This wasn't untested water, either. The exact same thing happened to Hushmail for the exact same reason, and should have been evidence enough that the model isn't viable.
So I think we should definitely support Ladar as a person, but we also need to be careful not to confuse that with supporting Lavabit, which was a very real danger that should never be repeated again (again).
Sure, if we ignore the existence of things like PGP, S/MIME, smart cards, and the dozens of other ways we can have secure email without relying on some trusted third party like this.
"this technology was not meant to deal with the oppressive government that can compel any company to reveal any information"
Then it was not meant to deal with the evil hacker who takes control of the server and grabs valuable information.
"As soon as Ladar..."
There's the handwave. The security of the system depends not on technology, math, or physical laws, but on the whims of just one man. What if Ladar was less principled?
Sure, if we ignore the existence of things like PGP,
S/MIME, smart cards, and the dozens of other ways we can
have secure email without relying on some trusted third
party like this.
How do PGP and S/MIME solve the bootstrapping problem, where no-one uses them because no-one uses them?
Basically, the problem is that PGP and S/MIME as they exist today are (and I shudder to say it) too security conscious. The reality is that most users are not going to take the time to maintain their public keys, to verify others' public keys, etc., nor are most users going to spend the time to get their keys verified by a CA. We need a "lite" PGP client that is less obnoxious about using untrusted keys, and basically a "newbie" PGP that is more vulnerable to active MITM attacks (which are actually much harder to pull off than one might expect). It would also be nice if public keys could be easily published via QR codes, so that someone can literally hand their public key to another person.
The worst thing we can do is lie to people about the security they receive e.g. telling them things like "Lavabit is set up so that nobody but you can read your email!"
While someone might have their business cards replaced, it's a lot easier just to send a different key to someone.
Assuming that "private key" is a typo (you download public keys), you can just check the fingerprint of the key against the fingerprint you were given. That is easily automated.
A QR code can have ~4000 chars of a-z and ~3000 Latin1 iirc
so with my limited gpg knowledge that handles my public key quite happily.
would be interested on the business card front though
>>> Then it was not meant to deal with the evil hacker who takes control of the server and grabs valuable information.
Indeed, it is not. If the hacker gets full control of your mailserver, at least your envelope information is completely compromised.
>>> The security of the system depends not on technology, math, or physical laws, but on the whims of just one man
This is completely false. Security depended on adversary not having full access to the Lavabit servers, not on Ladar's "whim". As soon as Ladar realized there's no possibility of legally providing it in the US, he closed the service. Assuming your adversary doesn't have full access to your service is kind of a precondition of using the service as means of security. That's like using lock is assuming the adversary does not have the key, if he does, the lock is useless as a security measure. As soon as Lavabit became essentially useless for the purpose it was created, it was shut down.
This is a strawman, because Lavabit never did anything to protect headers. What you are missing is that Lavabit could respond to a demand for plaintext, if Ladar were willing to do so; on the other hand, Google cannot give anyone access to the plaintexts of PGP encrypted messages that I send through their servers because of technical barriers. That is the point of doing your encryption locally, and that is why security and privacy are not a service.
"Indeed, it is not. If the hacker gets full control of your mailserver, at least your envelope information is completely compromised."
Except that with Lavabit, an attacker could also get all your message bodies.
"Security depended on adversary not having full access to the Lavabit servers, not on Ladar's "whim"."
Let's put it this way: if you were involved in a lawsuit against Ladar, would you trust your communications with your lawyer to Lavabit? Of course not, because Ladar could have modified the code at any time and without alerting his users at all to read any plaintext that he wanted to read. If he had been willing to cooperate with the government, he could have and nobody would have a clue.
"Assuming your adversary doesn't have full access to your service is kind of a precondition of using the service as means of security."
In other words, security is not something you can get as a service. The entire model is fundamentally and fatally broken.
"That's like using lock is assuming the adversary does not have the key, if he does, the lock is useless as a security measure"
No, it is like storing your key with the bartender at your favorite night club and assuming that he will not allow your adversaries to use it.
"As soon as Lavabit became essentially useless for the purpose it was created, it was shut down."
It was shut down because Ladar chose to shut it down rather than capitulate. He could have chosen to keep it going while the government eavesdropped on it instead. That means that, as I said, security boiled down to Ladar and his principles. That is why PGP and S/MIME provide you with better security: mathematics are not subject to the choices that human beings make, and with PGP, S/MIME, etc. your security is a matter of mathematics.
Since SSL keys are mentioned, I assume SSL was used in communication. This means the claim that Lavabit did nothing to protect headers is false.
>>> Except that with Lavabit, an attacker could also get all your message bodies.
This is true, however body of the message may contain encrypted information, which is useless to observer. Envelope information can not be encrypted in a way that is not readable by the mail server, that's the point of the mail server.
>>> The entire model is fundamentally and fatally broken.
