Slashdot Mirror
ACLU: Lavabit Was 'Fatally Undermined' By Demands For Encryption Keys
An anonymous reader writes "When encrypted email provider Lavabit shut down in August, it was because U.S. authorities demanded the company release encryption keys to get access to certain accounts. Lavabit's founder, Ladar Levison, is facing contempt of court charges for his refusal to acquiesce to their demands. But now the ACLU has filed a 'friend of the court' brief (PDF) in support of Levison, saying that the government's demand 'fatally undermined' the secure email service. 'Lavabit's business was predicated on offering a secure email service, and no company could possible tell its clients that it offers a secure service if its keys have been handed over to the government.' The ACLU added, 'The district court's contempt holding should be reversed, because the underlying orders requiring Lavabit to disclose its private keys imposed an unreasonable burden on the company. Although innocent third parties have a duty to assist law enforcement agents in their investigations, they also have a right not to be compelled "to render assistance without limitation regardless of the burden involved."' Lavabit is also defending itself by claiming a violation of the 4th amendment has occurred."
Fuck that! I have no such obligation
“He’s not deformed, he’s just drunk!”
http://www.templeos.org/Wb/Kernel/Compress.html#l1 Use the /Windows/TSZ application
Or /Linux/TSZ
Isn't it hard to sue when you don't know the rulings in the secret courts? I suppose it's like attending a game in which you do not know the rules, and they also change without notice.
The argument is that lavabit was asked to sabotage it's prime selling point.
A government cheerleader licking the government's boots? Why, who would have thought!?
when the FBI wanted access to only a few accounts. instead they blew them off and brought this on to themselves
Well, that doesn't seem very appropriate. Why is the government focusing on revenge?
In all seriousness, using a broad reading of the third amendment, might there not be a challenge there?
If you want your data secure, you do not give anyone your keys, whether that person be a third party or the government. The government can make you give them your keys, but Lavabit can't. Why do they have anybody's keys?
I wonder how garbage like this gets modded up. No, collecting everyone's information is not okay. No, requiring Lavabit to surrender information that would jeopardize the security of all its users because they opposed you the first time around is not okay either.
Except for the fact that they couldn't do that by virtue of the site's design. As another article explained on /. explained, that design choice was good security practice because the government exploiting you is not any different technologically than any other insider attack. The problem is that the NSA got exposed, and they got pissed. The answer was to nuke the NSA from orbit. It's the only way to be sure.
This is my signature. There are many like it, but this one is mine.
And if they had done it quietly, they would still be in business. Lavabit sabotaged their own business to make a stand. I think it's a foolish stand, because their business model was fundamentally flawed from a security standpoint: they had users' encryption keys.
No, they didn't. The spooks demanded Lavabit's prviate SSL key.
This is my signature. There are many like it, but this one is mine.
Lavabit Appeal EFF Amicus Brief http://cryptome.org/2013/10/lavabit-eff-amicus-13-1024.pdf, Lavabit Appeal ACLU Amicus Brief http://cryptome.org/2013/10/lavabit-aclu-amicus-13-1024.pdf & Lavabit Appeal Empeopled Amicus Brief http://cryptome.org/2013/10/lavabit-empeopled-amicus-13-1024.pdf might offer some insight into the legal advice sought and deployed via http://cryptome.org/.
what point?
i'm almost 40 and can remember lots of national security investigations going back the 80's. each one the feds intercepted the communications of the suspect to gather evidence. in some cases they did this for months or years
there is decades of legal precedence in the US that you help the government collect evidence for a criminal investigation no matter what your business model is
only after lavabit refused to cooperate in giving them access to a few accounts. only then the feds asked for the house keys
what happens if i don't know, if i forget, for instance, or my key store is set to autodestruct? what happens in a distributed system like (toad's) freenet, where the keys are unknown? and can anyone explain how this might apply in canada? also - off topic - for pity sake, why will slashdot not recognise simple linefeeds?
And if they had done it quietly, they would still be in business.
A business based on fraud. Some of us want to live an honest life. Do you?
