Ed Felten: Why Email Services Should Be Court-Order Resistant

Jah-Wren Ryel sends this excerpt from Ed Felten at Freedom to Tinker: "Commentators on the Lavabit case, including the judge himself, have criticized Lavabit for designing its system in a way that resisted court-ordered access to user data. They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access? The answer is simple but subtle: There are good reasons to protect against insider attacks, and a court order is an insider attack. To see why, consider two companies, which we’ll call Lavabit and Guavabit. At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party—in this case, the government. Meanwhile, over at Guavabit, an employee, on receiving a bribe or extortion threat from a drug cartel, copies user data and gives it to an outside party—in this case, the drug cartel. From a purely technological standpoint, these two scenarios are exactly the same: an employee copies user data and gives it to an outside party. Only two things are different: the employee’s motivation, and the destination of the data after it leaves the company."

Are they completely blind?

So a court case that was created as a knee-jerk response to Snowden is arguing that organizations shouldn't take steps to prevent leaks like Snowden .....

Re:Are they completely blind?

[tchdab1]

Or, put another way, the court cannot perceive how it is the same as an extortion ring.

Re:Are they completely blind?

[MrKaos]

Or, put another way, the court cannot perceive how it is the same as an extortion ring.

No, the court hasn't perceived it from the perspective of a citizen issue where the motivations are to commit a criminal act, such as fraud against citizens. They are currently blind to unlawful uses of what they consider to be legitimate access rights. The court has to be educated as to why this is a bad thing (tm).

Re:Are they completely blind?

The courts need to be educated that if encryption is properly done it's like asking them to hand over the moon, You can order them to do it but that doesn't mean it's possible.
Since encryption is legeal some things are beyond the court's grasp. That is the lesson that must be taught.

Re:Are they completely blind?

That's self-consistent and consistent with the way lawyers and judges view the world. In their view, the rules of society aren't defined by the way the world is, but by the way the legislative wants them to be. In their view, upholding the rules is not the job of engineers. It's the job of the police, and justice is the job of lawyers and judges. Lawyers and judges have no problem with telling you that you're wrong to say that 3+2 equals 5 if the law says that it's wrong. By making a system which is resistant to court orders, you're making it impossible for them to uphold the law, and even if you do so to prevent a violation of the law (an illegal leaking of information), that's still wrong, because upholding the law is their job, not yours.

Re:Are they completely blind?

[Dr+Damage+I]

Unless it's a civil liability lawsuit, in which case exactly the same thing amounts to negligence.

Re:Are they completely blind?

Your anger clouds your judgment. Before you make further comments about my mindset, take a deep breath and read what I actually wrote.

Re:Are they completely blind?

[foniksonik]

adjective
adjective: catholic;adjective: Catholic
1.
(esp. of a person's tastes) including a wide variety of things; all-embracing.
synonyms: universal, diverse, diversified, wide, broad, broad-based, eclectic, liberal, latitudinarian; More
antonyms: narrow

That word doesn't mean what you think it means.

Re:Are they completely blind?

[intermodal]

It's not the court so much as legislators that need to be made aware of just how this is a bad thing. They actually write laws, while courts make them up as they go.

Re:Are they completely blind?

[Gr8Apes]

The court needs to understand that proper encryption is similar to those little ink filled theft prevention tags to clothes, that can "only" be removed with a special device, except there exists only 1 such device per subset of tags, and that should one choose to hit the device with a hammer, you run the very real risk of destroying the item you're interested in accessing. So unless they will rule all such devices and mechanism illegal, they will need to realize that some things are beyond their ability to request without cooperation.

Re:Are they completely blind?

[TheJediGeek]

It was Louis XVI that was beheaded, not Louis XIV. Louis XIV died of gangrene at age 77.

Re:Are they completely blind?

It was Louis XVI that was beheaded, not Louis XIV. Louis XIV died of gangrene at age 77.

Deliberate infection with gangrene and denial of treatment seems worse than the guillotine to me.

Re:Are they completely blind?

[Golddess]

By making a system which is resistant to court orders, you're making it impossible for them to uphold the law, and even if you do so to prevent a violation of the law (an illegal leaking of information), that's still wrong, because upholding the law is their job, not yours.

1) The system is not resistant to court orders. It is resistant to the court going to the wrong party to get at the data.
2) Restricting the ability of a 3rd party to access the data has nothing to do with upholding the law. At most, you could say it is about keeping the government honest, which is the job of everyone.

Re:Are they completely blind?

[MrKaos]

The court needs to understand that proper encryption is similar to those little ink filled theft prevention tags to clothes

I've always thought of encryption as the evolution of the envelope used to snail mail a letter.

Re:Are they completely blind?

[Gr8Apes]

The court needs to understand that proper encryption is similar to those little ink filled theft prevention tags to clothes

I've always thought of encryption as the evolution of the envelope used to snail mail a letter.

That would be encryption with the keys available to everyone. After all, anyone can open an envelope. Hence the reference to a theft prevention device that destroys the intended target, or a safe that potentially cannot be opened in a reasonable amount of time.

Re:Are they completely blind?

[MrKaos]

The court needs to understand that proper encryption is similar to those little ink filled theft prevention tags to clothes

I've always thought of encryption as the evolution of the envelope used to snail mail a letter.

That would be encryption with the keys available to everyone. After all, anyone can open an envelope. Hence the reference to a theft prevention device that destroys the intended target, or a safe that potentially cannot be opened in a reasonable amount of time.

That's what I mean by evolution, anyone can't open it.

Re:Are they completely blind?

[Reziac]

The villain is always the hero of his own story.

Re:Are they completely blind?

[Reziac]

As someone once put it, "Justice is not within the purview of the law."

Re:Are they completely blind?

"In their view, upholding the rules is not the job of engineers. It's the job of the police, and justice is the job of lawyers and judges."

Wrong. It's not a justice system. It was NEVER a justice system.

It's a LEGAL system. Justice has very little to do with what happens in courtrooms.

The apartheid-era South Africans were most accurate - it was called the minstry of Law and Order

Re:Are they completely blind?

That's self-consistent and consistent with the way lawyers and judges view the world. In their view, the rules of society aren't defined by the way the world is, but by the way the legislative wants them to be. In their view, upholding the rules is not the job of engineers. It's the job of the police, and justice is the job of lawyers and judges. Lawyers and judges have no problem with telling you that you're wrong to say that 3+2 equals 5 if the law says that it's wrong. By making a system which is resistant to court orders, you're making it impossible for them to uphold the law, and even if you do so to prevent a violation of the law (an illegal leaking of information), that's still wrong, because upholding the law is their job, not yours.

If they do this in the USA, they're violating fundamental rights they've sworn to uphold, namely those rights the people decide to assert as retained by them under the 9th Amendment, or reserved to them under the 10th Amendment. Retained by the people does not mean stealable by the lawyers (or by the legislative). In short, the law says the legal profession is wrong if they think they have the final say in what the rules are.

Of course, given the difficulty the people in the USA have with getting the legal profession to acknowledge the explicit portions of the Bill of Rights (or even just to act with integrity), getting them to acknowledge the open-ended portions is going to be difficult.

On the other hand, if they didn't want to work within the rules defined by this system, they should have moved somewhere else. Would anybody like to take a large number of immigrants with training in law?

Re:Are they completely blind?

[Gr8Apes]

Actually, currently, anyone can open it that has access to it, much like the mail. The government sponsored carriers now allow the government to read all - they didn't even dare do that with regular mail.

Good model

[gweihir]

This model describes the problem pretty well. Of course it can be extended: What if the judge or (given an over-broad wiretap order) the police is in league with the attacker, freely or by coercion? That is not unheard of either.

Re:Good model

[Jane+Q.+Public]

Besides: the court has another, arguably "more American" avenue: it can order the defendant to turn over the information. (If, that is, it doesn't violate his 5th Amendment rights.)

I never did buy this concept that just because you have a business deal with someone, the court could order THEM to turn over personal papers related to you. Seems to me, the same standard of getting a warrant should apply. Otherwise, the whole purpose of warrants is being subverted.

Let the courts criticize. There's not a damned thing they can do. They have no legal authority to order people to make their websites police-friendly.

Re:Good model

[bruce_the_loon]

Um, a warrant is a court order. The investigators explain to the judges what they suspect, why they suspect it and what and where they need to look to get more evidence. The judge then issues the warrant. Legality of the source of the evidence used to obtain the warrant can be challenged in the future case and will affect the chain of admissibility.

Warrants don't just apply to the defendant directly, and are issued on a one-sided basis to prevent destruction of evidence by the defendant.

Re:Good model

[brainboyz]

You missed the court case news earlier this week.

Re:Good model

What if the judge is actually an alien or a dinosaur.. gasp, what if they've traveled through time and are actually nazi spies? WHAT IF THE JUDGE IS BIN LADEN? holy fuck, why will no one think of the honorable judge laden and protect against potential attacks by him?!

Arguing to circumvent an entire aspect of a legal system because of one-off's that more or less are only going to happen in theory as a justification for your own biased belief structure is pretty dense.

Re:Good model

But, as the story yesterday showed, only the company the warrant is issued against can challenge it, not the person they want to collect information about.

So they may well violate your 5th amendmend rights, but the only ones who can do anything about it, is a company whose primary purpose is to minimize cost and maximize shareholder value. Not to protect your rights.

So, adding 2 and 2 together, you don't have any rights.

Re:Good model

But i was told "This is the land of the FREE." I guess they were talking about the government being free to do what ever they wanted.

Re:Good model

Fuck you and your legal system.