That is kind of what I was saying - that current technology of the email can not do what Lavabit tried to do if the adversary can do what the courts said it can do. I'm not sure what you're disagreeing with here.
>>> He could have chosen to keep it going while the government eavesdropped on it instead.
That would be a betrayal of his user's trust, since any claim about what his service does would be necessarily false and he would become a liar if he ever claimed his server allows to communicate securely. I agree that this boils down to one's principles. I think a principle of "don't lie to your customers" is a good one to have.
>>> That is why PGP and S/MIME provide you with better security
No they do not, unless you can establish a peer-to-peer channel with your other party. In which case you're not using email anymore. Neither PGP nor S/MIME can prevent adversary from collecting envelope information in emails, and unability to do this is what made Lavabit impossible to continue.
>>> mathematics are not subject to the choices that human beings make,
You seem to be either genuinely confused about how email works and what running a secure email server involves, or trying to say something else than you're actually saying, or not making any sense. There are no "choices" that allow you to create secure email server in situation in which Lavabit found itself.
That is like saying that GMail is protecting the privacy of your headers, because GMail uses SSL.
"This is true, however body of the message may contain encrypted information, which is useless to observer"
Except that in the case of Lavabit, that encryption was just a side show since all the cryptographic operations were performed on the server.
"current technology of the email can not do what Lavabit tried to do if the adversary can do what the courts said it can do"
Except that someone who encrypts their message bodies before sending the message i.e. performing cryptographic operations locally leaves the server unable to fulfill demands for plaintexts.
">>> That is why PGP and S/MIME provide you with better security
No they do not, unless you can establish a peer-to-peer channel with your other party. In which case you're not using email anymore."
Really, you think I am not using email anymore if I am running my own personal mail server? It is also false to claim that one must have a peer-to-peer system to protect header information, or that PGP on its own is not enough. You could broadcast an encrypted message via Usenet. You could use anonymous remailers (e.g. "Type I" remailers, which use PGP). In all these cases, however, you need to perform your cryptographic operations locally.
"There are no "choices" that allow you to create secure email server in situation in which Lavabit found itself."
Sure there are: Ladar could have sold smartcards instead of selling cryptography as a service. There, one design decision that could have given his users meaningful security while still maintaining the convenience of webmail. To boost security even more, those smartcards could be coupled with a thumb drive that includes the necessary client software, so that Lavabit could not pull a Hushmail on its users.
It does. Unlike Lavabit, though, there is ample reason to assume they invalidate this protection by granting governmental adversaries access to the information stored on their servers - the thing that Lavabit refused to do, at least on mass scale.
>>> since all the cryptographic operations were performed on the server.
I don't see what precludes you from sending emails already encrypted. Security has layers. You are not limited to using just one.
>>> leaves the server unable to fulfill demands for plaintexts.
You forgot to read the part of my answer where I use the word "envelope".
>>> Really, you think I am not using email anymore if I am running my own personal mail server?
It is irrelevant what you personally are doing - it is relevant what Lavabit was trying to do. They were trying to provide certain service - for people that - like, I assume, most of Guardian journalists - are not technically advanced enough to run a secure mail server on their personal computer and set up everything else in a way that allows it to accept email from the internet. This proved impossible, thus Lavabit is not with us anymore. That was my whole point.
>>> Ladar could have sold smartcards instead of selling cryptography as a service.
He could also have sold hotdogs and Carribean timeshares, how that's related to the topic? He was trying to create a secure email as a service - for those that can not create the same by themselves, which in 99.999% of the population of email users. Not provide solution for completely different problem such as key exchange and creating VPNs and other stuff.
He could have complied with one of the several valid court orders that requested he give the FBI data on a specific account but stopped short if installing FBI code or devices on his system or handing over the keys. Had he done so, it would have stop there.
Instead, it escalated to the point where he actually was forced to expose all his users. Anyone who has transcripts of those connections (e.g the NSA), can now read them, get the passwords, and decrypt any mail they got form the server. It seems like a boneheaded move unless his only goal was to protect Snowden at all costs.
He rightly observed that those leaked keys would then get into the hands of God-only-knows-who.
From the newyorker article :
"On June 10th, the government secured an order from the Eastern District of Virginia. The order, issued under the Stored Communications Act, required Lavabit to turn over to the F.B.I. retrospective information about one account, widely presumed to be that of Snowden. (The name of the target remains redacted, and Levison could not divulge it.) The order directed Lavabit to surrender names and addresses, Internet Protocol and Media Access Control addresses, the volume of each and every data transfer, the duration of every “session,” and the “source and destination” of all communications associated with the account. It also forbade Levison and Lavabit from discussing the matter with anyone.