There is no such thing as 'access to a few accounts' in their model. And the feds weren't involved in a legitamite operation anyway. They were trying to track down someone who had exposed their crimes.
This is my signature. There are many like it, but this one is mine.
No, they did not have the encryption keys, that's why they were forced to hand out their SSL Keys.
https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=7BCR4A5W9PNN4
there is decades of legal precedence in the US that you help the government collect evidence for a criminal investigation no matter what your business model is
And the government has also violated the constitution many, many times; that doesn't make it right.
Ignorance is a choice
In the case of Lavabit, the government demanded, and was given, a warrant for the HTTPS private key to monitor the online actions of a couple of defendants. This would allow the FBI to monitor not only the specific defendants, but all Lavabit customers.
And I want to be totally clear about this: The government asked to install a pen trap device *and* have the private keys which would have allowed it to monitor all Lavabit customers.
(Unlike phone companies, E-mail providers are under no legal obligation to make surveillance easy, or even possible, by the government.)
Third parties have a duty to assist law enforcement, but that duty does not extend "regardless of the burden involved". The ACLU argument is that giving over the private keys would have completely destroyed the Lavabit business, which was an unreasonable burden to take in assisting law enforcement.
You do when they have a warrant.
Just saying "You do when they have a warrant" is no longer sufficient. There's ample evidence that judicial oversight has been compromised by the FISA court et al., and this is a particularly strong case of government overreach.
You can't take warrants at face value any more.
Lavabit gave up the encryption keys after the government obtained court orders – including a grand jury subpoena and a stored communications act –and an authorised search warrant. The court denied Lavabit's motion to quash the warrants, and when the company failed to do so by the stipulated deadline, the court held Lavabit in contempt.
"The district court's contempt holding should be reversed, because the underlying orders requiring Lavabit to disclose its private keys imposed an unreasonable burden on the company. Although innocent third parties have a duty to assist law enforcement agents in their investigations, they also have a right not to be compelled "to render assistance without limitation regardless of the burden involved", ACLU said in its brief.
The first sentence seems to say that Lavabit would give up the encryption keys of specific users in response to a warrant. But, then the next few sentences seem to say that Lavabit fought the warrants and then ended up in "contempt of court" and argues that giving up the encryption keys "imposed an unreasonable burden on the company". (Presumably, giving up the encryption details of any particular client, even in response to a warrant could be considered to be "unreasonable".)
I'm a little confused because if Lavabit refused to give-up encryption keys of specific users in response to a warrant (under the argument that compromising their service in response to a warrant would render the "secure" part of their email service useless), then I'd side with the government.
But if the government wanted the encryption details which would give them access to the emails of all their users, then I'd side with Lavabit.
Or maybe Lavabit had an encryption system that was the same for every user - meaning giving up the encryption key for any user would compromise all users, then I'd think that Lavabit did a crappy job of securing the emails and I don't really feel that bad for them.
Lavabit closed its service in August after the US authorities demanded he hand over the encryption keys for its entire service – a move Levison said would have compromised the personal details of his 40,000 clients.
Are they saying that the personal details (e.g. the name of the user, etc) but not the emails themselves were at risk if someone had the encryption key? So it's the encryption key for the metadata about their users? (Which wouldn't surprise me if they had one encryption scheme for their database of users, though I'd wonder how the government got the encrypted database of Lavabit's users.)
The FBI was not interested unless the could get access to his private SSL key. He offered several times to help them install their pen tap and trace device but the FBI was not interested unless they could load it with his private SSL key.
He was also found in contempt of court after he provided his private SSL keys.
This was a case of the FBI picking on someone so hard they figured they had to carry guns to meetings with him when he was being cooperative.
This was the actions of an individual who honestly thought there was a mix up and once everything was explained to everyone (ie the Judge or the FBI officiers) this nonsense would have gone away. It didn't.
And do you want to live in a world where a secret court can compel any and every secret private key? It totally defeats the entire security architecture of the internet as it now stands. This is bad juju.
Why is the government focusing on revenge?
Sending a message?
Seven puppies were harmed during the making of this post.
Only if by 'refused' you mean in the sense that a man may 'refuse' to flap his arms vigorously so as to hover 3 feet off of the ground.
