Hacker News new | comments | show | ask | jobs | submit login
Lavabit SSL Cert Revoked (lavabit.com)
420 points by jambo on Oct 8, 2013 | hide | past | web | favorite | 304 comments

Lavabit has revealed something incredibly important.

The US Government has no problem with seizing your private keys. It claims the right to impersonate you without your permission.

It no longer matters which system you use, Sovereign Keys, PGP web-of-trust, traditional PKI, they're all the same. Services based in the US can be MITM'd without leaving any traces.

If this is allowed to continue uncontested there will no be no way to stay secure online. The only solution is a partial solution, to create decentralized services. This, at least, will require the government to seize the private keys of each individual they want to track.

Ok, let's keep this in perspective. The problem here is Lavabit was specifically designed to disallow lawful intercepts of individuals.

Targeting individuals is absolutely the right way to go about a lawful intercept. Sucking up all traffic like the NSA has been doing is totally overbroad and invasive.

But the whole point of the asymmetric encryption feature of Lavabit was to make it impossible for anyone but the account holder to access their email. This is obviously why Snowden used the service. Duh. And this is why the government resorted to threatening to seize the keys and trying to impersonate the service.

What actually happened is, in the court proceedings Lavabit responded to this by offering to make modifications to the service to essentially wiretap an individual account without handing over the keys. Thus confirming the problem the government faced. But by this point the government didn't trust him to act as a spy on their behalf (which frankly is not an unreasonable assumption).

To be absolutely clear, I am taking no position on the justness of the government's targeting of Snowden. Personally I think he's a hero.

But surely we can all agree there exist circumstances under which some lawful intercepts are justified: child pornographers, terrorists actively planning murders, missing persons, etc.

The problem is Lavabit was not designed to facilitate intercepts under any circumstances. That is why the keys were seized.

Source: http://www.newyorker.com/online/blogs/elements/2013/10/how-l...

I disagree with the premise. I don't believe that a service should be required by law to provide the possibility for the government to intercept the activity of its users.

You can always say "but the child pornographers!" or, "but the terrorists!"... but... no, sorry. I believe that people should have the ability to engage in total privacy. The fact that the US gov't is doing this because of Snowden (a person I admire) just reinforces my belief.

> I believe that people should have the ability to engage total privacy.

They already have the ability to do this.

That's not what you are asking for. What you are really asking for is:

"I believe that people should have the ability to engage total privacy through any means of communication they so choose."

So according to you, if people can still communicate secretly by meeting in person and whispering in a forest or such, then it's no impairment of their rights to destroy their ability to do the equivalent with electronics.

Kinda like Bush's "free speech zones", where protesters are kept in a little cage far from the public to whom they would like to express their opinions - as long as they're free to speak in this one little place, they're not totally silenced and there is no invasion of their rights, according to the clever lawyers.

The right of communicating confidentially with persons of one's choice, and not with others, is a robust right which is not to be reduced to a formality.

The fascist mentality is strong in the US right now, but citizens are going to work around the police state until it's reformed or overthrown, and they are on the right side of history.

Not equivalent. It's at least possible to tail someone to the forest (private house, etc.) and surveil them, with proper judicial oversight. Not so with systems designed to defeat lawful intercept.

There is no "robust right" to defeat lawful intercept. The right to privacy has always been subject to a body of law governing lawful surveillance and policework. Example: mobsters meeting in a private home can be bugged with a warrant.

I don't agree that there should be any robust right to "lawful" interception.

I believe my statement is more broad than your clarification and so I did say that, but for the sake of the argument, yes, that is indeed what I'm asking for, and I believe that's entirely reasonable. If you have the ability to send encrypted data over any particular communication channel in such a way that no untrusted third party can ever decrypt it (let's assume that it's possible), then I think that should be entirely lawful.

I'm not saying that all communication channels are designed in such a way as to make that possible, but for those that are, I believe that's completely ok.

There is a long tradition of disallowing encrypted communication on channels that can be (are meant to be) public and snooped by the public.

See licensed Ham radio use. There's no technical restriction or necessity against (well, necessity is up for debate), but there is a legal prohibition on commercial or encrypted transmissions; I read recently that it was being discussed to change this. I guess it would have been reported on HN frontpage if this had gone through.

The argument as I understand it is that Ham bands are a shared, public resource (commons) and that their use is strongly regulated by the FCC (and presumably some international body I haven't heard of); if your communications were encrypted, you would be free to violate the rules and engage in commercial activity, which would likely make the band a lot more popular, polluted, and less available as a limited resource for amateur licensed users. It's called broadcast for a reason.

This is obviously far from the situation on the internet, but it's a fun thought experiment to imagine the global internet with similar structure of mandatory licenses for use, and without any encryption or commerce.

> What you are really asking for is: "I believe that people should have the ability to engage total privacy through any means of communication they so choose."

No. What he's really asking for is "I believe that people should have the ability to engage total privacy on the main means of communication of our age."

I agree, up to a point. Remember that lavabit had already complied with targeted access requests. He objected to the rooting of his service to enable a mass surveillance dragnet. Are you Ok with that specifically?

Why should privacy be restricted to select mediums?

That's a loaded question and I'm not going to play that game.

I don't see how that's a loaded question.

You called me out by saying I was suggesting that people should be allowed to have total privacy over whatever means of communication they wish.

Someone else asked why you believe that privacy should be restricted depending on the means of communication.

If that were a loaded question, then the questioner would be asking why you believe something that you haven't indicated that you actually believe. But by my reading, you do actually believe that. And I believe the questioner believed that you believe that as well. If not, I'm of the opinion that it's a simple misunderstanding, and would love it if you'd clarify your position. If you do believe in that particular restriction, however, I'd really appreciate and enjoy hearing your rationale for that position, because I don't understand it and would like to understand it better.

> But by my reading, you do actually believe that.

The problem is, my clarification and your subsequent agreement don't mesh with reality. So yes, I don't believe that people should have total privacy over whatever means of communication they wish, because I don't believe it's realistic, not necessarily because I don't believe privacy should be considered.

You actually explain it best:

> "I'm not saying that all communication channels are designed in such a way as to make that possible, but for those that are, I believe that's completely ok."

And here we have a problem. What exceptions do we allow? What's reasonable? What makes one communication method okay to not expect privacy from, and another to make it a right?

Is it the use of standard encryption methods? Is it the intent of the owner? Should it be technical capability?

So, when you say that people should be able to engage in total privacy, and I say they can do that already, my follow up is to clarify what you really mean. Clearly, I was wrong (despite you agreeing to what was said). Their are limitations on a person's rights to engage and expect total privacy.

And this might all seem pedantic, but it's really the core issue, because even you realize that not all methods qualify for a level of privacy.

Where do we draw the line, because all the discussions seem to miss that crucial mark.

So yes, when I was asked that loaded question, it's because it was assuming intent that simply didn't exist.

I've learned my lesson though. Next time, instead of trying to say only what I mean to say, I'll add a bunch of words and sentences, maybe repeat myself a few times, and state my position, despite the fact that it shouldn't matter.

Edit: In case theirs any question as to why I'm asking these things, it's because of comments like this:


"All you should really have to have in order to keep a conversation private is the intentions."

Suddenly, I'm violating rights just because I happen to overhear someone talking quietly in public.

That's a perfectly reasonable question, actually.

One possible answer is that communicating on the internet requires the use of a physical commons, which one could reasonably argue carries either innate restrictions or restrictions legitimately imposed by the owners of said infrastructure.

That is a reasonable response. I would counter by saying that I see that as a justification for why they [government, ISP, whoever] should be allowed make demands about the use of the physical commons, but isn't a reason why they should exercise this conceded right.

For example: I, a hypothetical bar owner, have a right to ban silly hats in my bar. Why? Because I own it. However that's not a reason that I should ban silly hats. Just saying "I'm the owner, so I can." doesn't actually explain why I should.

I do also disagree that the government specifically is entitled to restrict privacy on the internet because much of the infrastructure is owned or otherwise controlled by them. The government owns nearly all roads, yet while using that infrastructure I still enjoy certain privacies. For example, if a cop pulls me over and asks me where I am going or where I have been, I have no obligation to answer him.

It's that last point that's so strong:

"Yes, yes, you have the right not be subjected to unreasonable search and seizure, but not if you're walking on the public sidewalk."

The key here is that the government is not like a private land owner. That's why government workers have so much leeway in criticizing their employers, and why you're allowed to protest on government land, and why schools can't have daily prayers even though they want to. The government simply isn't a private actor enforcing rules over the stuff it owns; we own the commons, and the government simply administers them according to some strict rules. Unlike a private land owner, it can't say, "if you don't like the way I do things, take your business elsewhere." Otherwise you get "You can vote for whomever you want, but since we own all these voting booths, you can only use them to vote for the incumbent."

If the government can pursue any arbitrary policy just by virtue of "owning" some infrastructure, the whole constitutional democracy thing gets circumvented.

Edit: changed "to privacy" to "not to be subjected to unreasonable search and seizure" to avoid confusion.

Yes, I agree.

A hypothetical bar owner could get away with banning silly hats. We can defend that with assertions about ownership of property and the privileges that gives somebody... that isn't particularly problematic within reason. Governments though? They need to play by a different, stricter, set of rules. "Ownership of infrastructure" should not be accepted as a defense of a government banning silly hats on their sidewalks.

Governments operate in a privileged space where they are permitted to do many things that individuals and companies are not allowed to do (as a quick example, they can levying taxes against the general population). That has to come at a cost though; they aren't allowed to do things that individuals and companies are permitted to do (as a quick US-centric example, they cannot endorse and support a particular religion).

For this reason, comparisons and analogies between what governments and individuals/companies can do are very frequently worthless at best. These sort of comparisons are just unavoidably apples and oranges.

That is total bullshit. All you should really have to have in order to keep a conversation private is the intentions. Even if it's a plain text email, only myself and the recipient of the email address should have the privilege of it's contents. If you want you can agree to let the provider use an automated system to scan for keyword for ads or whatever, but no one other than the recipients and agreed upon thrid parties should have permission to read those messages and anyone else doing so should be punished by law. We need to add an amendment which augments the 1st to say this clearly.

I believe you're referring to the 4th amendment.

Nobody owns the Internet. If company X stops running their part of it, it will continue to exist. You point is still valid if you consider an entity needs to govern the commons and apply restrictions where it's deemed in the interest of the greater good. I'm just not 100% that's the government.

No, it's not. He's making an assumption. He's assuming I think privacy should be restricted to select mediums, which is not the point of my comment. It would be the same thing as me asking you or him why you want to assist child rapists or people killing other people?

And yes, it might be a bit pedantic, but I'm tired of these childish games on HN.

You could have just answered "I don't think that." Or, you know, given me the exact response you just typed....

It really was not my intention to ask you a loaded question. Instead of calling my question childish, you should consider the possibility that your comment is not nearly as clear as you seem to think.

I agree. Talk about a conversation killer.

Considering he was speaking for kelnos at the time, I think your query seems reasonable and actually expands on the concept around what types of conversations should be managed by our government. Shouting "FIRE" in a theater is, and should be, against the law. It's a clear violation of trust, poses significant risk the the recipients, and is being done in a place that is clearly owned by someone. I'm cool with the police being in charge of enforcing rules that prevent this.

Assuming they are also in charge of policing the Internet effectively is another matter entirely.

I explained exactly why wasn't going to answer your question in my response.

"That's a loaded question and I'm not going to play that game"

I picked the words carefully and precisely.


> you should consider the possibility that your comment is not nearly as clear as you seem to think.

I realize that people might not be native english speakers. I make the assumption people will ask if they are unsure or not clear. You made no indication you were either. Another commenter was not clear, and so I clarified.

If you didn't find it clear, why didn't you ask for clarification on why I thought it was a loaded question? Or, what I meant by calling it a loaded question?

> It really was not my intention to ask you a loaded question.

But you did. And I explained as much, and left it at that.

I am sensing a lot of continued hostility here. I am not sure why, since we apparently do not disagree, and since I have made it clear that I did not have any malicious intent.

> I make the assumption people will ask if they are unsure or not clear.

You have misunderstood me. I did not find your comment to be unclear after reading it. However my take-away from your comment was incorrect.

