Slashdot Mirror
Lavabit Case Unsealed: FBI Demands Companies Secretly Turn Over Crypto Keys
jest3r writes "Lavabit won a victory in court and were able to get the secret court order [which led to the site's closure] unsealed. The ACLU's Chris Soghoian called it the nuclear option: The court order revealed the FBI demanded Lavabit turn over their root SSL certificate, something that would allow them to monitor the traffic of every user of the service. Lavabit offered an alternative method to tap into the single user in question but the FBI wasn't interested. Lavabit could either comply or shut down. As such, no U.S. company that relies on SSL encryption can be trusted with sensitive data. Everything from Google to Facebook to Skype to your bank account is only encrypted by SSL keys, and if the FBI can force Lavabit to hand over their SSL key or face shutdown, they can do it to anyone."
Luckily I browse my favourite sites like /. using http so I'm not affected by this.
Understandable that he shut down.
The USA is ruled by evil bastards that have no respect for the citizens.
Time to revolt is now.
I don't see why they would want the SSL key, when presumably they have easy access to the data on the servers under the laughable "due process" already in place. Why would they want to intercept the traffic when they could just read it off the server?
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
http://i.imgur.com/Xp2q6up.jpg
How is this legal? How do you get a warrant that broad? Are fishing expeditions now allowed by law enforcement?
if the FBI can force Lavabit to hand over their SSL key or face shutdown, they can do it to anyone.
I don't think so. There's a big difference between the legal firepower available to a small service provider like Lavabit and someone like Yahoo or Google -- and handing over the ability to read everything is definitely not something that a simple warrant can legally require. Nor even an NSL.
In fairness, in this case the FBI's original request did ask for just specific metadata about one user. I haven't read it closely enough to understand how the scope was broadened so dramatically, except that I understand that Lavabit refused to comply early on, and then eventually the FBI decided that they didn't trust Lavabit to comply correctly due to Lavabit's obstructionism, and so decided that they just wanted to be able to read all the traffic and extract the bits they needed themselves.
Lavabit, of course, decided to shut down instead. That way there would be no traffic to read.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
if the FBI can force Lavabit to hand over their SSL key or face shutdown, they can do it to anyone."
With a court order, yes. Is the situation really different anywhere else?
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Go ahead, mod me troll. But given the recent revelations, how can we claim to be any better than even the fucking UN at this point? I've made a complete u-turn on this issue, and it scares the crap out of me that I would have continued to defend the US as the savior and guardian of the open and free internet if it wasn't for a single guy leaking some stuff. And we can't even push something as simple as net-neutrality regulations through without it becoming a horrible political mess.
Fuck this government and its institutions and fuck the people that support it.
Lavabit is still in court over this. You can contribute to their legal defense fund here.
I thought these and similar laws (wiretap, etc) were only allowed to act upon the entities being investigated and for which the warranty was issued. And it sounds like Lavabit tried to keep the scope narrowed to the one person being investigated, but the FBI wanted more. Isn't this over reaching the scope of the warrant and therefore any case developed would be tossed out? IANAL, but I thought the scope limitations were there for a reason. That idea TPB had to buy an island is sounding more and more convincing these days...
Lavabit did not offer an alternative solution, they offered to comply with the ORIGINAL search warrant that asked for just one user after prosecutors upped the ante when Lavabit refused the first search warrant.
FTA:
"By this point, Levison was evidently willing to comply with the original order, and modify his code to intercept the metadata on one user. But the government was no longer interested."
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
Was this the thing PJ said she couldn't reveal but would cause anyone to distrust email?
UPDATE 7:00pm CT: In a press release published on his Facebook page, Levison confirmed the unsealing and laid out his defense.
“People using my service trusted me to safeguard their online identities and protect their information. I simply could not betray that trust," he said. "If the Obama administration feels compelled to continue violating the privacy rights of the masses just so they can conduct surveillance on the few then he should at least ask Congress for laws providing that authority instead of using the courts to force businesses into secretly becoming complicit in crimes against the American people. http://arstechnica.com/tech-policy/2013/10/lavabit-defied-order-for-snowdens-login-info-then-govt-asked-for-sites-ssl-key/
act accordingly.
Firstly they wanted *all* meta data on every Lavabit user, not just Snowden. It was a blanket demand to get all of the data.