They had no way to comply without dismantling all security for all users.
Glad you have nothing to hide neither do I. But.... Have fun on "Your" slippery slope.
A government cheerleader licking the government's boots? Why, who would have thought!?
Some of us are only licking the government's boots because they are standing on our faces.
Why is the government focusing on revenge?
Because no one can stop them. If you try you are subjected to the same tactics as every other suspect who is guilty until proven guiltier.
We could instead put them in containment vessels and stick them on a ring world, then extinct the galaxy... You know, because if we had containment vessels impervious to galaxy death ray, we wouldn't just climb inside, detonate the nuke then repopulate. Fucking moronic Bungie writers.
You know, I think it's actually much worse than that. Lavabit was inherently being asked to engage in fraud. That is, as you state, it's prime selling point was precisely that it wouldn't in some hidden act be complicit in complying with whatever orders from whatever government demanding to undermine its secure e-mail service*. Look at how Google, Microsoft, etc are putting up a good song and dance about the "outrage" of what they complied with. Yet one could believe that corporations of their size would inherently be undermined, be it through official sanction from the CEO or through mole(s). But, a small-time company wouldn't have that sort of implicit property.
In any case, the part that's really bad isn't per se that Lavabit was asked to engage in fraud but that inherently that means the judiciary and executive branches were both co-conspirators directing this fraud. To me, that's a much worse offense than one company/person lying for profit.
*I guess one could argue that inherent to the fact that China, Russia, America, etc all have very conflicting and rival views and how each are quite willing to pretend they have global jurisdiction when it suits them--America is just more public about it--, that it's almost a given that one government would invariably be demanding that such a service hand over keys at some point and hence there's no way that such a service could ever be secure in the sense implied. That would either stand to undermine the implied level of security--which undermines Lavabit's case--or implies a certain level of intentional or incidental misleading/fraudulent claims of security. Of course, that Lavabit would shut its doors instead of giving away keys actually stopped the situation from carrying through to the end as actual fraud, which shows the only one with any character in this situation seems to be Lavabit.
The really galling part to me? That Lavabit can't seemingly do what most every company does in a similar circumstance: take a slap on the wrist, shut its doors, then open again with virtually the same operation under a new name. It's okay to play shell games with the IRS but not the NSA, it seems.
Eurohacker European paranoia, gun rights, and h
And I can remember black and white films of Joe Mc Carthy shouting "I have to proof that you are communist right here" while holding blank pages of paper.
Bottom line, Snowden embarrassed the FBI, NSA, Justice Department, and the POTUS. This is nothing more than retribution because of the fact that they can't get Snowden, so, they have to take it out on Snowden's email provider.
I think Lavabit is about to kick the FBI, NSA, and Justice Department squarely in the balls and we can hopefully get some caselaw going to stop this nonsense. It is time we had some grown up discussion about spying on everyone "just because we can" and decide what we as "a people" would like to agree to and then modify the constitution accordingly.
I suspect that secret courts, secret judges, secret orders, and secret laws are not the America the most of us want, but hey, I could be wrong. The only thing we are missing is the secret police asking you for your papers please.
An excellent interview with Ladar Levison. Ladar walks through the events he went through. http://twit.tv/show/triangulation/125
The argument is that lavabit was asked to sabotage it's prime selling point.
According to the reports, the first time the FBI went to Lavabit they only wanted metadata for one account, something Lavabit had apparently provided in the past. They didn't comply with that request, which led to several rounds in court and ultimately a much bigger demand given what could be described as Lavabits previous repeated willful noncompliance and obstruction. You can either look at the situation as Lavabit sabotaging themselves, or that they were making promises that they couldn't legally keep and remain in business. You don't get to launder money just because you promise that to your customers. You don't get to defy court orders if you want a nation of laws.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
The FBI originally only wanted the metadata. They had apparently provided that information in the past, so why not this time? It's great that you have your own personal theory of law, but that isn't what's on the books, or how the courts see it. It was a legitimate investigation according to the law. You just happen to agree with that law being broken in this case.
