For those without showdead on, there's an insightful comment from beedogs:
My guess (and he intimates this in his comment about backdoors in Chinese products) is that the US government asked him to basically break his entire system so they could do MitM attacks.
The conversation probably went something like this:
USG: Install this machine in your datacenter. Route all traffic through it.
Accept installation of this new fiber demarc and allow us access to
configure this new router. You do not need to know where this
traffic is going. If you refuse, we'll slap you with a contempt order
and throw you in federal prison. If you tell anyone about this, we will
slap you with a contempt order and throw you in federal prison.
LL: Get fucked. I'll shut everything down instead.
-----
Why beedogs is shadowbanned is beyond me. A quick glance through his comment history doesn't indicate he's done anything to deserve it.
----
Hey beedogs: I can't reply to you directly because you're hellbanned. Send an email to PG. I'm not usually a fan of posting people's contact information, but in this case it's everywhere anyway - pg [at] ycombinator.com
The official way to appeal is to ask [email protected] about it. I did that once and they said I got banned by accident.
[Edit: ignore this part, it's wrong] If anyone gets shadowbanned (which can happen for automated reasons), use this link with your IP. https://news.ycombinator.com/unban?ip=ipaddress PG made this link as an automated appeal, he says it only works once.
If the government said "comply with this order or go to prison" and he said "I'll shut down instead", doesn't that still count as failure to comply? Is that like me burning down my house in response to a search warrant?
My guess (and he intimates this in his comment about backdoors in Chinese products) is that the US government asked him to basically break his entire system so they could do MitM attacks and ship unencrypted communications directly to the NSA.
The conversation probably went something like this:
USG: Install this machine in your datacenter. Route all traffic through it.
Accept installation of this new fiber demarc and allow us access to
configure this new router. You do not need to know where this
traffic is going. If you refuse, we'll slap you with a contempt order
and throw you in federal prison. If you tell anyone about this, we will
slap you with a contempt order and throw you in federal prison.
LL: Get fucked. I'll shut everything down instead.
The truly terrifying thing about this scenario is that they're likely already doing this elsewhere on a huge scale.
That doesn't make much of a difference. The prosecutor only has to make the charge remotely plausible in order to coerce a guilty plea to a lesser charge. (This is what they did to Aaron Swartz.) With a 20-year maximum sentence, anticipatory obstruction is a mighty powerful lever.
From the URL that ibejoeb posted above (italics are mine):
Unceremoniously titled “Destruction,
Alteration, or Falsification of Records in Federal
Investigations and Bankruptcy,” and part of § 802 of the
Sarbanes-Oxley Act of 2002, § 1519 provides:
Whoever knowingly alters, destroys, mutilates,
conceals, covers up, falsifies, or makes a false
entry in any record, document, or tangible
object with the intent to
impede, obstruct, or influence
the investigation or proper
administration of any matter
within the jurisdiction of any
department or agency of the
United States or any case filed
under Title 11, or in relation to
or contemplation of any such
matter or case, shall be fined
under this title, imprisoned not
more than 20 years, or both.
Once you've been contacted the first time under an NSL letter, what stops you from choosing to broadcast the entire duration of the ordeal.
government: "Here's an NSL."
recipient: "Cool deal. I will respect it and not mention it to anyone, but be aware that from this point forward I will always have a device that will broadcast every interaction verbal or electronic that anyone has to me publicly live in real-time to the Internet. You have the right to remain silent. Do you understand? Anything you say may be used against you in the court of public opinion. Do you understand? If you wish to continue to communicate with me, be aware that any statement that you or anyone from your office makes to me will instantly and irreversibly become part of the public record."
On top of that you can hand them a special email address for their use only and you can delete your own personal email. You can also wear a shirt with friends and family that informs them in big bold letters that everything is a matter of the public record.
This would essentially serve to shield you entirely from secret communication by placing a "force field" of publicity around you. There might be some law somewhere that prohibits this tactic, I cannot imagine how they would counteract this tactic legally so long as you always greet them with disclosure that your are recording everything. I imagine that they could try to force you somehow to interact with them in a location that prohibits recording devices.
Courts are made of people, not computers; and they care about the bottom line, not the reasoning behind the loophole. What you describe -- and every other thought experiment, like warrant canaries -- is a good way to spend the rest of your life in jail for contempt of court.
If you get an NSL, shut down your business and leave the country.