Sometime after his initial refusal and then offer to comply with some caveats that the fed's interpreted as stalling:
"Prior to the hearing on July 16th, the U.S. Attorney filed a motion for civil contempt, requesting that Levison be fined a thousand dollars for every day that he refused to comply with the pen-register order. EARLIER IN THE DAY, Hilton issued a search-and-seizure warrant, authorizing law enforcement to seize from Lavabit “all information necessary to decrypt communications sent to or from [the account], including encryption keys and SSL keys,” and “all information necessary to decrypt data stored in or otherwise associated with [the account].” (emphasis mine)
The stated use of these two things was to get information concerning a single person, but they never wanted just that information. On page 100, Levison states that he can manage to get the information the FBI is looking for, without providing the FBI with Lavabit's encryption keys. Someone (AUSA[censored]) says that the proposed solution does not satisfy the subpoenas and court orders, because it would not provide real-time access to the data.
In your linked documents,Exhibit 1 is the original June 10th order. Attachment A of it(page 4 of the PDF) details what he was order to hand over. It does not mention SSL keys at all. Instead it asks for a bunch of meta-data. In fact, it explicitly doesn't even cover communication contents. It also doesn't specify how Lavabit has to execute the order, just that it must provide the data.
This was the order Lavabit apparently initially refused.
Can you point to the first point they demanded the SSL keys? The stuff on page 100 looks like it pertains to the July 16th order. Which is, again, considerably after the June 10th order that originally asked for the data and after Lavabit refused that order. Also, totally inline with narrative of events as I presented it.
Regardin pen-registers: a pen-register can be done in software and is typically done by the service provider, not the government. The term is an anacranism dating back to telgraphs. It doesn't necessarly mean government hardware or software. Hence the discussion page 99 of the pdf about "implementing the pen-trap device" in section d. So that's not blanket access
The June 28th order ("pen register/trap and trace order", page 7) is the one he started refusing, then tried to negotiate on later. I think the order "that Lavabit shall furnish agents from the Federal Bureau of Investigation, forthwith, all information, facilities, and technical assistance necessary to accomplish the installation and use of the pen/trap device" includes keys implicitly. The June 28th Order Compelling Compliance Forthwith (to the earlier order on the same day) notes, "To the extent any information, facilities, or technical assistance are under the control of Lavabit are needed to provide the FBI with the unencrypted data, Lavabit shall provide such information, facilities, or technical assistance forthwith."
The first explicit order referring to keys seems to be the July 16th search warrant, specifically Attachment B on page 36. According to page 98, FBI agents discussed encryption keys with Levison as early as June 28th.
See my response above. https://news.ycombinator.com/edit?id=6517845
Minimally, he gave them an "illegible copy." in 4 point font.Assuming its the actual key, I'm sure the FBI or NSA can OCR that. Even if parts of it are screwed up, SSL private keys actually have a fair amount of structure in them(at least enough to recover from someone writer "FUCK A DUCK" over and over again over part of one ) and even if say half the bits of the key give are illegible totally, the rest give you more than enough to factor it.
Ladar claimed that he had no way to access user emails. The hidden subtext of that, which was sort of hand-waved away, was that he had no such access with the code he had written, and that all that stood between your mail and his eyes was his own willingness to write that code. The entire security of Lavabit depends on Ladar and his principles.
These systems are entirely built on code, and code is malleable. If you have control over the code that gets executed at every point in the stack (which the operator of a web app certainly does), there's always room for the operator to change the code and therefore change the behavior to do anything, including log things that were previously considered secure.
> The entire security of Lavabit depends on Ladar and his principles.
That has always been true. If he was a less scrupulous individual, he could have run an off-the-shelf e-mail solution with 0 fancy security, but claimed that it was all secure on the backend in his marketing. You wouldn't know the difference, because you can't audit the source code.
Unless you have the access, time, and expertise to perform your own source audit, any claims of security are always implicitly built upon a foundation of trust that the operator is doing what it claims.
Which is exactly why nobody should have believed Ladar's claims in the first place. He trumpeted the fact that he had not yet developed any wiretapping capability and tried to distract everyone from the hard reality of "encrypted webmail."
This is why real security and privacy require end-to-end encryption.
The trust model has to include the device/OS/browser/etc that you're accessing the device on as well as all code and keys (including WOT servers, GPG keys, and the webmail code itself, or, if locally installed, all binary packages, updates, etc).
Which I think is the point is really that in the face of a government who can compel, e.g.,
* an OS vendor to install a backdoor in their software,
* a microprocessor vendor to critically weaken the Random Number Generator,
* the author and BDFL of a key operating system kernel to use said RNG,
* a distribution to include compromised or even unsigned packages,
* a mobile carrier who will allow random hardware on their network that can sniff, MITM, and inject evil data,
* a mobile phone manufacturer who will install CarrierIQ,
* (heavens!) a user/customer who visits an app store and installs an application with either a trojan attached or one that is directly a trojan,..