You should keep in mind that not all of the fallout has settled from this yet, and you might very well come to regret that it ever occurred before its done. Fate can be perverse.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Joe McCarthy was a legislator with quite limited power, and he was done with long, long ago.
The real problem isn't that Snowden "embarrassed" the US president and government agencies, but that he stole enormous amounts of classified information from the US and its allies and passed it on to third parties. That is simple enough to understand as the basis for a criminal charge. Lavabit obstructed an investigation into a crime, and is paying the price. You approve of the crime. Maybe you think that there is no problem with that, but the government of the UK thinks it has suffered enormous damage to its security. I think you've got a pretty big credibility hurdle if you want to claim it was nothing.
The US doesn't have secret police because it isn't a dictatorship despite your secret this and secret that. It isn't a small point. And you should be clear that courts handle confidential matters all the time. That isn't new either.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Do you have a source on that? IIRC, they have agreed to install 'pen register' devices in the past. Those provide no useful information for users of their paid accounts because it is all encrypted. They even eventually provided the SSL key, albeit in a very spiteful manner.
You are correct that the details of the whole situation are not all out yet, but when everything comes to light, it's usually the authoritarian governments acting in the shadows that come out as the bad guys. With the given evidence out so far, the level needed to justify everything they've done would have to be that they know of a serious threat to all life on Earth, and said threat could come from anywhere, likely involving leaders of other world governments. Anything short of that would mean that the NSA should be taken down.
This is my signature. There are many like it, but this one is mine.
The government of the UK CLAIMS is has suffered enormous damage to its security. That doesn't mean they actually think that to be the case. There's this behavior known as 'lying', and government have done this in the past, especially when dirty laundry has been exposed.
This is my signature. There are many like it, but this one is mine.
What they had done in the past was agree to install a pen register or tap and trace device. With the way Lavabit works, that's completely useless.
This is my signature. There are many like it, but this one is mine.
Because no one can stop them. If you try you are subjected to the same tactics as every other suspect who is guilty until proven guiltier.
This brings to mind an adage about those who say it can't be done being shown up by those doing it, anyway. Time will tell. In the meantime, feel free to hold your breath. That sure would be better than licking boots, regardless of where they may be.
Two facts about Joe McCarthy which are not often mentioned:
1) He was a Democrat.
2) He was right.
As I recall, each paying Lavabit customers' email storage was encrypted using a key of the respective customers' choosing. Lavabit did not have these keys and could not, themselves, read customers' email, even if they wanted to.
So, I'm to believe that you can be charged with contempt for not providing something that you don't have?
Neither of those things is a fact.
The UK was in genuine danger of being starved into submission by German U-boat attacks in WW2 that were sinking merchant shipping. It only reversed that because it was able to break the German codes and avoid or sink the U-boats. It was devastating for Germany to have its codes compromised. It would have been devastating for Britain not to have broken the codes. The current flavor of "information wants to be free" "patriot" would reveal the information that Germany's codes were compromised, and its messages were being read. The result would have been the starvation and surrender of the British isles, the transfer of the British government to another part of the Empire, some form of Nazi triumph, a much longer war, several genocides completed, and many more people dead.
Probably well over 100,000 documents of highly classified information on UK and US intelligence operations and methods were stolen and given to third parties. This is the same general type of information that was dealt with regarding the German Enigma codes, in some cases literally, since it is exposing encryption methods that the US and possibly UK can break - information that they shared in WW2.
I don't mean to insult you, but I think you show both incredibly limited insight and humility to say that what they are doing falls only into the category of "UK CLAIMS" it is damaging. How can it not be damaging for a government to have revealed what encryption systems it can break? How is it not be damaging for it to have its intelligence methods and operations exposed?
You should be clear that genuine damage to the security of a nation is a separate question of whether or not you personally approve of that damage. You should also consider the fact that there are likely to be consequences to it. It may take time, perhaps a couple of years, maybe more, maybe less, but there are likely to be consequences. You may find that you have been hasty in your approval.