We can already see the Ladar knows how to use publicity. Every time he ends a communication, it's some unsupported, wild accusation that gets everyone talking. I feel like everyone is throwing away good scientific skepticism to jump on the anti-NSA bandwagon. There is a legal and logical reason for the NSA to have some secrets. Ladar should be more forthcoming however. He has yet to say anything substantial, imho. There is plenty he could be saying but the press loves this shit; they will do fine without actual content in their releases.
The thing is, no NSL is keeping Ladar Levison from telling us what he knows about email in general. NSLs are specific to the information being sequestered, everything else if fair game. Yet he says "if you knew what I knew." That's just immature posturing. Tell us what you know or say nothing. Waving around your supposed "big secret" in the press like some celeb for gossip? It's not what honest engineers do. Every time I hear a word from the mouth of this Ladar character, I trust him less.
This idea of "Using a force field of publicity" is completely illogical because all it does it serve to fuel wild speculations and distractions! Where are the FACTS?
He should contest the NSL gag orders. They've already been declared unconstitutional at least 3 times, but they managed to trick the justice system by changing a few random words in the law (with the help of Congress), in effect creating a "new" law that was wiped clean of any "unconstitutionality" ruling.
The NSL is still unconstitutional in principle, it's just that it needs to be contested every time they change the law to escape the ruling. Hopefully this time Congress will stop playing along and creating new laws for them.
Kind of like how pharma companies change a tiny little thing about a drug at the end of its patent term, and then have an entirely "new" patented drug to sell.
Maybe it's time for a new type of email service. Something along the lines of two way auth, private key on cell phone, public on server. Cell phones have cameras now, so you could generate a QR code or something which your auth app could look at and generate a response in order to generate a unique token to gain access to your message(s). On the server side guys could have a deadman switch which would purge all data if not heard from administrators for 12 hours. That way they could delete data and not be in jeopardy of obstructing any government or whomever is seeking to gain access. Bonus points could be had for not hosting in US too.
The whole problem with email is the asynchronous thing.
You want to be secure, then it needs to be in such a way that there's minimum reliance on a central server. But in that case, what happens if your local machine (which is both your mailserver and an end client) is offline? Should the email bounce around in the network (like bitmessage does)? Or should you notify the sender with the standard "Mail Subsystem Delivery failure" that we all know and love.
Actually after reading this, I want to seriously sit down and write a spec but if I include the assumption that there is a chance for the end-server/recipient to be offline, it throws everything into chaos.
I don't think the encryption thing is the problem. I honestly have a hard time accepting that he was unable to provide decrypted content even with a warrant. That pretty much makes this a Swiss bank account for data and you better believe criminals would be all over it. I'd rather go through legal channels to end violations of due process.
There are already some existing Bitmessage gateways such as http://bitmsg.cc/. Looks like using something like this would be a better solution for a Lavabit-successor: Use a secure messaging protocol and then only use gateways to send messages between the traditional email world and your own secure protocol.
Of course, the gateway could still log your messages, but the same security issue applied to Lavabit. The main advantage is that once the gateway has forwarded your message, no one can force the operator to retroactively decrypt the message.
Bitmessage sounds like one potential solution for this, but it has some scalability issues. Using RetroShare would be another approach.
So why doesn't he share with everyone? If he's willing to shut down his service in the spirit of security, why not expose details in the spirit of transparency?
I can't imagine all of it would be subject to a lawsuit.
Well, presumably because he doesn't want to end up in jail or Russia.
I very appreciate his actions, what he has felt able to say publicly and his dilemma in general. Part of me wants to call him a coward, but I can not say I would do better. I can't criticize. What this does show is how brave and "heroic" people like Snowden, Bradley, and the like really are.
What would be interesting is to see if he tries to get his story heard via routes acceptable to government, and if so, what happens.
I'd imagine that it's because under the current law he's gagged. Disclosing an NSL to the public (i.e. anyone that's not his lawyer or a judge) is something that will send him to jail. Rather than go to jail (where less useful and free), he's using his standing to try to have a legal precedent set that being gagged by an NSL is unconstitutional. Hence him asking for help with legal costs.
> I can't imagine all of it would be subject to a lawsuit.
Where have you been all this time? Have you not read the news recently? Basically every US IT company is being NDA'd and backdoored/taped. Lavabit is the first one in choosing a different option: closing the business.
I'm leaving out a lot of transport detail for brevity, but that's the essence.
Also, email is generally stored unencrypted at rest. Even if you take precautions to secure your own mailbox, the recipient might just have it floating around in plain text in their Gmail account, just waiting for it to be nabbed by whoever can get a court order, or whatever.