In other words, no amount of end-to-end crypto will save us if we're attacked at each end and in the middle by people who will stop at literally NOTHING (jail) just to get at the data. This is why Schneier wrote "The Government has betrayed the Internet."
Encryption is no panacea when you're dealing with someone who controls both ends and the middle. :( To put this on Lavabit is poor form, IMO. This is one end who stood up and fought and paid a huge price.
Which is why, as I have said elsewhere, webmail is the problem here; more generally, you cannot have security or privacy as a service.
As for the government pushing back doors into products, that is at least upping the ante. It is harder to sneak back doors into software that people are actually using, especially software that is widely used, than it is to sneak a back door onto a server than only a handful of people can inspect. It is also harder to sneak in a back door when there are many, separately maintained implementations of a common protocol; you are forced to try to sneak a back door into an abstract description, which a lot of experts will be reviewing (see e.g. DUAL_EC_DBRG; the backdoor was discovered within a year of the PRNG being publicized).
There are also limits to what sort of back doors can be put at a lower level. Suppose you sneak a back door into my CPU, but I am running software that was developed after you developed your back door. You can make a straightforward computability argument that in general, your back door will be rendered useless by unexpected changes to software, particularly sweeping changes to it.
In any case, my point is not that encryption is a panacea, but rather that webmail is, by its nature, insecure. There was no way that Lavabit's security could have ever been more than just a handwave.
This is it in a nutshell.
If you're going to use an appeal to authority, then Bruce Schneier is not the way to go. He's a cryptologist but he does make many unfounded claims.
I remember this happening. Since whoever runs Hushmail didn't go to the press and his blog and make a big scene after being approached by the feds (both for the US and Canada, mind you, since Hushmail's a canadian company). There's a reason why Hushmail was targeted, it was at the time the best way to figure out who's shipping large quantities of drugs everywhere. In the same year, Hushmail and eGold became compromised and Bush passed a law stating police can open your mail in USPS if they think you're a terrorist (previously they needed a warrant which by the time they obtained one you'd already have your package). Coincidentally, this was I believe around the time Silk Road started up. :)
So, Hushmail was involved in the pre-Silk Road days of internet drug trafficking, and I'm pretty sure that is not the position they wanted to be in. We'll never know if Hushmail was "forced" to give up users' information, but I would say that even if they didn't want to, they pretty much would have no other choice other than shutting their doors.
Could you clarify what you mean by "How was it a handwave if it actually worked?" Lavabit, like Hushmail, has had no problem giving up information to law enforcement in the past.
The system did serve sider encryption and decryption. Lavabit has, in the past, complied with court orders for data. They have access to the data. This is the fundamental problem with Lavabit.
It's rather unclear why they didn't comply with the initial court order in this case which was just for data on Snowden's account, but it's clear they could have complied (though maybe not as quickly as the Fed's wanted) and that they have in the past.
So, if you are contemplating using Lavabit II, keep in mind that sooner or latter it will get a lawful court order for data from whatever jurisdiction it's in. Either it will comply with it --- in which case it's street cred is worthless --- or it will refuse with the same apparent "fuck the police" bravado everyone likes , leading to the same set of escalations that happened here. The end of that is either/all of 1) the service failing because of computer seizure/the founder being held in contempt so he can't maintain it 2) Him caving and handing over keys again or 3) him shutting down the service to prevent 2.
None of these are good. If the court order is targeted at you, there is a decent chance your data is handed over. If it's not, there is a decent chance your data is still handed over or the service goes under.
Oh, and lastly, if your worried about the NSA's dragnet surveillance, they can just hack a foreign server.
Don't rely on non-end-to-end secure systems.
So you're typing this on OpenBSD? Sure, because that's secure.
Your RPM's are signed, so you're pretty sure they're safe?
Or you're using Funtoo or Arch and compiling from source? Have you read all that source? Even if you did, did you UNDERSTAND it all?
Are you using an Intel Ivy-Bridge or later processor with RdRand?
Are you using a phone?
Do you log into your webmail from one or more locations? How about email?
Do you trust SSL certificates? which ones?
And now... are all of those one other person that you're writing to that actually also uses GPG exercising the same caution? :)
I'm just saying... if you want to know that you're not being sniffed, you have to simply make it impossibly expensive to do so, which probably means get on a plane, meet and hand the person a note, and then burn it, and then scatter the ashes to the seven winds.
Then worry about the metadata of your flight, time, license plate readers, traffic and surveillance cameras.
The basic problem is that allowing this continued, blatant destruction of the 4th Amendment threatens the entire Bill of Rights which ultimately threatens the very foundation of our government and the rule of law.
Legal power, jail, and bullets trump crypto.
If true this is utterly despicable by the government. Alas, I'm not surprised.
I'd appreciate a clearer explanation of this, but last time I read about it, it really did seem like the loss of the contract was out of revenge, and that his prosecution would never have happened had he caved to the requests which he felt were unconscionable.