They also wanted man-in-the-middle box. A device which would have the root certificate under control of the government and would sit in Lavabits network able to man-in-the-middle attack emails (i.e. speech) of Lavabit users not connected to Snowden.
Lavabit are guardians of the customers data, how can they guard if a black-box is on their network? It can do anything, the judge has no way of telling, Lavabit has no way of telling. Google apparently refused these boxes and with good reason. There is no trust here, the Judge is not supposed to trust the FBI & NSA to do only what it says. He's supposed to be the guardian of the law, just as Lavabit are the guardians of the data.
An example, if I had such a box, I could spoof email convincingly in a way that would pass forensics. I could create fake evidence. I could spread disinformation (propaganda) again untraceably.
They also asserted that it filters out only the data they were allowed to have and throws away the rest. We know this has been proven to be false in many many leaks, even the President now pretends the data goes into a 'lockbox'. A lockbox isn't a lockbox if the NSA has the key and no judicial oversight stops them turning that key at will.
It seems, once again, the judicial branch has simply become a fawning sidekick to the executive branch.
Can we assume that all the major Certificate Authorities have been "compromised" by the FBI / NSA as well.
The phrase "no U.S. company can be trusted" may erroneously suggest that you might still be able to trust non-U.S. companies. But serious and offensive as this is, don't assume that you're safe anywhere else. The only reason we know about this is because the US legal system at least allowed the order to be unsealed (and probably only because it was the FBI rather than the NSA). Legal systems and spy agencies in other nations have powers that are at least as broad, and often far broader, than their US equivalents, and often have even less government supervision.
If we are to chose a single country, then probably US is the best option (at least if you are not a brown person). Nations are generally divided in two bunches: US sockpupets that can be used for things even the US does not want to be seen doing (hint: like Canada) and totalitarian dumps who's leaders would gladly murder just about anyone that threatens their access to power. So a common counterargument is that we either end up with US, or someone much worse.
But it does not have to be that way. An international agreement drafted by the major industrialized nations with an eye towards freedom of expression and democracy could be a much better deal than a single nation calling the shots. One important provision in such a treaty would be banning spying of international traffic passing though domestic lines. Nations would still be tempted but if caught it would justify international sanctions like a connectivity embargo. Imagine that, the first country with a closed internet would not be Iran, but USA. And the closure will come from the exterior. Quite a sensation on Nasdaq.
Anyway, don't get your hopes up, the way things work in the UN, there will never ever by a sanction against US, because it along with select few can veto any such action.
From the source:
With the SSL keys, and a wiretap, the FBI could have decrypted all web sessions between Lavabit users and the site, though the documents indicate the bureau still trying only to capture metadata on one user.
If lavabit had used Diffie-Hellman key exchange, then the private ssl-key is still not enough to eavesdrop on the communication. The interceptors would have needed to perform a full blown man in the middle attack.
"In an interesting work-around, Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type. The government, not unreasonably, called the printout “illegible.”
“To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors wrote.
The court ordered Levison to provide a more useful electronic copy. By August 5, Lavabit was still resisting the order, and the judge ordered that Levison would be fined $5,000 a day beginning August 6 until he handed over electronic copies of the keys.
On August 8, Levison shuttered Lavabit, making any attempt at surveillance moot. Still under a gag order, he posted an oblique message saying he’d been left with little choice in the matter."
Reading this makes my day
That's nonsense, and in particular Javabit encrypted the user data and communication using public key encryption methods. The problem is that the communication is SSL-encrypted. And that means the private SSL keys allow complete eavesdropping on the communcation and man-in-the-middle attacks (insertion of malicious content). That allows getting a hook into key exchanges and ultimately compromising whatever you want that depends on ongoing trust of the service.
If the service has been set up well, past data and communication are secure from decryption. The Lavabit owner had built a service ultimately relying on his personal integrity (and at some point in the process, you can't take that out of the equation) for its principal goal, secure mail, and the feds demanded he hand over his integrity. Any continued operation of the service would have been effectively fraud since its core tenet would no longer be provided.
He might have to serve prison for refusing to defraud all of his customers regarding his sole product. The good news is that he shut down before they were able to turn his service into a trap.
Fucking totalitarian injustice regime.
How's that "land of the free, home of the brave" thing working out for you guys?
At some point, America is going to have to learn to reconcile their beliefs about themselves with reality.
You're not free. You're not in favor of freedom. And you've become a country whose government which is actively working against the things you claim to stand for.