Complaining about a loaded question, instead of simply and civilly correcting me ("I don't think that"), came off very strongly as a dodge. Or, as kordless describes, "conversation killer".

I hope this clears up any lingering confusion.

> I am sensing a lot of continued hostility here.

There is zero in my last comment. Maybe you could highlight what statement I made that was in any way hostile. I was precise, polite, and stated clearly my position. The only one being hostile is you.

> I am not sure why, since we apparently do not disagree

What makes you think that?

> instead of simply and civilly correcting me ("I don't think that")

Why do you keep making assumptions? Why do you keep trying to assert my position, despite me never saying "I don't think that." Heck, putting it in quotes is dangerous enough.

> "conversation killer"

Your continued attempts to put words in my mouth is a conversation killer, even if you don't intend to do it.

Your problem is that from the first reply, you've been trying to read more into what I said. You've been trying to categorize me. Rather than simply take the comment I said at face value, you've been trying to see some inner motive. This is clear from your loaded question, or your belief that I'm trying to dodge a question. Even now you continue to try to pin me down into a belief that I find beside the point, would have derailed the original conversation.

> I hope this clears up any lingering confusion.

I'm not confused with what I've said. And, frankly, I've stated it clearly from the first comment. That you've inferred more every step of the way is simply because you are confused.

I honestly don't think whatever I type here will matter though, as despite being factual, precise, and concise in my previous comments, people have found ways to ignore the facts, infer whatever they wanted, and consider the brevity to be something more.

It would be far easier if we read what was written, and stopped trying to imagine more.

Listen, I'm not a robot. When I read a post, I read what is literally being said, and I read between the lines; I look for subtext, and implications. I am not going to stop doing tihs. Maybe when you write those things never exist, but I don't believe that. I'm going back with my original assumption, which is that are dodging any attempt to address the subtext and implications in your posts because you want them to go unchallenged. You are making these implications, we are challenging them, and you are dodging.

tl;dr: kelnos nails it: https://news.ycombinator.com/item?id=6520055

> When I read a post, I read what is literally being said, and I read between the lines; I look for subtext, and implications. I am not going to stop doing tihs.

But then you need to be prepared to be called out when you are wrong.

> which is that are dodging any attempt to address the subtext and implications in your posts because you want them to go unchallenged.

Because, honestly, their is no subtext. I don't have a firm opinion either way. Any attempt to turn the conversation in any other direction is an attempt by others to push their own agenda.

Let me be clear: I haven't made up my mind.

> You are making these implications, we are challenging them, and you are dodging.

No, that's your imagination.

> tl;dr: kelnos nails it: https://news.ycombinator.com/item?id=6520055

No. He's wrong. First, not only is he wrong because of the context of the comment, but he's also wrong in his conclusion.

Sorry, but your making assumptions that aren't true.

The only thing I've gotten out of this conversation is that you can't ask a simple question without your motive being drug into it, and that even if you question other aspects of side, it will be held against you, regardless of your opinions.

tl;dr: You're wrong.

> "But then you need to be prepared to be called out when you are wrong."

I really don't think that I am not. You had me convinced that I was wrong for a while there.

I think your latest reply to kelnos, while completely misunderstanding his point, actually confirms my suspicion about what you actually think. I'll let kelnos and you hash this out though; I'm out.

I'd suggest reading a bit on NVC: http://en.wikipedia.org/wiki/Nonviolent_Communication

The primary problem I see with your comments is a slew of blaming statements. You started this whole thing by SPEAKING FOR SOMEONE ELSE, and it's continued through to this morning with comments like "Any attempt to turn the conversation in any other direction is an attempt by others to push their own agenda." Blaming statements like this shows you are trying to simulate why others MIGHT be intending - instead of just listening to what they are SAYING they intended.

I know you are frustrated about not being heard here, but I don't think it's anyone's fault but your own. It's a choice my friend. A choice.

Ooookaayyy... I'll try again:

Assuming that you don't oppose privacy categorically, do you disagree that "people should have the ability to engage total privacy through any means of communication they so choose." If so, why?

The constitution of the US only guarantees freedom from unreasonable search. Reasonable search is absolutely authorized.

Agreed. I believe requiring a service provider to turn over their private SSL key, exposing their entire user base to privacy breaches, to be an unreasonable search.

And that's not even really my point. I object on a higher level. If the government goes to a service and says, "I have a warrant to wiretap this user", and the service says, "sorry, we don't have the ability to give you access to a particular user's activity", then I believe the Feds should have two options:

1. Ask if there is a way for the service to be modified to make it possible, and if so, pay for the modifications. And the service provider must be allowed to advertise that they are now subject to law enforcement wiretaps (let's say one of their previous marketing points might have been that they are immune to such things). I'm debating also suggesting that the service provider should be allowed to refuse that request, regardless of payment, but I'm not quite sure how I feel about that.

2. Walk away and find another means of gathering evidence.

To take #1 a step further, if the service actually enables perfect secrecy, and there actually is no way that it could be modified to meet the Feds' request, I think that's fine too, and a service like that should be completely lawful.

> Agreed. I believe requiring a service provider to turn over their private SSL key, exposing their entire user base to privacy breaches, to be an unreasonable search.

Requiring someone to turn something over is a seizure, not a search; if it is the only way to effect an otherwise-reasonable search, its probably also a reasonable seizure. If the recipient of the seizure order has deliberately engineered it to be the only way to effect potential searches of more limited scope, and it has broader impacts, there's really no one to blame but the recipient of the order.

> let's say one of their previous marketing points might have been that they are immune to such things

As, if such an order is legally possible, this advertising was false, I'm not sure why it should be allowed to provide them with a benefit.

And the search of Lavabit's _other four hundred thousand paying customers is "reasonable"?

Or is being concerned enough about privacy to pay money to a service claiming to provide it now considered enough "probable cause"?

So you don't think law enforcement should be able to do its job?

If we lived in total privacy, and I were to start a ponzi scheme completely online, then I would not be able to be stopped because :

1. My e-mail wouldn't be looked at

2. My bank accounts couldn't be looked at

Almost all evidence gathering during criminal investigation involves a loss of privacy at one point

I don't for a minute agree that law enforcement's operational problems trump every other right citizens have.

I find it _astounding_ that people are supporting the idea of forcing Levinson to back down on the guarantee of privacy he'd made to his _other_, not under any probable cause level of suspicion, 400,000 fully-entitled-to-the-privacy-they've-chosen-to-pay-for customers. Violating the privacy of four hundred THOUSAND unrelated-to-the-investigation users? Users who had an expectation of privacy, who were buying a service from a company marketing themselves on providing privacy. Then attempting to coerce that company's founder into not only failing to provide the service his customers were paying him for - but also denying him the right to let them know.

All because _one_ customer has monumentally embarrassed a particularly powerful government department.

Is that _seriously_ "OK" in anybodies worldview?

from the New Yorker piece my impression was that, for the FBI, the easiest way was to have the SSL keys, and the Judge didn't understand the implications so granted the request.

Initially, the FBI was willing to let Levison modify the site so that just the target would have his stuff intercepted . But Levison wanted to charge the gov't $3500 for the work, also asked for external audits to make sure the FBI wouldn't goof off with the info. The FBI stopped trusting him, and for them it was just easier to have the keys.

It'd no-doubt be "easier" for the FBI to "do their job" if they had copies of everybodies house keys and office keys and safe-deposit-box keys too – so they could have a quick snoop whenever they got curious about whether you were doing anything wrong.

But we don't let them force builders/landlords/lockmakers to hand everybodies private physical house keys over, just because somebody somewhere is doing $bad_thing inside a house.

The FBI didn't trust him – boo hoo – they need to find another way to get their job done then.

(Does anybody _really_ think this was about "trusting" Levinson? Or that it was instead about trying to strong-arm Levinson/Lavabit into illegally and immorally participating in the NSA's ubiquitous surveillance program, almost certainly something they've gotten so used to having work for them that they've forgotten that occasionally they'll bump into someone prepared to throw their business away instead of compromising about "doing the _right_ thing"?)

Trust is NOT a prerequisite for cooperation.

They've got the warrant; it was a reasonable warrant, in a standard form, that he could reasonably have anticipated. The FBI have the right to execute it. (If you're arguing that this particular warrant shouldn't have been issued then that's a separate issue). It's Levinson's fault and his problem, not the government's, that Levinson specifically designed his site such that he couldn't execute this kind of ordinary, reasonable warrant without failing to provide the service his customers were paying him for.

Yes, I think it's OK.

The problem here is that Levison set up a Rube Goldberg machine. If the (in my opinion reasonable) law says you have to be able to provide access to anyone's data when you are given a warrant, you can't get out of that requirement by making your technology require you give everyone else's data, or kill a kitten, or any other requirement.

Edit: Changed 'levinson', UK report about the media, to 'levison', owner of lavabit.

Like I've said elsewhere in the thread - what about Tarsnap?

Tarsnap is also - arguably - designed in much the same way. What do you think Colin's response ought to be if the FBI/NSA come to him saying "we think one of your users might be doing $bad_thing, so we want your private keys so we can impersonate you, decrypt anything any of your users have backed up using tarsnap, and undermine the very basis of the business you've built."

Has Colin built "a Rube Goldberg machine"? Should all of his paying customers have their privacy violated because the only way Colin has to make Tarsnap reveal one customers data would be to backdoor a software update? Is it unreasonable to charge a sum on the order of $3.5k if Colin offered to set something up to allow only a single customer's software update to be backdoored? (Christ - I'll bet the FBI ran up an order of magnitude more than $3.5k in legal costs arguing that $3.5k was "too expensive"!)

Do any of us have to consider when building our products - along with all our _real_ concerns, just how amenable our technology decisions and architectural concepts turn out to be for state surveillance purposes? Are we to be scrutinized as though modern digital privacy best practice and effective use of crypto implies we've intentionally set out to make the FBI's job more difficult than necessary? Should any of our scarce development resources be squandered trying to ensure we've got built-in ways to comply with any possible law enforcement demand?

I say no. Resoundingly no. Sure the FBI have a job to do. But that doesnt make it OK to run roughshod over innocent peoples rights and to force business owners to back down on guarantees they've made to paying customers and then throw gag orders on them to stop them telling anyone.

I think you're wrong - and I think people who think like you are part of a much greater problem.

From my reading of the court details (which might differ from yours), lavamail was not trying to make it easy for a particular user's data to be accessed. I have no problem with Lavamail, or Colin, providing access to a single user's data, if they have the ability to do that in a reasonable way.

The problem is that there seem to be two extreme worlds we could end up reaching.

1) The security forces can access all data, anywhere, anytime, freely and without limit.

2) The security forces can access no data at all, and become useless.

Both of these are a bad situation to end up in, but I would consider the second worse. Hopefully we can end up with a more sensible world, where the police can access data with a warrant and the proper authority.

While there are some current big cases, and big problems, it is important to remember there are large numbers of lower level people in the security forces, solving real crimes every day. They must not become over-powerful, or hobbled, by a few high profile cases.

I actually think (1) is the bigger deal and by a significant margin, however...

I do agree with you that there needs to be a reasonable and lawful way to tap very specific and targeted conversations, regardless of the medium. Just like bugging the mafia's phones etc. And by reasonable, I mean a real frikin' judge and with total public transparency, not some secret court and definitely not some blanket surveillance program. Accountability for any abuses is a key requirement that currently seems to be lacking.

I'm practically a conspiracy theorist these days, but I think you're being completely logical while most others aren't.

I have jumped in to this thread, so forgive me if I have missed something, but do not understand the reference to 'Levinson'.

I am from the UK, claim no expertise in the field, but the following might help.

'Levinson' is the name of a report on the media (a very long topic in itself), which has no bearing on giving up data.

The law which covers that,I believe, is known by its abbreviation as RIPPA and,amongst other things, sets out the powers that the UK government have to ask for data from companies. In particular, I understand that it makes it an offence to refuse to provide the key to encrypted material.

"Ladar Levison" is the name of the founder/operator of Lavabit. (The misspelled "Levinson" version of his surname in various bits of this thread may well be my fault. Apologies.)

Thanks-all makes sense now.