Also, even if your email is encrypted, the metadata isn't. So you can figure out who is talking to whom, when, and usually from where (by the IP address). Also, there are a lot of headers indicating details about your computer (if you used a fat client rather than webmail), such as the user-agent header which indicates what software you're running (e.g. Thunderbird, version x, on Linux/Windows/OS X for x architecture, etc) which can give clues about how to attack that client with some 0day exploit.
> What about an alternate messaging system addressIng these issues ?
In case he was talking about unencrypted email, it's obvious:
-> Only use encrypted email (with an email client).
In case he was talking about encrypted email, all the "metadata" is still open (sender/receiver address, time/frequency, message subject). Then you can cross-reference that data with other data to get a more precise picture of the users.
email is a tool. you can use it for what it works for.
it doesn't have to be used for all communication.
assume a world where all your emails are archived in publicly accessible databases. you've lost privacy, but could it still be a useful tool?
send birthday emails. send your friends funny cat videos.
you don't have to use email for everything you used it for before -- you can just use it in different ways. i would still like to be able to near-instantly communicate with relatives across the world.
i know bacon clogs my arteries and making bacon has a terrible environmental footprint relative to eating only grains, but i love it.
It's not a stupid question, but often times open sourcing something involves one or more of the following:
1. Documenting everything so it's actually usable. At a minimum, "here is how to install the dumb thing" should probably be documented.
2. Often times there are hard-coded values that would need to be extracted out for security reasons or to simply allow someone to install it on a system not quite like yours.
3. Often times there are other dependences that would also have to be open sources such as modifications to libraries, internal libraries released, shell scrips, cron jobs, messaging queues, delayed job worker tasks, etc that the system may rely on. These all need to be packaged up, documented and/or released.
In short it is a ton of work to take something that is running in our way on our hardware and generalize it enough that anyone else can run it.
On the other hand, you wouldn't need their service to give you the protections they offered. Essentially, encrypted email storage. You can get that mostly off the shelf using any linux distro if you run your own mail service.
As far as I can tell it is a service that suffers from many of the same things as other services, especially concerning email that is sent to a recipient in clear text:
1) The email can be intercepted in clear text
2) If the service is compromised; a plain text copy can be made
3) If the service is compromised; a copy of the session key can be stored
4) If the service is compromised; a predictable/insecure session key can be used
5) They store a copy of the secret key; if the service is compromised - all session keys can be recovered when the user logs in (provides the password).
I've thought about engineering a similar system; but one based around GPG -- have users upload/associate a public key with their account, and if they receive unencrypted email encrypt it to them using their public key. 1,2,3 and 4) remain though -- and 4) may be the worst as it is almost impossible to detect/defend against AFAIK.
An alternative would be to set up a service that detects whether or not incoming mail is encrypted, and rejects it if it is not (along with information of where/how to install and set up GPG).
As others have mentioned this would not help with the who talks to who meta-data problem.
> He doesn’t have the technological capability to decrypt his customer’s data but if someone could intercept the communication between the Lavabit’s Dallas-based servers and a user, they could get the user’s password and then use that to decrypt their data.
Is it really what I understand from this or LL is trying to say something else.
“In America, we’re not supposed to have to worry about watching our words like this when we’re talking to the press,” Binnall said. (from article)
I am a new immigrant to America. I came with my wife from Australia 8 months ago. All my life I heard about how the US supported the freedom and rights of its people, and now that I'm here, I find that that was a sick joke. This place is a KGB state on the brink of happening.
I went the other direction, from the US to Australia, and I've been watching from afar as the remnants of the America I grew up taking for granted are being systematically and increasingly quickly stripped away.
Forces of the Federal government have been on the march and increasing power for the last 140 years. They show no signs of slowing down, let alone stopping.
The irony is that the original impetus for the Federal government to assert supremacy was to give freedom to the slaves -- the right thing to do, but it's unlikely that we'll recover from that power shift any time soon.
Why don't all these tech companies form a coalition and release the details together ? The government would never dare going after a dozen companies at once, that would in essence spell doom for Silicon valley (and Obama's liberal rhetoric, such as it is). Surely there are times when breaking the law is the right thing ?
[+] [-] kintamanimatt|12 years ago|reply
My guess (and he intimates this in his comment about backdoors in Chinese products) is that the US government asked him to basically break his entire system so they could do MitM attacks.
The conversation probably went something like this:
-----Why beedogs is shadowbanned is beyond me. A quick glance through his comment history doesn't indicate he's done anything to deserve it.