So when the rest of the world stops buying your products, putting up with your shit, or giving a damn about your business interests ... you can own that. All of your industry has been rendered as not trustworthy by your government spying.
There's no reason for any other country to trust America any more than they would Iran.
Face it guys, the terrorists won, because they've more or less destroyed the last illusions you had about your way of life.
Not so long ago if someone had said "papers please, comrade", and "if you have nothing to hide you have nothing to fear" would apply to America many of us would have laughed. Instead, we now see that America stopped being free a very long time ago.
You're like the Roman empire -- in decline and oblivious to it. The only question is how long before you do, and if you can fix it. At this point, I seriously doubt you can.
Manifest douchebags.
It's not public and you should always oppose surveillance, but exercising caution would still do you well.
Da derp dee derp da teedly derpee derpee dum. Rated PG-13.
I'd say, my banking is still reasonably safe even if FBI can see, what I'm doing. There is simply nothing there, that they (or the IRS) can't get through traditional means. My banking secrets haven't been secrets for the government (unless the banks are abroad) for a long time — but smaller-time crooks are still kept away by SSL.
When/if the national healthcare is implemented — despite our fiercest opposition — medical history will be similarly "safe".
E-mails and like communications are a different story — for now...
Finally, what this also means, is that the government still does not have the means of breaking SSL — they wouldn't be needing the keys otherwise. Which is comforting...
In Soviet Washington the swamp drains you.
1) Some idiot makes an illegal request
2) You say no
Why does this not seem to be happening?
I wonder if this makes more a case for using self signed certificates for email. Of course It wouldn't help eCommerce, https:, or many other client server type applications.
How is a user who just reads considered "abusive" to Slashdot? Treat Tor like any other open proxy, giving it read-only access.
The good think about the US is: :)
The 1st and 4th amendments make what most other countries can do less easy.
The US press and lawyers now know more
In other countries cleared bureaucrats or police would set up long term isp logging based on ip/ports/time found via their work laptops at home.
Find, point, click your in the system for years.
Your automated isp logging might get a more senior bureaucrats or police review after many months. Some 'ministers'/'court' staff rushed review year/s later for an extension.
The good think about the rest of the world is:
They can air gap, invest, design, export hardware and encrypt in new ways long term.
Domestic spying is now "Benign Information Gathering"
Go ahead, mod me troll. But given the recent revelations, how can we claim to be any better than even the fucking UN at this point? I've made a complete u-turn on this issue, and it scares the crap out of me that I would have continued to defend the US as the savior and guardian of the open and free internet if it wasn't for a single guy leaking some stuff. And we can't even push something as simple as net-neutrality regulations through without it becoming a horrible political mess.
Fuck this government and its institutions and fuck the people that support it.
These are the first keys a court have compelled a person to hand over? If you secured a bunch of unrelated things with the same key, that's your fault.
When I was growing up (70s and early 80s), all the US propaganda about how bad the Soviet Union was, how bad East Germany was, in terms of privacy, citizen rights, and being police states.
"Hypocrisy!", in my opinion.
In my opinion laws should protect non-suspect citizen rights, and enforcement agencies (FBI in this case) should be legally required to only target and restrict their levels of privacy breach to only those individuals or organizations of inquiry. They should have no legal authority to make such demands, and if a company or citizen gets such a demand, the FBI should be able to be publicly sued for attempting to exceed their authority.
AND, if the FBI currently is allowed to do such dragnets, the laws should be amended to remove such authority, and be enforced.
Uh, Linux geek since 1999.
In the original pen register case, the telecommunications provider was the Bell System, an nation-wide, regulated monopoly. They had these records because they used them for billing purposes. In other words, the records already existed and they were being created of, by, and for the United States.
Now contrast that with Lavabit: privately funded, private service, for private users with private encryption. It is not a regulated monopoly.
So why isn't it an unreasonable search and seizure of private information? Shouldn't the feds request a formal warrant? Isn't this much like searching a private individual who transports a sealed box in a private vehicle for a friend?
While I think the "hand over your SSL key" is too much I have to disagree with you meta data comment.
While the email body may be encrypted so only the recipient can decrypt it the meta data is in the clear so the infrastructure of the internet can figure out where to send the data. All the computers, routers, switches, wires and whatever other stiff there is out there that those packets of data travel on have to know where the packet is going to get it there. This is exactly like the post office which doesn't need to open the mail but does need to be able to read the stuff on the envelope to figure out where and how to move the thing to where it is going.