If circumstances are such that monitoring one customer means all customers have to be potentially monitored then that, in practice, is the way things are. After all the TSA operate on exactly the same principle.

It may not, in some airy-fairy, hippy, juvenile world view, be "OK", but again, it is the way things are.

Law enforcement has a variety of ways with which it can gather evidence. Ignoring the internet and tech world entirely, there are plenty of criminals who are clever enough to cover their tracks sufficiently so there is no way that evidence can be brought against them.

I don't see why the law should require that all services should be built with wiretap points. If a user of a service wishes to ensure perfect secrecy, and a service allows that use case (ideally by never seeing the user's cleartext or keys), I see no reason why the law should be allowed to interfere and require that the service be changed to disallow that.

Sure, that might make law enforcement's job harder in that case, but too bad. Catching a few extra criminals here and there is not a good reason to weaken the possibility of privacy for the rest of us.

For the sake of arguments, let's just assume Windows is perfectly secure. Then if child pornographers or ponzi scammers use direct, encrypted links instead of emails to exchange information, what will the FBI do? Is it reasonable for it to hack into the computer of a suspect to gather evidence? Is it reasonable for it to force Microsoft to implement a hole in their OS so that they can do that? Is it Microsoft's fault for implementing their OS in such a way that it's difficult for the FBI to (lawfully) intercept its users?

Maybe we all blamed Microsoft unjustly, maybe they were forced by law to create all those holes, and maybe they were forced by law to not disclose the fact that they were forced by law to create all those holes.

Your argument against the ability to wiretap child pornographers and terrorists is "no, sorry".

That's not a very complete argument.

His argument is clearly that people have a right to privacy. It says so in his next sentence.

The 'no, sorry' is him discarding the emotional plea that often justifies invading a person's privacy in the first place ("please, won't somebody think of the children!").

Well, what about the children?

Serious question.

I say it's an incomplete argument because there is no mention of how we should go about prosecuting child pornographers and terrorists, rescuing missing persons when phone/email records are our only clue, and so on. There's just "no, sorry", the right to privacy trumps these things under all possible circumstances.

The question remains.. why?

Why is a world with ideally zero ability to prosecute child porn (to pick one) a world we should want to live in? Laws don't mean much without the ability to enforce them, so are you advocating living in a lawless world? Police powers can be abused, but does that literally mean we should end all police, at least as it pertains to crimes involving communication such as plotting murder, child porn, etc.?

That's what's missing from "no, sorry".

Do you believe that we should all give up our right to privacy just in case it allows us to save a few people here and there?

I know that makes me sound like a dick at first glance, but do you really believe that if you answer "yes" to the question above, we are guaranteed that this system will never be abused?

I think the answer to that has already been provided in light of recent events.

No, we all should not give up our right to privacy. There should be lawful means to investigate crimes with proper judicial oversight.

For example, today, and for much of the history of democratic society, the police have the power to search your person under certain circumstances. I hope you would agree that you still enjoy a "right to privacy" in our society.

"Right to privacy" has always encompassed a body of law governing privacy. It has never been an absolute.

By comparison, the same is true for "free speech". We should not give up our right to free speech. Nor should we all start shouting fire in crowded theaters.

Of course there are no guarantees that abuse is impossible. That's what the fight for free speech and privacy is about: proper and just oversight by the citizenry -- not the abolition of lawful society.

No, we all should not give up our right to privacy. There should be lawful means to investigate crimes with proper judicial oversight.

Sure. And I'm arguing that a judge that would sign a court order instructing Lavabit to turn over its private SSL key is displaying ridiculously improper, poor judicial oversight.

My comment was actually a bit more meta and high-level than that, though. My fear is that an "untappable service" might at some point become illegal. For example, if I were to put up a communications service that allows someone to send encrypted, plausibly-deniable messages, and I don't and cannot have the ability to decrypt them, the government would try to make that sort of thing illegal.

You act as if it's a binary thing. It's not all or no privacy. It's always been some privacy , and you have more or less depending on circumstances.

Nothing is guaranteed to be abused, but when checks and balances works, things get harder.

Try not to forget that before the FISA Court there was no court and the president did what he wanted in that domain. Things are getting better (even if at a glacial pace).

We should prosecute crimes the way we always have: presumed innocence until proven otherwise with evidence.

A right to be able to communicate privately doesn't make Plain Old Telephone calls not be easily traced, or make the police useless.

How about this example, to clarify the issue:

However pedophiles (or terrorists) get their content, be it a darknet site or the sneakernet, under the 5th amendment a person can refuse to give a password to decrypt harddrives with potential illegal content that could incriminate them in a crime.

Following your logic, should we not rescind the 5th amendment, so that people have to prove they don't have exploitative images of children?

> presumed innocence until proven otherwise with evidence.

That's exactly the problem. Lawful surveillance is one of the most fundamental means of gathering evidence. If you take away that, then in a lot of cases you take away the ability to prove guilt.

You offer no support for the claim that police would be useful in a world where all telecommunications are impenetrably encrypted with no means for lawful intercept. If "Plain Old Telephone calls" are the only interceptable means of communication by police, then you might as well rename them the "Plain Old Police", since they would be largely ineffective.

I have not argued for rescinding any rights whatsoever. It is you, I would argue, who is arguing for rescinding the police, which are an essential part of a lawful society.

The flaw in your reasoning is that while individuals are protected from self-incrimination, no such right extends to third parties. Nor should it. The 5th amendment does make it harder for police to prosecute people, but with the power to compel other people to testify, to have service providers turn over records and surveil with proper judicial oversight, and so forth, it has been judged over the centuries to be a fair balance of powers.

To block all police power to surveil under any circumstances would substantially cripple their ability to gather evidence.

And so the question remains: If you feel lawful intercept of communications is never justified, how would one go about gathering evidence of a largely communications-based crime such as child pornography or plotting a murder?

Yes, in this case, it was the Lavabit service. But tools to allow for private communication already exist, and in those cases, the 5th amendment protects the parties involved, with no service provider able to provide the police useful data. The more the government abuses its surveillance abilities with massive collections, the more pressure will exist for criminal enterprises to turn their attention to the likes of Freenet, that are inherently difficult to surveil, even when working with the physical ISPs.

So, you ask, how do police investigations compensate when the criminals they're after increasingly use anonymous, private, secure, distribute means of communication?

Aside from the standard drug detection at borders or traffic stops, money tracking, physical surveillance, informants, undercover work, district attorneys giving deals to catch bigger bad guys, or other, you know, physical police work that doesn't include being told who, when and where the deal is going to take place, I'm not sure how Police will be able to function.

But I'm sure they won't be useless.

Why is a world with ideally zero ability to prosecute child porn (to pick one) a world we should want to live in?

Closing one potential avenue for gathering evidence is a far cry from removing law enforcement's ability to prosecute child porn offenders (or any other crime, for that matter).

Look, I'm not saying that law enforcement shouldn't have legal tools at their disposal to gather information. They should. They do. But if someone is using strong encryption and has plausible deniability, then they win. That's just how it is. If they're going through a third-party service that can isolate that one user, then sure, great, by all means, get at that data via legal means. But if getting at that data means exposing all users of that service to breaches of privacy, then hell no. That's entirely unreasonable.

And if criminals are indeed clever enough to cover their tracks well enough to eliminate the possibility of law enforcement gathering evidence on them... well, that sucks, but that's life. That happened before the internet, and will continue to happen in spite of it.

If you want to stop child porn, maybe you should go after the source instead of the consumers? Even if you did stop the spread of the digital pornography you still have all the molesters and other physical abusers out there. Maybe we should expend resources on actual cops patrolling neighborhoods and keeping pedophiles in jail instead of releasing them and confining them into "safe" zones. That is if you really want to protect kids, and not hunt down perverts on the internet.

Yes, what about the children? If you care about the children, it's not the internet you should be worried about:

A few years back, the NSPCC (a UK child protection charity) released a study that claims that 75% of all child abuse, including sexual abuse, is carried out by a male adult related to or known to the family. The most likely abusers are the dad, brothers and uncles, followed closely by other male relatives and friends of the family. Random strangers come far down the list.

> Why is a world with ideally zero ability to prosecute child porn (to pick one)

Why do you think there would be zero ability to prosecute child porn? Given the above, it would seem that the best investment in prosecuting child porn would be in addressing the problem at source: Better monitoring of children's health and wellbeing to increase detection and prevention of abuse in the first place, rather than trawling through peoples communication.

Of course that won't happen, because parents will all believe that their spouses and relatives and friends could not possibly be abusers, and of course most of them will be right, even though reality is that they pose by far the greatest risk to your child. Random strangers are just even less likely to harm their children.

Before we sacrifice privacy even further, we should at the very least have the facts as to what effects altering the privacy balance could actually have. Is there any evidence that more aggressively pursuing child pornographers online makes much difference to actual harm as opposed to moral outrage?

Even so, even if we allow 100% privacy in communication, people get caught for child porn possession all the time without having law enforcement violate their privacy first: Spouses report pictures from their PC; people stupidly hand their PC in for repair and it pops up; people get caught actually abusing children etc. In which case their sources are often revealed. In which case the police can do actual police work, and set up stings or visit any sites that person has obtained child porn from, and get those sites taken down, and follow the leads to payment processors etc.

In fact, a number of large child porn sting operations were conducted in exactly that way: Unravel sites where the site itself was blatantly illegal, and then track down users/customers.

I don't know if the person earlier in this thread wants to be absolutist about the privacy, but for my part this is one area where I draw the line: If there is a legitimate case against one party to a communication, then I don't see a problem with having the police go through the logs of such a site, or the e-mails of anyone implicated and tracking down any regular users or customers of such a site - I don't see a good privacy argument against that.

But note how different that is from accepting interception of communication using a site that has entire legitimate uses, and where there is no evidence of wrongdoing in the case of most of the users prior to the government request to intercepting everything.

Even when there's no malicious intent, the chance of serious errors skyrockets when you start allowing these kind of tactics where criminal investigations becomes playing the numers too. Check Operation Ore, for example, where a long range of errors conspired to make what started out as a database of card transactions, some of which were to child porn sites, ended up being treated pretty much as evidence of purchase of child porn. Problem was tens of thousands of the cards appearing in the database were stolen, and a large number of the transactions were for legal sites; the resulting operation caused several wrongful convictions, and far more ruined lives and children taken out of their homes for the wrong reasons. The operation also has resulted in dozens of suicides (though it is unclear how many of the suicides were innocent people, if that matters to you).

It underscores that even if were are 100% ok with police invading our privacy if they make no mistakes, the importance of considering the potential damage of false positives must also be taken into account: If the crime being looked for is rare enough, it is perfectly possible allowing "dragnet" type surveillance to clamp down on the crime will cause more damage through investigative errors than it will prevent. This is another important reason to be careful about giving up on privacy.

If that is the case, why stop at child pornography. Physical child abuse like beatings present a far greater threat in terms of children impacted, but we aren't discussing the wholesale monitoring of every adult with a child, are we? Are the children that are victims of physical abuse not deserving of the same attention we give to those that are victims of sexual abuse?

There are alternatives that mitigate the problem without centralized government involvement and dragnet surveillance. Opting for a law enforcement-based government solution from day one pretty much eliminates all creative thinking on how the damages from child pornography can be reduced to acceptable levels.

I emphasize acceptable levels, because the correction of all ills and dangers carries with it diminishing returns. If you want to completely eradicate something, it's going to cost you an order of magnitude more to eliminate the last 20% of the problem than the first 80%. Costs here a both financial and freedom-wise. The in both time and freedoms for services (telecoms, etc.) and places (homes, offices, etc.) is good enough for probably 80% of the benefit. Beyond that the cost is just too high for too little benefit.

You can also get 80% of the benefit by just identifying the small subset of children that present the highest at risk group and providing special services for the monitoring and social support for that group. No need to drag in the rest of society.

First, child pornography itself isn't really the problem, but the problem we focus on because its visible and elicits emotions. We focus on the end product, but the root problem is how child pornography is made. Child porn doesn't only exist in electronic form. Getting convictions of users of child porn isn't going to protect any children. We know undeniably that a market exists. Going after the buy-side is never going to have a meaningful impact, because there are a lot more buyers than creators and the amount of effort to bag a few consumers here and there is a drop in the bucket and will never be sufficient to reduce demand enough that there isn't incentive for the supply side to keep producing it. If you make it harder, then the price just go up. Profits don't change.

