Slashdot Mirror
Ed Felten: Why Email Services Should Be Court-Order Resistant
Jah-Wren Ryel sends this excerpt from Ed Felten at Freedom to Tinker:
"Commentators on the Lavabit case, including the judge himself, have criticized Lavabit for designing its system in a way that resisted court-ordered access to user data. They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access? The answer is simple but subtle: There are good reasons to protect against insider attacks, and a court order is an insider attack. To see why, consider two companies, which we’ll call Lavabit and Guavabit. At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party—in this case, the government. Meanwhile, over at Guavabit, an employee, on receiving a bribe or extortion threat from a drug cartel, copies user data and gives it to an outside party—in this case, the drug cartel.
From a purely technological standpoint, these two scenarios are exactly the same: an employee copies user data and gives it to an outside party. Only two things are different: the employee’s motivation, and the destination of the data after it leaves the company."
As to his comment about turning over the master key, it would have made no difference if they had protections on their master key. They didn't turn over their master key anyway. They did shut down, and they would have had to shut down either way. Because if they didn't shut down and had their key secure (say in an RSA box), the government would have just compelled to give them access to their key to sign stuff or to present as a credential. In other words to impersonate them.
The only way to avoid all this was to just shut down so there could be no mistake. If that key is used again, you know it's the NSA doing it, not Lavabit.
I would love to hear how Ed Felten thinks a private key can be both kept inaccessible and used tens of thousands of times a day to secure SSL connections.
Even if you keep it in a box, if the box will gleefully operate on the key thousands or millions of times a day, then you can just virtualize the key to a remote location (like say NSA HQ) by forwarding any requests to use the key to the box across the net. No need to even have the key at all in that case.
http://lkml.org/lkml/2005/8/20/95
Yeah, I'd like to appeal my murder...
Yeah, lots of others would like to appeal theirs' too.
http://en.wikipedia.org/wiki/Wrongful_execution#United_States
Cameron Todd Willingham was executed February, 2004, for murdering his three young children by arson at the family home in Corsicana, Texas. Nationally known fire investigator Gerald Hurst reviewed the case documents, including the trial transcriptions and an hour-long videotape of the aftermath of the fire scene and said in December 2004 that "There's nothing to suggest to any reasonable arson investigator that this was an arson fire. It was just a fire."[12] In 2010, the Innocence Project filed a lawsuit against the State of Texas, seeking a judgment of "official oppression".[13]
Statistics likely understate the actual problem of wrongful convictions because once an execution has occurred there is often insufficient motivation and finance to keep a case open, and it becomes unlikely at that point that the miscarriage of justice will ever be exposed. In the case of Joseph Roger O'Dell III, executed in Virginia in 1997 for a rape and murder, a prosecuting attorney argued in court in 1998 that if posthumous DNA results exonerated O'Dell, "it would be shouted from the rooftops that ... Virginia executed an innocent man." The state prevailed, and the evidence was destroyed.[14]
Johnny Garrett of Texas was executed February, 1992, for allegedly raping and murdering a nun. In March, 2004, cold-case DNA testing identified Leoncio Rueda as the rapist and murderer of another elderly victim killed four months prior.[15] Immediately following the nun's murder, prosecutors and police were certain the two cases were committed by the same assailant.[16] In both cases, black curly head hairs were found on the victims, linked to Rueda. Previously unidentified fingerprints in the nun's room were matched to Rueda. The flawed case is explored in a 2008 documentary The Last Word.
Jesse Tafero was convicted of murder and executed via electric chair May, 1990, in the state of Florida for the murders of two Florida Highway Patrol officers. The conviction of a codefendant was overturned in 1992 after a recreation of the crime scene indicated a third person had committed the murders.[17]
Carlos DeLuna was executed in Texas in December 1989. Subsequent investigations cast strong doubt upon DeLuna's guilt for the murder of which he had been convicted.[18][19]
Thomas and Meeks Griffin were executed in 1915 for the murder of a man involved in an interracial affair two years previously but were pardoned 94 years after execution. It is thought that they were arrested and charged because they were not wealthy enough to hire competent legal counsel and get an acquittal.[20]
Chipita Rodriguez was hanged in San Patricio County, Texas in 1863 for murdering a horse trader, and 122 years later, the Texas Legislature passed a resolution exonerating her.
The list of wrongly jailed for life is too long to list.
From a technological standpoint, shooting someone who is about to rape your daughter is the same as shooting someone because you want to drive the car they're in: the bullet punctures the skin and causes internal damage, temporarily (or permanently) disabling the person being shot. Therefore ban all guns.
"Um, a warrant is a court order. The investigators explain to the judges what they suspect, why they suspect it and what and where they need to look to get more evidence. The judge then issues the warrant. "
You are nitpicking, and not even doing it well.
While a warrant is technically a kind of court order, there are other kinds as well. What is commonly referred to as a "court order", a "search warrant", and a "subpoena". They are ALL court orders, but they differ in the standards of evidence that is required for each.
What is commonly called a "court order" has a very low evidence threshold, or even none at all. You are "ordered" by the court to appear on a certain date. You are "ordered" by the court to pay reparations to someone you defrauded. Etc.
A subpoena also has fairly low standard of evidence. You can be subpoenaed by courts for a number of reasons, and there are a great many situations in which a subpoena has no force or can be quashed.
In order to issue a warrant, on the other hand, the court must be shown probable cause. This is a higher standard than either of the other examples above.
However, a defendant's 5th Amendment rights override both warrants and subpoenas. No court in the nation has the authority to violate the 5th Amendment, for any reason.
Technically, the sequence was a little more complicated.
They were ordered to insert a backdoor. They ignored the order. The government then asked to get the master key. At that point they consented to putting the backdoor in, but it was too late. When they were ordered to hand the master key, they quit.
Shachar
Feds asked without a court-sanctioned warrant to insert a backdoor. When LavaBit didn't respond, Feds got a warrant, but this time to hand over the SSL private key. That''s when LavaBit decided that it was useless trying to fight, and quit instead.
Help I am stuck in a signature factory!
They have no legal authority to order people to make their websites police-friendly.
You sure about that?
In fairness, CALEA requires backdoors from telecom firms, not independent website operators - Yet. But it already crossed that exact line, of requiring non-governmental entities to actively undermine their own best interests solely for the possible future convenience of the government.
/ Hand me my fiddle.
Feds asked without a court-sanctioned warrant to insert a backdoor. When LavaBit didn't respond, Feds got a warrant, but this time to hand over the SSL private key. That''s when LavaBit decided that it was useless trying to fight, and quit instead.
and this is why the Lavabit Design was inferior. They held a Master Key to all of their users encryption, thus any government/employee could access what you considered private. The main point is that Lavabit held the Private Keys that could decrypt any/all messages sent through their system and this is what People need to scream about due to the security violations it created by design. A better use of the Defective by Design tag
One thing that folks haven't thought of though I doubt the Feds haven't missed is both the potential SarBox and Insider Trading issues. By Lavabit having a private key that could decrypt everything, they had the potential to scan any corporate mail for confidential information that could/would affect the share price - thus the insider trading issue. The SarBox issue comes from the same ability to decrypt information at will as it gave employees the oppurtunity to sell information that allowed a competitor an advantage, thus decreasing profits and they could be tied up in court for the rest of their lives while the sharks go through discovery.
Anyone that used Lavabit for any reason had better consider this as any and all information that was exchanged using their service will be decrypted and read by the Courts, Lawyers and everyone else. In other words, all Lavabit users are "Screwed, Blued and Tattooed".
Fast Turtle