On an off topic, I read today that a prominent nuclear expert thinks Iran could have enough enriched uranium for a nuclear weapon in about one month if they surged, and Iran has recently announced a significant increase in the number of nuclear related sites. I also recall that about 10 years ago, maybe more, they had formed a brigade of suicide bombers to attack US facilities and military personnel around the world.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
You've been cryptic lately.
Until somebody finds out and they get sued into oblivion and a reputation for all involved that impedes all future efforts. With all the leaks going on the risk of being a weasel and pretending everything was fine was too great. By closing the founder gets to keep his shirt and his former employees don't have to pretend they never worked there if they want to find a job.
Yes, the Enigma machine was a big achievement, and keeping that a secret was operationally important at the time. The UK was engaged in a real war with a real enemy that was a real threat. All we have now is sabre-rattling pissing contests, industrial espionage that only benefits corporate benefactors and other cronies, and the specter of 'terrorism', which isn't significantly greater now than at any other point in recent history, and certainly not for the UK.
Perhaps some of that information Snowden had is useful to credible threats to the security of the US or the UK. Here's the bad news: those credible threats already had that information, because the NSA has horrible internal security. Spy agencies have largely been bumbling morons, more closely resembling Maxwell Smart than James Bond, as a Beeb article pointed out. The degree of access Snowden had and even his admission into the agency were the result of the agency being incredibly inept. So, anything Snowden was able to get his hands on, Russia, China, Al Queda, Cobra Command, and the American Dental Association have all known for years. If you want to improve national security, shutting down and demolishing the NSA and GCHQ would be the best step to take.
This is my signature. There are many like it, but this one is mine.
A corporate employee not liking how he's being used by law enforcement can, as a general matter, simply get up and walk away from the company if he wants.
In this case - Apparently, no, he cannot.
You are mistaken. The founder is a corporate officer, not a simple employee. Corporate officers have responsibilities with respect to seeing the corporation comply with the law.
You don't when that warrant is ethically and Constitutionally wrong ...
You are mistaken, there is nothing in the Constitution that says you can pick and choose which warrants issued by a valid court you will obey.
What you are thinking of is called "civil disobedience", and civil disobedience often has a cost. Precisely the sort of thing we are seeing with respect to the contempt charge in this case. Civil disobedience is not an end run around the law nor a get out of trouble free card. What it is is a way to preserve your personal sense of ethics and a way to draw attention to and raise public awareness of an unjust law with the goal of amending or repealing the unjust law.
The problem is that you don't get to pick when what you view as a "credible" enemy shows up. If you compromise security ahead of time, its too late when it does show up.
The problem with Snowden wasn't just that the security check he had was badly done, but that he deliberately lied and took advantage of the situation to steal as much as he could - apparently. Based on history that sort of betrayal isn't that common.
There also seems to be evidence that the Russians didn't know everything since they are makings some adjustments based on Snowden's revelations. If they knew it all before, they would have done it before. Snowden provided them a blueprint they could access, as well as the operational methods. And they won't have the constraints of the US Constitution to inhibit them.
The security needs of the US and UK require signals intelligence of one sort or another. If you abolish the current agencies, they'll be replaced by another performing the same function. It would be quite remarkable to actually dissolve a major government agency - it so rarely happens at all, let alone without replacement.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
...is that the government actually need the private keys.
I.e. SSL, at least as implemented by lavabit, is sufficiently secure to key the government out of your private life.
I.e. they lack the compute power and/or backdoors to render such court orders unnecessary.
If you are curious (probably not, but here goes) you always hear that the people in the military have to obey the orders of their superiors. That is wrong. They have to obey the LAWFUL orders of their superiors, and REFUSE to obey unlawful ones.
Lawful and matching your personal sense of ethics or morality are two separate things. A legal order may violate a soldier's personal sense of ethics or morality. A soldier's ability to refuse an order is only with respect to the constitution, the universal code of military justice, ratified treaties concerning the international laws of war, etc.
Along those lines, the founders of this country fully believed that it was the right and duty of any citizen to oppose inappropriate laws and actions by the government.
Uh, no, "inappropriate" is grossly vague. If you want to use the word "unjust" you may be partially correct. However our founding fathers used force to enforce some laws that some people considered unjust. What our founding fathers would probably say is that if a law is unjust it should be amended or repealed. I doubt they would say that citizens get to pick and choose what laws they wish to obey, their actions as Governors and Presidents surely suggest otherwise.