Re:Good model

The Feds have justified warrentless wiretapping on the basis that an -mail is like a post card, that everyone can read. The courts have ruled that an e-mail stored on a server unencrypted in like a postcard, and thus is not entitled to consitutional privicay protections. A system set up to avoid leaving an unencrypted copy on the mail server requires no further justification than preserverving constitutional rights to privacy that exist in oridnary snail mail.

Re:Good model

[AlphaWoIf_HK]

It makes perfect sense to me. Taking into account the possibility of corruption or abuse is what any intelligent person should do, and since freedom is more important than safety, it absolutely makes sense to try to make it much more difficult for even the government to get access to people's information.

Re:Good model

[Jane+Q.+Public]

"Um, a warrant is a court order. The investigators explain to the judges what they suspect, why they suspect it and what and where they need to look to get more evidence. The judge then issues the warrant. "

You are nitpicking, and not even doing it well.

While a warrant is technically a kind of court order, there are other kinds as well. What is commonly referred to as a "court order", a "search warrant", and a "subpoena". They are ALL court orders, but they differ in the standards of evidence that is required for each.

What is commonly called a "court order" has a very low evidence threshold, or even none at all. You are "ordered" by the court to appear on a certain date. You are "ordered" by the court to pay reparations to someone you defrauded. Etc.

A subpoena also has fairly low standard of evidence. You can be subpoenaed by courts for a number of reasons, and there are a great many situations in which a subpoena has no force or can be quashed.

In order to issue a warrant, on the other hand, the court must be shown probable cause. This is a higher standard than either of the other examples above.

However, a defendant's 5th Amendment rights override both warrants and subpoenas. No court in the nation has the authority to violate the 5th Amendment, for any reason.

Re:Good model

[khallow]

So they may well violate your 5th amendmend rights

I don't see it since the primary aspect of the Fifth Amendment is constraints on forcing self-incrimination. Evidence provided by other parties just doesn't qualify, even if it originally came from you, unless it requires you to register evidence of a crime (say a federal law requiring Facebook users to register with Facebook any illegal drug trades they conduct via Facebook). Maybe you're speaking of the Fourth Amendment which is about constraints on searches and seizures?

Re:Good model

[Jane+Q.+Public]

I don't see it since the primary aspect of the Fifth Amendment is constraints on forcing self-incrimination. Evidence provided by other parties just doesn't qualify, even if it originally came from you, unless it requires you to register evidence of a crime (say a federal law requiring Facebook users to register with Facebook any illegal drug trades they conduct via Facebook). Maybe you're speaking of the Fourth Amendment which is about constraints on searches and seizures?

But I think you're both missing the point I was making. If I have a private business deal with someone else, and it requires a probable-cause warrant to get information about it from ME, why should it take any lower standard of evidence to get it from someone else? Where is the justification for that?

Completely aside from the 5th Amendment, it appears to me to be a rather blatant attempt to get around the "probable cause" requirement.

Re:Good model

[Yaur]

One missing piece: Auditing. At the organisation that I'm writing software for (which handles fairly sensitive data) no one, not the NSA, not a drug cartel has the ability to access data without leaving a trace.

Re:Good model

[Registered+Coward+v2]

But I think you're both missing the point I was making. If I have a private business deal with someone else, and it requires a probable-cause warrant to get information about it from ME, why should it take any lower standard of evidence to get it from someone else? Where is the justification for that?

Completely aside from the 5th Amendment, it appears to me to be a rather blatant attempt to get around the "probable cause" requirement.

There really isn't a lower standard that says you don't need a warrant to force disclosure. The prosecution can ask you to turn over information, if you refuse, they get a warrant. Voluntarily giving information doesn't require a warrant, no matter who does the giving. Now, we can question what is a minimal standard for "probable cause" and does the fact you used a particular email service constitute probable cause that you may have sent incriminating emails and thus warrant a judge issuing a warrant; but that is different argument.

Re:Good model

One missing piece: Auditing. At the organisation that I'm writing software for (which handles fairly sensitive data) no one, not the NSA, not a drug cartel has the ability to access data without leaving a trace.

Really? How did you convince management to committee to buying more storage every year to hold the unshrinkable audit log files?

Re:Good model

[Sarten-X]

As a point of reference, at a financial company I worked at, the audit logs for several decades of account data came in at just about 1 GB. That particular system only logged changes to clients' accounts, but still... audit logs can be pretty small, and storage is cheap.

Re:Good model

Actually, the court can order it but that doesn't mean the defendant will do it and that is the crux of the problem.

The same standards do apply for warrants to third parties.

And, you are wrong, the court does have the legal authority to order people to make their websites police-friendly, it all revolves around the law and actions taken by the police.

You seem to be pretty ignorant of the law. Perhaps you should wait until you are out of junior high school before making comments, "Jane".

Re:Good model

[Eskarel]

They can always ask, Lavabit refused, so they came back with a warrant.

The problem in reality is that society has an interest in ensuring that criminals are caught and prosecuted. It also has an interest in ensuring that impacts to privacy are minimized. It's a fairly difficult balance to strike at the best of times, but encryption, as it stands anyway, is kind of an all or nothing deal.

It's patently absurd to give the federal government the keys to the kingdom, but it's also patently absurd to say that criminals should get away with it because they used encryption. I don't have an answer, but "nuh uh I used encryption" sure as hell ain't it.

Re:Good model

Sounds like a good way to think about it.

When one sends snail mail, one can choose to use a sealed envelope or post card.
The accessability to others is different, but there is no concept that the mailer did something bad by choosing the envelope.

A sophisticated person in the middle might be able to open the envelope.
The sender fearing this, might choose a more sophisticated envelope.
I don't see why this implies that the mailer or maker of the envelope is doing something bad.

Now we have a new sort of mail and folks with demonstrated reason to fear folks in the middle.
In response to market demand, Lavabit made a better envelope.
There is no question that there are legimate uses for this service.
This seems a sufficient argument the Lavabit did nothing wrong in making a better envelope.
Labavit shouldn't have to arrange their affairs to make life easier for the search.

On the other hand, telephone companies are required to arrange thier afairs to make intercept easier.
(See CALEA.) This requires the phone company to provide access to whatever contents they have.
If their customers choose to talk in code, an intercepter is out of luck because the phone company has nothing to do with the code.

The difference with Lavabit is that they provided both the communication and facilitated the coding service.
It seems the legal flaw in this scheme is that they are holding keys useful for sorting out the coding.
In order for the end customer's mail clients to access these coded envelopes, they must generate session keys.
    This depends on trusting some common intermediary, but allows the ends to communicate without having a previously safely distributed key pair.

If the clients choose instead to trust an assortment of different intermediaries beholding to different jurisdictions, the legal story might be different.
    This amounts to a more sophisticated scheme protecting the inside of the envelope.

It seems a simpler scheme might be for Lavabit to have no master key, and instead generate random session keys and send them to each client using the client's public/privatekey pair.
The outside of the envelope would be visable in Lavabit's servers for a short time, but otherwise, only visable at the ends.

There should be nothing wrong with the end customers choosing to arrange thier communications to place the intercepter out of luck.
It's expected that a business arrange their financial affairs to minimize their taxes.
This includes choosing which juristiction to do business in.
Seems like choosing your trust authorities in a similar manner should be fair.
      And unfortunately necessary.

It seems likely that smart bad guys already are way ahead of all this.
It's too bad the good guys need resort to such measures to get the same security that the bad guys likely already enjoy.

As a practical matter, it seems unlikely anybody can put the coding genie back in the bottle.

Re:Good model

[cornjones]

We do the same, everything is audited and the data is held since the beginning of the system. We manage the size of backups w/ RO sections that are only synced once, etc. keeping things on disk is pretty cheap.. consider it a cost of doing business.

Re:Good model

[Bite+The+Pillow]

Not really. The accepted way to track live data is installing a device that copies relevant data, which was requested of lavabit. A rogue employee would have a hard time sneaking that in, making it much easier for legitimate eavesdropping. That negates the whole argument for live capture.
For static capture, encryption per person has always been more attractive than using sitewide keys, but leaving the user in charge of the keys is the only option for security minded users.
Lavabit objected to the live capture because it would expose everyone, which exceeded the bounds of the order, and a judge complained that the service was poorly engineered if it could not accommodate. This appears to argue that it is poorly designed if it can accommodate.
I would have to argue that allowing law enforcement legally requested access to isolated data in a way that is not overly broad is not unreasonable.
Designing it to be difficult to tap without raising red flags is not impossible.
The only question then is whether the preparation for warrant access degrades service for the normal user, Luke Skype and facetime recently. If so, sorry but we have a business to tun.

Re:Good model

[ATMAvatar]

There is a market solution to the above scenario. Stop doing business with companies who do not go to bat for their customers.

Re:Good model

[pla]

They have no legal authority to order people to make their websites police-friendly.

You sure about that?

In fairness, CALEA requires backdoors from telecom firms, not independent website operators - Yet. But it already crossed that exact line, of requiring non-governmental entities to actively undermine their own best interests solely for the possible future convenience of the government.


/ Hand me my fiddle.

Re:Good model

I'm sorry to tell you this, but you're a criminal. I'm a criminal, everyone living in the US is a criminal.

I understand that you're thinking the "bad guys" need to be caught and punished for their wrongdoings, but illegal and wrong are no longer close to the same thing.

Society no longer needs all the criminals to be caught, because that would be everyone. Society needs to stand up against the unjust laws instead of blindly submitting to the new oppressive law du'jour. (however the hell it's spelled)

Re:Good model

There really isn't a lower standard that says you don't need a warrant to force disclosure.

I guess there is no such thing as a subpoena, written by an lawyer, or clerk of the court.....

Re:Good model

[JoeSchmoe999]

Citation Please.

Re:Good model

Storage is cheap. Failing to comply with Sarbanes-Oxley is expensive.