Personally, I would like us make the consumption of child pornography legal but keep it illegal to manufacture or distribute child pornography. By keeping the buy side legal, you gain enormous amounts of visibility into the market dynamics that don't exist, when you force both sides to go underground making observation difficult enough that the privacy of many innocent people needs to be compromised to make policing even marginally effective. Furthermore, it would still be considered taboo and a sickness and we'd encourage purveyors of child porn to seek psychiatric care, where we would counsel them on their addiction and show them the damages caused by their consumption. To get access to free psychiatric care, we can solicit cooperation from the buy side in discovering who is operating on the sell side. This removes a lot of trust in that market, because instead of both sides being driven to trust one another for fear from prosecution of the same law enforcement entity, the sell side will end up with a healthy mistrust of their customers.

The fastest way to destroy a market is to destroy trust in that market. TBH, I'm surprised we don't really spend any attention on how you effectively undermine markets like we spend time on how to foster liquidity in markets and making them more efficient.

> His argument is clearly that people have a right to privacy.

Except there is no right to engage in total privacy. There is a right against unreasonable search and seizure. But that's hardly a right of total privacy.

Maybe his argument is that he thinks people should have a right to total privacy?

> Except there is no right to engage in total privacy.

There is, in practice, an absolute right to privacy. If you combine strong encryption with plausible deniability, you can reliably secure information from law enforcement. There is nothing anyone can do to access it against your will. You can always make the plausible claim the information does not exist and/or is inaccessible to you.

So, should strong encryption be outlawed?

Does asking for a site's private SSL key sound like a reasonable search? I realize "reasonable" is entirely subjective, which is why I don't put much faith in out justice system.

> Does asking for a site's private SSL key sound like a reasonable search?

Considering that was far from the first thing they asked for, no. Were their goals reasonable? Yes. Was Levison trying to cooperate? No.

> Was Levison trying to cooperate? No.

You sound astounded that someone on the receiving side of legal action is trying not to cooperate. Next you'll be stating that him hiring a lawyer is proof of non-cooperation and evidence of guilt.

If you got to do overbroad things every time a defendant was "non-cooperative" it would apply to every single court case.

See my comment here[1]. While I'm not normally a government apologist, from the unsealed court documents, it appears that they did everything by the book here. The original order was for metadata related to a single, specific named account. There were several follow up orders and court proceedings before the request was broadened to turn over the SSL keys.

I'd claim that not producing evidence in response to a lawful subpoena and court order is proof that he's guilty of contempt of court[2].

[1] https://news.ycombinator.com/item?id=6519732

[2] There are lawful ways to resist such an orders - you file a motion to oppose in the case. While I don't have access to PACER to confirm that no such motion was filed, the judge's orders have no mention of such a motion in the established facts.

dlgeek explains the entire situation better than I. However, I wanted to apologize for poor wording. It wasn't that he wasn't trying to cooperate. Rather, than it seemed like he was trying to be unreasonably uncooperative to what was a reasonable and lawful order (starting with the information/traffic of a single individual). The distinction is important, I think.

Putting aside the vague term reasonable for a moment, we should really examine that the fourth amendment states "... and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

I think we need to analyze "persons" or "things" in an electronic light... could things be roughly analogous to "a mailbox" and could persons be "a person's electronic mail account"?

You can't just state on your warrant "I want all of the things!", you must stipulate that "I want Ben's mail account and logs of all his activity on your service." If there is no way of extracting that information without compromising everyone else's privacy, does the law state "in cases like this, the constitution should be violated to satisfy the terms of the warrant"? or does the law state "the terms of this warrant cannot be enforced without breaching the constitutional rights of at least one other party and thus is illegal"?

It's my guess (and I'd like to emphasise the word guess as I really have no idea), that any reasonable judge (that wasn't on the payroll of the NSA or FISA court) would deem this is an illegal search warrant because it's in violation of every other Lavabit user's fourth amendment rights.

Anyway, that's all by-the-by. The judge who is attempting to enforce this ridiculous debacle (and I use the word ridiculous in the sense of hilarity because every new development is a source of mirth) clearly doesn't give a shit about anyone's fourth amendment rights, and he's pissed at Levison's continued contempt of court so he's stamping his feet like a spoiled little four year old who's just been told he's not getting Dunkin' Donuts for dinner, while getting a schooled by an internet Hero... with a capital H.


That's perfectly valid, since those examples were first trotted out prior to that with no argument. If it's so obvious why we should treat those as special cases, it should be trivial to explain why.

> That's perfectly valid, since those examples were first trotted out prior to that with no argument.

Except the burden lies with those wanting to add a right to privacy to the list of rights we have. The right to privacy simply doesn't exist. There is a right against unreasonable search and seizure. But that's hardly a right of total privacy.

> If it's so obvious why we should treat those as special cases, it should be trivial to explain why.

I think it's perfectly reasonable to ask you why you want to change the laws and protections we have now, and I think it's perfectly reasonable for you to be required to stand up to the questions being asked.

The right to privacy simply doesn't exist.

You've posted at least a dozen responses in this thread and it is plain you have no idea what you are talking about in almost every one of them. Are you unfamiliar with the 14th Amendment?


the Due Process Clause is also the foundation of a constitutional right to privacy. The Court first ruled that privacy was protected by the Constitution in Griswold v. Connecticut (1965)

I guess we could forgive you for not being aware of the 14th Amendment - it's not cited much. But it was the basis of Roe v Wade, arguably the most famous Supreme Court case ever:


Decided simultaneously with a companion case, Doe v. Bolton, the Court ruled 7–2 that a right to privacy under the due process clause of the 14th Amendment extended to a woman's decision to have an abortion

Sticking with Wikipedia - they have a whole article on the Right to Privacy. As related to the United States:


The U.S. Supreme Court has found that the Constitution implicitly grants a right to privacy against governmental intrusion.

It is unbelievable that someone like you will post a dozen responses to people filled with such unbelievably false statements. It is no wonder people are downvoting you.

You're right, but that doesn't make me wrong. Only that we are saying 2 different things. I didn't mean to imply that you have no expectation of privacy, only that privacy as a whole does not exist. For example, in public, I cannot reasonably suggest that my right to privacy trumps your ability to overhear my conversation.

After all, while you elected to quote one sentence, in context, it's clear that I'm making a distinction between a total right to privacy and limits to intrusions into privacy.

"The right to privacy simply doesn't exist. There is a right against unreasonable search and seizure. But that's hardly a right of total privacy"

So, basically what I'm saying is that their is no simple right to privacy. Actually, the text you quote provides a link that explains it better than I obviously did.


"Although the word "privacy" is actually never used in the text of the United States Constitution,[20] there are Constitutional limits to the government's intrusion into individuals' right to privacy."

These limits protect aspects of privacy, not privacy itself. And that's an important distinction, especially in this context. If you explicitly had a right to privacy, one could argue that search warrants could never be legal, as your rights to privacy were being violated.

I 100% realize how my statements in that manner could be misinterpreted, and I don't fault you for challenging me on that.

> It is unbelievable that someone like you will post a dozen responses to people filled with such unbelievably false statements.

If that's the case, why wouldn't you assume you were misinterpreting what I said?

As for people down voting me, don't be too harsh on them for misunderstanding me on this context. As I said, it's reasonable that they could think that. Luckily, you made it clear you couldn't believe I would post something so obviously false, and looked for clarification rather than just assuming. =)

I think you misunderstood me, or extrapolated a position far beyond anything implied in my statement.


Just so I understand, you want me to explain why it is just to wiretap child pornographers and murderers. Is that right?

If they are to be brought into a conversation not specifically about them as examples, yes.

Whether it's wiretapping or execution, when referencing those crimes you're making a personal evaluation of the actions without referencing any criteria for for how you judged them. To do so is to play to people's emotions about the crimes you referenced rather than the actual item for discussion, which is when wiretapping is justified, and specifically for what crime.

I view it as equally manipulative to state "we can all agree that murder is bad and wiretapping should be justified in some cases" as to say "we can all agree that changing traffic lanes without signalling does not justify wiretapping" when the actual question has nothing to do with either crime.

This is just a case of Godwin's law writ small, so it's harder to spot.

(An alternative argument is that for any extended powers of the state, we should have statistics to back them up. If wiretapping is ineffective for a crime or it's benefit is outweighed by it's downsides, maybe that should be taken into consideration. In the end, I'm basically I'm for questioning generally unquestioned positions.)

I would like to contribute the point to back this up that the question isn't really e.g. "is it OK to wiretap murderers?" Actually, it's "is it OK to wiretap suspected murderers?" And the second one is a vastly greater burden. It means we need to trust the guys who decide who to suspect. This is far from a solved problem, of course, as most people agree that some justice system is necessary, and it's a hard line to draw, but the point is, one must be extremely wary of granting broad powers over arbitrary people without requiring an amount of evidence proportionate to the damage exercising those powers will do to them.

In short, if you just say "who cares about suspected murders, probably most of them are murderers", you are leaving a lot of discretion over your life and the life of those in society around you into the hands of those whose power it is to enforce the law. And while they might be the best people for the job, ultimately they are just people too.

> But surely we can all agree there exist circumstances under which some lawful intercepts are justified: child pornographers, terrorists actively planning murders, missing persons, etc. The problem is Lavabit was not designed to facilitate intercepts under any circumstances.

That's not true, though. Levison could and did help the government with intercepts before, and offered to provide the same service again; this time, the government was not satisfied with the offer (from the New Yorker, emphasis mine):

"The documents, and Levison’s comments to us, suggest that although he is a skeptic, he was willing to work with the government: he offered to write intercept code himself to capture their target’s metadata, and acknowledged that the government might have a right to the person’s information. He was willing to turn that information over, as he did in a case involving child pornography; Lavabit’s archived site in fact explicitly states that one of the reasons its most secure services are available to paying customers only is so that if an account “is used for illegal purposes that money trail can be used to track down the account owner.” But the government refused Levison’s offer. It wanted the keys to everything, so he gave it nothing."

Well, it actually is true that the asymmetric encryption feature of the premium Lavabit service is designed to make intercepts impossible. Only the account holder can decrypt it.

Handing over account payment information in response to lawful requests is quite a different matter from defeating asymmetric encryption. Account info is unencrypted records that Lavabit has access to in accordance with their TOS. They can turn those over, in accordance to their TOS.

Faking out their own service to defeat their own encryption, which they specifically advertised as being only decryptable by the account holder and not Lavabit, is a whole different ballgame.

I noted exactly what you stated, that Lavabit offered to help the government implement something like that -- only after being threatened with the "nuclear option" of key seizure.

You've got to concede that there's room for some doubt as to whether Lavabit could be trusted to comply with something as extraordinary as that. It would be trusting them to reneg on a specific promise made to all customers about the security of their service, namely that it is impossible for Lavabit to snoop on encrypted communications.

Everybody in this entire debate is just talking past each other.

On the pro-government side, the position is something like "We have such a thing as a lawful search warrant, and if you get one you have to comply."

Meanwhile on the crypto-anarchist side, the position is something like "We can design a crypto-system that is indifferent to your lawful warrants."

But these are really two different arguments, that proceed as follows: the anarchists say "Because X is possible, therefore it should be legal", meanwhile the pro-governmentals say "Because X is required by law, therefore people should do it." But neither of these necessarily follow.

"The problem here is Lavabit was specifically designed to disallow lawful intercepts of individuals."

You say that as though that's the only possible explanation for why the service was designed the way it is.

Tarsnap is also - arguably - designed in much the same way. What do you think Colin's response ought to be if the FBI/NSA come to him saying "we think one of your users might be doing $bad_thing, so we want your private keys so we can impersonate you, decrypt anything any of your users have backed up using tarsnap, and undermine the very basis of the business you've built." (note: this is a bit more difficult to execute - they'd need to have some good reason to update the tarsnap software on all end user's machines, since Colin doesn't have the private key my backups are encrypted with…)

You say "it's designed to disallow law enforcement certain abilities", I say "it's designed with best-practice modern digital privacy techniques, and is _entirely_ legal, legitimate, and a perfectly good premise to base a business on - and which the government _doesn't_ have the right to claim is 'unlawful', the same as building doorlocks without government skeleton keys, or banksafes without hidden vulnerabilities that the FBI or NSA know about, is also not 'unlawful'".