What I find interesting is that the FBI needed to get that info from lavabit instead of sniffing it out in the wild. It implies either misdirection or at least some of lavabit's protocols are working to some degree.
Its not exclusive to the US. All governments are like this.
---- Booth was a patriot ----
“We can assure the court that the way that this would operate, while the metadata stream would be captured by a device, the device does not download, does not store, no one looks at it,” Trump said. “It filters everything, and at the back end of the filter, we get what we’re required to get under the order."
And there is an excellent track record of the government being 100% truthful or knowledgeable in these things. Not to mention when the FBI/CIA/NSA finds out there were hands in the cookie jar that shouldn't have been there, you generally just get an "oops, we won't do it again" and no other ramifications. And should someone get canned or "forced to step down" their cronies in the government will just find them some other lucrative job.
Maybe overseeing their old position!
Perfect Forward Secrecy can block the NSA from secure web pages, but no one uses it
So few people know it happened that its sort of funny to hear that. The real (voting ) public has no clue this ever happened. Nor would they understand it if they did.
Besides that, those that do know what happened and matter will soon have a squirrel event and forget all about it anyway.
---- Booth was a patriot ----
Seems I did not know enough of the story, per this "Wired" article, so, um, 'nevermind' :
http://www.wired.com/threatlevel/2013/10/lavabit_unsealed?ref=cm
Uh, Linux geek since 1999.
It seems a lot of the recent NSA activity is about metadata mining. Is it possible to trash the metadata?
I have experimented with randon searches, for example, to see the effect on targeted advertising.
Would random searches, and phone calls, for example, make the metadata less useful?
Imagine I am a frequent visitor to whitehouse.gov, but each time I visit, I also visit gop.com, and click a few random things.
Democrat, rebpublican, libertarian, green, social justice, reddit, facebook, my little pony, new your times.
It's not limited to just SSL. Any company that holds a copy of your encryption/decryption keys (a public certificate is OK, the matching private key that goes with it is the problem) can be ordered to turn them over. The only safe system is where the keys that secure the system never leave your possession.
For e-mail that means using S/MIME or OpenPGP with a self-signed certificate and a private key you generate yourself. For encrypted documents, the same. The e-mail and documents need to be encrypted on your end before they leave your computer. Be aware that if you're encrypting messages to someone else the security will be controlled by their handling of their keys. You're encrypting using their public key, there's no security implications from disclosure there. However, if the recipient's using a service where the provider has a copy of their private key (used to decrypt messages to them) then messages can potentially be eavesdropped on by outsiders who've compromised the provider and gotten the key. Be aware of this aspect and make sure you know how recipients are handling their own security.
Yes, the above means any and all web-based or hosted services are automatically vulnerable no matter how they're designed. The only secure systems are ones where you, or software running on your computer and that you control, does the encryption and decryption and the private keys are never disclosed to any other party.
Basically, the government can force you to do anything it wants, and there's nothing you can do about it. Strange, I remember hearing about some document that spelled out certain limitations on the governments powers, and certain rights that people had, but I must have misremembered.
Mr Levingston: "I've been ready to do that since Agent howard spoke to me the first time"
"In light of the conference call on July 10th and after subsequently reviewing the requirements of the June 28th order I now believe it would be possible to capture the required data ourselves and provide it to the FBI." ...
"because all other options for installing then pen-trap have failed. In a typical case, a provider is capable of implementing a pen-trap by using its own software or device, or by using a technical solution provided by the investigating agency; when such a solution is possible, a provider need not disclose its key" ...
Lavabits said they would change their system to do it for $2k or whatever it was yet government did not accept the offer cuz $2k was too much and they wanted faster/realtime updates. Seriously? How much did it cost taxpayers to quibble over $2k and update frequency? A lot more than $2k I assume.
The FBI knows full well lavabits is done if it hands over private keys yet they are militantly unwilling to work with Lavabits in good faith to get the information Lavabits has always agreed it would help them provide. The FBI is acting like a spoiled little brat and it got what all spoiled little brats deserve (NOTHING). The unwillingness to work together in this case is unprofessional and ridiculous. I feel comfortable assuming either extreme FBI incompetence/BSD or a conspiracy to possess private keys in an effort to continue this countries systematic overreach and circumvention of limits to power.
It means that the government can't easily decrypt this information.