Piece of cake.

Re:Good model

[zzsmirkzz]

It's patently absurd to give the federal government the keys to the kingdom, but it's also patently absurd to say that criminals should get away with it because they used encryption.

Only one is patently absurd. In the US, the decision was made at the beginning when the legal/justice system was designed. It was designed on the basis that: "it is far better that 1000 criminals go free than one innocent be wrongfully imprisoned". That concept is the corner stone of our system and spirit of it. If every "difficult balance" were viewed through this lens it would be crystal clear than the intent was that "is is far better that 1000 criminals go free than violate the rights of one innocent". Unfortunately, a lot of people are short-sighted (and I'd say spineless) and cannot accept that allowing criminals to go free is also a way of protecting the innocent. They can't see that many moves ahead and/or they fear the criminal more than the government and will sacrifice their protection from one to eliminate the other, never realizing that the government they so trust is made up of many criminals (or soon-to-be criminals).

Re:Good model

[Registered+Coward+v2]

There really isn't a lower standard that says you don't need a warrant to force disclosure.

I guess there is no such thing as a subpoena, written by an lawyer, or clerk of the court.....

A subpoena is a court order to appear or deliver documents; and a judge needs to approve it and thus agree there is a good reason for the requested material. So while it is not technically a warrant it is still subject to judicial review and decision. You can also contest a subpoena prior to providing the requested documents or appearing.

Re:Good model

Warrants don't just apply to the defendant directly, and are issued on a one-sided basis to prevent destruction of evidence by the defendant.

Bullshit. If I destroy evidence, it doesn't matter that they don't know what I destroyed, they can bring me up on destruction of evidence charges. They just like the fact that they don't have to worry about that whole "due process" thing that going after the defendant directly will require of them.

Re:Good model

[Jane+Q.+Public]

"And sometimes even the Constitution is unclear, such as the debate about the debt ceiling and whether the 14th amendment applies to it."

There's nothing unclear about it. The purported connection between the 14th amendment and the current debt ceiling is nothing short of hilarious. The 14th amendment says existing debt "shall not be questioned". It says nothing about authorizing further debt.

Obama is trying to argue that if we don't raise the debt ceiling, we MUST default on our debt. This is a ludicrous argument. All the government has to do is CUT SPENDING, and it can still pay its debt. So default is NOT inevitable, and the argument fails.

And beside that: even if we did default on debt, despite government rhetoric to the contrary, it wouldn't be the first time. Nixon did it in 1971, for just one example.

Re:Good model

[Jane+Q.+Public]

"There really isn't a lower standard that says you don't need a warrant to force disclosure... Voluntarily giving information doesn't require a warrant, no matter who does the giving. "

You make a good point. But it still seems to me to be an end-run around the warrant requirement, voluntary or not. What right does someone else have to disclose a private deal you made?

The argument tends to go: once you have made a deal with someone else, you have waived any "reasonable expectation of privacy". BUT, I disagree with that basic concept. If you have agreed to keep it private, you have waived nothing. In my opinion, therefore, "voluntarily" giving it to the authorities violates my privacy rights in exactly the same way a warrantless search would.

This DOES presume, however, that it was something you had agreed to keep private.

Re:Good model

[Jane+Q.+Public]

"I don't have an answer, but "nuh uh I used encryption" sure as hell ain't it."

Actually, yes it is.

You have a RIGHT to privacy, and to private and anonymous speech. (The Supreme Court ruled years ago that we do have this Constitutional right, because without it none of the other rights can exist. The logic is sound.)

Yes, society does have an interest in seeing that criminals are caught and prosecuted. BUT... the real, important question is: given that these two things are in conflict, which one shall trump the other?

Given that without privacy rights (as ruled by the Supreme Court itself), a democratic form of government cannot exist at all, it is the right to privacy that MUST overrule society's interest in prosecuting criminals. After all: we have the ability, and responsibility, to protect ourselves from criminals. But it can be far more difficult to protect ourselves from government.

Re:Good model

[Jane+Q.+Public]

"Only one is patently absurd."

Agreed. Please see my own response above, in which I argue the same thing from a slightly different angle. The central principle is the same.

Re:Good model

[Jane+Q.+Public]

"You sure about that? ... CALEA ..."

Remember that laws can be and have been overturned. The fact that a law exists does not automatically prove that the lawmakers had the legal authority to make it. Look at the Real ID Act, for example. 26 States have passed resolutions saying they will not comply, because it oversteps constitutional federal authority.

This is called "state nullification", which is another way laws eventually get overturned. And despite lots of rhetoric to the contrary, usually from liberal-leaning media, it has a long and successful history.

Marijuana laws are another excellent example of state nullification. But the same liberal media sources would have you believe that is "nullification" (although it is), because that is one of THEIR pet causes, and "nullification" violates their statist principles. That is why they try to portray nullification as "racist" for example, which is hilariously wrong if you know anything about its real history.

All of which translates to: "It's illegal or immoral if somebody else does it, but it's okay if we do."

But back to the main point: the government justifies CALEA because the telcos are federally regulated "common carriers" under Title II. ISPs, websites, and their owners are not. Congress passed a law specifically giving Internet businesses immunity from Title II regulation. (Which was probably a bad idea.) Which means they do not have similar authority over those businesses.

Title II coverage is a trade-off. On the one hand, Title II operations are federally regulated. CALEA-type laws might apply. On the other hand, communications via Title II operations are legally protected. Meta-data cannot be collected without a court order, and the contents of such communications cannot be intercepted (even by the carrier) without a probable-cause warrant.

If we discount illegal NSA surveillance, the Internet would actually be far better off under Title II and a CALEA-type law.

Re:Good model

[Jane+Q.+Public]

s/ would have you believe that is nullification / would have you believe that is NOT nullification

Re:Good model

[Jane+Q.+Public]

Exactly. The outside of the server itself can conceptually serve as the "envelope" beyond which the government may not go without a warrant.

We need to remember that the concept of "intrusion" has nothing to do with the difficulty of gathering certain information. After all, opening an envelope is not difficult. It has to do with reasonable expectation of privacy, and an agreement with a carrier of email can reasonably be said to be such an expectation. It is the conceptual envelope the government must not go beyond, not some physical barrier.

That's why SCOTUS' recent ruling on DNA collection is so bizarre. If anybody should know that the "intrusion" of the swab is not the important factor, but the intrusion into information contained in it is, it should have been SCOTUS. They reversed hundreds of years of precedent with that badly flawed decision.

Re:Good model

[Jane+Q.+Public]

"You seem to be pretty ignorant of the law."

It only SEEMS so, to those who didn't understand the point I was making. I understand the law just fine, thanks.

Even if I did not make myself clear, maybe you could take some effort to understand the point that was being made before you knee-jerk insult other people? Because that reflects on you far more than it does on me.

Re:Good model

[Registered+Coward+v2]

"There really isn't a lower standard that says you don't need a warrant to force disclosure... Voluntarily giving information doesn't require a warrant, no matter who does the giving. "

You make a good point. But it still seems to me to be an end-run around the warrant requirement, voluntary or not. What right does someone else have to disclose a private deal you made? The argument tends to go: once you have made a deal with someone else, you have waived any "reasonable expectation of privacy". BUT, I disagree with that basic concept. If you have agreed to keep it private, you have waived nothing. In my opinion, therefore, "voluntarily" giving it to the authorities violates my privacy rights in exactly the same way a warrantless search would. This DOES presume, however, that it was something you had agreed to keep private.

You make a good argument for maintain privacy when there is an explicit agreement to do so.

To me, the question is at what point does an individual's right to a fair trial or the public's interest trump such an agreement; and how should courts treat private information while still allowing it's use in court proceedings. It's a tough line to draw since you are weighing each set of rights against the other.

Re:Good model

In the sense that 'really true' exists as a concept, it is really inevitable that government spending increases. Therefore, a lower form of inevitability is that a default will occur. The logic is sound given the implicit "our government is a debt-snowball".

Re:Good model

[Jane+Q.+Public]

"To me, the question is at what point does an individual's right to a fair trial or the public's interest trump such an agreement; and how should courts treat private information while still allowing it's use in court proceedings. It's a tough line to draw since you are weighing each set of rights against the other."

Agreed, but I would argue that this has already been weighed and decided, in favor of privacy, in the case of your personal effects. I'm simply saying that I feel the same argument should apply to your personal effects which happen to be in the possession of others. IF, that is, those others had agreed to keep them private.

Re:Good model

[Jane+Q.+Public]

"In the sense that 'really true' exists as a concept, it is really inevitable that government spending increases."

Sorry, but you'd somehow have to prove that for me to accept your argument.

Government spending HAS gone down at times. But it's doubled under Obama. The former disproves that the latter "has" to happen.

Re:Good model

[Eskarel]

Except that it was never actually designed that way. It was designed to protect you from self incrimination, but that's not precisely what this is, nor is it looking like an issue of letting 1000 criminals go free rather than imprison one wrongly.

The issue we're facing at the moment is one where if we follow this to it's conclusion we are saying it's better to let every criminal go free than let one man's privacy be invaded because a legally enforceable warrant found nothing. The investigation of Snowden's emails was entirely legitimate, leaving aside whether whistleblowing should have to be an affirmative defense, he's been in contact with foreign governments on numerous occasions, determining what precisely he told them is something that is a legitimate course of enquiry. A legal warrant was issued for a legitimate purpose to a third party storing data for someone, that data isn't protected by the fifth amendment, only by the fourth which is covered by the warrant. On top of that it wasn't Snowden who actually encrypted the content it was a third party(lavabit).

TL;DR this is a fuck load more complex than "but the 5th amendment", not least because the 5th in no way applies.

Re:Good model

[yacc143]

Well, you do not know that.

Court orders seem to come nowadays quite often with a gag order.

So basically, you only learn when the companies go bat and that somehow leaks (the gag order gets lifted).

The other extreme is, you might get to know if they go and prosecute you.

Now you've got a situation where the huge majority of events (guess in 99% range) is not observable, hence it's not an option to use these events to guide your
behavior.

For practical purposes, all companies (and especially big companies with shareholders) don't care and cooperate. Lavabit did fold because it was small enough (and closely enough held) that the ethics of one person where enough to make the company close down instead of cooperating. That won't happen for a publicly traded company.

So basically Google, MS, Apple, ... are all not trustworthy in this context.

Re:Good model

[Registered+Coward+v2]

"To me, the question is at what point does an individual's right to a fair trial or the public's interest trump such an agreement; and how should courts treat private information while still allowing it's use in court proceedings. It's a tough line to draw since you are weighing each set of rights against the other."

Agreed, but I would argue that this has already been weighed and decided, in favor of privacy, in the case of your personal effects. I'm simply saying that I feel the same argument should apply to your personal effects which happen to be in the possession of others. IF, that is, those others had agreed to keep them private.

Sounds like we're pretty much in agreement here. The issue I see is do we treat tangible personal effects such as a letter, a journal, etc. differently from those which exist primarily electronically and as a result can be in many different locations at once; some of which may be third party locations that are not parties to the original privacy agreement. I would argue they should be treated the same with the same protections, but clearly there are those who argue otherwise.

In addition, since the argument for lesser privacy is often "we're stopping evil, you're not in favor of evil triumphing ARE YOU?" the rational counter argument gets lost in the emotional one; despite Ben franklin's admonition.

Re:Good model

[david_thornley]

You've made an excellent case for a search warrant to examine any file directly related to Snowden. You have not made a case for allowing any sort of general snooping, which is what the discussion is about.

Re:Good model

[Reziac]

As a crude example that might be easier for some folks to grok, it's a lot like this:

Say you rent storage space. The police want to search your storage space, but lacking probable cause, they can't get a warrant. However, they =can= get a warrant to make the landlord let them in so they can search your storage space. Thus they can search your storage space despite not having a warrant to search YOUR storage space.

An end run, indeed. I see no difference just because it's email stored at some hosting company rather than physical goods stored at a self-serve storage unit.

Re:Good model

[Reziac]

I'd say rather it's like rifling through your mailbox, in search of postcards to read. Since when do you expect anyone to root thru your mailbox, no matter what's in it?

Re:Good model

[Jane+Q.+Public]

"In addition, since the argument for lesser privacy is often "we're stopping evil, you're not in favor of evil triumphing ARE YOU?" the rational counter argument gets lost in the emotional one; despite Ben franklin's admonition."

True enough that the rational argument has often gotten lost in emotion. But that should not happen; people are intelligent enough, if they apply themselves even a little, to understand history shows us very clearly that these methods "stop evil" a hell of a lot less than they create evil. Or at least allow for its creation.

Re:Good model

[Eskarel]

That's was my entire point though, how do you handle the fact that encryption, at last of the format lavabit used, is all or nothing. The government has a good reason to look at Snowden's e-mails but cannot look at Snowden's e-mails without either cooperation from lavabit or the ability to look at everyone's e-mails. Large parts of slashdot have been up in arms about companies like Yahoo or Google complying with FISA warrants, but the alternative is this.

I love the comparison

[OhANameWhatName]

Only two things are different: the employee’s motivation, and the destination of the data after it leaves the company

The government won't generally kill you, just lock you up. The cartels won't generally lock you up, they just kill you. Not much difference really.

Re:I love the comparison

[viperidaenz]

Yeah, I'd like to appeal my murder...

Re:I love the comparison

The government won't generally kill you, just lock you up.
Maybe that was the case in the past, but why do you think the govt has bought hundreds of millions of rounds of ammo over the past year?

Re:I love the comparison

Yeah, I'd like to appeal my murder...

Yeah, lots of others would like to appeal theirs' too.

http://en.wikipedia.org/wiki/Wrongful_execution#United_States

Cameron Todd Willingham was executed February, 2004, for murdering his three young children by arson at the family home in Corsicana, Texas. Nationally known fire investigator Gerald Hurst reviewed the case documents, including the trial transcriptions and an hour-long videotape of the aftermath of the fire scene and said in December 2004 that "There's nothing to suggest to any reasonable arson investigator that this was an arson fire. It was just a fire."[12] In 2010, the Innocence Project filed a lawsuit against the State of Texas, seeking a judgment of "official oppression".[13]

Statistics likely understate the actual problem of wrongful convictions because once an execution has occurred there is often insufficient motivation and finance to keep a case open, and it becomes unlikely at that point that the miscarriage of justice will ever be exposed. In the case of Joseph Roger O'Dell III, executed in Virginia in 1997 for a rape and murder, a prosecuting attorney argued in court in 1998 that if posthumous DNA results exonerated O'Dell, "it would be shouted from the rooftops that ... Virginia executed an innocent man." The state prevailed, and the evidence was destroyed.[14]

Johnny Garrett of Texas was executed February, 1992, for allegedly raping and murdering a nun. In March, 2004, cold-case DNA testing identified Leoncio Rueda as the rapist and murderer of another elderly victim killed four months prior.[15] Immediately following the nun's murder, prosecutors and police were certain the two cases were committed by the same assailant.[16] In both cases, black curly head hairs were found on the victims, linked to Rueda. Previously unidentified fingerprints in the nun's room were matched to Rueda. The flawed case is explored in a 2008 documentary The Last Word.

Jesse Tafero was convicted of murder and executed via electric chair May, 1990, in the state of Florida for the murders of two Florida Highway Patrol officers. The conviction of a codefendant was overturned in 1992 after a recreation of the crime scene indicated a third person had committed the murders.[17]

Carlos DeLuna was executed in Texas in December 1989. Subsequent investigations cast strong doubt upon DeLuna's guilt for the murder of which he had been convicted.[18][19]

Thomas and Meeks Griffin were executed in 1915 for the murder of a man involved in an interracial affair two years previously but were pardoned 94 years after execution. It is thought that they were arrested and charged because they were not wealthy enough to hire competent legal counsel and get an acquittal.[20]

Chipita Rodriguez was hanged in San Patricio County, Texas in 1863 for murdering a horse trader, and 122 years later, the Texas Legislature passed a resolution exonerating her.

The list of wrongly jailed for life is too long to list.

Re:I love the comparison

[viperidaenz]

Because it needs over 300 million bullets to shoot all its citizens?

Re:I love the comparison

The government won't generally kill you

In the U.S., they can. They do it quite often even.

Re:I love the comparison

[shentino]

Wow.

The fact that the state would be embarrassed was actually used as evidence to keep things hush hush?

Not too far from getting hanged for insulting the king.

I have a much better idea:

Anyone knowingly provoking a false execution is guilty of murder. Gives an incentive to people not to botch a capital case, and as a face saving measure the state can shift the blame off of itself and retain its dignity.

Re:I love the comparison

[gweihir]

You must be unaware of what the US administration is currently doing with drones...

Re:I love the comparison

[gweihir]

Because it needs over 300 million bullets to shoot all its citizens?

Not a problem:
      http://www.forbes.com/sites/ralphbenko/2013/03/11/1-6-billion-rounds-of-ammo-for-homeland-security-its-time-for-a-national-conversation/
That way, they have 5 rounds per citizen.

Re:I love the comparison

[Sarten-X]

...the same thing they've always done with raiding parties, spies, bombers, and strike fighters, but now they're doing it more accurately and with no risk to the pilots?

Re:I love the comparison

[Sun]

The law already has this (IANAL). If you fudge evidence to support your case, and then ask and recveive the death penalty, you are already committing murder.

The probelm isn't so much that a prosecutor would be breaking the law, as the fact that prosecutors are completely and utterly immune to any misconduct perfromed while performing their duty. It is all but impossible to even sue the DA office for damages, even if you prove your case.

Shachar

Re:I love the comparison

Only two things are different: the employee’s motivation, and the destination of the data after it leaves the company

There is a third difference, which is that one is legal, and one is not. Regardless of how one feels about the legality of the court orders, it is still a notable difference.

There are many people who will not do something simply because it is illegal. In fact, I would argue that far more people would comply with a court order than with a bribe (although perhaps I am overly optimistic).

This is not to say that the comparison is invalid, merely that disregarding this third facet of the comparison is disingenuous.

Re:I love the comparison

Indeed wrongly jailed people are numerous, but the system often lets obviously guilty people off due to details regarding the order in which evidence was gathered, or lack of a murder weapon (which was tossed away), or even if the trial takes too long. In Utah three murderers who killed their bank hostages by forcing them to drink lye, were released from death row because their trial and sentencing were too late and they are guaranteed a "speedy trial" in the Constitution.

The list of guilty people escaping justice is even longer. No system is perfect. Deal with it.

Re:I love the comparison

[Urza9814]

Our entire system is designed to allow the guilty to go free to protect the innocent. THAT'S not a bug, it's a feature.

"Better a thousand guilty men go free than one innocent be punished unjustly" or however that quote goes...

Re:I love the comparison

The problem isn't so much that a prosecutor would be breaking the law, as the fact that prosecutors are completely and utterly immune to any misconduct performed while performing their duty. It is all but impossible to even sue the DA office for damages, even if you prove your case.

It is NOT the case that prosecutors are completely immune. As a matter of rights retained by the people under the 9th Amendment, it is NOT within the legal authority of the government to provide immunity or pardon to government officials engaged in violations of fundamental rights. This can be easily shown by a mathematical technique of logic known as proof by contradiction, attributed to Euclid. If the government could grant such immunity, any right the people might attempt to assert as retained by them could be infringed without penalty, and hence there would be no rights retained by the people. However, the Bill of Rights explicitly provides for rights retained by the people (9th Amendment, plus rights "reserved to the people, 10th Amendment). We have a contradiction, showing the original assumption that the government could grant such immunity is invalid. Any law or precedent granting unconditional immunity to prosecutors or other government officials is an illegal law. A similar argument applies to pardon.

NSA - same difference

A backdoor (like the ones the NSA makes manufacturers put in) does not care whether the person using it is in law enforcement solving a case or is a criminal looking for opportunities.

Life, Liberty, or Property?

[10101001+10101001]

Commentators on the Lavabit case, including the judge himself, have criticized Lavabit for designing its system in a way that resisted court-ordered access to user data.

What next? Complaining about hidden compartment in desks?

They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access?

Oh, I don't know...because of "life, liberty, and the pursuit of happiness"? I don't know about you, Mr. Judge, but I personally don't want a court, court-ordered or not, snooping on my life--such inherently is a big way to disrupt my happiness. But, even if we forgo the DoI and move to the CotUS, it's "life, liberty, and property". Well, whether you view it as the user's property or Lavabit's property, they sure as fuck can do what they want with it. What part of any of that should be to make the court's job easier? Why would they seek to bend over backwards for any court?

Of course, the big one is liberty. The biggest liberty of all is exploring the possibilities of math and the universe. And that heavily flows into attempts to make functionally unbreakable encryption resistant to even the US government. And is also flows from the point of just being a general asshole, which God Bless the United States of America, is very much recognized as a Creator given right. Clearly the judge is exercising it when he shows contempt for other people daring to live their lives in ways he doesn't like.

Honestly, though, I do not try to be too much of an asshole. And I do recognize that there does need to be a means for courts and court-orders to function. The problem the judge seems to realize--and honestly why the NSA keeps getting the go ahead--is that criminals are most inclined to use those sorts of tools to hide their activities. The good response should be the obvious: most criminals don't go through the bother because they don't think they'll be caught and the rest are almost always found before the court-order (after all, you have to have evidence to get that far) or the court-order is a very inappropriate fishing expedition. All a court-order is there for is to solidify a case, not to make one. And so the very notion that there's something wrong with efforts to make their case inherently harder to prove is, well, fine by me. It almost always just means the prosecutor and the police have to work a bit harder to prove their case, if they care enough to go through the effort. The real limit of justice then is not the strength of encryption or the willingness of first or third parties to comply with handing over incrimination evidence. It has almost everything to do with running a decent investigation in the first place.

PS - *sigh* The NSA part was probably unnecessary, but it reeks of the same stupidity and with the same sorts of results. Trying to find a needle in a haystack is easier because at least then you know you're looking for a needle. And if, by analogy, you know you're looking for a specific terrorist plot in a general time frame with certain people, you're already 90% of your way towards having a prosecutable case and a pathway to find accomplices.

Re:Life, Liberty, or Property?

I don't know why your comment was rated insightful. It is pretty idiotic. You actually shoot yourself in the foot by referencing "life, liberty, and the pursuit of happiness" when this is all about what is a compromise between privacy and the rights of the police and court to investigate crimes.
 
 

Honestly, though, I do not try to be too much of an asshole.

One can't tell that from your quote. You are pretty much a massive asshole who is seriously lacking in critical thinking skills.
 
Please get raped and then set on fire and die slowly in excruciating agony.

Re:Life, Liberty, or Property?

[LurkNoMore]

What next? Complaining about hidden compartment in desks?

I was thinking that the court can just order all paper to be made un-burnable. Because what's to stop me from writing a juicy secret on a piece of paper, handing it to you and when you're done reading it, you burn it? Sounds like either candles should be outlawed or loose leaf paper should be made out of asbestos and kevlar.

Re:Life, Liberty, or Property?

[Hatta]

What next? Complaining about hidden compartment in desks?

Complaining? There's at least one man in jail for building hidden compartments.

"I built these compartments just like any other business that I had, doing stereo business, customizing needs to peopleâ(TM)s needs in their vehicles, and I admit there was probably some irresponsibility of building these things, but I was onlyâ"I just figured it would be, like, as long as I didnâ(TM)t know what was going onâ"and donâ(TM)t want to knowâ"there was no law against it ⦠If I had known there was a law against it, I wouldnâ(TM)t be here. If there was a law that says these compartments are illegal to build, I would not build them. If I had known this was going to happen to me, I wouldnâ(TM)t have done it."
...

Above all, Anaya seems baffled that he will likely spend the next two decades in prison for doing something that isnâ(TM)t specifically forbidden by federal law. âoeIf it takes me never building another compartment again for me to get out of here, thatâ(TM)s what Iâ(TM)m willing to do,â he says. âoeBut I think I should be able to.â

Re:Life, Liberty, or Property?

If effective encryption is equated with munitions, why not a Second Amendment argument as well?

You mean only one thing is different.

[mosb1000]

Only two things are different: the employee’s motivation, and the destination of the data after it leaves the company.

Actually, the employee's motivation is likely the same as well. And the destination seems to getting more similar every day.

I'm not sure Ed Felton knows what is up

[YesIAmAScript]

As to his comment about turning over the master key, it would have made no difference if they had protections on their master key. They didn't turn over their master key anyway. They did shut down, and they would have had to shut down either way. Because if they didn't shut down and had their key secure (say in an RSA box), the government would have just compelled to give them access to their key to sign stuff or to present as a credential. In other words to impersonate them.

The only way to avoid all this was to just shut down so there could be no mistake. If that key is used again, you know it's the NSA doing it, not Lavabit.

I would love to hear how Ed Felten thinks a private key can be both kept inaccessible and used tens of thousands of times a day to secure SSL connections.

Even if you keep it in a box, if the box will gleefully operate on the key thousands or millions of times a day, then you can just virtualize the key to a remote location (like say NSA HQ) by forwarding any requests to use the key to the box across the net. No need to even have the key at all in that case.

Re:I'm not sure Ed Felton knows what is up

You use multi party computation to put the components of the key in jurisdictions which will not cooperate with each other (servers in the Congo, Sweden, China and the US should do it). You are after all using it to secure something that doesn't need to be done in near real time. Email is asynchronous in nature and the delay is perfectly reasonable if you want that sort of security.

Re:I'm not sure Ed Felton knows what is up

[Jah-Wren+Ryel]

As to his comment about turning over the master key, it would have made no difference if they had protections on their master key

If they had designed the system to not have a master key, such that each user had their own keypair and each user had sole possession of their specific decryption key then they would have been immune to the insiders - cartels or DoJ.

Re:I'm not sure Ed Felton knows what is up

A thousand times this.
As long as all encryption and decryption happens on the users PC, no one else needs any way to decode the message.
The main problem is that the mail servers need to read the mail headers in order to route it somewhere.
That is still something the government can spy on.

Re:I'm not sure Ed Felton knows what is up

And the software in use for the encryption/decryption needs to be something that is trusted. Downloading some java-script every time you connect to a mail service and entering your private key isn't going to be anymore secure because the mail service can give you javascript that just sends your private key to the FBI for all you know.

Its pretty much impossible to write a web based system that is actually secure against the US government when its located in the US. Frankly, with their ability to persuade collocation providers in other countries to hand over machine images/etc that is pretty much out the door too.

Plus, i'm not even sure TOR like systems are good at creating anonymity because traffic patterns are going to leak information like crazy. Sure if you can hide in the noise your going to be OK, but if your hidden service is being used by millions of people that is bound to create some unusual looking traffic patterns.

Re:I'm not sure Ed Felton knows what is up

[yacc143]

Think before typing.

We are talking about the SSL key, and yes I think you'll accept it that for a working webserver you need to respond in real time.

Bottomline...

[duke_cheetah2003]

If you don't want someone else to see it, stop putting it on the internet.

Internet was NEVER EVER a means of private communication.. we've tried to make it that way for what, 20 years now? It's not going to happen. Keep your personal tidbits off the net if you don't want others finding them.

Try using the tried and true encryption method. A piece of paper inside an envelope, with a stamp and an address. It's slower, but it's a lot more private than you'll EVER GET on the internet, now or in the future.

Re:Bottomline...

[ttucker]

Try using the tried and true encryption method. A piece of paper inside an envelope, with a stamp and an address. It's slower, but it's a lot more private than you'll EVER GET on the internet, now or in the future.

Said no cryptographer ever. Sending your communique in plain text is never encryption. You might argue it is stenography... but the mail, pretty fucking obvious. Each piece of mail is scanned, metadata is kept, pieces of interest are opened. That is not the least of your problem either. Do you think wifi is insecure? What about the mailbox? Mail theft is a real problem. If someone wants specific information about you, the cheezy lock on your mailbox is not going to do shit.

Re:Bottomline...

[duke_cheetah2003]

In our culture of laziness you think the NSA is gunna bother steaming and opening letters in this day and age? Puhleeze. I'm laughing.

But yes, the use of the word encryption was improper, so I'll give you that. But I think my point was made even if I used the wrong word.

Re:Bottomline...

You Betcha the MIC/SIC has developed a machine which can X-Ray enveloped letters and get the entire written content in a matter of seconds. Then it is OCRed and forwarded to NSA for further perusal. Go to the GP if you want to know how this kind of apparatus works - they call it "tomography".

You can nicely pipeline or parallelize the whole thing. Optimize the X-ray sensors, optimize the sensor or letter roation platform and you can push down the entire process to the sub-second scale.

If you know modern electronics, modern physics, modern software, this is definitely in the realm of the possible. Billions can be made with this sort of thing. So it's done.

Will they use it on everybody ? Only if it is cheap enough. Which is a matter of time.

Re:Bottomline...

Internet was NEVER EVER a means of private communication..

It was also NEVER EVER meant anyone other than the endpoint to look at the payload.
Just because it wasn't meant for one thing doesn't mean it was meant for the opposite either.

Considering the origin of the Internet I suspect that the reason the payload isn't encrypted by default is because no-one thought that it would be used to connect computers over a network where the middle-points and the endpoints didn't belong to the same organization.

Re:Bottomline...

[oodaloop]

Try using the tried and true encryption method. A piece of paper inside an envelope, with a stamp and an address.

That has got to be one of the dumbest comments I've ever heard on the internet. Wow. Just, wow.

Re:Bottomline...

Then for sensitive communications via mail, encrypt the content, sign it, and provide a printed hash of the encrypted content to ensure the OCR has scanned it correctly.

Re:Bottomline...

[myowntrueself]

In our culture of laziness you think the NSA is gunna bother steaming and opening letters in this day and age? Puhleeze. I'm laughing.

But yes, the use of the word encryption was improper, so I'll give you that. But I think my point was made even if I used the wrong word.

I heard that the Stasi had factories filled with machinery specifically designed to open and reseal letters IN BULK.

Re:Bottomline...

[Hatta]

GPG on a clean machine with an airgap is pretty much unassailable.

Re:Bottomline...

maybe if you are at the bottom of a well. Otherwise there's http://lmgtfy.com/?q=tempest&l=1

Re:Bottomline...

A piece of paper inside an envelope, with a stamp and an address. It's slower, but it's a lot more private than you'll EVER GET on the internet, now or in the future.

What are you on? Postal services have been reading our mail for centuries, knowing how to open and reseal mail without leaving signs of tampering has been in spy books for generations. .

Re:Bottomline...

[yacc143]

You do realize, that for snail mail the NSA does get all scanned envelopes from the post office?

So the metadata is there in the same way.

And opening an envelope, openly with a warrant or in secret is an art form that has reached rather perfection over the centuries.

Re:Bottomline...

Piece of cake actually. GPG's weak point is the passphrase used to unlock the private key. You could install a keylogger to grab that. Or image the disk and brute-force the passphrase. If you want to be real dramatic then cryptography has a long history of smash-and-grab raids.

In practice, Usama bin Laden ran GPG on a machine with an impressively-sized airgrap. The hard disks to those machines were taken. Presumably the passphrase has long since been brute-forced, the private key obtained, and whatever encrypted e-mail was previously intercepted and stored by the NSA has now been read.

The real subtle reason.

[ttucker]

They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access?

The real answer question is, in what fucking world is it appropriate for courts to say what a private company programs?!? If the encryption is not illegal (it shouldn't be either way, but encryption is still legal in the US) the judiciary has no business saying whether it should be used or not.

Re:The real subtle reason.

[gnasher719]

The real answer question is, in what fucking world is it appropriate for courts to say what a private company programs?!? If the encryption is not illegal (it shouldn't be either way, but encryption is still legal in the US) the judiciary has no business saying whether it should be used or not.

The court _can_ tell a private company to give information about a customer, or hand over information or things that belong to the customer and are in possession of the company. A company that rents out physical storage can be ordered to hand over the items that a suspected criminal has stored, and if they don't have a key they may have to unlock the storage with physical force which may damage the company's property. So you should ask what happens if they rent out safes, and have no expertise at all how to open the safes. I suppose they can send the unopened safe to the court, or let police experts on their premises to try to open the safe. In either case, the action is damaging to the company but they have to allow it.

Now the court cannot tell the company how they write their software or what software they use. They _can_ tell the company that they want some customer's data. So the company says "we have the data, but it's in a safe". So the court says "in that case, open the safe".

The company should have created a safe that is impossible to open, or not kept any data of that customer at all. Now if I send an unencrypted email to a Lavabit customer who is under suspicion, then it is obviously that Lavabit _can_ store that email in unencrypted form and _can_ be ordered to keep a copy outside the safe. For already stored data, they'd have to create a design where a "masterkey" doesn't give access to anything.

Re:The real subtle reason.

[shentino]

Even if you make something impossible, you still have to convince the court that it's impossible in order to avoid being locked up for 13 years on a contempt charge.

Which means the court can use the mere threat of a perpetual contempt sentence to coerce you to make things easier for them ahead of time...just in case.

Re:The real subtle reason.

And, once the court is convinced that it is impossible, the court can order that it be made possible and if it can not be made possible order that the company shut down the service.

Re:The real subtle reason.

The real answer question is, in what fucking world is it appropriate for courts to say what a private company programs?!? If the encryption is not illegal (it shouldn't be either way, but encryption is still legal in the US) the judiciary has no business saying whether it should be used or not.

That's a bit of an extreme position - it would suggest that a private business can provide any goods or services that aren't inherently illegal to anyone regardless of any other circumstances. Would it be acceptable to knowingly supply IT security services to the Zetas cartel? Would it be acceptable to sell high-end construction tools to someone you knew was planning a bank heist?

Re:The real subtle reason.

[ttucker]

Software companies in the US are not currently legally required to provide encryption with backdoor access. It is concerning to think that a company would consider it to be in their best interest to provide such a back door to avoid abuse by the judicial system at some unforeseeable date in the future.

The court _can_ tell a private company to give information about a customer, or hand over information or things that belong to the customer and are in possession of the company. A company that rents out physical storage can be ordered to hand over the items that a suspected criminal has stored, and if they don't have a key they may have to unlock the storage with physical force which may damage the company's property.

What if a storage locker or safe contains pages of uuencoded data which appears random, but might be encrypted. Is it incumbent on the storage space to help law enforcement decrypt that data? Is this not similar to someone storing a locked safe that they own in a storage locker? Should the storage locker company be responsible for unlocking the customer's safe? Suppose that a communications provider is configured such that they only ever see data encrypted by the customer, using a key controlled by the customer... wouldn't providing law enforcement with the psuedo-entropy supplied by the customer be the extent of their requirement to, "hand over the items that a suspected criminal has stored"?

Certainly there is always someone to subpoena when data should be decrypted. The question is whether tech companies should always be the responsible party when someone obscures data, or when they provide encryption related services where they do not want to know the plaintext, only the cyphertext...

This is a case of service providers being abused to protect and confirm the government's ability to snoop in people's data without their knowledge.

Re:The real subtle reason.

I agree.

The analogous question would be "If court orders for security camera footage are legitimate, why should we allow businesses and homes not to have security cameras?"

It is one thing for a legitimate court to issue an order saying, "Give us what records you have from X date to Y date on this suspected criminal." It is an entirely different thing altogether to say, "You must conduct business in this way, putting your users security at risk, damaging the company's reputation, and violating every users privacy, so we can have records on any suspected terrorist there might be." The first is "reasonable search and seizure with probable cause and specific warrant from an officer of the court," and the latter is violation of the "citizens to be secure in their possessions and papers."

We do not "allow" things in this nation, we have a right to any and all things that do not violate existing law that is does not violate our rights.

Re:The real subtle reason.

[ttucker]

The analogous question would be "If court orders for security camera footage are legitimate, why should we allow businesses and homes not to have security cameras?"

Well said.

Better comparitions

Do your Goverment open your *physical* letter (paper) before giving them to you?
Do your Goverment order to your postal service (USPS, Correos, La Poste, etc.) to keep a copy of each letter (paper) before giving them to you?

~ Franz

In the near future

For some strange reason all our undercover agents keep turning up dead, it's like no one has any privacy....

we should just rewrite batman, superman and all the other masked marvel cartoons so that the superheroes are known as who they really are, they can kill Lois in the first episode and eliminate a dreary plot line.

Re:In the near future

we should just rewrite batman, superman and all the other masked marvel cartoons

All right, that's it, turn in your nerd card and exit Slashdot.

Batman and Superman are DC superheroes, not Marvel. And Superman doesn't wear a mask.

the fuck?

[Joining+Yet+Again]

From a technological standpoint, shooting someone who is about to rape your daughter is the same as shooting someone because you want to drive the car they're in: the bullet punctures the skin and causes internal damage, temporarily (or permanently) disabling the person being shot. Therefore ban all guns.

Re:the fuck?

[AlphaWoIf_HK]

I think the way they put it was pretty silly, but the point is that if it is possible for the government to demand the raw data and get it, it's possible for an 'evil' attacker to get that data as well. You can't even assume the government isn't evil.

Re:the fuck?

They habe PROVEN to be EVIL, because they demanded Lavabit do turn over the keys to the entire castle, not just a few cases of "probable cause" suspects. USG, including the judiciary, want total access to information about each and every person. That in my mind is the definition of evil.

Re:the fuck?

[AlphaWoIf_HK]

Exactly. No government throughout history has let the chance to abuse their powers slip by, so there's really no reason to trust them at all. The US government has abused its powers numerous times already, so that's even less of a reason to trust them.

Re:the fuck?

[Joining+Yet+Again]

*No human

FTFY.

Re:the fuck?

From a technological standpoint, shooting someone who is about to rape your daughter is the same as shooting someone because you want to drive the car they're in: the bullet punctures the skin and causes internal damage, temporarily (or permanently) disabling the person being shot. Therefore ban all guns.

I'll just leave this here.

http://i.imgur.com/nSD3ofw.gif

Re:the fuck?

[BlueStrat]

From a technological standpoint, shooting someone who is about to rape your daughter is the same as shooting someone because you want to drive the car they're in: the bullet punctures the skin and causes internal damage, temporarily (or permanently) disabling the person being shot. Therefore ban all guns.

Seriously, did you even think this through at all before posting?

It's more like forcing people to use only easily-defeat-able locks and/or send the government a copy of the keys to all locks because criminals sometimes use locks and the government may need easy and quick access to prevent/halt a crime or execute a search or arrest warrant in a timely manner.

Secret government-mandated backdoors and unreported zero-days don't care who exploits them, either.

Maybe the daughter in your example would not have been raped if the rapist had not been able to quickly defeat the LE/court-friendly weak door locks mandated on her house before rescue could arrive.

Strat

Re:the fuck?

[Joining+Yet+Again]

So, you agree that it is absurd to proscribe a particular action simply because "from a purely technological standpoint" that action can come with good or evil intentions and/or results. IOW, you have as much problem with my absurd consequence as I do.

Yet you say, "Seriously, did you even think this through at all before posting?" Maybe your sarcasm detector is broken.

Re:the fuck?

From a technological standpoint, shooting someone who is about to rape your daughter is the same as shooting someone because you want to drive the car they're in: the bullet punctures the skin and causes internal damage, temporarily (or permanently) disabling the person being shot. Therefore ban all guns.

More like, "Therefore ban body armor". Because it can be used to protect rapists from police bullets.

Re:the fuck?

[Bob+the+Super+Hamste]

This obligatory XKCD now seems surprisingly relevant.

German Government Here To Help You

Use GNUpg. It has been seeded by the German Ministry of Business. It's Free Open Source. It's better than the Opaque Crypto (seach for for "gstool Jan Schejbal") from the German Chancellor Ministry (Chi/BSI), exactly because we can inspect GNUpg.

Or, just use the openssl command line. Not really more complicated than GNUpg.

So, if we properly use government, they can in exceptional cases indeed help us.

I don't get his argument at all

(and yes, I have RTFA)

What's he's saying is that software engineers should design systems so that the acts of democratically elected -> appointed law enforcement officials acting in the judifically approved furtherance of their duties should be impossible because those same mechanisms could also be used by unauthorized parties?

should we also design roads that police cars can't drive on because criminals might drive on them too?

i understand the huge skepticism when it comes to 'goernment reading my emails' concerns. a lot of that is very much warranted and should be looked at deeply and perhaps disallowed as a matter of law. however, i find his arguments, in as much as i probably don't understand them really wanting and actually ethically dubious.

Re:I don't get his argument at all

[AlphaWoIf_HK]

should we also design roads that police cars can't drive on because criminals might drive on them too?

Who are you protecting in that case? In this case, you're actually trying to protect people and their data.

Re:I don't get his argument at all

Why don't you move back under your rock ? The government, including judiciary, demanded whole-sale access to ALL Lavabit accounts, because one guy (Snowden) used Lavabit. You are a nasty $hill trying to whitewash their evil act.

Re:I don't get his argument at all

[HJED]

should we also design roads that police cars can't drive on because criminals might drive on them too?

So we should leave our doors unlocked encase the police need to go into our houses as well?

Re:I don't get his argument at all

[Sarten-X]

If the police need to get through a locked door, they can get a court order to do so. Then yes, you have to open the door for them.

Re:I don't get his argument at all

[Hatta]

"democratically elected" in a democracy where congress has a 10% approval rate, and a 90% incumbency rate.
"law enforcement" by a government that can't even obey its own laws.
"judicial approval" by secret courts ruling on secret evidence and secret laws.

None of those things you wish were true about America are actually true. We are a nation ruled by thugs. It's not criminals we need to be secure against, it's our own government.

Re:I don't get his argument at all

Fuck you shill.

This is a totalitarian woman's world.

A man's world has freedom for men and marrying little girls.

Fuck you.

I hope the USA goes the way of Syria, but the govt is destroyed and it's people tortured.

Re:I don't get his argument at all

[Urza9814]

Yes, and if they need the data from someone's email, they can order that person to turn it over.

This is not about the court being able to order people to turn over data; it's about the court being about to order companies to produce crappy locks. It's not an order that we all leave our doors unlocked so police can have access -- it's an order that no company can produce doors that lock in the first place, so that the police can walk right into your home whenever they want without a warrant.

And before you say that they did have a warrant in this case -- they had a warrant for one account, and they were trying to use that to force Lavabit to provide access to ALL accounts. It's like if they have a warrant to search John Smith's apartment downstairs, so they contact your landlord and demand that they take all property from every apartment in the complex and hand it all over so they don't have to worry about which unit Mr. Smith actually lives in.

If court orders are legitimate

[Charliemopps]

"If court orders are legitimate..." -- see there Mr Judge, you've answered your own question.

Re: If court orders are legitimate

[BlueStrat]

"If court orders are legitimate..." -- see there Mr Judge, you've answered your own question.

[sarc]
But...but...if a (secret) judge in a (secret) court (secretly) orders it under (secret) rulings/precedents, it *must* be legitimate by definition!

The government consulted with itself and assured itself that it was.

Secretly, of course.
[/sarc]

Strat

Re: If court orders are legitimate

"If court orders are legitimate..." -- see there Mr Judge, you've answered your own question.

Ah, you Sir seem to have found my Razor! Regards, Occam

they'll order to change the system.

[gl4ss]

but they'll order to silently insert a backdoor/middleman access.

this is why lava quit.

so that system better be hosting and operating somewhere else than usa, china or number of other countries...

Re:they'll order to change the system.

[Sun]

Technically, the sequence was a little more complicated.

They were ordered to insert a backdoor. They ignored the order. The government then asked to get the master key. At that point they consented to putting the backdoor in, but it was too late. When they were ordered to hand the master key, they quit.

Shachar

Re:they'll order to change the system.

[jkflying]

Feds asked without a court-sanctioned warrant to insert a backdoor. When LavaBit didn't respond, Feds got a warrant, but this time to hand over the SSL private key. That''s when LavaBit decided that it was useless trying to fight, and quit instead.

Re:they'll order to change the system.

Feds asked without a court-sanctioned warrant to insert a backdoor. When LavaBit didn't respond, Feds got a warrant, but this time to hand over the SSL private key. That''s when LavaBit decided that it was useless trying to fight, and quit instead.

and this is why the Lavabit Design was inferior. They held a Master Key to all of their users encryption, thus any government/employee could access what you considered private. The main point is that Lavabit held the Private Keys that could decrypt any/all messages sent through their system and this is what People need to scream about due to the security violations it created by design. A better use of the Defective by Design tag

One thing that folks haven't thought of though I doubt the Feds haven't missed is both the potential SarBox and Insider Trading issues. By Lavabit having a private key that could decrypt everything, they had the potential to scan any corporate mail for confidential information that could/would affect the share price - thus the insider trading issue. The SarBox issue comes from the same ability to decrypt information at will as it gave employees the oppurtunity to sell information that allowed a competitor an advantage, thus decreasing profits and they could be tied up in court for the rest of their lives while the sharks go through discovery.

Anyone that used Lavabit for any reason had better consider this as any and all information that was exchanged using their service will be decrypted and read by the Courts, Lawyers and everyone else. In other words, all Lavabit users are "Screwed, Blued and Tattooed".

Fast Turtle

Re:they'll order to change the system.

[whoever57]

Actually, Lavabit did hand over their private key. On paper. In the smallest font they could use.

Re:they'll order to change the system.

Yeah, because that gives the feds to look through all of it without ever getting a warrant. No real court would have or should have done that. It must have been the so called secret court.

Re:they'll order to change the system.

[jkflying]

Wrong. The SSL private key just allowed the Feds to snoop on any traffic that passed through. The only way the Feds could access the emails was if somebody logged in and unencrypted their emails while the snooping was happening.

Re:they'll order to change the system.

[yacc143]

Go, get yourself some education.

They wanted the master SSL private key.

That would have allowed the Feds (or anyone that gets his hands on it), to do a Man-in-the-middle attack. Plus depending on the browser used and server, it would have allowed them to decrypt passively intercepted connections. (the reasoning for that is that depending on the configuration of SSL client/server, the symmetric key used for the connection is passed on the wire or not)

In near field that means SSL can be intercepted and decrypted, without breaking the encryption, for specific sites.

On the extreme it means, that x509 and SSL as a whole is broken. Wonder if there are sealed court orders (or court orders by secret courts), with gag order, to hand over the private signing keys of CAs?

And last but not least, the big issue here is why this is so bad. It forces tiny bits of data, but that are of crucial importance, that are normally guarded highly to be distributed to 3rd parties. Now these 3rd parties have no real economic incentives to keep that tiny speck of data overly secret, e.g. it ends in the normal files of law enforcement. So basically your highly sophisticated system design to ensure the security of the private key is now open to a quite long list of dangers you cannot do anything against.

Re:they'll order to change the system.

[Reziac]

About 10 years ago I overheard a conversation between the owners of two small ISPs. Basically they were discussing government backdoors, and how they'd been *required* to implement them. They didn't go into specifics, more just comparing extortion notes.

Chaos insues

I like to email chunks of Lorem Ipsum to Islamic charities. It drives the decrypters crazy.

We're talking about governments

[lseltzer]

Governments are supposed to have the ability to compel disclosure of confidential information, subject to legal protections. If you don't like the Snowden example, consider a less controversial criminal example, like a kidnapping in process. The point is that the 4th amendment allows for reasonable searches and seizures. Claiming that all searches and seizures are attacks is to deny the legitimacy of even uncontroversial law enforcement. Incidentally, even Lavabit complied with other government requests for data.

This is email!

What's really so ridiculous is that we're having this conversation about email providers. Two-decade-old tech makes it to that subverting the provider only gets the attacker traffic-analysis, still not content. It's so easy to encrypt email. Let's get our shit together, people. Install gpg today and get your public key out there.