If you want to make privacy illegal - take it to the polls and ask the public if they agree. Until then - designing, deploying, and using well engineered systems to protect your privacy is every citizen's right should they choose to use it. Sure " … some lawful intercepts are justified", but that _doesn't_ imply all systems must be designed in a way that lawful intercepts are possible, and it doesn't give the government the right to coerce people not suspected of illegal acts into destroying their businesses and livelihoods just because they " … didn't trust him to act as a spy on their behalf". That's just _so_ wrong. So _very_ wrong.

"The problem here is Lavabit was specifically designed to disallow lawful intercepts of individuals."

This is not True.

Lavabit made it clear in their TOS that they had no interest in concealing illegality, they complied fully and willingly with all warrants targeting individual users.

Their premise was to protect your privacy from untargetted blanket surveillance.

I think the issue some people seem to be missing in this discussion is that the technology is morally neutral.

A system designed to protect the privacy of its users' data even if its operator is subjected to coercion does not care whether the coercion comes in the form of a court order, a bribe, a threat to reveal a secret or a man holding a gun to the operator's head.

A system designed to be secure against coercion of its operator necessarily resists lawful intercepts just as it resists blackmail. Designing a system in such a way does not imply that the designer wishes to promote illegal behavior nor hinder the ability of the police to investigate it.

What's your source? That conflicts with the New Yorker reporting on the trial proceedings.

It also belies common sense, since Lavabit offers a form of encryption that even they cannot decrypt.

Source: http://www.newyorker.com/online/blogs/elements/2013/10/how-l...

I can't see any part of that article that supports your claim. On the contrary, the article appears to claim that one of the reasons he was resisting so strongly was that handing over the keys would allow full access, though the reporting isn't very clear when it comes to already stored e-mails.

From the article:

' On July 25th, Lavabit petitioned to cancel the subpoena and warrant, arguing that if the “government gains access to Lavabit’s Master Key, it will have unlimited access to not only [the account], but all of the communications and data stored in each of Lavabit’s 400,000 e-mail accounts.” Lavabit also asked the court to unseal its records and permit Levison to speak. '

My source is (was) the lavabit ToS. I was a paying customer of Lavabit and familiar with their ToS.

He made it pretty clear that if you wanted to use his service to hide illegal activity you were SOL.

The TOS seems to be long gone. But wikipedia summarises his stance on legit warrants as opposed to "hand over your SSL private key": http://en.wikipedia.org/wiki/Lavabit

The premise is incorrect. Lavabit had provided data for lawful intercepts in the past. The government continued to press for unfettered access to all of Lavabit's data which then forced the shutdown.

Lavabit offered to develop a more involved solution for the government in order to prevent unfettered access to all of their customer's data. The court's assertion that the government could trust Lavabit because Lavabit didn't trust the government is both childish and assinine.

Source: same article as parent post.

The premise behind your post is incorrect. There is no obligation to create a mechanism for eavesdropping by the government.

In other words: if you can design a system to "disallow lawful intercepts of individuals", you are allowed to do so.

Or: a lawful intercept is lawful to use, but not legally compelled to exist.

The fact that we are so far down the rabbit hole that intelligent technologists like yourself accept this as a premise is incredibly disturbing.

I totally disagree. People have the right to have private and secure conversations and we shouldn't have to give up that privacy to ensure that the government can spy on our conversations in order to catch bad guys.

abalone : "The problem here is Lavabit was specifically designed to disallow lawful intercepts of individuals ... And this is why the government resorted to threatening to seize the keys and trying to impersonate the service."

Some of us reject your implication that the government is always entitled to the comms, regardless of harms imposed on innocent parties. Forcibly seizing the means of impersonating someone online, while preventing that person from revealing the fact, is a step too far. It is an injustice against the person impersonated, and wrongly deprives him of reputational integrity, and wrongly deprives others of the value of the service for which they contracted in good faith.

Statements like yours attempt to depict the combination of seizing private keys + gag orders as a minor invasion, acceptable in certain cases. In fact it amounts to removal of the basic human right of communicating privately - and as brian_cloutier points out, removes the whole basis of trust online. If the policy is allowed to continue, it removes the ability of cryptography to give an assurance of the identity of any entity online.

It is better for a few criminals to go free, if necessary, to preserve more important values (and the government can probably find evidence by other means in most of those cases anyway, and if not, too bad).

PGP is designed to disallow lawful intercepts. Should the government be allowed to prevent strong cryptography software on my own computer?

If not, then why should they be allowed to do the same on a hosted service?

If so, then is it also ok for oppressive governments in other countries to backdoor cryptography, so they can throw dissidents in prison? Or should dissidents have tools to protect themselves? If they should, then why shouldn't people in this supposedly-free country have the same tools?

> The problem here is Lavabit was specifically designed to disallow lawful intercepts of individuals.

The problem is that computer-mediated communication systems are not able to distinguish between lawful intercepts and unlawful intercepts and thus their security against unlawful intercept is premised on being able to guard against all types of interception, lawful or otherwise.

Isn't any software with a goal of eliminating security holes essentially "specifically designed to disallow lawful intercepts of individuals"? Should all software providers be forced by law to implement backdoors so that the FBI can intercept its communications, just in case Snowden uses the software?

> But by this point the government didn't trust him to act as a spy on their behalf (which frankly is not an unreasonable assumption).

I don't understand this conclusion. He cooperated with legal investigations before, he just needed time and resources to implement what they were asking for.

> But surely we can all agree there exist circumstances under which some lawful intercepts are justified

Perhaps, but there are means of communication that are impervious to interception, and that cannot be compromised the way Lavabit might have been.

Should such technologies be outlawed?


Sure: Strong encryption and ephemeral keys.

The only thing to do in that situation is to compromise one of the communicating parties. If the communicating parties have arranged a safeword to signal they have been compromised, even that technique is useless.

In the case of Snowden and Greenwald, that wasn't going to happen.

It is possible to make storage and communication immune to surveillance. So I ask: should that be illegal?

That is not impervious: compromise an endpoint. It takes work, but in the course of a serious investigation it can get done. At the limit, Van Eck or similar analog-hole analogues.

Anyway, my position is "no, that should not be illegal", though I am not entirely confident in that.

Did you mean UNLAWFUL intercepts of individuals? There are no lawful intercepts between two private parties.

Do you get to hear everything about a deal between two big corporations other than the stuff released in the press?

Go to a retail store and ask for information about an employer. They don't give out any information (unless there is a probable cause of course).

The only time government can intervene is when a 3rd party is hurt by someone. In this case it's their own fault for snooping around and reading everyone's private conversations and some of there were used for stalking hot girls! and now they're acting like kids trying to force lavabit by threatening the owner.

Yes, I agree that there are circumstances... But now without case by case decision from a court or whatever the actualy legal system requires. Citizens should be able to protect their privacy and it can be overridden only in those special circumstances and approved by a judge (or whatever the given state requires).

> But surely we can all agree there exist circumstances under which some lawful intercepts are justified: child pornographers, terrorists actively planning murders, missing persons, etc.

Oh come on, don't be so naive.

> child pornographers

As defined by which country? Is that 16 years old, or 18? Maybe even 21. Just because something is illegal where you are, does not make it illegal in my country/culture.

> terrorists actively planning murders

And now we know the US Govt actively murders it's own citizens without trial, surely we'd have to count them as terrorists, wouldn't we? (let alone what they do it non-citizens)

> missing persons

How long does someone have to be "missing" for that to justify the government having unlimited power? Surely they should just kick down everyone's door until they find what they want [1]

For every example you come up with, it's trivial to point out that it's an extremely slippery slope.

[1] http://www.youtube.com/watch?v=cfOvHuojEB4 (etc.)

Well, we knew the US government didn't mind seizing whatever under some circumstances.

What we know specifically now is that the government is inclined to "err" on the side of taking everything to the point that it would take your private SSL keys if it happen to get a warrant for your shopping list. The state has generally arrogated itself similar powers in physical searches so the news is that it just gets worse with data searches.

That doesn't seem like the right interpretation. They asked for this because Lavabit was unable, or possibly unwilling, to turn over Snowden's records, and impersonating Lavabit the next time he tried to check his email would have been the only way to get that info.

So yes, if your shopping list can't be recovered without your private SSL keys, they will take those when they have a warrant for your shopping list.

According to the New Yorker piece on Lavabit yesterday (http://www.newyorker.com/online/blogs/elements/2013/10/how-l...), the owner was willing to add code tailored to tracing only Snowden's (or whoever it belonged to) account. The FBI turned him down and demanded the less surgical option.

Only after he refused to do it initially. Read the case file: it's not hard and has a lot of detail reporters miss.

...and a solution that would fail to preserve the chain of evidence. If there's a black box at any point, e.g. Levison produces information and emails it to the investigating officers, the doctrine of "fruit of the poisoned tree" applies.

By that logic, doesn't Lavabit itself, or the entire SMTP system, serve as a black box? It's really not any different from the intercept features in telecommunications equipment.

Yeah you are shill, actually

If the government needs to preserve the chain of evidence by controlling every step of information flow in every criminal case, well clearly the government needs to ... sniff/control/spy-on the entire Internet. Whatda-ya-know...

It's a disruption of the chain of evidence, but my understanding is that "fruit of the poisonous tree" is something different: evidence gathered because of information the police should not have had access to.

The government already got to seize private keys when they got search warrants and ceased servers. I'd imagine this is the case in all of Western Europe.

Yes, but they weren't able to use them for MITM attacks, as seizing servers either equaled to shutting down a service, or allowed service operator to change the keys, so seized keys were useless. Now they feel they have right to obtain the private keys for you, and impose a gag order, so that you cannot change the compromised key.

I doubt that significant amount (if any) of western European countries are able to force you to keep using compromised private key, and keep you silent about this using a gag order.

Explain to me how a PGP web-of-trust can be MITM'd? Presumably you exchange keys in person?

The govt coerces somebody you trust (either directly or through the web of trust) to hand over their private keys and then begins impersonating them.

Well, this was circumvented here, right? The guy revoked his cert. That's what revocation is for.

I guess the next step is a secret law that makes this illegal?

Or they detain you so you can't revoke it

The intelligence court can if wants dish out secret punishment, so according to the Washington Post if they find you in contempt you will be held in a communications management unit, which is basically max security where they put terrorists. You are forbidden from ever talking to anybody while inside and nobody can know you are there, because it would leak the national security secrets of the specific case so basically the secret police make you vanish off the face of the earth until you cooperate.

How did this become legal

Also, honestly, the govt could coerce you into being a mole for that matter, right?

Crypto is no substitute for tradecraft.

something even more important... they do not tap email. or they are stuborn as hell and took that personally.

think about it... what does it even matter that lavabit exists?!? email is plain text. they already have ATT and verizon in their bed. they could tap that plain text anywhere.

unless all the parties ever only used decent MX i think...

The original order wasn't for SSL keys or even Snowden's emails, it was for the envelope information and the IPs he was connecting from (see page 4 of http://cryptome.org/2013/10/lavabit-orders.pdf)

They wanted data on where Snowden was and who he was communicating with. Snowden uses PGP on top of Lavabit and presummably connecting to Lavabit securely. So at least to get his IP address, they needed Lavabit's cooperation or, baring that, the SSL keys.

It's a heavey handed approach, but not irrational.

The only way to stop this is to dismantle the police state. We have no chance of keeping up with their anti-privacy arms race

Let's replace them with an app while they are in halt mode.

> Lavabit has revealed something incredibly important.

That Ladar Levison is incompetent. The FBI should probably have beat him to death in an alley for fraud.

Because whatever the FBI can do with a search warrant, we must assume the mafia has already done with a rubber hose. In fact, if we apply the parent comment's raving paranoia to the whole system, we find that Levison wept for joy because the FBI was giving him a way to publicly throw in the towel and retire from his mob involvement.