Isnt it funny to hear that a public company would not have been able to do something when it is about something good for its consumers and ultimately its country and citizens, but when it is something extremely bad like compliance, obedience and evilness then they suddenly can and are free to do it.
There is nothing stopping Google, Facebook or Microsoft to act as Lavabit did. Nothing at all except for their own cowardice, malicious intents and disregard for laws and their costumers.
It is like Obama, when it comes to do something good then his hands are tied, when it comes to break laws and shit on constitution to extend mass surveillance or to wage war and drone kill civilians then his hands are not tied.
Now, lets hear some more excuses for the way the most successful tech-companies have acted, their hands were tied, they would face huge repercussions, they didnt know better, they only meant to comply with law and so on.
The truth is, they dont have democracy in interest, or their consumers best in interest, in fact you as consumer and user for their services and these companies are diametrically opposed and for your best you should consider them enemies.
Emphasis re-arranged by me. May I remind you that Lavabit was shut down in reaction to actions taken by law enforcement, doing something that is almost certainly actually legal? "Regard for the law" here would seem to entail doing what they want. You appear to be simultaneously criticizing public companies for disregarding the law and not disregarding the law.
(I object to its legality, but that does not change its legality.)
The Fourth Amendment has a few things to say on this. I'd strongly advise you to actually read it -- it's only a few sentences -- and make your own determination on what you think it actually says.
The FISC, authorized under the FISA, goes back to the 70's and was in reaction to the crimes that Nixon committed. Meet the new boss, same as the old boss. Obama has taken that ball and run with it in a big way. Most transparent administration, ha.
And even then, the FISC was and is itself contradictory to the Bill of Rights, 14th Amendment, etc,....
Guess which law wins? Assuming the Supreme Court agrees (and there's no guarantee they would.)
So if you're ordered to do something awful, but you know that there is a higher law that trumps that law, you can simultaneously be disregarding "the law" whilst maintaining "regard" for the law.
The key is: which law?
Try being CEO of Google, Facebook, or Microsoft, and suddenly deciding to close the entire business, and see how far you get before being removed.
But they don't have to get up to the CEO, they get the foreign sysadmin guy and tell him he cant tell his boss or his lawyer or he goes to jail and you got anything you want.
It is enough if you threaten to shut down the business to make it known to the G-men that you wont play (the totalitarian) ball. We stopped SOPA/PIPA just with a partial blackout.
But these companies didnt make a squeek. They are accomplices.
Yeah, but not if it's an empty gesture that doesn't change anything. Any CEO of Google both wouldn't be able to shut it down rather than comply, and would be removed for trying. It would accomplish nothing.
The first thing it does is piss off one very wealthy person, whoever this CEO is. The second thing it does is piss off all of their very connected, wealthy friends. The third thing it does is serve as an egregious example of abuse to the public at large.
Hmm. Wealthy, influential people with large public support? Nah, these are two things politicians don't concern themselves about.
THE COURT: You want to do it in a way that the government has to trust you
THE COURT: And you won’t trust the government. So why would the government trust you?
It was that the whole idea on which US is built on - the Constitution and other founding ideas - was based on trusting the government only with very little that is necessary for it to function and no more, and having the ultimate power reside in the hands of the citizens. Now it comes to trust in the government being implied and if the citizen doesn't trust the government, he is not to be trusted and must be subjected to coercion. And that's coming from courts, that are supposed to be protecting the constitutional rights. America has come a long and very sad way since its noble origins.
It's astonishing that more of our reps aren't standing up and shouting about this. So many of the people in power are complicit, it feels hopeless at times.
Levison offered multiple times to write a specific script for the single user that would do what they wanted and at a minimal cost to the government - and they refused. A pretty clear indication they wanted unfettered access to his client base and his network.
Then you add in the lack of ANY oversight on either Lavabit's or the government's, and you have to praise him for what he did.
After Levison's lack of cooperation, could the investigators really trust Levison to hand over all the information?
I can play this game too. Dread Pirate Roberts used StackExchange, so therefore StackExchange users cannot be trusted to build websites that don't host drug deals and supposed hitmen.
i don't think this is the correct interpretation. in a court of laws, acquiring evidence is something procedural and governed by rules and regulations. having a third party (lavabit) acquire the evidence and then turn it over to the government is probably something that wouldn't pass muster in court due to chain of custody and other rules.
the government investigators had a particular target, and they needed to collect evidence that would be admissible in a court of law. its actually pretty tough to come up with a good alternative here for the government.
Search for "$" on this page: http://paranoia.dubfire.net/2009/12/8-million-reasons-for-re... It is very common for third party service providers to search records themselves on behalf of law enforcement, and law enforcement has historically trusted that and even compensated them.