If people were less than 20 years out of date on their tech, then lavabit would be irrelevant.

Extending the model

[davecb]

Imagine that one wishes to prevent subversion by drug cartels but honour (or appeal) court orders. This is the problem that public libraries have dealt with since their creation. Someone always wants to know what person X has been reading, in hopes of using it against them....

Library software is normally written to preserve privacy, and discard the record that "X has book Y" when the book is returned. It can be written this way because several of the countries where it is sold require privacy as part of their legal system. Purchasers in other countries get privacy as a side-effect.

Countries prohibiting privacy would require a special version for a quite limited market, and the library software companies aren't motivated to deal with them: just doing an internationalization/localization to get into a small market is hard enough!

When an individual library is served with a court order, they can honour it by doing a lookup once a day and writing X's new books down on a piece of paper. As this doesn't scale, and is also a credible cost, the willingness of courts to order it is reduced, and the damage to privacy is limited.

Applying this to email, one wishes to keep routing data only until a message is delivered to the next host and we get a "250 OK" from SMTP. If a court wishes to collect that metadata, they can station an officer with a laptop at the ISP and gobble up the packets routed to/from him. This is onerous, and in Canada at least requires a "wiretap warrant", which the courts restrict more than ordinary search warrants.

The person wishing to provide this kind of information to a drug cartel has the same hard task, and is also more likely to be detected by the ISP.

To oversimplify, we're keeping far too much information about email: an author or vendor should take notice of the privacy laws of their preferred markets and discard debugging/diagnostic information at the end of a successful delivery. If they wish to cover themselves against customer complaints, they might send delivery notices that the customer can read or filter out at their convenience.

--dave

Nuclear Launch Codes

The post presumes that if data can be extracted from the system it can be done so by a single person and without the knowledge of anyone else within the company. Couldnt a design involving more than one person having to "turn their key" account for a rogue employee scenario

Tyranny

How about the right to keep and bear arms. Cyberweapons are part of that. People and organization must have the ability to protect against a tyranny. Especially since there are constant abuses of power now.

No idea about security

[AJH16]

As much as I may not like invasions of privacy, the fact is that this summary provides a bullshit excuse for the need of making court order resistant services. This kind of issue has been addressed numerous times in the past and is actually quite easy. You just have to have a system that breaks the files up through multiple keys required to unlock it. It's called separation of duties and has been done in any good security system for decades (centuries?) This way, a legitimate order can be processed because everyone is on board with a legal order, but an illegal action, such as a bribe can not happen without having to get numerous people on-board with the action.

Re:No idea about security

Apparently you've never been on the receiving end of a willful attepmt to violate your Rights.

If you think that the government guys won't willingly and willfully lie to get a Warrant, you're gravely mistaken. Saying a legitimate order...well, hint for you, the Judge could make it "legitimate" and it could still be VERY illegal as hell- and until it's proven out, the data gets divulged because it's been so ordered,,,"legitimately".

You place **ENTIRELY** too much trust in place that deserves none whatsoever.

Power abuse

What i find more troublesome is that government thinks it has even right to be asking that data in first place. Data that may reference to outside innocent third parties. Parties that has nothing to do with bossible "case" at hand.

And when government gets the data, all bets are off. They will use it as they like, no matter what reason it was originally acquired.

What about locks on doors?

[sribe]

Or alarm systems? Safes? Etc? The exact same logic would apply. Why is this not blindingly obvious to everyone???

Re:What about locks on doors?

It is. That's why the order was such a problem.

Lavabit/Guavabit

[PPH]

How many government employees combing through Lavabit's customer data are delivering it to the drug cartels?

Court orders help because it forces crooked government employees to go before a third party to explain themselves.

The primary problem most people have with the NSA data dragnet is that there is no system of checks to prevent such access. Once the data has been scooped up, nothing can stop an insider from misusing it. Look at Snowden. Only his motives differed from those of crooked employees.

Re:Lavabit/Guavabit

The thing is...those court orders? Those crooked government employees have NO qualms whatsoever in lying to that third party in the process of "explaining themselves". You see, there's NOTHING, no real penalties, no real punishments past a case dying on the spot for them doing that- and in the case of the incident we're talking about right now, there's not even that much.

Don't kid yourself. It's not a protection- and the system that allows the former will definitely be usable as Felten describes in the other case.

Re:Good model != Lavabit = Defective By Design

The difference with Lavabit is that they provided both the communication and facilitated the coding service.
It seems the legal flaw in this scheme is that they are holding keys useful for sorting out the coding.
In order for the end customer's mail clients to access these coded envelopes, they must generate session keys.

And this is why I'm suprised that their userbase isn't screaming bloody murder while grabbing pitchforks and torches.

Show the warrant

By hardening email, it reduces the chance that your email can be searched without your knowledge. Make them present a warrant, simply for the fact that they will have no choice by to follow the rules.

Find the asymmetry

[skeptical+scientist]

Elsewhere, at Favabit, an employee receiving a court order for user data takes the encrypted user data to the three trusted employees who each know part of the decryption key. Together they verify the court order, decrypt the data, and pass it on to the court. A week later, one of the three trusted employees is forced to refuse a cartel bribe to get user data, because she does not have the power to unilaterally hand it over.

If you can't think of a way to allow legitimate access while protecting against illegitimate access, you simply aren't thinking creatively enough.

Re:Find the asymmetry

[Urza9814]

Well sure there's plenty of middle ground between the two. All of which are worse security policy, from the end-user's perspective, than just keeping the keys with the user. How do I know the keys are with three separate people? How do I know Frank didn't email his key unsecured to John that one time they got a request while he was on vacation? How do I know there isn't a building security camera pointing at the keyboard as they type the passwords in so the entire security staff now has all three components? How do I know someone hasn't bribed all three people? How do I know they won't be tricked by a social engineering trick masquerading as a government request?

As long as the crypto is done on their end, their internal policies don't matter because I still have to blindly trust that they're actually doing what they say they're doing. The only way *I* can have any certainty that it's at all secure is if I can verify that the information is encrypted with keys that I alone control before it leaves my machine.

Re:Find the asymmetry

Heh... The cartel wouldn't bribe. They'll just use rubber hose decryption on all THREE employees.

If the government wants the data bad enough, they'll do the same.

Sorry, doesn't work very well.

False analogy, and the real answer

[TentativeFate]

The analogy between the government and a drug cartel is false, because (astonishingly) the government has much, much more power.

The most important mitigation of the insider threat is the monitoring, logging and auditing of insider activity by other insiders.
While a court order forces the hands of *all* insiders, it's that much less likely that a drug cartel will bribe or kidnap the families of multiple Guavabit employees.

The real answer is completely different.
Emails should be court-order resistant, because we should be able to digitally extend our minds, and our minds should be court-order resistant.

Expectation of privacy - Law is wrong

[mattlamb]

Expectation of privacy in E-Mail should be a law.

If the court wants my mail with a warrant the only place it should exist is in my home or device not on a mail server third party.

We need digital envelopes for "our" mail. When was the last time the post office received a warrant for your mail?

Legality

[jklovanc]

The analogy is far off the mark.

From a purely technological standpoint, these two scenarios are exactly the same: an employee copies user data and gives it to an outside party.

Looking at something from only one standpoint does not give a complete picture of the situation. There might be issues from other standpoints that make the view very different. Taken from a technical standpoint the following are equal;

Speeding tickets vs extortion. (They both require payment of money on demand)
Incarceration vs kidnapping (both are restrictions on liberty)
search warrant vs burglary (both entail unwanted entry and removal of property)
public service vs slavery (both are forced unpaid labour)

The main difference between the two is that one is legal and the other is not. We give the government many legal powers that private citizens do not have.

NSA to the rescue!

[supervirus]

" If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access?" All engineers should independently get their service designs certified to be free of protections against all possible (presumably future) court access orders. To enable compliance the courts should publish (in a gazette) a list of all the future access orders? Or engineers might henceforth be designing services that courts CAN get access to but other third parties CANNOT. This is only possible if all certified service users register their "passwords" with a trusted federal authority, say the NSA. there would be the added advantage of having your data backed up at Wikileaks.

Basically a weakness the way it was designed

[apleschu]

The way Lavabit designed the system was still in a way that the SSL master key was able to decrypt "something". If the system would have been designed in a way that even the master key does't get you anything the court can order all day long. Its like a court order to person A that as of tomorrow the sky will be light pink instead of blue. Just because the court or the FEDS want something to happen doesn't mean it is going to happen if there is no way technically this is going to work. Granted, if Lavabit's system would have been designed in such a way the court could have ordered that they create a new software version which then allows them to see certain things, but even that can be made impossible with the correct software design. Its "just" a question how far you want to push your design and how much self protection you want to build into your design. Until 2013 everyone, or almost everyone was under the impression that SSL was reasonably safe. 2013 is the year when that changed and a prediction is that one will see many products springing up that do not have those problems any more (e.g. BitMessage)

A very narrow, purely technolgoical only view

[cupnoodleboy]

This blogger has a very narrow point of view, seeing only the technology issues, but failed to take into account the social and moral issues. As stated in the summary, from a purely technological standpoint, giving the information to a court or giving the information to a drug cartel may be the same. However, motivation and other social issues often play a key role in determining whether something is good or not. For example, from a purely technogloical standpoint, an explosive detonating in an underground tunnel may be the same as an explosive detonating in an underground railways. The chemistry and physics are the same. However, if it is known that in the former the explosion is for the purpose of mining of materials, while in the latter the explosion is a terrorist act designed to cause harm and injuries, then the two explosions are completely different. In order to make a sound judgment of whether something is good or bad, it is not enough to consider only the technological issues, but factors like motivation must also be given important consideration.