Slashdot Mirror

← Back to Stories (view on slashdot.org)

ACLU: Lavabit Was 'Fatally Undermined' By Demands For Encryption Keys

Posted by Soulskill on from the understatement-of-the-century dept.

An anonymous reader writes "When encrypted email provider Lavabit shut down in August, it was because U.S. authorities demanded the company release encryption keys to get access to certain accounts. Lavabit's founder, Ladar Levison, is facing contempt of court charges for his refusal to acquiesce to their demands. But now the ACLU has filed a 'friend of the court' brief (PDF) in support of Levison, saying that the government's demand 'fatally undermined' the secure email service. 'Lavabit's business was predicated on offering a secure email service, and no company could possible tell its clients that it offers a secure service if its keys have been handed over to the government.' The ACLU added, 'The district court's contempt holding should be reversed, because the underlying orders requiring Lavabit to disclose its private keys imposed an unreasonable burden on the company. Although innocent third parties have a duty to assist law enforcement agents in their investigations, they also have a right not to be compelled "to render assistance without limitation regardless of the burden involved."' Lavabit is also defending itself by claiming a violation of the 4th amendment has occurred."

15 of 230 comments (clear)

  1. duty to assist law enforcement agents?? by fustakrakich · · Score: 5, Insightful

    Fuck that! I have no such obligation

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:duty to assist law enforcement agents?? by Impy+the+Impiuos+Imp · · Score: 4, Insightful

      Corporations are voluntary associations of people who do not give up their rights associating that way.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    2. Re:duty to assist law enforcement agents?? by pla · · Score: 5, Interesting

      A corporate employee not liking how he's being used by law enforcement can, as a general matter, simply get up and walk away from the company if he wants.

      In this case - Apparently, no, he cannot.

      When a court can effectively order you not to close up shop or face contempt, we have slavery for the convenience of the police, in a very real, material sense.

      And y'know? I don't feel okay with that.

    3. Re:duty to assist law enforcement agents?? by msauve · · Score: 5, Insightful

      I disagree. Corporations gain special tax and liability advantages - requiring them to give up rights is a a reasonable cost for that. That in no way prevents people from associating in other ways which lack such legal advantages while retaining their rights.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    4. Re:duty to assist law enforcement agents?? by Jane+Q.+Public · · Score: 5, Interesting

      "Is there a difference between what you can legally be compelled to do and your duty?"

      Yes, definitely.

      In the same way that "treason" is betrayal of your people and your country, as opposed to failure to obey your government. This is the fundamental failure made by the German people which allowed the Nazis to come to and maintain power.

      You have a duty to be honorable and ethical. You have an obligation to do what is legal. They are not the same things.

    5. Re:duty to assist law enforcement agents?? by icebike · · Score: 5, Insightful

      You do when they have a warrant.

      Well that is the issue being contested here, so you can't say for certain that a warrant is sufficient.

      The government may get a warrant for the contents of one safe-deposit box, but they don't have
      the right to a warrant for the combination to the bank's vault.

      The idea that one person must surrender all of his possessions so that law enforcement can capture another person
      is what is at issue here.

      --
      Sig Battery depleted. Reverting to safe mode.
    6. Re:duty to assist law enforcement agents?? by Jane+Q.+Public · · Score: 4, Insightful

      "Corporations are voluntary associations of people who do not give up their rights associating that way."

      HOWEVER, neither does that association transfer constitutional rights to the corporation. Those rights belong to the INDIVIDUALS that make up the corporation, not to the corporation, which is a "fictitious legal entity".

      Hence, a corporation can't vote, for example.

    7. Re:duty to assist law enforcement agents?? by TapeCutter · · Score: 5, Interesting

      Non-American here, but I believe that the law that protects a sysadmin's keys is the same law Dick Cheney relied on to protect the combination to his infamous office safe. I understand these laws need to be balanced against people simply obstructing justice, but it's pretty clear and there seems plenty of precedent that what's in your head is protected information. So why don't courts simply dismiss these case with prejudice? Why do they have to drag it on for years, only to come up with the same fucking answer after a couple of million dollars and a handful of shattered lives?

      There's something broken with the public prosecution system in the US. It seems to me that prosecutors are basically promoted by comparing how much jail time they have scored in court, rather than their overall cost / benefit to the well being of society. For example a prosecutor who gives a token fine for smoking a joint in public is more valuable to society than one who insists on jail time for all drug offenses.

      The appalling US jail statistics are very strong evidence that prosecutors are systematically making the wrong choices.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    8. Re:duty to assist law enforcement agents?? by Jane+Q.+Public · · Score: 5, Insightful

      "Ah, so you're in favor of muzzling the speech rights of political parties and nonprofit watchdogs?"