It's the only way that really makes sense IMO. Can the FBI really bust down, say, Verizon's doors, seize all their hard drives, and correctly generate evidence based on systems that aren't theirs, and may in fact be unique among the phone systems of the entire world? Maybe an email system is simpler, but still.
Also, I think it's inappropriate to seize 400,000 users' data just to (ostensibly) get to one person. But I'm not a lawyer, maybe it is arguably legal.
P.S. Also see https://www.eff.org/files/filenode/social_network/Yahoo_SN_L... for all the things Yahoo does on behalf of LE.
The e-mail again confirmed that Lavabit is capable of providing the means for the FBI to
install the pen-trap device and obtain the requested information in an unencrypted form.
AUSA[censored] replied to Mr. Levison's e-mail that same day, explaining that the
proposal was inadequate because, among other things, it did not provide for real-time
transmission of results...
Then, "The prosecutors informed Mr. Levison that the pen register is a devise used to monitor ongoing email traffic on a realtime basis and providing the FBI with data after 60 days was not sufficient."
So, I am not sure what to think. After some research I couldn't tell whether "pen register" data is required to be real-time. The original order on page 7 doesn't seem to say "real time", but there could be some legalese or other laws that imply it.
Levison was clearly dragging his feet, but it seems sort of bizarre that they escalated their demands in response. Why not just get him charged with contempt and move from there? Since they played the "we can't trust him since he's been uncooperative" card, does this mean they would have trusted him if he complied immediately? What if he immediately turned over info and it didn't help their investigation or went counter to their preconceived notions -- would they have accused him of withholding some and demanded his private keys anyway?
There's weird things on both sides here. It sounds like Levison's actions on the whole are not very defensible though. :/
- The government is granted the right to snoop on Snowden's e-mail from a court. The court implores Lavabit to provide the technical expertise necessary to make this successful.
- Lavabit replies that all traffic is encrypted, and that it would be a expensive to change that. Lavabit offers to make those changes so long as the government covers the costs of the change (in this case, one week of developer time).
- The government balks at the prospect of paying for the change and tries to snoop themselves. They realize that the encrypted data they can snoop on themselves is worthless, and demand the ability to decrypt it themselves.
All of this seems to hinge on Lavabit's demand that it be paid to make the changes necessary to make the pen register effective. Presuming the government was willing to pay him (or he was willing to work for free), there would be a http://fbi.lavabit.com/snowden that mirrored all of Snowden's metadata and it would interoperate with the government's pen register. There would be no need to compromise everyone else's SSL key.
I'm not familiar with legal procedure, but how does that corrupt the chain of custody in a way that other solutions would not?
Also confused why he didn't end up in prison on mysterious "pervert" charges out of the blue or even dead. And don't lecture me that is far fetched after this past year.
Once you've got this new cert. you can MITM, but you can't use it to decrypt the traffic already captured. Also anyone paying attention sees the cert. fingerprint change out of the blue.
B) Anyone who knows what they're doing and has something they really want to keep secret? Maybe if someone had such a secret they'd learn to check the cert, maybe even install an extension that would highlight unexpected changes.
Simply raising the specter of 'this past year' doesn't prove some vast conspiracy on the part of the government (or maybe it's the puppetmasters who control the 'real' government?).
Worded differently, far too many of these agents are willing to abuse the power of the courts, the secrecy of it all, to intimidate anyone because it makes the feel equally powerful.
there is NO justice when the courts are secret. Justice does not exist where the public is not allowed to go.
the issues he faced proved that there is nothing you can do because they will simply slap "secret" on anything and then threaten you with jail, which once there your stuck because no one was allowed to know.
That's true, but they're still essentially implying that services which are explicitly designed to omit backdoor capabilities for the government to spy on you -- that is, services offering actual cryptographically guaranteed privacy, not just "no one has looked yet, and if they did, it'll all turn out okay in the end trust us" -- are broadly illegal and will get you criminal contempt.
No, you can't; the courts don't issue warrants like that. They'd issue a warrant for that information for one particular patron whom they already had reasonable suspicion of.
If the FBI have a warrant to put a bug on one regular's table, that doesn't seem unreasonable. If the bartender's carefully built the bar so that you can hear every conversation from every table and so the only way you can place a bug is one that would also record everyone else's conversations... yeah, I'd say that's unfortunate (and pretty poor design on the owner's part), but the FBI has the right to place the bug they've got the warrant for, and if there's really no way to do that without it picking up other conversations then too bad.
Only if it is true. He has the data, the article says he has worked with law enforcement before in a kiddie porn case.
Yet another reason to repeal the "Patriot" Act.
The judge wasn't talking about end-to-end encryption. They were talking about Lavabit's assertion that it was difficult to get the data they admitted to having.
Without me arguing one way or another whether that's true -- do you think if they had better guarantees, that anything would be different here? That the government would say "oh no, we'll back down now"?