If Levison had been competent, instead of putting on a TSA-style security theater, he would have been using tamper-detecting self-erasing computers, jurisdictional redundancy, pre-distributed certificate revocation lists, etc.

TL,DR: he did this to himself by not following NSA standards.

I'm so sick of being sickened. I hate that this is becoming the norm and we can't do anything about it. I hate to spit cliches, but is this where my tax dollars go?

For me, govt and internet should almost be like church and state. Where is the data around foiled terrorist plots? I just can't stomach the obtuse logic that we need to pay our taxes to employ these virtual minders. This is not what the internet is about. It just seems so incredibly difficult to mobilise and take action against this shit ...

Btw, Ladar ... you've been incredible in all of this (tips Stetson)

The basic problem is an impedance mismatch. Some people see the internet as this noble grand thing (like you, comparing it to the church). The government, like most voters, sees it as just a place to look at cat pictures and buy crap on zappos. The government treats the internet like it treats meat space things. Nobody complains that they can Public Storage to open storage units with a warrant, so why should the internet be treated any differently?

That impedance mismatch will take a long time to reconcile. If the Facebook generation is any indication, it will probably never be reconciled to your taste.

What I'm trying to say is: get used to being an intellectual minority. You're joining the company of lots of people, from those who think the government has no business forcing you to save for retirement to those who think the government has no business forcing you to serve or hire certain people in your private establishment. You probably agree with some of those people and disagree vehemently with others.

> Nobody complains that they can [force?] Public Storage to open storage units with a warrant

If they can get a warrant from a court under fair laws, personally I don't mind the government having equivalent powers in the online world. There are people doing bad things online, and I want there to be mechanisms to minimise that.

I don't know the specifics of the Lavabit case, but from the NSA revelations, it seems like the controls and oversight are much weaker in the online world than in the physical one.

How do you defend yourself against a rogue government? Furthermore, who gets to define when a government becomes rogue? All definitions aside, how do you defend yourself from a large, well-funded organization that's determined to do what ever it wants to you? Fair laws? The fact that someone else decides what's right and wrong means we've already lost.

All of these questions are at least as pressing in the physical world as they are in the online one. So you're asking philosophical questions about the nature of government and the rule of law that I'm not properly qualified to answer.

I think there has to be a socially defined code of what behaviour is allowed and what is not - even without written laws, lynch mobs would enforce some kind of rules. Since people don't all agree on such things, many people will inevitably disagree with parts of that code. The question of how we decide on the code - both the written laws and the social conventions of overlooking some violations of those laws - is difficult. But we can't put society on hold and wait for the philosophers come up with a perfect system.

To take an example which almost everyone here will see from the same perspective: the UK government recently pushed for a form of opt-out web filtering. To HN readers, it was a clear sign of out-of-control government censorship, championed by politicians too out of touch to understand the internet. But plenty of other people were quite happy with the idea of web filtering. You may deride them as 'think of the children' types and media industry lobbyists, but that's how democracy works. You don't get your way just because you say your opponents are stupid. You have to persuade and educate people to get support for your position.

To be clear, I agree that the web filtering plan was a bad idea.

Surely we've found that using technical means to thwart a large, well-funded organization that is targeting you is useless.

Sorry, but is this sarcasm?

As long as the engineers who design and build the internet care, we can do ok.

If the protocols that run the web are so easily compromised, it raises all kinds of problems with the underlying, somewhat invisible, functions to how the world works. That manifests itself as a liability to for-profit corporations. It also is something that the cat pictures people care about -- how many of them want their webcams capturing video of them walking around their rooms naked or wake up one morning and notice their brokerage account is empty? Very few.

It is quite an irony that governments demand one set of standards for privacy and security while attempting to compromise them for their own benefit (European countries carry just as much blame here.)

> As long as the engineers who design and build the internet care, we can do ok.

If the engineers who designed and built the internet cared about privacy, internet protocols wouldn't completely ignore privacy. They designed a massive routed network that involves packet forwarding between random untrusted nodes and then built a bunch of plain-text protocols on top (SMTP, HTTP, etc).

> how many of them want their webcams capturing video of them walking around their rooms naked or wake up one morning and notice their brokerage account is empty?

Probably none, but the government wouldn't do that. That's not how abuse of power works in liberal democracies. Targeting the majority is a voter-loser. You have to target minorities: hacktivists, terrorists, etc.

> It is quite an irony that governments demand one set of standards for privacy and security while attempting to compromise them for their own benefit

Nothing ironic about it. The whole premise of liberal democracy is that government needs to exist as an entity with powers superior to those of individuals, but as a check on that power must be subject to majoritarian control. You don't have to agree with that premise, but it's consistent with different standards of privacy for individuals and the government.

I often agree with you, but the statement that the Internet founders didn't care about privacy is factually incorrect: Vint Cerf (as mentioned by the sibling comment) is on record as not only being in favor of privacy but wishing the technology had existed for practical cryptographically secure authentication at the protocol level at the time the Internet was designed.

I know he's in favor of it now, but was it something he was thinking of when he designed these protocols?

Had the original TCP/IP protocols as they were designed included cryptographic security, the designers of those protocols would themselves have had to be be pioneers of cryptography. This is a little like asking why Henry Ford didn't just start with the electric car. I mean, sure, there was electricity when he started...

> If the engineers who designed and built the internet cared about privacy

I believe Vint Cerf cares an awful lot about privacy. But, as he has stated countless times, this internetwork was supposed to be an experiment. Who would ever design a real network with only billions of addresses?

The reason you are wrong is that you ignore the dragnet aspect. In meat space people would not accept their snail mail being read without probable cause. Recent polls show that people are more concerned about the spying than terrorism.

Do you mean like how the U.S. Postal service has been recording senders and recipients for decades? It's not a good analogy.

They have? And of the whole world as well?

Getting a warrant to search one person's inbox seems pretty reasonable to me. (Seems pretty analogous to searching one person's rented storage space.)

Forcing Lavabit to hand over everything seems like searching all storage lockers, even for people who are suspected of nothing. That's way over the line for me.

I have mocked-up a system for policy creation. The project is open; please contribute your thoughts. People say "it has flaws" but never explain the flaws, nor how to address them.


Would greatly appreciate constructive criticism. The system serves to educate everyone (openly and transparently) on implications of existing and upcoming policies.

If the idea intrigues you, check out what other people are doing along the same lines:


Rather than getting to the point where citizens have to "mobilize against" the current government, we should be seeking to self-govern in such a way that mobilization is not necessary.

I love the idea, but I don't think people should be allowed to have unlimited up or down votes. That would encourage whimsical opinions, and would make the site reflect the opinions of the most active and opinionated users instead of the average person. I think there needs to be a way to limit the voice of each user so each person has the same amount of influence.

One idea I like is to give each user 100 points to distribute among topics. Once the user has assigned a certain number of points for or against a position, they could then distribute those points amongst the comments that best represent their position. So if a user votes 20 points for gun control, gun control would get 20 points, and the user would have to choose which comments best support their position--5 points to this comment, 7 points for this comment, etc.

I think this would solve two problems: it would encourage thoughtful opinions to rise to the top, and it would give voice to the minority of voters that care passionately about a topic that the majority disagrees with or doesn't care about.

This sort of scheme can cause problems with vote splitting and 'spoilers'; see https://en.wikipedia.org/wiki/Spoiler_effect#Bush.2C_Gore.2C... , and also https://en.wikipedia.org/wiki/Independence_of_clones_criteri... .

For example, if 50% of voters are "for" gun control, and 50% are "against" gun control, but there are 2 very popular, well-written posts supporting gun control, and only one very popular, well-written post opposing it, then the gun control supporters will "split the vote" and their best comments will only be ranked about half as highly as the opposition.

Which may or may not matter depending on how people interpret comment scores.

One alternative that i like is reweighted score voting: http://rangevoting.org/RRV.html

Interesting post on reweighted score voting. How would that work in practice for sorting comments? Would you have people rank the top-level comments in the order they agree with?

The strategy I had in mind for comments was to create a column of arguments for and against, and to only allow users to vote on comments in the column where they've placed their opinion. That way the strongest arguments from both sides would be shown.

I like this, especially because it means votes become more valuable.

Consider, too, that the system is self-referential. You could use the system to debate the relative merits of vote and comment limits, for example.

I agree that there might be some issues with comment limits--you don't want to limit discussion too much.

On a different topic, why do you think this system should be anonymous? You can't limit votes unless you can authenticate someone's identity, and the best way to prove that users are real is to show who each user is.

Corruption is only possible when you know who to bribe. By making the system completely anonymous, bribery becomes extraordinarily difficult, if not impossible.

Further, all ideas should receive equal consideration. Attaching names allows for group-think and bribery. (Imagine if Neil deGrasse Tyson posted a policy, or Neil Patrick Harris, or Neil Young.) Ideas must stand on their own merit, not on the reputation or wealth of the person who conceived the idea.

I'm not sure I understand your point about bribery. Are you talking about bribing groups of people to vote a particular way, or about bribing coercing powerful individuals not to express their opinions?

I disagree in practice that all ideas should have equal consideration. If an economist or other professional has a proposal, I think its practical to recognize that that person has extra credibility on a topic, and I don't see why we shouldn't let the public see that person's reputation. Professionals have an incentive not to state false claims--if the do so, especially in an internet forum board, they would be called out and their reputations would suffer.

On the other hand, there needs to be some anonymity to protect people from real life abuse. Do you see any problem with the option of anonymity?

You have some interesting ideas, and it would be rather helpful if you would add them to the wiki.

Your question poses an interesting problem. How do you give accreditation while still retaining anonymity? At some point you have to associate an account with a person.

I think optional anonymity would allow corruption into the system. (Televangelists, for example, would opt-out from anonymity so that their proposals might pass through randomized moderation by votes from their fan base.)

Much of this is putting the cart before the horse, though, as the system is probably best tested, at first, with politicians. See also: http://openparliament.ca/

Part of the reason why some people may say your system has flaws but never address is them is that they may not be able to be addressed.

Your system looks like it strives to be purely democratic, but pure democracies have inherent flaws such as being open to tyranny by the majority or irrational voter behavior. It is clear that some of your solutions try to mitigate these issues, but there are tradeoffs. For example, the reputation bonus for education could be seen as biasing the system against certain classes of people.

For a better framing of the voter irrationality problem (which is a misnomer because its actually rational irrationality,) I would recommend looking into the debate between Bryan Caplan and Donald Wittman. I imagine if you can mitigate the issues of both sides in your system, you'd really be on to something.

http://vimeo.com/22531716 ?

The reputation bonuses are just that: bonuses. If you contribute in a positive fashion, your reputation would increase as well. Yet all ideas (including those from anyone receiving a "bonus" boost) must still pass the moderation phase.

Or perhaps bonuses are a bad idea altogether. I thought that someone who graduated from environmental studies would be able to propose environmental policies sooner than someone who has not. Maybe that isn't good.

Thank you for the pointer!

Thats the correct debate, although you are probably better off just reading their books and deciding for yourself. I think that particular debate session got hung up on a lot of minutiae.

As for the direction of your project, I think as opposed to solving all the problems at once, you may want to construct things piecemeal, while laying out the factual pros and cons of each political "module". For example, using Arrow's Impossibility Theorem, there is no way to create a perfect voting mechanism, so any voting mechanism you put in place will be a traeoff. At one extreme, is unanimous consent, this guarantees everyone is signing off and thus reasonably happy. However, unanimous consent creates a new problem of the holdout position. To balance, voting systems like majority rules limit the holdout problem, but also introduce consent issues like swings in opinion from mob rule and the tyranny of the majority. On the opposite end of the spectrum, you could create an elected dictator that could decide. This would be a trustee style system and while it would limit the above issues, it would introduce principal agent problems. By building these individual modules, you could allow your system to be adapted to many situations and allow for the actors themselves to police the less desirable behaviors (IE they know to watch out for holdouts before the process begins), which would be listed in the cons. A similar decision process could apply to the bonus systems (should education enter into it?), systems for evaluating relevant info in the debate section (types of source material, reputation voting) and so on.

In sum, allow the users to determine how they want to decide and mediate each decision before they enter into the process. A module setup may also help you make more progress on your own and get contributions.