If they knew it all before, they would have done it before
No they wouldn't. They'd have kept their knowledge secret and used it to pass misleading information - just enough true that we'd believe it, just enough false (or through omission) that we make a wrong decision based on it.
Changing things because they're exposed and no longer useful looks an awful lot like changing things because you just discovered you were insecure...
Can you be Even More Awesome?!
You actually can to quite a bit. Nazi Germany was largely the result of the Treaty of Versailles. Pearl Harbor was the result of us not being neutral in the war, and it wasn't hard to see something along those lines coming. Most terrorist acts in the last 50 years could be tracked to US dickery of some form or another if you are willing to put in a bit of work.
They announced a change in policy. That doesn't mean there actually was a change in policy, or that it was due to changes in knowledge. At best, it was an opportunity to act upon knowledge that has now become public but was already private. How naive are you?
Perhaps, but not anywhere near as much as it needs us to stop being assholes. Not being assholes will do far more for our safety. And signals intelligence often ends up creating threats, and is used as a crutch that allows for poor human intelligence, which is already inept enough.
This is my signature. There are many like it, but this one is mine.
They don't because of terrorists. Once the USA government pulls the "terrorism trump card" all rights are null and void. Your government managed to get a few very un-American laws instated and you need to work on getting those reversed. Fighting terrorism doesn't work this way, 12 years after 9-11 none of these laws have made a significant change in USA domestic terrorism attacks but they have greatly influenced daily life. It's time to end these laws and mend the country and it's people.
I was promised a flying car. Where is my flying car?
They have more publicity than they could ever pay for in marketing and they're playing the victim. Hmmm what should they do. IT'S OBVIOUS! Relaunch with a user self-signed system or some sort of peer to peer thing where they don't hold the keys. They just relay the encrypted gibberish and some client software makes a randomized key. That's so idiotically simple, they could throw it together in a heartbeat.
Surely in this internet age, anyone writing a blog or publishing a web page is the equivalent of 'The Press' in the days these precedents were set. In those days, there were no large multi-national media conglomerations, most of the 'Press' was local to a town or district and the editorial reflected the views of the (local) editor. "The Press" was anyone who could set up a printing press, employ some journalists (though some were one-man bands), print a paper and get people to buy it. So modern day blogs are just as much (or even more) in the spirit of what the drafters of the First Amendment to the US Constitution considered "The Press" as the current TV news and newspaper conglomerates.
"but the government of the UK thinks it has suffered enormous damage to its security" of course it has we have been told things they didn't want us to know because they knew the people would not like the civil servants trying to make themselves our ABSOLUTE masters again.
This time is different as they don't need a vast army of manpower and 'duty bound' aid ie collaboration to do so. If the UK has been a police state for many years as you Americans seem to think its been a hands off indifferent one unless you messed with some ones sacred cow.
Uhm , Duh,
Freedom of Speech is a Right reserved for the People of the several states, as enumerated in the Constitution of the United States of America.
Last time I checked, although she is intriguing and even cute for her age, she has no opinion that means anything.
You are also confusing the Right to Free Assembly with that of Free Speech.
In Germany, where Angelas opinion is valid, I suppose there are no such rights.
Pickled Herring.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
Until somebody finds out and they get sued into oblivion and a reputation for all involved that impedes all future efforts. With all the leaks going on the risk of being a weasel and pretending everything was fine was too great. By closing the founder gets to keep his shirt and his former employees don't have to pretend they never worked there if they want to find a job.
I think it's unlikely that anyone would be successful suing them for turning over data due to a court order. But you're right that the publicity generated could harm them.
No more text needed.
What you're forgetting is that you're commenting on an article about the government secretly forcing corporations to give up their customers' information, essentially side-stepping their fourth amendment rights. So you're saying that a corporations customers are giving up their rights simply by purchasing a product form that corporation. Does that sound good to you?
and you're holding a blank page and claiming he is an enemy of the state.
there is no proof that he gave it to china or whoever.
anyhow, the thing to take home from this is that it's illegal to provide untappable communications in the usa. that's one step away from it being illegal to provide encryption tools..
world was created 5 seconds before this post as it is.
ouch sorry, idiot error, i failed to rtfm - thank you for taking the time.
-- Things are more like they used to be than they are now.
Oh look!.
1. Cold fjord makes an unsubstantiated claim
2. Someone challenges that
3. Cold fjord fails to give a reasonable response, but he makes the claim again later
it is NOT secure!!!
Secure communication means that only you or your friend on the other end can disclose secrets, not the service in betwen.
If you run a truly secure e-mail service and Uncle Sam wants keys, the correct response is "sorry, can't help you; we do not have any keys".
It's the bit about keeping quiet about it afterwards that could be a problem. I suspect a business that is putting sensitive data on a compromised server some time after the court order would not be happy that they were not informed beforehand, especially if some of it gets out due to "intelligence community" leaks.
I think businesses involved in aerospace, oil or similar where a competitor has a very close relationship with the "intelligence community" would be especially upset. There's so much of a tangle of private and public interests that your special technology would be forwarded on "in the national interest" faster than you can say "Airbus" (as in the stuff revealed in the Airbus vs Boeing lawsuit approx 10 years ago).
windows 7 product key sale , product key windows 7 professional 64 bit free , windows 7 product keys , windows 7 profeessional key , windows 7 license keys, window 7 professionalupgrade key free
win 7 home premium key sale
win 8 professional key sale
win 8 anytime upgrade key sale
Do you have a source on that? IIRC, they have agreed to install 'pen register' devices in the past. Those provide no useful information for users of their paid accounts because it is all encrypted. They even eventually provided the SSL key, albeit in a very spiteful manner. You are correct that the details of the whole situation are not all out yet, but when everything comes to light, it's usually the authoritarian governments acting in the shadows that come out as the bad guys. With the given evidence out so far, the level needed to justify everything they've done would have to be that they know of a serious threat to all life on Earth, and said threat could come from anywhere, likely involving leaders of other world governments. Anything short of that would mean that the NSA should be taken down.
Read the first document Only metadata was requested, Ladar refused, and the government escalated.
It's not reported that way because 'company ignores warrant for user account information' isn't anywhere near as flashy as 'ZOMG GUBERMENT SPYING ON US!'
The NSA isn't even involved in this. This is a company owner refusing to provide BASIC information, and the government taking logical steps in order to attain the information a non-FISA court agreed was needed in their investigation. One particular person is benefiting immensely from media manipulation, and it's the same person who claimed he could encrypt and decrypt data, and not have access to it.
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
Reading a little bit further into the docs, it would appear that they initially wanted a bit more access than he was comfortable giving. They wouldn't let him just give the info after 60 days and wanted a trace device that would let them intercept information unencrypted in real time. The court order only gave them permission to intercept certain information, but they would have had access to much more, and it would have compromised the security of their entire operation. Given the information we have available right now about US spy agencies' utter disrespect for the rule of law, he clearly made the right choice.
This is my signature. There are many like it, but this one is mine.
Reading a little bit further into the docs, it would appear that they initially wanted a bit more access than he was comfortable giving. They wouldn't let him just give the info after 60 days and wanted a trace device that would let them intercept information unencrypted in real time. The court order only gave them permission to intercept certain information, but they would have had access to much more, and it would have compromised the security of their entire operation. Given the information we have available right now about US spy agencies' utter disrespect for the rule of law, he clearly made the right choice.
'Clearly'. I disagree. He was being an ass, and the operation didn't have the security he touted in the first place - it's like buying a lockbox at a bank, but giving your stuff to the teller to put in the box. That's not secure.
As an email service provider, I can attest these orders are not executed by the NSA, they're part of investigations performed by the FBI. They DO NOT want any more info than is listed on the court order. Are you kidding me? Using evidence gained illegally as part of a prosecution? A defense lawyer would have a field day with that.
If you mean that he made the right choice in talking with the media about the abuse of the government taking his SSL keys, instead of talking about his lack of cooperation, then yeah, I agree he made the choice that was in his best interests. No publicity is bad publicity they say.