The point is that Lavabit's architecture did not resist these kinds of demands at all. At best all Lavabit could do is protect your mail until you log in.
Then the legal obligations of the architecture are primary determined by the effectiveness of your security architecture; the existence of defects in the architecture which would preserve security in the absence of their exploitation is the thing matters to the court system.
That sounds tantamount to what you're proposing; is that really the sort of legal framework you think we have / should have? I personally think it's ridiculous, and I reject your justification and others which rely on a technical deficiency in Lavabit's implementation to endorse the legality and moral authority of the court's orders.
One of the features of a good security system is that there is no single party that can be compromised in a way that violates everyone's security. Basically, your example assumes that the system has a fundamentally risky design.
Even if you need a trusted party in your design, it should be the case that the party only has a limited ability to violate everyone's security. For example, consider an identity-based encryption system, which by its nature requires a trusted party to generate keys. Under the right circumstances, that party can delete the master secret key needed to generate keys; one can imagine setting things up so that the master secret is destroyed periodically, say once per month, so that only keys that were recently issued can be compromised if the authority is compromised (your identity under such a system might include some information about when your key was issued).
"I reject your justification and others which rely on a technical deficiency in Lavabit's implementation to endorse the legality and moral authority of the court's orders."
I think it would be fantastic to have a trustworthy government, but that is orthogonal to the issue here, because the security of a system like Lavabit is not limited to resisting court orders. Suppose the Lavabit have become as big as GMail i.e. big enough that the government might threaten an antitrust investigation if special favors were not performed. Suppose that a foreign government was trying to conduct industrial espionage against Lavabit's users, and surreptitiously installed eavesdropping software or equipment.
For that matter, suppose that you were personally involved in a lawsuit against Ladar. Would you communicate with your lawyer using Lavabit in that situation?
Also consider the reality that laws can change. It might take a massive terrorist attack to cause laws to change for the worse. Maybe a dictator will rise to power. Maybe people will just stop caring. Maybe it will be a combination of things, but the point is that building a system that relies on the law to protect users' rights is a fundamentally bad approach. It was not merely laws that stopped mass surveillance previously; when letters were sent primarily via the postal system, it was the lack of abundant and automatic copying that prevented mass surveillance. Laws are easy to change; widely deployed and widely used technologies are much harder to change (at least in ways that conform to the desires of politicians and governments).
This is what the battle over the clipper chip was about, and the government lost that one. Communications providers, absent any prior court orders, have no legal obligation to make their systems mass backdoor-compliant. It is the government, nominally, which is burdened here by the obligation to conduct their investigation without trampling the rights of 400,000 other people.
> "Even if he had turned over the SSL keys, the US still has a fairly strong "fruit of the poison tree" doctrine: any information the government happened to obtain on other users would be invalid for prosecution because it wouldn't be covered by their search warrant."
Which is why the government uses "parallel construction" to get around this restriction. And because the original source of the evidence remains classified, nobody can say for sure why the defendent was randomly stopped on the highway.
Your argument starts with the premise that the government is always entitled to data on particular individuals being investigated, and all other values must always be sacrificed to that end. Your review of the costs imposed, however, recognizes only the wiretapping of "every other user".
There is also an additional price paid, which is even more significant and unfortunately not recognized in your argument nor even in Leveson's arguments in the case. The SSL private key is not only for encryption, it also is designed to authenticate the server to the user. Thus, revealing it enables the additional party to impersonate the server owner online. (In this case, the impersonation would have taken the form of a compromised server, no longer under the owner's control, purporting to be the uncompromised server still under the owner's control.)
The evil comes in with the combination of this demand and the gag order. If the server owner could either keep the key secret or warn the users, this evil could not happen - but when both are prohibited, he is forced to enable the third party to lie to the users and make his server a fraud.
Accordingly, my view is that one of these things must yield - either the secret key demands or the gag orders. This is a higher social value than the wiretapping of persons alleged to be suspected of crimes ("alleged" because the secrecy of the process prevents the citizens verifying that the government has any legitimate grounds at all).
Lavabit was a service that explicitly provided a secure and private email to its paying customers. In my opinion, an expectation of privacy _did_ in fact exist for its user's 'metadata'.
The solution isn't either of the extremes, 1) Give access to all Lavabit users or 2) Refuse to comply with a legal warrent, it's somewhere in the middle.
After everything we've seen from the Snowden leaks until now, do you honestly still believe this? Parallel construction? Hello??
As a non-American, I have a problem with this seemingly widespread idea even among privacy advocates in the USA that only Americans are entitled to the protection of their rights from the American government.
Personally, I don't like the existence of national borders of any kind, but I also can't wish them away. And when you draw a line, that says there's something you want to exclude on the other side of it, and the stuff over there just might decide to cross the line in a way you don't like.