      No. For the moment let's leave aside Citizens United, which was grossly flawed, and which overturned centuries of precedent in order to reach an absurdly bad conclusion.

      Citizens' Unions and political organizations are different from "normal" business corporations, in that they are voluntarily formed for the purpose of furthering a common goal of the members. Often (but not necessarily) a political goal. Therefore, it is valid to say that the organization or corporation represents the interest of all the people involved.

      Now take a more "normal" business corporation: not all the people are there for the same reason. Some are CEOs. Some are janitors. Many of them are there for nothing but employment in their particular niche. This is DIFFERENT than the former example, because political money is being spent out of the profits of the corporation (not donations), and the money is spent in a way that only the board or CEO approves. There is nothing in this picture that suggests that the political money the corporation spends even remotely represents "the people" who make up the majority of the corporation. On the contrary, it is easy to see that a CEO might spend the money on lobbying to keep wages low, for example. There is nothing "representative" or "voluntary" about it, on the part of MOST of the people who make up the corporation.

      See the difference? SCOTUS erred -- that's putting it extremely mildly -- by not, at the very least, distinguishing between incorporated citizens' organizations, and business corporations. Yet the purposes and consequences are far different.

  2. Re:lavabit should have helped the first time by shentino · · Score: 5, Insightful

    The argument is that lavabit was asked to sabotage it's prime selling point.

  3. Re:lavabit should have helped the first time by auric_dude · · Score: 4, Interesting

    Lavabit Appeal EFF Amicus Brief http://cryptome.org/2013/10/lavabit-eff-amicus-13-1024.pdf, Lavabit Appeal ACLU Amicus Brief http://cryptome.org/2013/10/lavabit-aclu-amicus-13-1024.pdf & Lavabit Appeal Empeopled Amicus Brief http://cryptome.org/2013/10/lavabit-empeopled-amicus-13-1024.pdf might offer some insight into the legal advice sought and deployed via http://cryptome.org/.

  4. Re:lavabit should have helped the first time by king+neckbeard · · Score: 4, Informative

    There is no such thing as 'access to a few accounts' in their model. And the feds weren't involved in a legitamite operation anyway. They were trying to track down someone who had exposed their crimes.

    --
    This is my signature. There are many like it, but this one is mine.
  5. Blatantly wrong by Okian+Warrior · · Score: 4, Interesting

    In the case of Lavabit, the government demanded, and was given, a warrant for the HTTPS private key to monitor the online actions of a couple of defendants. This would allow the FBI to monitor not only the specific defendants, but all Lavabit customers.

    And I want to be totally clear about this: The government asked to install a pen trap device *and* have the private keys which would have allowed it to monitor all Lavabit customers.

    (Unlike phone companies, E-mail providers are under no legal obligation to make surveillance easy, or even possible, by the government.)

    Third parties have a duty to assist law enforcement, but that duty does not extend "regardless of the burden involved". The ACLU argument is that giving over the private keys would have completely destroyed the Lavabit business, which was an unreasonable burden to take in assisting law enforcement.

    You do when they have a warrant.

    Just saying "You do when they have a warrant" is no longer sufficient. There's ample evidence that judicial oversight has been compromised by the FISA court et al., and this is a particularly strong case of government overreach.

    You can't take warrants at face value any more.

  6. Lavabit did offert to help by Anonymous Coward · · Score: 5, Informative

    The FBI was not interested unless the could get access to his private SSL key. He offered several times to help them install their pen tap and trace device but the FBI was not interested unless they could load it with his private SSL key.

    He was also found in contempt of court after he provided his private SSL keys.

    This was a case of the FBI picking on someone so hard they figured they had to carry guns to meetings with him when he was being cooperative.

    This was the actions of an individual who honestly thought there was a mix up and once everything was explained to everyone (ie the Judge or the FBI officiers) this nonsense would have gone away. It didn't.

    And do you want to live in a world where a secret court can compel any and every secret private key? It totally defeats the entire security architecture of the internet as it now stands. This is bad juju.

  7. Civil disobedience has a cost ... by perpenso · · Score: 5, Insightful

    You don't when that warrant is ethically and Constitutionally wrong ...

    You are mistaken, there is nothing in the Constitution that says you can pick and choose which warrants issued by a valid court you will obey.

    What you are thinking of is called "civil disobedience", and civil disobedience often has a cost. Precisely the sort of thing we are seeing with respect to the contempt charge in this case. Civil disobedience is not an end run around the law nor a get out of trouble free card. What it is is a way to preserve your personal sense of ethics and a way to draw attention to and raise public awareness of an unjust law with the goal of amending or repealing the unjust law.