuneiform

- Wax tablets. "Oh, sorry, it got hot in my car and they're a little runny..."

- In the form of a crossword puzzle.

- Knitted into a scarf. "Perl one, skip two..."

Best to have hardware from which it is impossible to export a key.

In all seriousness, is it possible to design a system where it is simply impossible to hand over data to a third party?

I believe Julian Assange worked on a system that would make it impossible for an external entity to determine if there is any useful information on a data partition. Basically you would have a hard drive full of random numbers and it would be unfeasible to determine if there is any actual information on it, without the right keys and tools.

I have never heard Assange's name in connection with this, but that's what Truecrypt purports to do: http://www.truecrypt.org/hiddenvolume

He did. It was a project called rubberhose.

Its at two levels.

Its trivial to make a system where the content of the messages can only be read by the recipient. PGP and GPG email is an example of this end-to-end encryption.

The weakness in these schemes is two-fold: the update mechanism for the software (e.g. if its web-based, do you trust the server that serves the page?) and authentication: how do you know that the credentials you have for the recipient are accurate?

Its less trivial to make a system where who-is-corresponding-with-whom is obscured. Onion Routing (e.g. TOR) is in this direction, but there are laborious ways to peel the onion.

All in all, a hard problem.

If you can access it, then so can someone else. If you can't access it, then why bother building the system in the first place?

It's not exactly the same, but a TPM does something very similar by keeping it at the hardware level.

Yes. You can use HSMs to load the keys; there are various other ways to handle upgrades. It's "non-trivial" in practice.

> Best to have hardware from which it is impossible to export a key.

How is that best? Just hand over the hardware.

one 4 point character per page, delivered as a stack, but unstapled. Bonus points if the pages are numbered, but are sampled from a psuedo random number generator with large cycles.

> sampled from a psuedo random number generator

This shouldn't present much of a problem to the NSA.

Wired Magazine details the ordeal

From the HN guidelines:

'Please submit the original source. If a blog post reports on something they found on another site, submit the latter.'

This was already discussed at length earlier today https://news.ycombinator.com/item?id=6487969

And first revealed here yesterday https://news.ycombinator.com/item?id=6485562

Small moves like that makes me proud to be on the internet at this day and age of crisis. I hope I can tell my children or grand children that I actually cared and that I made a small difference, even if it's only the smallest of all.

I hope it will stay the way it is. Probably not, seeing how the public is ignoring and/or is not caring about the issue at all.

> I hope it will stay the way it is.

...this is the Internet we're talking about. It's almost completely unrecognizable from the way it was 5 years ago.

I broadly meant that as in not controlled by any single state, entity or corporation.

I for one welcome the new holographic internet cats shared by our minds and made entirely of pastas that are shaped into code. So long as those pastas are open.

> I hope I can tell my children or grand children that I actually cared and that I made a small difference, even if it's only the smallest of all.

What did you do?

See? Ridiculous key sizes do give additional protection (imagine scanning a 4MB key printout.) Eat that, Bruce Schneier!

If my understanding is correct, the FBI could decrypt historical traffic if they had the keys. So, assuming the FBI/NSA has a huge archive of Lavabit's customer traffic (would not surprise me), couldn't they decrypt it all now since they have the SSL keys?

Probably, but not necessarily https://www.net-security.org/article.php?id=1856

>To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data

That would take an intern less than an hour to digitize. Maybe three interns if you needed redundancy. This seems like a completely useless action on Levison's part since it end up giving the FBI the information they wanted but will still piss them off.

Probably he was confident that they were too lazy to do it, and infact they didn't but just whined..

at font size 4 this is infeasible. He might have introduced a single error somewhere for good measure.

>>"To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data," prosecutors complained.

That's pretty misleading - they make it sound like if they press the wrong key once it'll destroy the FBI's entire system.

Off topic, but brings to mind another technique famously used by Goldman when they dumped over a billion pages to the 50 staffers in the Federal Crisis Inquiry Commission:


Clever. We did something similar for a friend getting married. Instead of giving his present directly we created a text file encrypted with his public pgp key. We printed out the ascii-armored cryptotext and handed it over. He had lots of fun typing it back into his computer.

I'm sure FBI didn't have as much fun.

Anyway, as he decided to give the SSL key, pulling this kind of prank seems bit childish. On the other hand, he must have been under a heavy pressure, so can't blame the guy for not thinking 100% straight.

Sad, that people are sidetracked to talking about the font size instead of warrantless wiretapping.

That's sadistic.

You should have at least hinted at viable OCR solutions.

Upvoted because of the story, but I like NPR less and less these days. So far they've been mainly pro-government than pro-Snowden.

NPR is very pro-government and pro-war.

I'm just happy the FBI doesn't know how to run OCR. Hell they could have mechanical turked segments, like captcha farms.

I think he should have encrypted the key using itself. That way he can give them the key. And they can decrypt it and send it back in time so they can decrypt it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact