Slashdot Mirror
CryptoSeal Shuts Down Consumer VPN Service To Avoid Fighting NSA
sl4shd0rk writes "CryptoSeal Privacy, a VPN provider, has closed down its consumer VPN service. The company says it has zeroed its crypto keys, adding, 'Essentially, the service was created and operated under a certain understanding of current U.S. law, and that understanding may not currently be valid. As we are a US company and comply fully with U.S. law, but wish to protect the privacy of our users, it is impossible for us to continue offering the CryptoSeal Privacy consumer VPN product.' The announcement ends with a warning: 'For anyone operating a VPN, mail, or other communications provider in the U.S., we believe it would be prudent to evaluate whether a pen register order could be used to compel you to divulge SSL keys protecting message contents, and if so, to take appropriate action.' Sounds like another victim of FISA-endorsed NSA activity."
Back in the old spy days, the gentlemanly thing to do was crack the other guy's encryption, NOT beat his keys out of him. This is just cheating, pure and simple.
Time Bomber the Book coming soon.
Sounds like it's high time time to start a VPN provider in SeaLand (or what do we have left that's not firmly in jurisdiction of governments with grubby hands and long noses)?
You are not going to have much advanced IT business left over there soon if this goes on.
I hope that when american corporations start seeing their customers scared away by this 1984 crap they'll turn their lobbying powers to reverse the trend.
Isn't this how politics work in the US, the country that legalized bribery?
What is to stop the NSA doing a form of DoS attack on these types of services by demanding keys, and giving the services little option but to shut down?
The effect of this is to remove secure competitors from the market and force users onto pre-compromised services.
We've got technology businesses shutting down their services because they are now afraid of (i.e.: terrorized by) their own government?
Did the terrorists actually win this war on terror?
>NOT beat his keys out of him
Are you telling me TV has lied to me ALL this time?
This... this changes everything. My entire life needs to be re-evaluated.
For anyone operating a VPN mail or other communications in any country you should consider that your government can compel you to produce information.
This intellectual exercise has been done a long time ago by those who looked a little deeper than you. It's why there were crazy ideas such as offshore data havens.
In the end, you can't really do anything about it. The government your company is under (at the very least, maybe other entities too) can compel you. So now it's just a matter of which government you're least worried about.
http://lkml.org/lkml/2005/8/20/95
Comment removed based on user account deletion
So the NSA is supposed to be covertly gathering intelligence. Yet they use high pressure tactics that force these sites to shut down therefore tipping off their users that something may be amiss. Leading them to change their procedures there by wasting all the time an effort the NSA put into thin initial investigation.
Undetectable Steganography? Yep, there's an app fo
The end result seems to be in line with general terrorism. Cause enough fear and confusion in your enemy until they change or give up.
Maybe the US Government's objective here is not collect data from these types of services like LavaBit, SilentCircle or whoever else has shuttered in fears (or actual) of being tapped by the NSA.
It's starting to feel like to me the objective isn't the data, the objective is the services. This is denial of service. Denial of crypto services by the US Govt.
I just can't really see why they would put the pressure on so blatantly. It's like they're sending a clear message to all of us, no more crypto services, we're going to find you and tap you so you're are ineffective, or shut down.
Donate to Lavabit legal fund
The legal briefs filed so far look like they are about to hand the government its own ass in respect to seizing SSL keys.
Old spies were Sean Connery. New spies are Daniel Craig.
Not that many customers are going to be scared off. ...
Businesses care about competitors reading their data, not the NSA.
So customers aren't being scared off, but this business and other vpn providers are still shuttering their shops?
I really don't understand why any of these companies are shutting their doors. They should just release a new statement, allow current members to get a refund on their remaining subscription if they want to leave, and acknowledge what has always been in their contract - they will comply with law enforcement demands and warrents as do all companies in the US that want to stay in business.
This really sucks, and it should be more public**, and more people need to know about it, but boycotting in this fasion isn't going to help. If anything , it reduces the amount of money going into the hands of businesses that are on our side and could lobby.
On top of it all, while I understand there is the threat of arrest, they DO have the option of not complying and not turning over the keys. They could even make it a well known statement that, if they are asked to do so, they'll destroy the related private keys and simply tell those asking that they no longer exist. Yes, that would be in violation of what they are supposedly maybe possibly going to be asked someday, but they can cross that bridge when they come to it. It does seem like a convenient exit plan if they've wanted to get out of the VPN business and existing contracts.
I don't know what their usage stats are, but I wouldn't be surprised if the bulk of the traffic transitting their VPN service is for streaming video from sites that detect country of origin based on IP (ex. non-UK to UK BBC, non-US to US Hulu/Netflix, other provides like HBOgo etc), and for downloading stuffs from bittorrent and friends. That's probably expensive, and probably degrades the QoS of those that really need the service. The relevence of this is that it wouldn't shock me if the opperators were just tired of running it, and this was just the straw that broke the camels back, so to speak.
AFAICT (please correct me if I'm wrong):
* They weren't forced to shut down.