For a high-value target like this, you would think they would just use brute-force, instead of the risk of Lavabit shutting down or tipping off it's customers.
I've never understood why Firefox makes it so difficult for web site users to use unsigned keys. Now it makes sense, the "authorities" probably have a back-door into the companies that sell "authenticated" keys and can access those keys "when necessary" (and with what counts as "due process" nowadays).
Did the spy agencies infiltrate the crypto system in Firefox and put these scary warnings in place to prevent a proliferation of self-signed keys that they can't access? The Wired article mentioned the FBI was "entitled" to the Lavabit SSL key - how many other SSL keys are they "entitled" to?
n an interesting work-around, Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type. The government, not unreasonably, called the printout "illegible."
Well played. Futile, but well played anyway.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Is Ax-crypt safe? f not what encryption software is?
Jack of all trades,master of none
Would these help? If TLS depends on both a client and a server certificate, then the FBI/NSA acquiring a web servers' certificates wouldn't give them access to connection content. For them to intercept a particular individual's connection, they would have to obtain the client key as well as the server key. In most cases (idiots who store their client keys in the cloud aside), this means physical access to the client system.
Physical access means either having to serve an individual with a search warrant or attempting to sneak in and grab it. I don't think there are too many FBI agents that would survive sneaking in to peak at my system.
Have gnu, will travel.
Endless surveillance, yet another violation of our rights. The gov’t constantly violates our rights.
They violate the 1st Amendment by caging protesters and banning books like "America Deceived II".
They violate the 4th and 5th Amendment by allowing TSA to grope you.
They violate the entire Constitution by starting undeclared wars.
Impeach Obama, support Rand Paul.
Last link of "America Deceived II" before it is completely banned:
http://www.amazon.com/America-Deceived-II-Possession-interrogation/dp/1450257437
From the average user's point of view, this makes sense. Who can be bothered to authenticate a site's certificate through some alternate channel? Like a key fingerprint printed on your snail mail delivered bank statement. Or in a print advertisement. So all a self signed certificate indicates is that some unknown entity generated a certificate and is vouching for themselves.
Trust me. Have I ever lied to you before?
Have gnu, will travel.
We now have plausible denyability of ever posting certain stuff on the internet. It might just be some NSA employee that, with help of some neat tricks, can hijack your account.
nosig today
The US depends on it's software industry; we shipped all our labor jobs overseas to trade them for office work (programming).
Really? Then how do you explain the fact that the US has a multi-Trillion manufacturing sector which employs around 12 million people?
Bear in mind that the size of the global market for software is around $300 Billion and the number of US software developers is around 900,000.
Land of the free, home of the brave?
O say does that scar-strangled banner yet wave,
O'er the land of the sheep, and the home of the slaves...
"What in the name of Fats Waller is that?"
"A four-foot prune."
i'd vote switzerland.
The guy who said the election was rigged won the presidency with the second-most votes.
I vote that all secret courts now be referred to as "Sondergerhte"
IETF meeting in November will consider that very point.
Everyone's bringing their DNSSEC root KSK revocation keys...
There's a big difference between the legal firepower available to a small service provider like Lavabit and someone like Yahoo or Google
But, while Lavabit apparently can afford to close down before yielding, can you imagine GMail or Yahoo or Facebook choosing to close? I can't.
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
May take a little more work, but just encrypt the text file yourself and send via regular email. Regular email will have less eyes looking at it. For added security modify the extension to a common one such as .jpg (from .7z or whatever format you chose). Unless they dedicated processing time to look at each individual file attached in an emal and analyze it further than reading the extension (computationally costly) you're gonna be just fine sending, "Dude, let's watch The Matrix tonight. Shhhhhhh. Bring booze. My mom's out of town."
Go start your revolution. Do whatever you think that entails.
Or, if you aren't willing to do that, because revolutions are messy and often as not end up worse than what you had, kindly shut the fuck up.
I will not be joining you because while I feel the US has not been moving in a positive direction as of late, I feel that the solution to fixing it involves using the democratic process, not violent revolution, since I understand how nasty those are and also have a perspective on how good the US has it overall.
I get really tired of whiny, usually anonymous, basement dwellers playing toughguy on the net, decrying the US and saying we need to "revolt" or "rise up" or some BS. You aren't going to do that and you know it. So you are just being a douchebag, whining and complaining, suggesting that others should do the dirty work.
So put up or shut up. If revolution is really what you think is needed, get on that then. Though you might want to research a little as to what often happens to revolutionaries, and to countries after. If you don't, then STFU about it. Less whine, more action.
In fact, you will probably find that if you and other like you spent less time whining and more time working to affect actual change in the country within the system we have, things might start getting better.
The good think about the US is:
The 1st and 4th amendments make what most other countries can do less easy.
While true, most other countries that depend upon the Internet for commerce have robust privacy laws that the US lacks.
So these privacy laws make what the US does less easy as well. That is to say, in both situations, the government has to work to weasel around established laws.
Well then you were INCREDIBLY uninformed and a DECADE behind, because the US government's mass surveillance has been made public several times in the previous years.
* In December 2005, U.S. District and FISA court judge James Robertson resigned in protest over warrant-less wiretapping on US citizens. -- http://abcnews.go.com/Politics/story?id=1429647
* "News reports in December 2005 first revealed that the National Security Agency (NSA) has been intercepting Americansâ(TM) phone calls and Internet communications."
* "a USA Today story in May 2006 and the statements of several members of Congress, revealed that the NSA is also receiving wholesale copies of American's telephone and other communications records."
* "In early 2006, EFF obtained whistleblower evidence from former AT&T technician Mark Klein showing that AT&T [...] makes copies of all emails web browsing and other Internet traffic to and from AT&T customers and provides those copies to the NSA."
-- https://www.eff.org/nsa-spying
There were well-publicized lawsuits over this issue:
-- http://news.cnet.com/ATT-sued-over-NSA-spy-program/2100-1028_3-6033501.html
And even if you missed all of that:
* "In 2008, [the US] Congress granted telecoms immunity for cooperating with the government's intelligence-gathering activities." Obviously, you only need "immunity" from prosecution if you were complicit in committing criminal acts.
--http://www.cryptogon.com/?p=26717
Hell, what did you think Barak Obama's 2008 presidential campaign promises about surveillance and government secrecy reforms were all about? -- http://news.cnet.com/8301-10784_3-9845595-7.html
If you only found out about all of this recently, you'd have to been locked in a cave, or be a drooling moron.
I really didn't get the point of Snowden's leaks, or the public outcry after the fact, since this stuff has been public knowledge for many years now. I will say he had a decidedly positive impact, as the EFF's lawsuit (above) that was halted on national security grounds, was allowed to proceed after Snowden made enough of the program public knowledge that the state secrets excuse was laughable.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Why did the FBI not just raid the location, take the physical servers and storage assets, clone them and then let the courts sort it out? That way they could go and fetch the keys themselves, MiTM the traffic to the host through his ISP, masquerading as Lavabit, and snarf whatever they needed. They're already doing it in other cases.
What I'm wondering, is that when someone comes to your door with a warrant, and you say "No" and close the door, why would they allow you to go back and manipulate the bits and digital information that comprises the portion the warrant asked for?
In this case, how was Lavabit even allowed to shut down their services, if the FBI was at the door asking for the keys?
Something doesn't add up here.
because after this it's clear that their tech companies will be automatically deleted from applying for contracts in most of the world. And that, ladies and gentlemen, boys and girls, is why the NSA will be reigned in, NOT because the courts or the politicians will do anything about it.
FBI would have been happy with this condition - all they wanted was the metadata (headers) showing who this one guy was sending emails to or receiving them from. They never asked for the actual data.
Is it just my observation, or are there way too many stupid people in the world?
These bozos in the FBI and their compliant judge have done massive immeasurable damage to the US economy and reputation. This is worse that the largest bank robbery in history, it is time to reign in these vandals before they do any more damage to the country they're supposed to protect.
That's exactly what I've been feeling more and more. C'mon, like the TSA isn't a 'let us see your papers please' organization? I mean MAYBE they could claim that when they only handled air travel, but if they're doing pilot programs for bus, train, and possibly even car, WTF.
Prior to this the only time I've had 'papers checked' was at state borders, and only during seasons where they were worried about people bringing flora and fauna across state borders. Don't you harken for a time when the only fear was of contaminating another state's agriculture with your state's flora or fauna?
The biggest problem here is that they are only intercepting secure web traffic! I mean, my god man, the security of the GREATEST PEOPLE ON EARTH is at stake!!! So when are they going to start eavesdropping on all of our everyday conversations?! I mean christ, I overhear people hatching evil plans over by the water cooler ALL THE TIME!!! What happens to those conversations after they happen?! They evaporate! Literally into thin air! There's not even a trace! WHEN ARE THEY GOING TO DO SOMETHING ABOUT THIS SO THEY CAN STOP THE TERRORISTS?!
