Lavabit Case Unsealed: FBI Demands Companies Secretly Turn Over Crypto Keys

jest3r writes "Lavabit won a victory in court and were able to get the secret court order [which led to the site's closure] unsealed. The ACLU's Chris Soghoian called it the nuclear option: The court order revealed the FBI demanded Lavabit turn over their root SSL certificate, something that would allow them to monitor the traffic of every user of the service. Lavabit offered an alternative method to tap into the single user in question but the FBI wasn't interested. Lavabit could either comply or shut down. As such, no U.S. company that relies on SSL encryption can be trusted with sensitive data. Everything from Google to Facebook to Skype to your bank account is only encrypted by SSL keys, and if the FBI can force Lavabit to hand over their SSL key or face shutdown, they can do it to anyone."

Re:Why?

[jareth-0205]

I don't see why they would want the SSL key, when presumably they have easy access to the data on the servers under the laughable "due process" already in place. Why would they want to intercept the traffic when they could just read it off the server?

Because presumably the whole point of Lavabit is that the stored email was encrypted based on a key that only the user had, so in-transit is the only place they could see it.

Contribute

[kajsocc]

Lavabit is still in court over this. You can contribute to their legal defense fund here.

Re:Contribute

[DeathToBill]

I'm blowing seven mod points I've already handed out on this story doing this, but meh, who cares. Pointing out someone has no idea what they're talking about is worth it. Sending the most lawyers has nothing to do with legal precedence. Lawyers can't influence legal precedence any more than any other person in the country. I'm not sure why you even care about legal precedence - it's not usually a very controversial subject. It's just how things are.

A court has precedence because courts are set up in a hierarchy by the legislature.

Some types of law have precedence over others, for instance the constitution over statute and statute over regulation.

Of course, they may want to send lawyers because of things called legal precedents. It's something different. Go look it up.

They wanted a man-in-the-middle box

Firstly they wanted *all* meta data on every Lavabit user, not just Snowden. It was a blanket demand to get all of the data.
They also wanted man-in-the-middle box. A device which would have the root certificate under control of the government and would sit in Lavabits network able to man-in-the-middle attack emails (i.e. speech) of Lavabit users not connected to Snowden.

Lavabit are guardians of the customers data, how can they guard if a black-box is on their network? It can do anything, the judge has no way of telling, Lavabit has no way of telling. Google apparently refused these boxes and with good reason. There is no trust here, the Judge is not supposed to trust the FBI & NSA to do only what it says. He's supposed to be the guardian of the law, just as Lavabit are the guardians of the data.

An example, if I had such a box, I could spoof email convincingly in a way that would pass forensics. I could create fake evidence. I could spread disinformation (propaganda) again untraceably.

They also asserted that it filters out only the data they were allowed to have and throws away the rest. We know this has been proven to be false in many many leaks, even the President now pretends the data goes into a 'lockbox'. A lockbox isn't a lockbox if the NSA has the key and no judicial oversight stops them turning that key at will.

It seems, once again, the judicial branch has simply become a fawning sidekick to the executive branch.