* They didn't shut down because of an actual incident.
* They supposedly shut down based on the idea that they may be threatened with such a demand in the future. (and it is a threat - comply and keep your mouth shut, or we'll put you in jail... has anyone called them on it, or even had a legit reason to do so?)
** or much much more private, like a spy org should be, with no info getting out, not even to other law enforcement agencies, much like I imagine they were before "NSA" was a well known acronym.
http://xkcd.com/538/
Only works if you actually know the password.
Don't remember the password, use a token like a USB flash key. If they take the laptop without the key then it's useless, if you smash the key then it's also useless.
No, this won't stop them from torturing you anyway, but on the other hand, they might pick up the wrong person who didn't actually own the laptop and torture them instead. This is the great thing about torture: it's only useful to confirm what you already know, not to extract anything new; there's no way to tell if someone is lying because you haven't broken them yet or lying because they don't know anything but really want the pain to stop.
"This is just cheating, pure and simple."
It is illegal, pure and simple.
Since several crypto companies have in fact closed down, affecting thousands (at least) of people, we can come to some basic conclusions.
First, we have proof that the NSA spying has had the effect of chilling otherwise legal, free speech.
Second: we now have thousands of people who have provable legal standing to sue the government over it.
The NSA is operating outside of its charter and heads need to roll. What's is really embarrasing about this mess is that other countries are (properly) telling the U.S. to knock it the fuck off. We need to go back to 9/12/2001 and restore the privacy and freedom portions of The Constitution before this country evolves into the most dangerous police state ever.
You have lost, because there is no benefit whatsoever to doing all this. The terrorists still attack all over the place and all these measures taken "to guard against terrorism" have zero net results. Sure, some incidental victories have been made, but nothing structurally beneficial has been achieved. Fear, Uncertainty and Doubt have been controlling the USA and 99% of all the money and trouble they have been going through, have been wasted on chasing ghosts. It's time to stop this, accept the fact that some religious idiots will sometimes manage to kill a few people every now and then. Staying out of trouble has proven far more effective to over 90% of countries than the USA way of dealing with this, maybe the USA should try that approach for a while. It's a whole lot cheaper and it hardly can be less effective than the current policy.
I was promised a flying car. Where is my flying car?
First Lavabit.
Then Groklaw.
Now CryptoSeal.
Who's next?
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
#1 prison population in the world; and with a moderate population density too!
#1 military, #1 spy system (by size) and both are actively used.
Secret tapping of citizens phones,etc with a massive cover up (seriously, does anybody believe them after all that they did when they say "it's only meta data?") Almost more surveillance than a classic police state (it's just missing your neighbors turning against you.)
Uncivilized prison system (many but not all; but the society is taught to believe and accept the known conditions. The system keeps the public from knowing about the horrible things... such as 12 year olds in adult prison with their rapist's name carved into their skin, for example.)
Self exempted from most international laws. Pre-emptive wars, bribing, blackmailing corrupting foreign governments...(wikileaks put that stuff on paper) Killing or arresting or persecuting anybody on earth without respect for laws / jurisdictions (doesn't matter what you do, if you go to a safe nation the idea was you were safe when sovereignty was respected... not that it was all that highly regarded; but it's just openly dismissed today.)
Police in most schools; more coming. Children arrested and processed as criminals for being children --in school; handcuffs on 8 year olds. Teens executed as adults. Adults executed... just like in China and Iran do. Teens tweeting being prosecuted for bullying outside of school...
People generally afraid to express a wide range of "controversial" opinions not on the unofficial acceptability list. Obama a Muslim? that is ok. Telling on the bankers? nothing, if you harm them, jail time (but perhaps a big IRS reward...for afterwards...)
Every police state has two systems-- one to go soft on the elite and one for everybody else. We have that situation too.
Right to Peaceable Assemble? Result? Beat downs, false incrimination and nobody really cares; you'd think nobody ever reads past "free press" and that the other one "bear arms"... whatever, pass me a beer.
Free speech and free press? Allowed but rendered nearly ineffectual which is why those are allowed.
No internet based company should be headquartered in the US.
Fighting against your own government/leaders who are enemies of your country, is not the same as fighting against your country. It's still fighting for your country.
To me it is more patriotic than killing people in some other country.
If more people around the world did that sort of thing there would be much less need to kill people of other countries.
That said I'm not a big fan of patriotism. Seems to cause more harm than good.
Read PJ's final post. She shut down as a direct result of the Lavabit situation.
She relied heavily on email for communication with sources, and because she couldn't guarantee the security of her communications with them, shut down.
Slashdot story: http://yro.slashdot.org/story/13/08/20/0750237/.
PJ's final Groklaw post: http://www.groklaw.net/article.php?story=20130818120421175.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Government is inherently incompetent and lazy. Why do work when you can force people at gunpoint to make your job easy?
Especially when you can throw people in jail for the "crime" of revealing that they MADE YOU do this.
Corporatism != Free Market