I created a kind of micro discussion/decision making system that didn't generate much interest from people I talked to and perhaps shares a flaw with this concept.

Basically if you look at what people use text for online it usually isn't anything serious, even these discussions don't have all that much gravity and HN is probably the most serious site I've seen.

Text also has less emotion and involvement attached and I think a lot of people won't connect with a text based system like this or won't feel comfortable contributing.

An idea for a way to feed peoples passions would be some kind of automatically generated video conference setup to split people into random think tank groups based on availability for each policy they indicate they want to be part of. Then perhaps one person, presumable someone that indicates they feel comfortable writing could contribute on behalf of their group to the text based policy page.

Initially, I was thinking the system would be more useful not for the general public, but for politicians. It could be used at federal, provincial, and municipal levels, for example.

I agree with you that text is too impersonal. The support page aims to address that somewhat by allowing video content: https://bitbucket.org/djarvis/world-politics/wiki/Supporting...

I like the idea of video conferencing. That's a rather forward-looking application. You could use speech-to-text systems for automatic dictation. An issue with video conferencing is scheduling people for simultaneous discussion.

You may be interested in http://caae.phil.cmu.edu/picola/current.html http://caae.phil.cmu.edu/picola/ . I'm not too familiar with it and i don't think it automatically splits people into groups but it was created with Fishkin's Deliberative Polling in mind.

Could you provide a link to your system? I'm curious.

I agree with what you say about self-governing. By mobilizing, I simply meant forming something more cohesive than clicktivist petitions which most often go nowhere. Your wiki addresses this perfectly. I think you should continue pursuing and refining. The concept is fantastic.

That was one of my frustrations -- tens of thousands of clicktivists sending the same form letter to politicians is pointless. Especially when those same tens of thousands are not fully educated on the benefits and drawbacks about the policies they ardently clicktivise.

I like the ideas you present.

Does this site exist? If not, what existing sites do you think are closest to your vision?

The site I have mocked-up does not exist. I want to work on it, but it does not pay, and I need to eat. :-) I am working on a side-project (yes, a start-up) that will provide the income I need to work full-time on the World Politics idea.

The closest idea is probably: https://canada.yrpri.org/

It has a number of issues, though.

I've had similar ideas, mainly focused on holding legislators and their contributors accountable.

It should be really easy to see how legislators voted, and also to see which companies contributed most to those on either side of the vote.

Also, I would include a "I approve/disapprove of this legislation" button. This way, the site could tell something like "You current Senator voted for the bills you support 15% of the time." In which case, you vote for someone else.

You may or may not also be interested in some of the projects discussed at:


and in some of the projects linked from:

* http://www.communitywiki.org/ArgumentMap

* http://www.communitywiki.org/en/MappingArguments

* http://www.communitywiki.org/en/DebateTool

* .. and other related pages at that wiki

I agree with your strategy. The internet is an unprecedented communication mechanism, for the first time in history we have the tools for mass self representation in an organized way. A new kind of society.

Do you know about liquid Feedback, which is used by the pirate Party? Or liquid democracy in general? I think they might be very interesting for you if you haven't heard of them yet.


Please see the "Technology" section. If you know of any other related technology, please add it to the wiki.

I like the idea of self-government and I'd like to extend the concept a bit further. We should be seeking to self-govern in such a way that the government is not necessary.

Opinions vs. Facts The community should be encouraged to favour facts over opinions.

Er, this is one of the largest problems facing Democracy since it was invented millenia ago. Look at the current American government shutdown, and the way Republicans have managed to frame the debate using empty rhetoric, when in reality both the debt ceiling and government spending are currently not an issue http://delong.typepad.com/sdj/2013/10/whiskey-tango-foxtrot-...

You'd be surprised that ignorant deadmen once consider the same issues and felt an adversarial system was the best solution at the time. Today with the aid of the internet we know better. We should simple censure and imprison dissent and not bother with it at all.

Thank you for raising that issue; please see how the "debate page" and "supporting page" address your concern:



Constructive criticism is truly appreciated.

What makes me incredibly sad in all this is the reaction of people. Specifically, Americans. I'm used to see this nation as the pinnacle of free spirit and liberty. Bold, fearless, freedom loving culture that will not tolerate any encroachment upon their rights and freedoms.

I can't see any of it. People are either indifferent or compliant. A few protests here and there that amount to nothing on the nation's scale. This is all despite the immense uproar in the press and media worldwide. What's worse, those few brave souls who dare to stand up against the injustice become social outcasts.

I guess these days people would have given up Robin Hood to the sheriff for a few gold coins and a promise of security. Or perhaps they already did.

> I'm so sick of being sickened. I hate that this is becoming the norm and we can't do anything about it.

There's only one thing you can do "about" it: Get the fuck out of the USSA while you can. Yes, this is a radical idea, but you can't deny it's starting to make a lot of sense.

Seriously. You personally can't affect what's happening all around you. Voting doesn't change anything. Writing to "your representatives" (hih!) doesn't change anything.

So what's left? You can't do anything about what's happening to your country and, by extension, you. But what you can do, is remove yourself from harm's way and go somewhere else.

Actually, I'd rather try and help fix the USA. It's a pretty nice place and a lot of really good people live here.

Those people deserve a lot better from their elected government. Maybe the right answer is to have more people that care run for office. I'd love to help get some makers into congress and start fixing the problem.

> Where is the data around foiled terrorist plots?

Luckily some Senators have recognized that meme as bullshit:

“For example, we’ve heard over and over again that 54 terrorist plots have been thwarted by the use of (this program),” Leahy said.

“That’s plainly wrong,” the senator said. “These weren’t all plots and they weren’t all thwarted.”


To my understanding this is what I would expect to happen. He handed over the cert to the FBI, so from a security standpoint it's useless now and should be considered compromised.

Will having the private key allow the decryption of ciphertext that was previously intercepted (while the service was active) and stored? Lavabit was already shut down, so this revocation is equally useless for user security. :(

If the connection was using a forward-secret key exchange (like DHE or ECDHE), then no. Unfortunately it's common not to and browsers don't do anything to warn people that they're using a low-security mode.

FWIW, just now I went looking for a firefox plugin that reports (in a human-friendly way) whether or not the SSL connection for a page is using perfect forward secrecy (PFS).

I found "Calomel SSL Validation," which I am about to install. The PFS reporting only works with Firefox 25 and up.


Thanks for finding this. Calomel's website [1] gives much more information about how the scoring is done as well as security in general; very interesting.

[1] https://calomel.org/firefox_ssl_validation.html

Also the Netcraft Extension gives you this information: http://news.netcraft.com/archives/2013/09/06/perfect-forward...

Sadly it comes with an awful toolbar.

It depends on what ciphersuite was being used for the particular session. Some offer forward secrecy, but not all.

So does that mean the CAs will start penalizing sites if they give out their private key and -- pursuant to a court order -- don't tell anyone that they've given it out?

Anyone using Safari or IE apparently isn't getting a forward secure connection to https://Lavabit.com . They end up with TLS_RSA_WITH_AES_256_CBC_SHA according to SSLLabs[0].

Since things escalated to the point where Lavabit had to hand over it's key rather than the data on one account the FBI obtained an initial court order for [1], anyone with a transcript of those sessions and access to the key can read them.

The resulting cipher suites:


IE 7 / Vista TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256

IE 8 / XP No FS * TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) No FS 168

IE 8-10 / Win 7 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256

IE 11 / Win 8.1 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256

Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256

Safari 6 / iOS 6.0.1 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256

Safari 6.0.4 / OS X 10.8.4 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256

Safari 7 / OS X 10.9 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256

[0]https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2... [1]http://www.wired.com/threatlevel/2013/10/lavabit_unsealed/

Consider donating to https://rally.org/lavabit. Lavabit needs at least 250k to continue fighting in the supreme court.

See his last update on the rally page.

And our contribution becomes part of our "permanent record" with the NSA? So glad I'm a US citizen and need not fear about such things.

That just sounds like fearmongering. I can't see any way that helping to fund someone's court case can be considering a crime, even if he were completely in the wrong.

I strongly suspect that there are favourable legal precedents, even.

Non-citizens can be turned away at the US border for any reason, or no reason at all.

Considering that a person's ability to travel to the US is so professionally important in this industry (for conferences, business meetings, etc.), I do not believe this is fearmongering.

Remember the case of the man refused entry after a misinterpreted Tweet about 'destroying America'? [1] It seems clear NSA surveillance informs CBP's entry decisions in at least some cases. Credit card payments are surely surveilled by NSA, so this actually sounds like a pretty well-grounded fear.

[1]: http://www.nbclosangeles.com/news/local/British-Tourists-Den...

If such donations really cause problems at borders, then it will be a sign that the place is FUBAR and you (and everyone else) should avoid traveling there.

As posted in this same thread, David House discovered that donations to legal defense funds can indeed cause problems (even for citizens) at the US border.

I do not think the US is FUBAR: FU, certainly, but not BAR. And although I refuse to be frightened into Appelbaum-esque total exile from my own country, I do take appropriate precautions before crossing the US border (CBP take note before sending me to secondary screening next time...).

Challenge accepted.

As a non US-citizen, I have, upon entering the US in the past, almost without fail been subjected to "additional scrutiny" and questions upon entry simply because I live on a farm, which triggers an automatic customs red-flag. (I understand the concern about having been on a farm - they don't want me importing foreign weed-seeds or insect eggs via my shoes. But the customs system makes no distinction between someone flagged for such concerns versus someone flagged for more legitimately nefarious reasons.)

Since things got more draconian it has become one of my very, very few non-negotiable conditions of contract that I do not travel to or through the USA or any of its territories. It's just not worth the hassle.

If you really believed that kind of fear were justified, why would you post a comment like this? It seems a lot more like you are just making up excuses to support your already-formed decision to not donate.

I really do believe this kind of fear is justified.

I posted this comment because:

1) I believe my analysis is sound

2) As I have posted previously, I am a US citizen and therefore cannot be denied entry to the US

I have already donated, and though my speech (through both keyboard and wallet) might bring additional attention from the alphabet-soup agencies, I believe it's important to speak up rather than give in to fear.

> I am a US citizen and therefore cannot be denied entry to the US

That's what the no-fly list is for.

There have been some court cases where they have ruled that forbidding a US citizen to fly on his return trip to the US is stranding/abandonment[0], but... even then, it took a while to get those rulings, and things were pretty messy for the person in the meantime.

[0] I'm blanking on the legal term but there is a specific term for this.

Yeah. Boats.

It doesn't have to be illegal for it to be a weapon in the wrong hands.

"Are you now, or have you ever been, a member of the Lavabit Party?" [1]

"Your Honor, respected members of the jury: In 2013 Mr. Karana donated funds to an organization known to be in collusion with terrorists, as designated by the State Department and the Department of Homeland Security. He is by no means an 'innocent man' as he claims in this trial." [2]

[1] http://en.wikipedia.org/wiki/Mccarthyism

[2] Assume a trial in 2025 completely unrelated to this topic, with the Terrorist Sympathizer designation coming in 2023 after the leadership of the fundraising organization was taken over by people you've never heard of.

(edited for formatting and grammar)

Is his lawyer also in danger?

It's not that it's a crime, it's that it puts you on a list. Posting on this site probably puts you on a list.

Maybe that's what they need a $600M AWS cloud. Lists.

Fuck them, if we have to be worried about being on this list the whole thing is a complete loss. We can't be afraid of letting them know just how many of us are against them.

I had the same reservations. But you know what? Fuck it. I'm so tired of this bullshit that I'm more than willing to take the risk at this point. This angers me to no end.

Donation complete.

"Paranoia strikes deep

Into your life it will creep

It starts when you're always afraid

You step out of line, the man come and take you away"

Buffalo Springfield, "for What it's Worth" 1966.

Timeless tune, not written about internet surveillance obviously. Recently that I find that song, and that line in particular coming to mind

linkage if you want a listen: http://www.youtube.com/watch?v=gp5JCrSXkJY

Where are you reading that? I see $96k as the goal, and no mention of $250k

See the latest post in the update tab of the http://rally.org/lavabit

He continues by saying “defending the constitution is expensive – even more so if my fight is to have a chance of reaching the Supreme Court – my legal claims I will need to raise at least $250,000.”