Don't want to trust me? Ok, let's go to plain text http then.
The 1st and 4th amendments make what most other countries can do less easy.
Those only matter for as long as the court system chooses to consider them important. They clearly no longer see the 4th as important, the 1st is only still important because Hollywood (Corporate $$$ to be made).
The US press and lawyers now know more :)
The press only works when the interests of the owner of the company that the journalists work for does not have interests that align with the interests of the state. Given that corporate welfare is a major policy platform of both Democrats and Republicans, their interests tend to align most of the time.
For lawyers, refer to the previous paragraph about judges deciding which parts of the Constitution are important. You can't argue a point that relies on axioms your audience rejects outright.
In other countries cleared bureaucrats or police would set up long term isp logging based on ip/ports/time found via their work laptops at home.
Find, point, click your in the system for years.
Your implication that this doesn't already happen makes no sense. ISPs are national to the country they are in, the physical network hardware is inside those countries borders so physically snooping the connections is already possible, nothing changes on that front. The Internet is not designed to be secure, there is no authority or inbuilt technological limitation that keeps interior routing nodes or the endpoints honest. Indeed, the system is remarkably fragile; black hole routing happens from time to time when badly configured backbone routers spread incorrect information about themselves resulting in entire continents going dark until manually overwritten by the support IT staff.
The good think about the rest of the world is:
Even if we ignore the fact that the Internet is basically just a more sophisticated version of the telephone network, and the ITU (a UN body) has done a decent job running that already. The major benefit of turning control of IANA and ICANN to the UN is that the UN is basically in a permanent state of deadlock with too many competing and often outright opposed viewpoints to get much of anything done. If ICANN was run by the UN they would basically just coast along with no one being able to agree to change anything about how it operates which is basically what we want.
The idea that allowing third world holes to vote on the operation of the Internet would ruin it is stupid, the DNS system cannot be compromised so easily. You think blasphemy of Islam would be banned internationally? How would they get enough support for that? More importantly, how could they implement that technologically? Great Firewalls of China are the only way that will happen, and those already exist.
Anybody know how the Dutch company "Lavabyte" is coming along? When can I sign up?
It's crap like this that is causing U.S. technology to flee overseas.
Spread it around!
Other countries may have great laws on privacy or not like entrapment or fast track appeals to high courts.
They may also have concepts historically based on http://en.wikipedia.org/wiki/Inquisitorial_system
You also risk long term bureaucratic or police tracking or the domestic telco system been legally close to gov tracking efforts.
Domestic spying is now "Benign Information Gathering"
The U.S. government has completely undermined foreign trust in the U.S. software and IT industry. The long-term damage from this will take many years to become apparent, but I think its going to be astronomical. (Great for European software and IT businesses though!)
i'd vote switzerland.
Seconded. Only Americans with zero knowledge of any country apart from Canada, Mexico and whichever unfortunate country the US Govt is planning to invade next, would think that there are no other country would have better goodwill around the world to control global infrastructures for the common good.
The U.S. government is extremely corrupt.
Citizens only make jokes.
Not particularly surprising. Anyone else remember that Hushmail caved in to law enforcement demands for user data years ago. They used the child pron excuse in that instance as I recall.
Are you guys talking about the same Switzerland that is the largest offshore jurisdiction, protecting the assets of millions of millionaires from all around the world from the snooping eyes of their countries' taxmen and judiciary ? The same country that fights for it's right to practice "don't ask, don't tell" banking ? The country who's foreign policy is subordinated to the financial interests of the world elite ? Who is still keeping secret the assets of Holocaust-era victims and their aggressors ?
I beg to differ on what 'privacy' should mean in an international context.
I wouldn't get too worked up about it. Analysis: Despite fears, NSA revelations helping U.S. tech industry
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Though I suspect a one line summary would be 'Too early to say'. Politically speaking, it's those tech companies that have the clout to achieve real change at the NSA, and are probably the best hope for it. We shall see!
I posted that hushmail was compromised in the name of the children by law enforcement years ago. That post now cannot be found here. This has happened to me a number of times here - anonymous posts first showing and then utterly vanishing from the thread despite expanding and loading all comments.