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
I suppose ACLU only assists the wealthy. I have begged for the millions I lost under Obamalaw that violated at least 5 amendments of our Constitution and was told now he broke you hire a rights lawyer.
The system was about as secure as an email service you don't personally host can be, at least as far as the general model goes.
They were searching for information on Snowden. They weren't looking for information for a trial. They were trying to find out who he was in contact and exactly what he had so they could control the situation.
This is my signature. There are many like it, but this one is mine.
The system was about as secure as an email service you don't personally host can be, at least as far as the general model goes.
Well - public/private key encryption comes to mind. Your users would just need a local client, either plugged into a fat client, run as Java (like the CA provider), or using opengpg's javascript or Chrome plugins. The solutions exist, Lavabit just created an overly complex 'paper shuffling' process to hide the fact it's not really secure.
They were searching for information on Snowden. They weren't looking for information for a trial. They were trying to find out who he was in contact and exactly what he had so they could control the situation.
So what's the problem with providing account information and log data for a single account, requested by court order? If Snowden's a whistleblower, then there's nothing to be afraid of. If he's sending highly classified data to the Russians... uhm, my age is showing... Chinese, and using 'whistleblower' as a cover for his actions, then we have a problem. That's not Ladar's call to make. That's why there are professional investigators involved, a 'Federal Bureau', as it were.
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
I believe the content of the email was encrypted at all times. But a mail server has to have information on sending and receiving the mail. so not all data can be encrypted by the user's key.
It's a problem when all of the reporters on that list end up going missing a short time afterwards. You are fra too trusting of the government here. Think of this situation like it were reversed, and a Russian or Chinese operative was exposing their dirty laundry to the world in the US. Think of the things that these regimes would do. Now, realize that the US would do all of the same things if they could manage to keep it quiet.
Also, the theory that he was very publicly a whistleblower as a cover to give foreign governments intel is ridiculous. That's about the worst way to try and accomplish that.
This is my signature. There are many like it, but this one is mine.
I believe the content of the email was encrypted at all times. But a mail server has to have information on sending and receiving the mail. so not all data can be encrypted by the user's key.
It can't be encrypted at all times if a normal client is able to view it. It was merely encrypted at rest, with a single encryption/decryption key stored on the same server.
It's a problem when all of the reporters on that list end up going missing a short time afterwards. You are fra too trusting of the government here. Think of this situation like it were reversed, and a Russian or Chinese operative was exposing their dirty laundry to the world in the US. Think of the things that these regimes would do. Now, realize that the US would do all of the same things if they could manage to keep it quiet.
Assuming every corner of the government was in on it. Most of those people are just doing their jobs. Trails of bodies tend to attract attention
Also, the theory that he was very publicly a whistleblower as a cover to give foreign governments intel is ridiculous. That's about the worst way to try and accomplish that.
We are talking about the genius who, upon deciding to commit treason, used an account with his name on it - not even an alias.
So either he's incredibly stupid, or incredibly intelligent. It would be incredibly intelligent to save your ass from the fire by making yourself appear to be a folk hero.
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
I believe the clients held the keys and actual messages were decrypted client-side. If you know of a service that offered close to the same thing with better practices, please mention it.
Not every corner. The only parties that would have to be in on this are part of the FBI and the NSA, which isn't unthinkable. Trails of bodies do tend to attract attention, although we aren't talking about a huge number of people, and we've already got a good bit of attention, and they can just throw down a scapegoat or two. There's also the somewhat less unseemly task of trying to get ahead of the leaks and do damage control. They've tried to do that, but failed pretty miserably, with almost every statement being followed by evidence that everything they just said was a bald-faced lie.
His communications were with a reporter he trusted deeply and believed to be secure in her practices. Furthermore, he didn't consider his actions treasonous.
And no, it wouldn't be incredibly intelligent to be publicly visible if you were engaged in delivering state secrets to an enemy. He would be under less investigation if he were more quiet. Your theory is a completely wild shot in the dark to try and justify this witch hunt.
This is my signature. There are many like it, but this one is mine.