And this is exactly why perfect forward secrecy is so important.

Did he actually use forward secure SSL cipher suites for everything?

The site currently negotiates for DHE-RSA-AES256-SHA, which is forward secure.

Right. But if you connect with a browser that doesn't support that? And what about SMTP connections?

Presumably if you care about security you are using a browser that does PFS and have personally verified that it is working.

You mean browsers actually fall back to non-perfect-forward-secrecy? They even have the option of doing that? That's interesting if true. Ideally it should be enforced by the server, and if the browser can't support it, then the browser can't see the webpage.

You can only support forward secure cipher suits. This will result in rejected connections as you suggested.

Lavabit doesn't do this, they support non-forward secure ones. Worse, they don't offer a cipher-suit order preference and the cipher suits they offer are actually pretty shitty (no ECDH_ECDSA, 1024bit DHE).

The way they have it configured now means anyone using the default browser on windows(IE) or OSX(Safari) doesn't end up negotiating a forward secure session. Chrome and Firefox do end up being forward secure. See SSL Lab's test result here[0]



They have to, because many sites don't support any PFS ciphersuites. For instance, banks.






Ideally, Microsoft, Google, Apple, and Firefox would gang up and all disable ciphersuites lacking DHE/ECDHE in their current browsers. Short of that, one browser disabling them would be viewed as "broken" and would lose marketshare.

Well, the browsers could disable non PFS ciphers by default. When a site doesn't match any PFS cipher list, show a pop-up with a way to add an exception for the site.

Much more graceful than a complete switch-over and doesn't require co-ordination from other vendors.

The browser and the server both have lists of ciphers they will permit. Any cipher shared between both endpoints can be used.

Browsers permit connecting with non-FS ciphers because there are many many servers out there with cipher lists based on older versions of SSL/TLS, and users would complain if they upgraded Firefox and couldn't connect to their bank.

Servers permit connecting with non-FS ciphers because excluding them would block users with older browsers from accessing the server, and give them a confusing unhelpful error page.

It is possible for the server owner to permit only FS ciphers (and therefore impose a strict version requirement on browssers).

If you cared about security and knew enough to check that, you probably knew enough not to trust server side crypto and were using PGP or S/MIME on top of it or using OTR instead of email for secure conversations.

That aside, this still leaves the very important question of SMTP traffic.

I've read quite a few complaints about the government on this post. My suggestion is to simply do something. You have (a) the ability to vote, so stop voting in Republicans OR Democrats (both equally as bad) OR even run yourselves. (b) send a letter to your representative, they occasionally will read the mail, plus you at least can vent your frustration at someone who CAN do something.

Or run for office yourself. I would vote for a centrist candidate that offered a bill that declared email as sacrosanct as a telephone call or postal mail.

The only issue with running yourself is that you need enough funding to generate more propaganda and PR than the cartel you're up against... and you forget that lobbyists run your country anyway. Don't delude yourself into thinking that your vote actually means anything. That "democracy" you think you live in is theatre designed to make you feel cosy and warm, just like the TSA does when they "protect" your air travel. It's all just a sham to keep you and everyone else from rocking the boat too much.

Can this be classified as - http://en.wikipedia.org/wiki/Obstruction_of_justice ?

That is, I'm sure he understands that this action might be interfering with an investigation, and that it's reasonable to believe it was a willful act on his part.

Can you get into trouble for doing something like this?

No. This does not affect their ability to use it. This certificate is simply no longer trusted by other parties (rightfully, because it was compromised). As matter of fact, this may not even be his doing.

What if the 3rd party the FBI wanted to intercept via this Cert has now been 1) notified that there is a problem and 2) can no longer be intercepted (unless their browser does no CRL or OCSP checks on the domain's cert)?

Following that line of reasoning down the slimy slippery slope, developing better encryption systems could be construed as obstruction of justice, no?


This is exactly the point he was trying to make...

No, that's not the point I was trying to make. The people in Washington D.C. that sit in fancy leather chairs have repeatedly demonstrated their lack of critical thinking skills, so I use terribly bad sarcasm to illustrate what their puny brains will think of next.

How can you be so sure?

Interesting point. AFAIK they requested the key to decrypt previous communications. From security point of view, his move makes perfect sense. If FBI wanted to decrypt future communications, they would probably have specified that in their request. Then he would indeed break court order and could be hold responsible.

On the other hand, it would be hard to prove any actual obstruction, since the service was shut down and all users notified about this whole situation.

Who would make future secure communications with Lavabit at this point? Certainly not Edward Snowden.

When did unconstitutional massive surveillance become justice?

The same day that everyone agreed "Roadside Safety Checks" (police looking for drunk drivers under the auspices of checking children's carseats at 1AM) was the lesser of two evils (Drunk drivers killing innocent people is a greater evil than everyone's 4th amendment rights being violated).

To a lesser extent, anytime that politicians frame an issue with the two phrases "it's for the good of the public" and "it's not a problem if you aren't guilty", they're generally trouncing a constitutional right, or greasing the tracks for it to inevitably happen.

I'm hoping driverless cars begin to make people realize how intrusive these types of stops really are.

When it comes to public safety, the American people stand ready for intrusions of all kinds, it is truly for our own good. Government agents are privy to secret information unknown to the public, therefore we have no choice but to submit.

That's an excuse which can be abused for anything up to making a police state. It's all about how far is acceptable. Surely not "all kinds".

What does massive surveillance have to do with the Lavabit action?

It's the cause for it.

I wondered why Safari (running on an older OS X 10.6 system) didn't report the certificate as revoked, although Firefox on the same system did.

The answer appears to be as described here: http://www.intego.com/mac-security-blog/protect-safari-from-...

After setting the proper options in Keychain Access, Safari reported the revocation correctly.

FYI, this was enabled by default in Lion (10.7.2).

Can someone weight in on what this means or why it is an issue?

Today the owner, Ladar Levison, had to hand over the SSL certificates by court order. It marks the ending of a long battle in court, with unfortunately it ending in the govenment's favor. I'm assuming the post is just a hacker way of acknowledging the event.

Related article:


Interesting link, and much more informative than the other Lavabit news articles.

It's a shame the government didn't work with Levison to either allow Levison to add the requested intercept himself (which, yes, would have required Uncle Sam to trust him) or to allow a third-party (or even a third party requested from both sides) to audit the proposed interception code.

The judge is correct in stating that if Levison doesn't trust the government, then why should the government trust Levison, but Levison is clearly correct when he notes that giving up his SSL private keys would destroy the security of his whole infrastructure.

The government would have been far better off by allowing a service like Lavabit to exist with the cooperation of an activist citizen than to force him to either harm all of his customers or shutdown the service. Somehow I don't think the D.A. here realized how serious many civil libertarians are.

Props on Levison for trying to stick it out in the U.S. and make things better from within!

> The judge is correct in stating that if Levison doesn't trust the government, then why should the government trust Levison

The judge is incorrect. The U.S. Government was designed to not completely trust itself. That's why there are checks and balances. Giving the FBI the private key lets them have unchecked access to data encrypted with it. It is wrong to asked to not be checked.

[edited for format]

Also, we have ample proof that the US Government cannot be trusted period. An entity that cannot be trusted can still reflect on itself, realize it has done lots of wrongs, and trust others that are reaching for higher standards.

Checks and balances are passe. They are the antiquated notions of dead men. With computers and the internet ensuring the proper administration of justice via self-appointed and self-reviewed secret committees, we can finally live in peace and security.

"It's a shame the government didn't work with Levison to either allow Levison to add the requested intercept himself (which, yes, would have required Uncle Sam to trust him) or to allow a third-party (or even a third party requested from both sides) to audit the proposed interception code."

No - it is a plan that the government doesn't work with service provider and instead demands data and intercepts that "just happen" to let them spy on an entire network.

Indeed, everything Edward Snowden has revealed points this being the plan, the modus operandi of the state everywhere. It has an official right a few reasonable seeming things and executes that right in a way that gives it the potential for anything and everything.

And it can all just look like a "shame", a mistake, "an example of how the government doesn't understand the Internet", etc.

> No - it is a plan that the government doesn't work with service provider and instead demands data and intercepts that "just happen" to let them spy on an entire network.

It's interesting that you attack the FBI when you hear them make an unsubstantiated claim, but you have no problem repeating claims you heard on internet forums. When you make claims like this with certainty, it weakens your position and reveals that you don't know what you're talking about.

Wow, just wow,

Mr. "Shill".

I hope that any careful reader notices your entire post actual has no relation at all to the text my post above it (FBI unmentioned, while I'm sure they make unsubstantiated claims, I'm not commenting on the state's claim above, those "Internet forum" apparently exist in your imagination only too, etc). Such a reader might also notice your post follows a rather predicable rhetorical strategy. Perhaps there is an experiment going on.

no. no. no. the judge's trust talk was a falacy time waster.

- give me your bank password so i can get the $5 you own me.

- why dont i give you a check for $5?

- so i have to trust your check is good but you cant trust me with your bank password?

see? it is just crazy talk to push him around. the judge knows here his/her obedience rests. he is not even listening to the defense.

That and the whole power imbalance. He has no recourse if the gov't lies to him, but if he lies or covers up evidence he will be ground beneath the wheels of justice.

What if it was more like

- You owe me $25

- I only keep my money in bitcoin

- Well, I don't do that bitcoin thing, and I don't really want to set a whole thing just to transfer the money

- OK, I could get it for you in cash, but you'll have to give me a few days

...a few days later

- Uhh...so about that money

- Oh, haven't gotten around to transferring that

- OK, but I could use it. Or, I could borrow your phone and talk to Steve: he'll trade me cash for bitcoin.

- But then you could take all of my bitcoins.

- I'm not going to do that

- But I can't trust you

- Then why should I trust you to pay me?

Agreed, I feel like Levison lost a lot of credibility and damaged his case by dragging his feet initially. However when the judge said "why should we trust you?" he didn't explicitly tie it into that history. Perhaps in context it was a given. It seemed the opposing attorney immediately after argued that Levison couldn't be trusted, because he'd delayed on prior orders, and the judge agreed.

> It's a shame the government didn't work with Levison to either allow Levison to add the requested intercept himself (which, yes, would have required Uncle Sam to trust him) or to allow a third-party (or even a third party requested from both sides) to audit the proposed interception code.

They did. See the unsealed orders (http://cryptome.org/2013/10/lavabit-orders.pdf) The original order from 6/10 only compelled the production of a bunch of metadata from a single specific, named account (see page 4 of the PDF).

There was then an order to compel (basically: "We mean it, don't yank our chain") on 6/28 because earlier that day, FBI agents met with him (according to a later motion) and, quote, "Mr Levison told the agents that he would not comply with the pen register order and wanted to speak to an attorney."

After that order was issued, the FBI claims it "made numerous attempts, without success to speak and meet directly with Mr. Levison to discuss the pen register order and his failure to provide [the specific data requested in the original subpoena]."

It wasn't until 7/9, a month after the original order was served, that they then demanded the production of his SSL keys.

> The judge is correct in stating that if Levison doesn't trust the government, then why should the government trust Levison, but Levison is clearly correct when he notes that giving up his SSL private keys would destroy the security of his whole infrastructure.

This doesn't make any sense -- it's not symmetrical. The gov't should trust Levison they same reason we trust anyone that testifies in court. The power of the criminal justice system punishes those that are caught lying. Mr Levison has no recourse if the Gov't lies to him. He has a very strong incentive to carry out the modifications that they ask for to avoid fines and jail time if he lies about them. I'm sure they'd tack on "aid and abet" if he covered up any evidence.

More likely it's just the issuer doing what they need to do... it doens't matter that nobody will use it again anyway; from an issuer point of view, the certificate should no longer be valid. time to revoke it.

Ladar Levison was forced to give Lavabit's SSL private key to the feds, so it is no more secure. That's why he (or GaDaddy, the issuer) revoked the certificate.

If the Feds seized the server why would it be a surprise that the SSL certificate has been compromised? The server is where the private key lives...

They didn't seize the server.

If lavabit returns to operation, or someone tries to pretend to be lavabit by using the cert then any visitor to the site would get a cert error until they get a new cert.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact