The US Government has no problem with seizing your private keys. It claims the right to impersonate you without your permission.
It no longer matters which system you use, Sovereign Keys, PGP web-of-trust, traditional PKI, they're all the same. Services based in the US can be MITM'd without leaving any traces.
If this is allowed to continue uncontested there will no be no way to stay secure online. The only solution is a partial solution, to create decentralized services. This, at least, will require the government to seize the private keys of each individual they want to track.
Targeting individuals is absolutely the right way to go about a lawful intercept. Sucking up all traffic like the NSA has been doing is totally overbroad and invasive.
But the whole point of the asymmetric encryption feature of Lavabit was to make it impossible for anyone but the account holder to access their email. This is obviously why Snowden used the service. Duh. And this is why the government resorted to threatening to seize the keys and trying to impersonate the service.
What actually happened is, in the court proceedings Lavabit responded to this by offering to make modifications to the service to essentially wiretap an individual account without handing over the keys. Thus confirming the problem the government faced. But by this point the government didn't trust him to act as a spy on their behalf (which frankly is not an unreasonable assumption).
To be absolutely clear, I am taking no position on the justness of the government's targeting of Snowden. Personally I think he's a hero.
But surely we can all agree there exist circumstances under which some lawful intercepts are justified: child pornographers, terrorists actively planning murders, missing persons, etc.
The problem is Lavabit was not designed to facilitate intercepts under any circumstances. That is why the keys were seized.
You can always say "but the child pornographers!" or, "but the terrorists!"... but... no, sorry. I believe that people should have the ability to engage in total privacy. The fact that the US gov't is doing this because of Snowden (a person I admire) just reinforces my belief.
They already have the ability to do this.
That's not what you are asking for. What you are really asking for is:
"I believe that people should have the ability to engage total privacy through any means of communication they so choose."
Kinda like Bush's "free speech zones", where protesters are kept in a little cage far from the public to whom they would like to express their opinions - as long as they're free to speak in this one little place, they're not totally silenced and there is no invasion of their rights, according to the clever lawyers.
The right of communicating confidentially with persons of one's choice, and not with others, is a robust right which is not to be reduced to a formality.
The fascist mentality is strong in the US right now, but citizens are going to work around the police state until it's reformed or overthrown, and they are on the right side of history.
There is no "robust right" to defeat lawful intercept. The right to privacy has always been subject to a body of law governing lawful surveillance and policework. Example: mobsters meeting in a private home can be bugged with a warrant.
I'm not saying that all communication channels are designed in such a way as to make that possible, but for those that are, I believe that's completely ok.
See licensed Ham radio use. There's no technical restriction or necessity against (well, necessity is up for debate), but there is a legal prohibition on commercial or encrypted transmissions; I read recently that it was being discussed to change this. I guess it would have been reported on HN frontpage if this had gone through.
The argument as I understand it is that Ham bands are a shared, public resource (commons) and that their use is strongly regulated by the FCC (and presumably some international body I haven't heard of); if your communications were encrypted, you would be free to violate the rules and engage in commercial activity, which would likely make the band a lot more popular, polluted, and less available as a limited resource for amateur licensed users. It's called broadcast for a reason.
This is obviously far from the situation on the internet, but it's a fun thought experiment to imagine the global internet with similar structure of mandatory licenses for use, and without any encryption or commerce.
No. What he's really asking for is "I believe that people should have the ability to engage total privacy on the main means of communication of our age."
I agree, up to a point. Remember that lavabit had already complied with targeted access requests. He objected to the rooting of his service to enable a mass surveillance dragnet. Are you Ok with that specifically?
You called me out by saying I was suggesting that people should be allowed to have total privacy over whatever means of communication they wish.
Someone else asked why you believe that privacy should be restricted depending on the means of communication.
If that were a loaded question, then the questioner would be asking why you believe something that you haven't indicated that you actually believe. But by my reading, you do actually believe that. And I believe the questioner believed that you believe that as well. If not, I'm of the opinion that it's a simple misunderstanding, and would love it if you'd clarify your position. If you do believe in that particular restriction, however, I'd really appreciate and enjoy hearing your rationale for that position, because I don't understand it and would like to understand it better.
The problem is, my clarification and your subsequent agreement don't mesh with reality. So yes, I don't believe that people should have total privacy over whatever means of communication they wish, because I don't believe it's realistic, not necessarily because I don't believe privacy should be considered.
You actually explain it best:
> "I'm not saying that all communication channels are designed in such a way as to make that possible, but for those that are, I believe that's completely ok."
And here we have a problem. What exceptions do we allow? What's reasonable? What makes one communication method okay to not expect privacy from, and another to make it a right?
Is it the use of standard encryption methods? Is it the intent of the owner? Should it be technical capability?
So, when you say that people should be able to engage in total privacy, and I say they can do that already, my follow up is to clarify what you really mean. Clearly, I was wrong (despite you agreeing to what was said). Their are limitations on a person's rights to engage and expect total privacy.
And this might all seem pedantic, but it's really the core issue, because even you realize that not all methods qualify for a level of privacy.
Where do we draw the line, because all the discussions seem to miss that crucial mark.
So yes, when I was asked that loaded question, it's because it was assuming intent that simply didn't exist.
I've learned my lesson though. Next time, instead of trying to say only what I mean to say, I'll add a bunch of words and sentences, maybe repeat myself a few times, and state my position, despite the fact that it shouldn't matter.
Edit: In case theirs any question as to why I'm asking these things, it's because of comments like this:
"All you should really have to have in order to keep a conversation private is the intentions."
Suddenly, I'm violating rights just because I happen to overhear someone talking quietly in public.
One possible answer is that communicating on the internet requires the use of a physical commons, which one could reasonably argue carries either innate restrictions or restrictions legitimately imposed by the owners of said infrastructure.
For example: I, a hypothetical bar owner, have a right to ban silly hats in my bar. Why? Because I own it. However that's not a reason that I should ban silly hats. Just saying "I'm the owner, so I can." doesn't actually explain why I should.
I do also disagree that the government specifically is entitled to restrict privacy on the internet because much of the infrastructure is owned or otherwise controlled by them. The government owns nearly all roads, yet while using that infrastructure I still enjoy certain privacies. For example, if a cop pulls me over and asks me where I am going or where I have been, I have no obligation to answer him.
"Yes, yes, you have the right not be subjected to unreasonable search and seizure, but not if you're walking on the public sidewalk."
The key here is that the government is not like a private land owner. That's why government workers have so much leeway in criticizing their employers, and why you're allowed to protest on government land, and why schools can't have daily prayers even though they want to. The government simply isn't a private actor enforcing rules over the stuff it owns; we own the commons, and the government simply administers them according to some strict rules. Unlike a private land owner, it can't say, "if you don't like the way I do things, take your business elsewhere." Otherwise you get "You can vote for whomever you want, but since we own all these voting booths, you can only use them to vote for the incumbent."
If the government can pursue any arbitrary policy just by virtue of "owning" some infrastructure, the whole constitutional democracy thing gets circumvented.
Edit: changed "to privacy" to "not to be subjected to unreasonable search and seizure" to avoid confusion.
A hypothetical bar owner could get away with banning silly hats. We can defend that with assertions about ownership of property and the privileges that gives somebody... that isn't particularly problematic within reason. Governments though? They need to play by a different, stricter, set of rules. "Ownership of infrastructure" should not be accepted as a defense of a government banning silly hats on their sidewalks.
Governments operate in a privileged space where they are permitted to do many things that individuals and companies are not allowed to do (as a quick example, they can levying taxes against the general population). That has to come at a cost though; they aren't allowed to do things that individuals and companies are permitted to do (as a quick US-centric example, they cannot endorse and support a particular religion).
For this reason, comparisons and analogies between what governments and individuals/companies can do are very frequently worthless at best. These sort of comparisons are just unavoidably apples and oranges.
And yes, it might be a bit pedantic, but I'm tired of these childish games on HN.
It really was not my intention to ask you a loaded question. Instead of calling my question childish, you should consider the possibility that your comment is not nearly as clear as you seem to think.
Considering he was speaking for kelnos at the time, I think your query seems reasonable and actually expands on the concept around what types of conversations should be managed by our government. Shouting "FIRE" in a theater is, and should be, against the law. It's a clear violation of trust, poses significant risk the the recipients, and is being done in a place that is clearly owned by someone. I'm cool with the police being in charge of enforcing rules that prevent this.
Assuming they are also in charge of policing the Internet effectively is another matter entirely.
"That's a loaded question and I'm not going to play that game"
I picked the words carefully and precisely.
> you should consider the possibility that your comment is not nearly as clear as you seem to think.
I realize that people might not be native english speakers. I make the assumption people will ask if they are unsure or not clear. You made no indication you were either. Another commenter was not clear, and so I clarified.
If you didn't find it clear, why didn't you ask for clarification on why I thought it was a loaded question? Or, what I meant by calling it a loaded question?
> It really was not my intention to ask you a loaded question.
But you did. And I explained as much, and left it at that.
> I make the assumption people will ask if they are unsure or not clear.
You have misunderstood me. I did not find your comment to be unclear after reading it. However my take-away from your comment was incorrect.
Complaining about a loaded question, instead of simply and civilly correcting me ("I don't think that"), came off very strongly as a dodge. Or, as kordless describes, "conversation killer".
I hope this clears up any lingering confusion.
There is zero in my last comment. Maybe you could highlight what statement I made that was in any way hostile. I was precise, polite, and stated clearly my position. The only one being hostile is you.
> I am not sure why, since we apparently do not disagree
What makes you think that?
> instead of simply and civilly correcting me ("I don't think that")
Why do you keep making assumptions? Why do you keep trying to assert my position, despite me never saying "I don't think that." Heck, putting it in quotes is dangerous enough.
> "conversation killer"
Your continued attempts to put words in my mouth is a conversation killer, even if you don't intend to do it.
Your problem is that from the first reply, you've been trying to read more into what I said. You've been trying to categorize me. Rather than simply take the comment I said at face value, you've been trying to see some inner motive. This is clear from your loaded question, or your belief that I'm trying to dodge a question. Even now you continue to try to pin me down into a belief that I find beside the point, would have derailed the original conversation.
> I hope this clears up any lingering confusion.
I'm not confused with what I've said. And, frankly, I've stated it clearly from the first comment. That you've inferred more every step of the way is simply because you are confused.
I honestly don't think whatever I type here will matter though, as despite being factual, precise, and concise in my previous comments, people have found ways to ignore the facts, infer whatever they wanted, and consider the brevity to be something more.
It would be far easier if we read what was written, and stopped trying to imagine more.
tl;dr: kelnos nails it: https://news.ycombinator.com/item?id=6520055
But then you need to be prepared to be called out when you are wrong.
> which is that are dodging any attempt to address the subtext and implications in your posts because you want them to go unchallenged.
Because, honestly, their is no subtext. I don't have a firm opinion either way. Any attempt to turn the conversation in any other direction is an attempt by others to push their own agenda.
Let me be clear: I haven't made up my mind.
> You are making these implications, we are challenging them, and you are dodging.
No, that's your imagination.
> tl;dr: kelnos nails it: https://news.ycombinator.com/item?id=6520055
No. He's wrong. First, not only is he wrong because of the context of the comment, but he's also wrong in his conclusion.
Sorry, but your making assumptions that aren't true.
The only thing I've gotten out of this conversation is that you can't ask a simple question without your motive being drug into it, and that even if you question other aspects of side, it will be held against you, regardless of your opinions.
tl;dr: You're wrong.
I really don't think that I am not. You had me convinced that I was wrong for a while there.
I think your latest reply to kelnos, while completely misunderstanding his point, actually confirms my suspicion about what you actually think. I'll let kelnos and you hash this out though; I'm out.
The primary problem I see with your comments is a slew of blaming statements. You started this whole thing by SPEAKING FOR SOMEONE ELSE, and it's continued through to this morning with comments like "Any attempt to turn the conversation in any other direction is an attempt by others to push their own agenda." Blaming statements like this shows you are trying to simulate why others MIGHT be intending - instead of just listening to what they are SAYING they intended.
I know you are frustrated about not being heard here, but I don't think it's anyone's fault but your own. It's a choice my friend. A choice.
Assuming that you don't oppose privacy categorically, do you disagree that "people should have the ability to engage total privacy through any means of communication they so choose." If so, why?
And that's not even really my point. I object on a higher level. If the government goes to a service and says, "I have a warrant to wiretap this user", and the service says, "sorry, we don't have the ability to give you access to a particular user's activity", then I believe the Feds should have two options:
1. Ask if there is a way for the service to be modified to make it possible, and if so, pay for the modifications. And the service provider must be allowed to advertise that they are now subject to law enforcement wiretaps (let's say one of their previous marketing points might have been that they are immune to such things). I'm debating also suggesting that the service provider should be allowed to refuse that request, regardless of payment, but I'm not quite sure how I feel about that.
2. Walk away and find another means of gathering evidence.
To take #1 a step further, if the service actually enables perfect secrecy, and there actually is no way that it could be modified to meet the Feds' request, I think that's fine too, and a service like that should be completely lawful.
Requiring someone to turn something over is a seizure, not a search; if it is the only way to effect an otherwise-reasonable search, its probably also a reasonable seizure. If the recipient of the seizure order has deliberately engineered it to be the only way to effect potential searches of more limited scope, and it has broader impacts, there's really no one to blame but the recipient of the order.
> let's say one of their previous marketing points might have been that they are immune to such things
As, if such an order is legally possible, this advertising was false, I'm not sure why it should be allowed to provide them with a benefit.
Or is being concerned enough about privacy to pay money to a service claiming to provide it now considered enough "probable cause"?
If we lived in total privacy, and I were to start a ponzi scheme completely online, then I would not be able to be stopped because :
1. My e-mail wouldn't be looked at
2. My bank accounts couldn't be looked at
Almost all evidence gathering during criminal investigation involves a loss of privacy at one point
I find it _astounding_ that people are supporting the idea of forcing Levinson to back down on the guarantee of privacy he'd made to his _other_, not under any probable cause level of suspicion, 400,000 fully-entitled-to-the-privacy-they've-chosen-to-pay-for customers. Violating the privacy of four hundred THOUSAND unrelated-to-the-investigation users? Users who had an expectation of privacy, who were buying a service from a company marketing themselves on providing privacy. Then attempting to coerce that company's founder into not only failing to provide the service his customers were paying him for - but also denying him the right to let them know.
All because _one_ customer has monumentally embarrassed a particularly powerful government department.
Is that _seriously_ "OK" in anybodies worldview?
Initially, the FBI was willing to let Levison modify the site so that just the target would have his stuff intercepted . But Levison wanted to charge the gov't $3500 for the work, also asked for external audits to make sure the FBI wouldn't goof off with the info. The FBI stopped trusting him, and for them it was just easier to have the keys.
But we don't let them force builders/landlords/lockmakers to hand everybodies private physical house keys over, just because somebody somewhere is doing $bad_thing inside a house.
The FBI didn't trust him – boo hoo – they need to find another way to get their job done then.
(Does anybody _really_ think this was about "trusting" Levinson? Or that it was instead about trying to strong-arm Levinson/Lavabit into illegally and immorally participating in the NSA's ubiquitous surveillance program, almost certainly something they've gotten so used to having work for them that they've forgotten that occasionally they'll bump into someone prepared to throw their business away instead of compromising about "doing the _right_ thing"?)
The problem here is that Levison set up a Rube Goldberg machine. If the (in my opinion reasonable) law says you have to be able to provide access to anyone's data when you are given a warrant, you can't get out of that requirement by making your technology require you give everyone else's data, or kill a kitten, or any other requirement.
Edit: Changed 'levinson', UK report about the media, to 'levison', owner of lavabit.
Tarsnap is also - arguably - designed in much the same way. What do you think Colin's response ought to be if the FBI/NSA come to him saying "we think one of your users might be doing $bad_thing, so we want your private keys so we can impersonate you, decrypt anything any of your users have backed up using tarsnap, and undermine the very basis of the business you've built."
Has Colin built "a Rube Goldberg machine"? Should all of his paying customers have their privacy violated because the only way Colin has to make Tarsnap reveal one customers data would be to backdoor a software update? Is it unreasonable to charge a sum on the order of $3.5k if Colin offered to set something up to allow only a single customer's software update to be backdoored? (Christ - I'll bet the FBI ran up an order of magnitude more than $3.5k in legal costs arguing that $3.5k was "too expensive"!)
Do any of us have to consider when building our products - along with all our _real_ concerns, just how amenable our technology decisions and architectural concepts turn out to be for state surveillance purposes? Are we to be scrutinized as though modern digital privacy best practice and effective use of crypto implies we've intentionally set out to make the FBI's job more difficult than necessary? Should any of our scarce development resources be squandered trying to ensure we've got built-in ways to comply with any possible law enforcement demand?
I say no. Resoundingly no. Sure the FBI have a job to do. But that doesnt make it OK to run roughshod over innocent peoples rights and to force business owners to back down on guarantees they've made to paying customers and then throw gag orders on them to stop them telling anyone.
I think you're wrong - and I think people who think like you are part of a much greater problem.
The problem is that there seem to be two extreme worlds we could end up reaching.
1) The security forces can access all data, anywhere, anytime, freely and without limit.
2) The security forces can access no data at all, and become useless.
Both of these are a bad situation to end up in, but I would consider the second worse. Hopefully we can end up with a more sensible world, where the police can access data with a warrant and the proper authority.
While there are some current big cases, and big problems, it is important to remember there are large numbers of lower level people in the security forces, solving real crimes every day. They must not become over-powerful, or hobbled, by a few high profile cases.
I do agree with you that there needs to be a reasonable and lawful way to tap very specific and targeted conversations, regardless of the medium. Just like bugging the mafia's phones etc. And by reasonable, I mean a real frikin' judge and with total public transparency, not some secret court and definitely not some blanket surveillance program. Accountability for any abuses is a key requirement that currently seems to be lacking.
I'm practically a conspiracy theorist these days, but I think you're being completely logical while most others aren't.
I am from the UK, claim no expertise in the field, but the following might help.
'Levinson' is the name of a report on the media (a very long topic in itself), which has no bearing on giving up data.
The law which covers that,I believe, is known by its abbreviation as RIPPA and,amongst other things, sets out the powers that the UK government have to ask for data from companies. In particular, I understand that it makes it an offence to refuse to provide the key to encrypted material.
It may not, in some airy-fairy, hippy, juvenile world view, be "OK", but again, it is the way things are.
I don't see why the law should require that all services should be built with wiretap points. If a user of a service wishes to ensure perfect secrecy, and a service allows that use case (ideally by never seeing the user's cleartext or keys), I see no reason why the law should be allowed to interfere and require that the service be changed to disallow that.
Sure, that might make law enforcement's job harder in that case, but too bad. Catching a few extra criminals here and there is not a good reason to weaken the possibility of privacy for the rest of us.
Maybe we all blamed Microsoft unjustly, maybe they were forced by law to create all those holes, and maybe they were forced by law to not disclose the fact that they were forced by law to create all those holes.
That's not a very complete argument.
The 'no, sorry' is him discarding the emotional plea that often justifies invading a person's privacy in the first place ("please, won't somebody think of the children!").
I say it's an incomplete argument because there is no mention of how we should go about prosecuting child pornographers and terrorists, rescuing missing persons when phone/email records are our only clue, and so on. There's just "no, sorry", the right to privacy trumps these things under all possible circumstances.
The question remains.. why?
Why is a world with ideally zero ability to prosecute child porn (to pick one) a world we should want to live in? Laws don't mean much without the ability to enforce them, so are you advocating living in a lawless world? Police powers can be abused, but does that literally mean we should end all police, at least as it pertains to crimes involving communication such as plotting murder, child porn, etc.?
That's what's missing from "no, sorry".
I know that makes me sound like a dick at first glance, but do you really believe that if you answer "yes" to the question above, we are guaranteed that this system will never be abused?
I think the answer to that has already been provided in light of recent events.
For example, today, and for much of the history of democratic society, the police have the power to search your person under certain circumstances. I hope you would agree that you still enjoy a "right to privacy" in our society.
"Right to privacy" has always encompassed a body of law governing privacy. It has never been an absolute.
By comparison, the same is true for "free speech". We should not give up our right to free speech. Nor should we all start shouting fire in crowded theaters.
Of course there are no guarantees that abuse is impossible. That's what the fight for free speech and privacy is about: proper and just oversight by the citizenry -- not the abolition of lawful society.
Sure. And I'm arguing that a judge that would sign a court order instructing Lavabit to turn over its private SSL key is displaying ridiculously improper, poor judicial oversight.
My comment was actually a bit more meta and high-level than that, though. My fear is that an "untappable service" might at some point become illegal. For example, if I were to put up a communications service that allows someone to send encrypted, plausibly-deniable messages, and I don't and cannot have the ability to decrypt them, the government would try to make that sort of thing illegal.
Nothing is guaranteed to be abused, but when checks and balances works, things get harder.
Try not to forget that before the FISA Court there was no court and the president did what he wanted in that domain. Things are getting better (even if at a glacial pace).
A right to be able to communicate privately doesn't make Plain Old Telephone calls not be easily traced, or make the police useless.
How about this example, to clarify the issue:
However pedophiles (or terrorists) get their content, be it a darknet site or the sneakernet, under the 5th amendment a person can refuse to give a password to decrypt harddrives with potential illegal content that could incriminate them in a crime.
Following your logic, should we not rescind the 5th amendment, so that people have to prove they don't have exploitative images of children?
That's exactly the problem. Lawful surveillance is one of the most fundamental means of gathering evidence. If you take away that, then in a lot of cases you take away the ability to prove guilt.
You offer no support for the claim that police would be useful in a world where all telecommunications are impenetrably encrypted with no means for lawful intercept. If "Plain Old Telephone calls" are the only interceptable means of communication by police, then you might as well rename them the "Plain Old Police", since they would be largely ineffective.
I have not argued for rescinding any rights whatsoever. It is you, I would argue, who is arguing for rescinding the police, which are an essential part of a lawful society.
The flaw in your reasoning is that while individuals are protected from self-incrimination, no such right extends to third parties. Nor should it. The 5th amendment does make it harder for police to prosecute people, but with the power to compel other people to testify, to have service providers turn over records and surveil with proper judicial oversight, and so forth, it has been judged over the centuries to be a fair balance of powers.
To block all police power to surveil under any circumstances would substantially cripple their ability to gather evidence.
And so the question remains: If you feel lawful intercept of communications is never justified, how would one go about gathering evidence of a largely communications-based crime such as child pornography or plotting a murder?
So, you ask, how do police investigations compensate when the criminals they're after increasingly use anonymous, private, secure, distribute means of communication?
Aside from the standard drug detection at borders or traffic stops, money tracking, physical surveillance, informants, undercover work, district attorneys giving deals to catch bigger bad guys, or other, you know, physical police work that doesn't include being told who, when and where the deal is going to take place, I'm not sure how Police will be able to function.
But I'm sure they won't be useless.
Closing one potential avenue for gathering evidence is a far cry from removing law enforcement's ability to prosecute child porn offenders (or any other crime, for that matter).
Look, I'm not saying that law enforcement shouldn't have legal tools at their disposal to gather information. They should. They do. But if someone is using strong encryption and has plausible deniability, then they win. That's just how it is. If they're going through a third-party service that can isolate that one user, then sure, great, by all means, get at that data via legal means. But if getting at that data means exposing all users of that service to breaches of privacy, then hell no. That's entirely unreasonable.
And if criminals are indeed clever enough to cover their tracks well enough to eliminate the possibility of law enforcement gathering evidence on them... well, that sucks, but that's life. That happened before the internet, and will continue to happen in spite of it.
A few years back, the NSPCC (a UK child protection charity) released a study that claims that 75% of all child abuse, including sexual abuse, is carried out by a male adult related to or known to the family. The most likely abusers are the dad, brothers and uncles, followed closely by other male relatives and friends of the family. Random strangers come far down the list.
> Why is a world with ideally zero ability to prosecute child porn (to pick one)
Why do you think there would be zero ability to prosecute child porn? Given the above, it would seem that the best investment in prosecuting child porn would be in addressing the problem at source: Better monitoring of children's health and wellbeing to increase detection and prevention of abuse in the first place, rather than trawling through peoples communication.
Of course that won't happen, because parents will all believe that their spouses and relatives and friends could not possibly be abusers, and of course most of them will be right, even though reality is that they pose by far the greatest risk to your child. Random strangers are just even less likely to harm their children.
Before we sacrifice privacy even further, we should at the very least have the facts as to what effects altering the privacy balance could actually have. Is there any evidence that more aggressively pursuing child pornographers online makes much difference to actual harm as opposed to moral outrage?
Even so, even if we allow 100% privacy in communication, people get caught for child porn possession all the time without having law enforcement violate their privacy first: Spouses report pictures from their PC; people stupidly hand their PC in for repair and it pops up; people get caught actually abusing children etc. In which case their sources are often revealed. In which case the police can do actual police work, and set up stings or visit any sites that person has obtained child porn from, and get those sites taken down, and follow the leads to payment processors etc.
In fact, a number of large child porn sting operations were conducted in exactly that way: Unravel sites where the site itself was blatantly illegal, and then track down users/customers.
I don't know if the person earlier in this thread wants to be absolutist about the privacy, but for my part this is one area where I draw the line: If there is a legitimate case against one party to a communication, then I don't see a problem with having the police go through the logs of such a site, or the e-mails of anyone implicated and tracking down any regular users or customers of such a site - I don't see a good privacy argument against that.
But note how different that is from accepting interception of communication using a site that has entire legitimate uses, and where there is no evidence of wrongdoing in the case of most of the users prior to the government request to intercepting everything.
Even when there's no malicious intent, the chance of serious errors skyrockets when you start allowing these kind of tactics where criminal investigations becomes playing the numers too. Check Operation Ore, for example, where a long range of errors conspired to make what started out as a database of card transactions, some of which were to child porn sites, ended up being treated pretty much as evidence of purchase of child porn. Problem was tens of thousands of the cards appearing in the database were stolen, and a large number of the transactions were for legal sites; the resulting operation caused several wrongful convictions, and far more ruined lives and children taken out of their homes for the wrong reasons. The operation also has resulted in dozens of suicides (though it is unclear how many of the suicides were innocent people, if that matters to you).
It underscores that even if were are 100% ok with police invading our privacy if they make no mistakes, the importance of considering the potential damage of false positives must also be taken into account: If the crime being looked for is rare enough, it is perfectly possible allowing "dragnet" type surveillance to clamp down on the crime will cause more damage through investigative errors than it will prevent. This is another important reason to be careful about giving up on privacy.
There are alternatives that mitigate the problem without centralized government involvement and dragnet surveillance. Opting for a law enforcement-based government solution from day one pretty much eliminates all creative thinking on how the damages from child pornography can be reduced to acceptable levels.
I emphasize acceptable levels, because the correction of all ills and dangers carries with it diminishing returns. If you want to completely eradicate something, it's going to cost you an order of magnitude more to eliminate the last 20% of the problem than the first 80%. Costs here a both financial and freedom-wise. The in both time and freedoms for services (telecoms, etc.) and places (homes, offices, etc.) is good enough for probably 80% of the benefit. Beyond that the cost is just too high for too little benefit.
You can also get 80% of the benefit by just identifying the small subset of children that present the highest at risk group and providing special services for the monitoring and social support for that group. No need to drag in the rest of society.
First, child pornography itself isn't really the problem, but the problem we focus on because its visible and elicits emotions. We focus on the end product, but the root problem is how child pornography is made. Child porn doesn't only exist in electronic form. Getting convictions of users of child porn isn't going to protect any children. We know undeniably that a market exists. Going after the buy-side is never going to have a meaningful impact, because there are a lot more buyers than creators and the amount of effort to bag a few consumers here and there is a drop in the bucket and will never be sufficient to reduce demand enough that there isn't incentive for the supply side to keep producing it. If you make it harder, then the price just go up. Profits don't change.
Personally, I would like us make the consumption of child pornography legal but keep it illegal to manufacture or distribute child pornography. By keeping the buy side legal, you gain enormous amounts of visibility into the market dynamics that don't exist, when you force both sides to go underground making observation difficult enough that the privacy of many innocent people needs to be compromised to make policing even marginally effective. Furthermore, it would still be considered taboo and a sickness and we'd encourage purveyors of child porn to seek psychiatric care, where we would counsel them on their addiction and show them the damages caused by their consumption. To get access to free psychiatric care, we can solicit cooperation from the buy side in discovering who is operating on the sell side. This removes a lot of trust in that market, because instead of both sides being driven to trust one another for fear from prosecution of the same law enforcement entity, the sell side will end up with a healthy mistrust of their customers.
The fastest way to destroy a market is to destroy trust in that market. TBH, I'm surprised we don't really spend any attention on how you effectively undermine markets like we spend time on how to foster liquidity in markets and making them more efficient.
Except there is no right to engage in total privacy. There is a right against unreasonable search and seizure. But that's hardly a right of total privacy.
Maybe his argument is that he thinks people should have a right to total privacy?
There is, in practice, an absolute right to privacy. If you combine strong encryption with plausible deniability, you can reliably secure information from law enforcement. There is nothing anyone can do to access it against your will. You can always make the plausible claim the information does not exist and/or is inaccessible to you.
So, should strong encryption be outlawed?
Considering that was far from the first thing they asked for, no. Were their goals reasonable? Yes. Was Levison trying to cooperate? No.
You sound astounded that someone on the receiving side of legal action is trying not to cooperate. Next you'll be stating that him hiring a lawyer is proof of non-cooperation and evidence of guilt.
If you got to do overbroad things every time a defendant was "non-cooperative" it would apply to every single court case.
I'd claim that not producing evidence in response to a lawful subpoena and court order is proof that he's guilty of contempt of court.
 There are lawful ways to resist such an orders - you file a motion to oppose in the case. While I don't have access to PACER to confirm that no such motion was filed, the judge's orders have no mention of such a motion in the established facts.
I think we need to analyze "persons" or "things" in an electronic light... could things be roughly analogous to "a mailbox" and could persons be "a person's electronic mail account"?
You can't just state on your warrant "I want all of the things!", you must stipulate that "I want Ben's mail account and logs of all his activity on your service." If there is no way of extracting that information without compromising everyone else's privacy, does the law state "in cases like this, the constitution should be violated to satisfy the terms of the warrant"? or does the law state "the terms of this warrant cannot be enforced without breaching the constitutional rights of at least one other party and thus is illegal"?
It's my guess (and I'd like to emphasise the word guess as I really have no idea), that any reasonable judge (that wasn't on the payroll of the NSA or FISA court) would deem this is an illegal search warrant because it's in violation of every other Lavabit user's fourth amendment rights.
Anyway, that's all by-the-by. The judge who is attempting to enforce this ridiculous debacle (and I use the word ridiculous in the sense of hilarity because every new development is a source of mirth) clearly doesn't give a shit about anyone's fourth amendment rights, and he's pissed at Levison's continued contempt of court so he's stamping his feet like a spoiled little four year old who's just been told he's not getting Dunkin' Donuts for dinner, while getting a schooled by an internet Hero... with a capital H.
Except the burden lies with those wanting to add a right to privacy to the list of rights we have. The right to privacy simply doesn't exist. There is a right against unreasonable search and seizure. But that's hardly a right of total privacy.
> If it's so obvious why we should treat those as special cases, it should be trivial to explain why.
I think it's perfectly reasonable to ask you why you want to change the laws and protections we have now, and I think it's perfectly reasonable for you to be required to stand up to the questions being asked.
You've posted at least a dozen responses in this thread and it is plain you have no idea what you are talking about in almost every one of them. Are you unfamiliar with the 14th Amendment?
the Due Process Clause is also the foundation of a constitutional right to privacy. The Court first ruled that privacy was protected by the Constitution in Griswold v. Connecticut (1965)
I guess we could forgive you for not being aware of the 14th Amendment - it's not cited much. But it was the basis of Roe v Wade, arguably the most famous Supreme Court case ever:
Decided simultaneously with a companion case, Doe v. Bolton, the Court ruled 7–2 that a right to privacy under the due process clause of the 14th Amendment extended to a woman's decision to have an abortion
Sticking with Wikipedia - they have a whole article on the Right to Privacy. As related to the United States:
The U.S. Supreme Court has found that the Constitution implicitly grants a right to privacy against governmental intrusion.
It is unbelievable that someone like you will post a dozen responses to people filled with such unbelievably false statements. It is no wonder people are downvoting you.
After all, while you elected to quote one sentence, in context, it's clear that I'm making a distinction between a total right to privacy and limits to intrusions into privacy.
"The right to privacy simply doesn't exist. There is a right against unreasonable search and seizure. But that's hardly a right of total privacy"
So, basically what I'm saying is that their is no simple right to privacy. Actually, the text you quote provides a link that explains it better than I obviously did.
"Although the word "privacy" is actually never used in the text of the United States Constitution, there are Constitutional limits to the government's intrusion into individuals' right to privacy."
These limits protect aspects of privacy, not privacy itself. And that's an important distinction, especially in this context. If you explicitly had a right to privacy, one could argue that search warrants could never be legal, as your rights to privacy were being violated.
I 100% realize how my statements in that manner could be misinterpreted, and I don't fault you for challenging me on that.
> It is unbelievable that someone like you will post a dozen responses to people filled with such unbelievably false statements.
If that's the case, why wouldn't you assume you were misinterpreting what I said?
As for people down voting me, don't be too harsh on them for misunderstanding me on this context. As I said, it's reasonable that they could think that. Luckily, you made it clear you couldn't believe I would post something so obviously false, and looked for clarification rather than just assuming. =)
Whether it's wiretapping or execution, when referencing those crimes you're making a personal evaluation of the actions without referencing any criteria for for how you judged them. To do so is to play to people's emotions about the crimes you referenced rather than the actual item for discussion, which is when wiretapping is justified, and specifically for what crime.
I view it as equally manipulative to state "we can all agree that murder is bad and wiretapping should be justified in some cases" as to say "we can all agree that changing traffic lanes without signalling does not justify wiretapping" when the actual question has nothing to do with either crime.
This is just a case of Godwin's law writ small, so it's harder to spot.
(An alternative argument is that for any extended powers of the state, we should have statistics to back them up. If wiretapping is ineffective for a crime or it's benefit is outweighed by it's downsides, maybe that should be taken into consideration. In the end, I'm basically I'm for questioning generally unquestioned positions.)
In short, if you just say "who cares about suspected murders, probably most of them are murderers", you are leaving a lot of discretion over your life and the life of those in society around you into the hands of those whose power it is to enforce the law. And while they might be the best people for the job, ultimately they are just people too.
That's not true, though. Levison could and did help the government with intercepts before, and offered to provide the same service again; this time, the government was not satisfied with the offer (from the New Yorker, emphasis mine):
"The documents, and Levison’s comments to us, suggest that although he is a skeptic, he was willing to work with the government: he offered to write intercept code himself to capture their target’s metadata, and acknowledged that the government might have a right to the person’s information. He was willing to turn that information over, as he did in a case involving child pornography; Lavabit’s archived site in fact explicitly states that one of the reasons its most secure services are available to paying customers only is so that if an account “is used for illegal purposes that money trail can be used to track down the account owner.” But the government refused Levison’s offer. It wanted the keys to everything, so he gave it nothing."
Handing over account payment information in response to lawful requests is quite a different matter from defeating asymmetric encryption. Account info is unencrypted records that Lavabit has access to in accordance with their TOS. They can turn those over, in accordance to their TOS.
Faking out their own service to defeat their own encryption, which they specifically advertised as being only decryptable by the account holder and not Lavabit, is a whole different ballgame.
I noted exactly what you stated, that Lavabit offered to help the government implement something like that -- only after being threatened with the "nuclear option" of key seizure.
You've got to concede that there's room for some doubt as to whether Lavabit could be trusted to comply with something as extraordinary as that. It would be trusting them to reneg on a specific promise made to all customers about the security of their service, namely that it is impossible for Lavabit to snoop on encrypted communications.
On the pro-government side, the position is something like "We have such a thing as a lawful search warrant, and if you get one you have to comply."
Meanwhile on the crypto-anarchist side, the position is something like "We can design a crypto-system that is indifferent to your lawful warrants."
But these are really two different arguments, that proceed as follows: the anarchists say "Because X is possible, therefore it should be legal", meanwhile the pro-governmentals say "Because X is required by law, therefore people should do it." But neither of these necessarily follow.
You say that as though that's the only possible explanation for why the service was designed the way it is.
Tarsnap is also - arguably - designed in much the same way. What do you think Colin's response ought to be if the FBI/NSA come to him saying "we think one of your users might be doing $bad_thing, so we want your private keys so we can impersonate you, decrypt anything any of your users have backed up using tarsnap, and undermine the very basis of the business you've built." (note: this is a bit more difficult to execute - they'd need to have some good reason to update the tarsnap software on all end user's machines, since Colin doesn't have the private key my backups are encrypted with…)
You say "it's designed to disallow law enforcement certain abilities", I say "it's designed with best-practice modern digital privacy techniques, and is _entirely_ legal, legitimate, and a perfectly good premise to base a business on - and which the government _doesn't_ have the right to claim is 'unlawful', the same as building doorlocks without government skeleton keys, or banksafes without hidden vulnerabilities that the FBI or NSA know about, is also not 'unlawful'".
If you want to make privacy illegal - take it to the polls and ask the public if they agree. Until then - designing, deploying, and using well engineered systems to protect your privacy is every citizen's right should they choose to use it. Sure " … some lawful intercepts are justified", but that _doesn't_ imply all systems must be designed in a way that lawful intercepts are possible, and it doesn't give the government the right to coerce people not suspected of illegal acts into destroying their businesses and livelihoods just because they " … didn't trust him to act as a spy on their behalf". That's just _so_ wrong. So _very_ wrong.
This is not True.
Lavabit made it clear in their TOS that they had no interest in concealing illegality, they complied fully and willingly with all warrants targeting individual users.
Their premise was to protect your privacy from untargetted blanket surveillance.
A system designed to protect the privacy of its users' data even if its operator is subjected to coercion does not care whether the coercion comes in the form of a court order, a bribe, a threat to reveal a secret or a man holding a gun to the operator's head.
A system designed to be secure against coercion of its operator necessarily resists lawful intercepts just as it resists blackmail. Designing a system in such a way does not imply that the designer wishes to promote illegal behavior nor hinder the ability of the police to investigate it.
It also belies common sense, since Lavabit offers a form of encryption that even they cannot decrypt.
From the article:
' On July 25th, Lavabit petitioned to cancel the subpoena and warrant, arguing that if the “government gains access to Lavabit’s Master Key, it will have unlimited access to not only [the account], but all of the communications and data stored in each of Lavabit’s 400,000 e-mail accounts.” Lavabit also asked the court to unseal its records and permit Levison to speak. '
He made it pretty clear that if you wanted to use his service to hide illegal activity you were SOL.
The TOS seems to be long gone. But wikipedia summarises his stance on legit warrants as opposed to "hand over your SSL private key": http://en.wikipedia.org/wiki/Lavabit
Lavabit offered to develop a more involved solution for the government in order to prevent unfettered access to all of their customer's data. The court's assertion that the government could trust Lavabit because Lavabit didn't trust the government is both childish and assinine.
Source: same article as parent post.
In other words: if you can design a system to "disallow lawful intercepts of individuals", you are allowed to do so.
Or: a lawful intercept is lawful to use, but not legally compelled to exist.
The fact that we are so far down the rabbit hole that intelligent technologists like yourself accept this as a premise is incredibly disturbing.
Some of us reject your implication that the government is always entitled to the comms, regardless of harms imposed on innocent parties. Forcibly seizing the means of impersonating someone online, while preventing that person from revealing the fact, is a step too far. It is an injustice against the person impersonated, and wrongly deprives him of reputational integrity, and wrongly deprives others of the value of the service for which they contracted in good faith.
Statements like yours attempt to depict the combination of seizing private keys + gag orders as a minor invasion, acceptable in certain cases. In fact it amounts to removal of the basic human right of communicating privately - and as brian_cloutier points out, removes the whole basis of trust online. If the policy is allowed to continue, it removes the ability of cryptography to give an assurance of the identity of any entity online.
It is better for a few criminals to go free, if necessary, to preserve more important values (and the government can probably find evidence by other means in most of those cases anyway, and if not, too bad).
If not, then why should they be allowed to do the same on a hosted service?
If so, then is it also ok for oppressive governments in other countries to backdoor cryptography, so they can throw dissidents in prison? Or should dissidents have tools to protect themselves? If they should, then why shouldn't people in this supposedly-free country have the same tools?
The problem is that computer-mediated communication systems are not able to distinguish between lawful intercepts and unlawful intercepts and thus their security against unlawful intercept is premised on being able to guard against all types of interception, lawful or otherwise.
I don't understand this conclusion. He cooperated with legal investigations before, he just needed time and resources to implement what they were asking for.
Perhaps, but there are means of communication that are impervious to interception, and that cannot be compromised the way Lavabit might have been.
Should such technologies be outlawed?
The only thing to do in that situation is to compromise one of the communicating parties. If the communicating parties have arranged a safeword to signal they have been compromised, even that technique is useless.
In the case of Snowden and Greenwald, that wasn't going to happen.
It is possible to make storage and communication immune to surveillance. So I ask: should that be illegal?
Anyway, my position is "no, that should not be illegal", though I am not entirely confident in that.
Do you get to hear everything about a deal between two big corporations other than the stuff released in the press?
Go to a retail store and ask for information about an employer. They don't give out any information (unless there is a probable cause of course).
The only time government can intervene is when a 3rd party is hurt by someone. In this case it's their own fault for snooping around and reading everyone's private conversations and some of there were used for stalking hot girls! and now they're acting like kids trying to force lavabit by threatening the owner.
Oh come on, don't be so naive.
> child pornographers
As defined by which country? Is that 16 years old, or 18? Maybe even 21. Just because something is illegal where you are, does not make it illegal in my country/culture.
> terrorists actively planning murders
And now we know the US Govt actively murders it's own citizens without trial, surely we'd have to count them as terrorists, wouldn't we? (let alone what they do it non-citizens)
> missing persons
How long does someone have to be "missing" for that to justify the government having unlimited power? Surely they should just kick down everyone's door until they find what they want 
For every example you come up with, it's trivial to point out that it's an extremely slippery slope.
 http://www.youtube.com/watch?v=cfOvHuojEB4 (etc.)
What we know specifically now is that the government is inclined to "err" on the side of taking everything to the point that it would take your private SSL keys if it happen to get a warrant for your shopping list. The state has generally arrogated itself similar powers in physical searches so the news is that it just gets worse with data searches.
So yes, if your shopping list can't be recovered without your private SSL keys, they will take those when they have a warrant for your shopping list.
If the government needs to preserve the chain of evidence by controlling every step of information flow in every criminal case, well clearly the government needs to ... sniff/control/spy-on the entire Internet. Whatda-ya-know...
I doubt that significant amount (if any) of western European countries are able to force you to keep using compromised private key, and keep you silent about this using a gag order.
I guess the next step is a secret law that makes this illegal?
How did this become legal
think about it... what does it even matter that lavabit exists?!? email is plain text. they already have ATT and verizon in their bed. they could tap that plain text anywhere.
unless all the parties ever only used decent MX i think...
They wanted data on where Snowden was and who he was communicating with. Snowden uses PGP on top of Lavabit and presummably connecting to Lavabit securely. So at least to get his IP address, they needed Lavabit's cooperation or, baring that, the SSL keys.
It's a heavey handed approach, but not irrational.
That Ladar Levison is incompetent. The FBI should probably have beat him to death in an alley for fraud.
Because whatever the FBI can do with a search warrant, we must assume the mafia has already done with a rubber hose. In fact, if we apply the parent comment's raving paranoia to the whole system, we find that Levison wept for joy because the FBI was giving him a way to publicly throw in the towel and retire from his mob involvement.
If Levison had been competent, instead of putting on a TSA-style security theater, he would have been using tamper-detecting self-erasing computers, jurisdictional redundancy, pre-distributed certificate revocation lists, etc.
TL,DR: he did this to himself by not following NSA standards.
For me, govt and internet should almost be like church and state. Where is the data around foiled terrorist plots? I just can't stomach the obtuse logic that we need to pay our taxes to employ these virtual minders. This is not what the internet is about. It just seems so incredibly difficult to mobilise and take action against this shit ...
Btw, Ladar ... you've been incredible in all of this (tips Stetson)
That impedance mismatch will take a long time to reconcile. If the Facebook generation is any indication, it will probably never be reconciled to your taste.
What I'm trying to say is: get used to being an intellectual minority. You're joining the company of lots of people, from those who think the government has no business forcing you to save for retirement to those who think the government has no business forcing you to serve or hire certain people in your private establishment. You probably agree with some of those people and disagree vehemently with others.
If they can get a warrant from a court under fair laws, personally I don't mind the government having equivalent powers in the online world. There are people doing bad things online, and I want there to be mechanisms to minimise that.
I don't know the specifics of the Lavabit case, but from the NSA revelations, it seems like the controls and oversight are much weaker in the online world than in the physical one.
I think there has to be a socially defined code of what behaviour is allowed and what is not - even without written laws, lynch mobs would enforce some kind of rules. Since people don't all agree on such things, many people will inevitably disagree with parts of that code. The question of how we decide on the code - both the written laws and the social conventions of overlooking some violations of those laws - is difficult. But we can't put society on hold and wait for the philosophers come up with a perfect system.
To take an example which almost everyone here will see from the same perspective: the UK government recently pushed for a form of opt-out web filtering. To HN readers, it was a clear sign of out-of-control government censorship, championed by politicians too out of touch to understand the internet. But plenty of other people were quite happy with the idea of web filtering. You may deride them as 'think of the children' types and media industry lobbyists, but that's how democracy works. You don't get your way just because you say your opponents are stupid. You have to persuade and educate people to get support for your position.
To be clear, I agree that the web filtering plan was a bad idea.
If the protocols that run the web are so easily compromised, it raises all kinds of problems with the underlying, somewhat invisible, functions to how the world works. That manifests itself as a liability to for-profit corporations. It also is something that the cat pictures people care about -- how many of them want their webcams capturing video of them walking around their rooms naked or wake up one morning and notice their brokerage account is empty? Very few.
It is quite an irony that governments demand one set of standards for privacy and security while attempting to compromise them for their own benefit (European countries carry just as much blame here.)
If the engineers who designed and built the internet cared about privacy, internet protocols wouldn't completely ignore privacy. They designed a massive routed network that involves packet forwarding between random untrusted nodes and then built a bunch of plain-text protocols on top (SMTP, HTTP, etc).
> how many of them want their webcams capturing video of them walking around their rooms naked or wake up one morning and notice their brokerage account is empty?
Probably none, but the government wouldn't do that. That's not how abuse of power works in liberal democracies. Targeting the majority is a voter-loser. You have to target minorities: hacktivists, terrorists, etc.
> It is quite an irony that governments demand one set of standards for privacy and security while attempting to compromise them for their own benefit
Nothing ironic about it. The whole premise of liberal democracy is that government needs to exist as an entity with powers superior to those of individuals, but as a check on that power must be subject to majoritarian control. You don't have to agree with that premise, but it's consistent with different standards of privacy for individuals and the government.
I believe Vint Cerf cares an awful lot about privacy. But, as he has stated countless times, this internetwork was supposed to be an experiment. Who would ever design a real network with only billions of addresses?
Forcing Lavabit to hand over everything seems like searching all storage lockers, even for people who are suspected of nothing. That's way over the line for me.
Would greatly appreciate constructive criticism. The system serves to educate everyone (openly and transparently) on implications of existing and upcoming policies.
If the idea intrigues you, check out what other people are doing along the same lines:
Rather than getting to the point where citizens have to "mobilize against" the current government, we should be seeking to self-govern in such a way that mobilization is not necessary.
One idea I like is to give each user 100 points to distribute among topics. Once the user has assigned a certain number of points for or against a position, they could then distribute those points amongst the comments that best represent their position. So if a user votes 20 points for gun control, gun control would get 20 points, and the user would have to choose which comments best support their position--5 points to this comment, 7 points for this comment, etc.
I think this would solve two problems: it would encourage thoughtful opinions to rise to the top, and it would give voice to the minority of voters that care passionately about a topic that the majority disagrees with or doesn't care about.
For example, if 50% of voters are "for" gun control, and 50% are "against" gun control, but there are 2 very popular, well-written posts supporting gun control, and only one very popular, well-written post opposing it, then the gun control supporters will "split the vote" and their best comments will only be ranked about half as highly as the opposition.
Which may or may not matter depending on how people interpret comment scores.
One alternative that i like is reweighted score voting: http://rangevoting.org/RRV.html
The strategy I had in mind for comments was to create a column of arguments for and against, and to only allow users to vote on comments in the column where they've placed their opinion. That way the strongest arguments from both sides would be shown.
Consider, too, that the system is self-referential. You could use the system to debate the relative merits of vote and comment limits, for example.
On a different topic, why do you think this system should be anonymous? You can't limit votes unless you can authenticate someone's identity, and the best way to prove that users are real is to show who each user is.
Further, all ideas should receive equal consideration. Attaching names allows for group-think and bribery. (Imagine if Neil deGrasse Tyson posted a policy, or Neil Patrick Harris, or Neil Young.) Ideas must stand on their own merit, not on the reputation or wealth of the person who conceived the idea.
I disagree in practice that all ideas should have equal consideration. If an economist or other professional has a proposal, I think its practical to recognize that that person has extra credibility on a topic, and I don't see why we shouldn't let the public see that person's reputation. Professionals have an incentive not to state false claims--if the do so, especially in an internet forum board, they would be called out and their reputations would suffer.
On the other hand, there needs to be some anonymity to protect people from real life abuse. Do you see any problem with the option of anonymity?
Your question poses an interesting problem. How do you give accreditation while still retaining anonymity? At some point you have to associate an account with a person.
I think optional anonymity would allow corruption into the system. (Televangelists, for example, would opt-out from anonymity so that their proposals might pass through randomized moderation by votes from their fan base.)
Much of this is putting the cart before the horse, though, as the system is probably best tested, at first, with politicians. See also: http://openparliament.ca/
Your system looks like it strives to be purely democratic, but pure democracies have inherent flaws such as being open to tyranny by the majority or irrational voter behavior. It is clear that some of your solutions try to mitigate these issues, but there are tradeoffs. For example, the reputation bonus for education could be seen as biasing the system against certain classes of people.
For a better framing of the voter irrationality problem (which is a misnomer because its actually rational irrationality,) I would recommend looking into the debate between Bryan Caplan and Donald Wittman. I imagine if you can mitigate the issues of both sides in your system, you'd really be on to something.
The reputation bonuses are just that: bonuses. If you contribute in a positive fashion, your reputation would increase as well. Yet all ideas (including those from anyone receiving a "bonus" boost) must still pass the moderation phase.
Or perhaps bonuses are a bad idea altogether. I thought that someone who graduated from environmental studies would be able to propose environmental policies sooner than someone who has not. Maybe that isn't good.
Thank you for the pointer!
As for the direction of your project, I think as opposed to solving all the problems at once, you may want to construct things piecemeal, while laying out the factual pros and cons of each political "module". For example, using Arrow's Impossibility Theorem, there is no way to create a perfect voting mechanism, so any voting mechanism you put in place will be a traeoff. At one extreme, is unanimous consent, this guarantees everyone is signing off and thus reasonably happy. However, unanimous consent creates a new problem of the holdout position. To balance, voting systems like majority rules limit the holdout problem, but also introduce consent issues like swings in opinion from mob rule and the tyranny of the majority. On the opposite end of the spectrum, you could create an elected dictator that could decide. This would be a trustee style system and while it would limit the above issues, it would introduce principal agent problems. By building these individual modules, you could allow your system to be adapted to many situations and allow for the actors themselves to police the less desirable behaviors (IE they know to watch out for holdouts before the process begins), which would be listed in the cons. A similar decision process could apply to the bonus systems (should education enter into it?), systems for evaluating relevant info in the debate section (types of source material, reputation voting) and so on.
In sum, allow the users to determine how they want to decide and mediate each decision before they enter into the process. A module setup may also help you make more progress on your own and get contributions.
Basically if you look at what people use text for online it usually isn't anything serious, even these discussions don't have all that much gravity and HN is probably the most serious site I've seen.
Text also has less emotion and involvement attached and I think a lot of people won't connect with a text based system like this or won't feel comfortable contributing.
An idea for a way to feed peoples passions would be some kind of automatically generated video conference setup to split people into random think tank groups based on availability for each policy they indicate they want to be part of. Then perhaps one person, presumable someone that indicates they feel comfortable writing could contribute on behalf of their group to the text based policy page.
I agree with you that text is too impersonal. The support page aims to address that somewhat by allowing video content: https://bitbucket.org/djarvis/world-politics/wiki/Supporting...
I like the idea of video conferencing. That's a rather forward-looking application. You could use speech-to-text systems for automatic dictation. An issue with video conferencing is scheduling people for simultaneous discussion.
Does this site exist? If not, what existing sites do you think are closest to your vision?
The closest idea is probably: https://canada.yrpri.org/
It has a number of issues, though.
It should be really easy to see how legislators voted, and also to see which companies contributed most to those on either side of the vote.
Also, I would include a "I approve/disapprove of this legislation" button. This way, the site could tell something like "You current Senator voted for the bills you support 15% of the time." In which case, you vote for someone else.
and in some of the projects linked from:
* .. and other related pages at that wiki
Please see the "Technology" section. If you know of any other related technology, please add it to the wiki.
Er, this is one of the largest problems facing Democracy since it was invented millenia ago. Look at the current American government shutdown, and the way Republicans have managed to frame the debate using empty rhetoric, when in reality both the debt ceiling and government spending are currently not an issue http://delong.typepad.com/sdj/2013/10/whiskey-tango-foxtrot-...
Constructive criticism is truly appreciated.
I can't see any of it. People are either indifferent or compliant. A few protests here and there that amount to nothing on the nation's scale. This is all despite the immense uproar in the press and media worldwide. What's worse, those few brave souls who dare to stand up against the injustice become social outcasts.
I guess these days people would have given up Robin Hood to the sheriff for a few gold coins and a promise of security. Or perhaps they already did.
There's only one thing you can do "about" it: Get the fuck out of the USSA while you can. Yes, this is a radical idea, but you can't deny it's starting to make a lot of sense.
Seriously. You personally can't affect what's happening all around you. Voting doesn't change anything. Writing to "your representatives" (hih!) doesn't change anything.
So what's left? You can't do anything about what's happening to your country and, by extension, you. But what you can do, is remove yourself from harm's way and go somewhere else.
Those people deserve a lot better from their elected government. Maybe the right answer is to have more people that care run for office. I'd love to help get some makers into congress and start fixing the problem.
Luckily some Senators have recognized that meme as bullshit:
“For example, we’ve heard over and over again that 54 terrorist plots have been thwarted by the use of (this program),” Leahy said.
“That’s plainly wrong,” the senator said. “These weren’t all plots and they weren’t all thwarted.”
I found "Calomel SSL Validation," which I am about to install. The PFS reporting only works with Firefox 25 and up.
Since things escalated to the point where Lavabit had to hand over it's key rather than the data on one account the FBI obtained an initial court order for , anyone with a transcript of those sessions and access to the key can read them.
The resulting cipher suites:
IE 6 / XP No FS * SSL 3 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) No FS 168
IE 7 / Vista TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
IE 8 / XP No FS * TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) No FS 168
IE 8-10 / Win 7 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
IE 11 / Win 8.1 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
Safari 6 / iOS 6.0.1 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
Safari 6.0.4 / OS X 10.8.4 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
Safari 7 / OS X 10.9 TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
See his last update on the rally page.
I strongly suspect that there are favourable legal precedents, even.
Considering that a person's ability to travel to the US is so professionally important in this industry (for conferences, business meetings, etc.), I do not believe this is fearmongering.
Remember the case of the man refused entry after a misinterpreted Tweet about 'destroying America'? 
It seems clear NSA surveillance informs CBP's entry decisions in at least some cases. Credit card payments are surely surveilled by NSA, so this actually sounds like a pretty well-grounded fear.
I do not think the US is FUBAR: FU, certainly, but not BAR. And although I refuse to be frightened into Appelbaum-esque total exile from my own country, I do take appropriate precautions before crossing the US border (CBP take note before sending me to secondary screening next time...).
As a non US-citizen, I have, upon entering the US in the past, almost without fail been subjected to "additional scrutiny" and questions upon entry simply because I live on a farm, which triggers an automatic customs red-flag. (I understand the concern about having been on a farm - they don't want me importing foreign weed-seeds or insect eggs via my shoes. But the customs system makes no distinction between someone flagged for such concerns versus someone flagged for more legitimately nefarious reasons.)
Since things got more draconian it has become one of my very, very few non-negotiable conditions of contract that I do not travel to or through the USA or any of its territories. It's just not worth the hassle.
I posted this comment because:
1) I believe my analysis is sound
2) As I have posted previously, I am a US citizen and therefore cannot be denied entry to the US
I have already donated, and though my speech (through both keyboard and wallet) might bring additional attention from the alphabet-soup agencies, I believe it's important to speak up rather than give in to fear.
That's what the no-fly list is for.
There have been some court cases where they have ruled that forbidding a US citizen to fly on his return trip to the US is stranding/abandonment, but... even then, it took a while to get those rulings, and things were pretty messy for the person in the meantime.
 I'm blanking on the legal term but there is a specific term for this.
"Are you now, or have you ever been, a member of the Lavabit Party?" 
"Your Honor, respected members of the jury: In 2013 Mr. Karana donated funds to an organization known to be in collusion with terrorists, as designated by the State Department and the Department of Homeland Security. He is by no means an 'innocent man' as he claims in this trial." 
 Assume a trial in 2025 completely unrelated to this topic, with the Terrorist Sympathizer designation coming in 2023 after the leadership of the fundraising organization was taken over by people you've never heard of.
(edited for formatting and grammar)
Into your life it will creep
It starts when you're always afraid
You step out of line, the man come and take you away"
Buffalo Springfield, "for What it's Worth" 1966.
Timeless tune, not written about internet surveillance obviously. Recently that I find that song, and that line in particular coming to mind
linkage if you want a listen: http://www.youtube.com/watch?v=gp5JCrSXkJY
He continues by saying “defending the constitution is expensive – even more so if my fight is to have a chance of reaching the Supreme Court – my legal claims I will need to raise at least $250,000.”
Lavabit doesn't do this, they support non-forward secure ones. Worse, they don't offer a cipher-suit order preference and the cipher suits they offer are actually pretty shitty (no ECDH_ECDSA, 1024bit DHE).
The way they have it configured now means anyone using the default browser on windows(IE) or OSX(Safari) doesn't end up negotiating a forward secure session. Chrome and Firefox do end up being forward secure. See SSL Lab's test result here
Ideally, Microsoft, Google, Apple, and Firefox would gang up and all disable ciphersuites lacking DHE/ECDHE in their current browsers. Short of that, one browser disabling them would be viewed as "broken" and would lose marketshare.
Much more graceful than a complete switch-over and doesn't require co-ordination from other vendors.
Browsers permit connecting with non-FS ciphers because there are many many servers out there with cipher lists based on older versions of SSL/TLS, and users would complain if they upgraded Firefox and couldn't connect to their bank.
Servers permit connecting with non-FS ciphers because excluding them would block users with older browsers from accessing the server, and give them a confusing unhelpful error page.
It is possible for the server owner to permit only FS ciphers (and therefore impose a strict version requirement on browssers).
That aside, this still leaves the very important question of SMTP traffic.
That is, I'm sure he understands that this action might be interfering with an investigation, and that it's reasonable to believe it was a willful act on his part.
Can you get into trouble for doing something like this?
On the other hand, it would be hard to prove any actual obstruction, since the service was shut down and all users notified about this whole situation.
To a lesser extent, anytime that politicians frame an issue with the two phrases "it's for the good of the public" and "it's not a problem if you aren't guilty", they're generally trouncing a constitutional right, or greasing the tracks for it to inevitably happen.
The answer appears to be as described here:
After setting the proper options in Keychain Access, Safari reported the revocation correctly.
It's a shame the government didn't work with Levison to either allow Levison to add the requested intercept himself (which, yes, would have required Uncle Sam to trust him) or to allow a third-party (or even a third party requested from both sides) to audit the proposed interception code.
The judge is correct in stating that if Levison doesn't trust the government, then why should the government trust Levison, but Levison is clearly correct when he notes that giving up his SSL private keys would destroy the security of his whole infrastructure.
The government would have been far better off by allowing a service like Lavabit to exist with the cooperation of an activist citizen than to force him to either harm all of his customers or shutdown the service. Somehow I don't think the D.A. here realized how serious many civil libertarians are.
Props on Levison for trying to stick it out in the U.S. and make things better from within!
The judge is incorrect. The U.S. Government was designed to not completely trust itself. That's why there are checks and balances. Giving the FBI the private key lets them have unchecked access to data encrypted with it. It is wrong to asked to not be checked.
[edited for format]
No - it is a plan that the government doesn't work with service provider and instead demands data and intercepts that "just happen" to let them spy on an entire network.
Indeed, everything Edward Snowden has revealed points this being the plan, the modus operandi of the state everywhere. It has an official right a few reasonable seeming things and executes that right in a way that gives it the potential for anything and everything.
And it can all just look like a "shame", a mistake, "an example of how the government doesn't understand the Internet", etc.
It's interesting that you attack the FBI when you hear them make an unsubstantiated claim, but you have no problem repeating claims you heard on internet forums. When you make claims like this with certainty, it weakens your position and reveals that you don't know what you're talking about.
I hope that any careful reader notices your entire post actual has no relation at all to the text my post above it (FBI unmentioned, while I'm sure they make unsubstantiated claims, I'm not commenting on the state's claim above, those "Internet forum" apparently exist in your imagination only too, etc). Such a reader might also notice your post follows a rather predicable rhetorical strategy. Perhaps there is an experiment going on.
- give me your bank password so i can get the $5 you own me.
- why dont i give you a check for $5?
- so i have to trust your check is good but you cant trust me with your bank password?
see? it is just crazy talk to push him around. the judge knows here his/her obedience rests. he is not even listening to the defense.
- You owe me $25
- I only keep my money in bitcoin
- Well, I don't do that bitcoin thing, and I don't really want to set a whole thing just to transfer the money
- OK, I could get it for you in cash, but you'll have to give me a few days
...a few days later
- Uhh...so about that money
- Oh, haven't gotten around to transferring that
- OK, but I could use it. Or, I could borrow your phone and talk to Steve: he'll trade me cash for bitcoin.
- But then you could take all of my bitcoins.
- I'm not going to do that
- But I can't trust you
- Then why should I trust you to pay me?
They did. See the unsealed orders (http://cryptome.org/2013/10/lavabit-orders.pdf) The original order from 6/10 only compelled the production of a bunch of metadata from a single specific, named account (see page 4 of the PDF).
There was then an order to compel (basically: "We mean it, don't yank our chain") on 6/28 because earlier that day, FBI agents met with him (according to a later motion) and, quote, "Mr Levison told the agents that he would not comply with the pen register order and wanted to speak to an attorney."
After that order was issued, the FBI claims it "made numerous attempts, without success to speak and meet directly with Mr. Levison to discuss the pen register order and his failure to provide [the specific data requested in the original subpoena]."
It wasn't until 7/9, a month after the original order was served, that they then demanded the production of his SSL keys.
This doesn't make any sense -- it's not symmetrical. The gov't should trust Levison they same reason we trust anyone that testifies in court. The power of the criminal justice system punishes those that are caught lying. Mr Levison has no recourse if the Gov't lies to him. He has a very strong incentive to carry out the modifications that they ask for to avoid fines and jail time if he lies about them. I'm sure they'd tack on "aid and abet" if he covered up any evidence.