My general strategy has been to support inclusive immigration policies, globalization efforts, and joint international operations. The more of these that exist, the less meaningful national boundaries become, the less necessary national defense will be.
Your country may be perfectly at peace with the US now, but there is no way to guarantee that peace unless we have people to continually watch for potential threats. Even that is, in itself, no guarantee, but it's better than nothing.
Maybe someday, mankind will be able to share universal goodwill and peace, but until that time, trust, but verify, at a minimum.
For all of the talk about "all men created equal" and "do to others as you would have them do to you", fundamentally Americans are brought up to believe they are different or "exceptional" to other humans. This belief let's them distort reality so that spying on innocent foreigners is ok but spying on innocent Americans is an abomination. Hypocrisy.
Timothy McVeigh and others prove that the domestic threat to the US is as serious as the foreign.
Without such an agreement, this is nothing more than international espionage, which is a natural (and arguably necessary) part of having different nations that don't always see eye-to-eye. Do you take issue with spying in all forms, or only the 21st century brand of spying?
Widespread unchecked surveillance is evil in and of itself, it doesn't matter _who_ is doing the surveilling.
Following your argument, if the Chinese government engaged in exactly the same sort of surveillance against you that the NSA does, you'd be fine with it, since it would merely be international espionage. But in the end, the same information about you is being stored. And your information is probably less trustworthy with the Chinese government than even with the NSA!
'Spying' in the traditional meaning is qualitatively different to dragnet surveillance of all communications.
I understand that all countries engage in a level of spying, and that friends may not always remain so, but the US' seemingly widespread lack of trust in _any_ other country, only works when you're (1) right and (2) the most powerful country.
These may not always hold true, and it's when bad things happen that you need friends you can trust (and that can trust you).
In the case of the NSA, the NSA coerced/worked with many private US companies and took the data from them (rather than somehow collecting the data themselves). Such coercion of American companies is what I believe should be curtailed.
The thing is, China has no such reach in my life. I don't use any Chinese websites to store my data. I don't use any Chinese social networks to keep up with my friends. I don't use a Chinese email service.
The religious ones thought these rights came from God but in any case most all agreed these are "Natural Rights" that you have because you are a human being. Such rights can only be violated by governments. They cannot be granted or taken away.
This attitude that rights only adhere to citizens of the US, common among united statesians, is a pathetic indicator of the level of indoctrination. It's also morally and philosophically appalling. It's the same attitude that allows united statesians to support bombing brown people on the other side of the world for whatever reasons their leaders give them.
At approximately 1:30 p.m. CDT on August 2, 2013, Mr. Levison gave the F.B.I. a printout of what he represented to be the encryption keys needed to operate the pen register. This printout, in what appears to be four-point type, consists of eleven pages of largely illegible characters. To make use of these keys, the F.B.I. would have to manually input all two thousand five hundred and sixty characters, and one incorrect keystroke in this laborious process would render the F.B.I. collection system incapable of collecting decrypted data.
I tip my hat to this magnificent bastard.
The core issue is summed up nicely thereafter:
Levison believes that when the government was faced with the choice between getting information that might lead it to its target in a constrained manner or expanding the reach of its surveillance, it chose the latter.
It's because the private certificate was forcibly supplied to the government. No longer secure => revoke it.
Anyone with judicial experience know if judges have trusted advisory panels that can help wrap their heads around technology to better rule on cases such as this?
I think it's actually the other way around, where Lavabit doesn't understand the judicial system and the concept of evidentiary chain of custody.
>> To make use of these keys, the F.B.I. would have to manually input all two thousand five hundred and sixty characters, and one incorrect keystroke in this laborious process would render the F.B.I. collection system incapable of collecting decrypted data
Don't FBI have some ultra DPI scanner with advanced OCR software? Let's say they live under a rock, it's still not so hard to manually type ~2k characters using magnifying glass. If so, what was the point to shut down Lavabit AFTER turning in printed keys?
P.S. I still highly respect Lavabit and people behind it, but this point in a story doesn't make sense at all.
I should read the article...
As I understand Lavabit's architecture, there is no "master" key. Instead, incoming mail is encrypted using an asymmetric per-user key. All the key pairs were created by Lavabit and stored on-site, but locked by a password to be provided over TLS. Since Levison probably didn't compromise his system to store users' passwords, presumably the keys that he was handing over in 4-point type were still locked with a password.
You're making assumptions about the encoding...
Does anyone have any experience with (or thoughts about) rally.org -- or, for that matter, any knowledge of why the EFF isn't running point on this case?
I suspect that the only reason anyone cares about this case is because Lord Snowden the Infallible deigned to grace Lavabit with his email traffic.
Would the internet outrage be the same if the targeted user was found out to be a Goldman Sachs executive or a Westboro Baptist Church minister?
Not a big fan of reading the article, are you? The government's demand was constitutional for one user, and unconstitutional for 399,999 others.