----
Hey beedogs: I can't reply to you directly because you're hellbanned. Send an email to PG. I'm not usually a fan of posting people's contact information, but in this case it's everywhere anyway - pg [at] ycombinator.com
[+] [-] sp332|12 years ago|reply
[Edit: ignore this part, it's wrong] If anyone gets shadowbanned (which can happen for automated reasons), use this link with your IP. https://news.ycombinator.com/unban?ip=ipaddress PG made this link as an automated appeal, he says it only works once.
[+] [-] beedogs|12 years ago|reply
Can someone at least let me know what the hell I did?
[+] [-] sgustard|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] beedogs|12 years ago|reply
Thanks for the heads-up!
[+] [-] phpnode|12 years ago|reply
You made this post https://news.ycombinator.com/item?id=6183189 and one of the admins arbitrarily decided that you needed silent punishment. nice eh?
[+] [-] phillijw|12 years ago|reply
[deleted]
[+] [-] beedogs|12 years ago|reply
The conversation probably went something like this:
The truly terrifying thing about this scenario is that they're likely already doing this elsewhere on a huge scale.[+] [-] sneak|12 years ago|reply
[+] [-] GigabyteCoin|12 years ago|reply
http://en.wikipedia.org/wiki/Joseph_Nacchio#Qwest
[+] [-] ibejoeb|12 years ago|reply
I'm sure he and his lawyers aware, but we've got this cool new thing called Anticipatory Obstruction. It'd probably be a pretty far reach, but stranger things have happened. See http://www.perkinscoie.com/files/upload/LIT_11_06FunkFeature....
[+] [-] lisper|12 years ago|reply
That doesn't make much of a difference. The prosecutor only has to make the charge remotely plausible in order to coerce a guilty plea to a lesser charge. (This is what they did to Aaron Swartz.) With a 20-year maximum sentence, anticipatory obstruction is a mighty powerful lever.
[+] [-] greenyoda|12 years ago|reply
Unceremoniously titled “Destruction, Alteration, or Falsification of Records in Federal Investigations and Bankruptcy,” and part of § 802 of the Sarbanes-Oxley Act of 2002, § 1519 provides:
Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under Title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.
[+] [-] j_baker|12 years ago|reply
[+] [-] malandrew|12 years ago|reply
government: "Here's an NSL." recipient: "Cool deal. I will respect it and not mention it to anyone, but be aware that from this point forward I will always have a device that will broadcast every interaction verbal or electronic that anyone has to me publicly live in real-time to the Internet. You have the right to remain silent. Do you understand? Anything you say may be used against you in the court of public opinion. Do you understand? If you wish to continue to communicate with me, be aware that any statement that you or anyone from your office makes to me will instantly and irreversibly become part of the public record."
On top of that you can hand them a special email address for their use only and you can delete your own personal email. You can also wear a shirt with friends and family that informs them in big bold letters that everything is a matter of the public record.
This would essentially serve to shield you entirely from secret communication by placing a "force field" of publicity around you. There might be some law somewhere that prohibits this tactic, I cannot imagine how they would counteract this tactic legally so long as you always greet them with disclosure that your are recording everything. I imagine that they could try to force you somehow to interact with them in a location that prohibits recording devices.
[+] [-] nilved|12 years ago|reply
If you get an NSL, shut down your business and leave the country.
[+] [-] dale386|12 years ago|reply
[+] [-] AsymetricCom|12 years ago|reply
The thing is, no NSL is keeping Ladar Levison from telling us what he knows about email in general. NSLs are specific to the information being sequestered, everything else if fair game. Yet he says "if you knew what I knew." That's just immature posturing. Tell us what you know or say nothing. Waving around your supposed "big secret" in the press like some celeb for gossip? It's not what honest engineers do. Every time I hear a word from the mouth of this Ladar character, I trust him less.
This idea of "Using a force field of publicity" is completely illogical because all it does it serve to fuel wild speculations and distractions! Where are the FACTS?
[+] [-] mtgx|12 years ago|reply
The NSL is still unconstitutional in principle, it's just that it needs to be contested every time they change the law to escape the ruling. Hopefully this time Congress will stop playing along and creating new laws for them.
Watch this and you'll get it:
https://www.youtube.com/watch?v=eT2fQu50sMs
[+] [-] a3n|12 years ago|reply
[+] [-] Keyframe|12 years ago|reply
[+] [-] sigkill|12 years ago|reply
You want to be secure, then it needs to be in such a way that there's minimum reliance on a central server. But in that case, what happens if your local machine (which is both your mailserver and an end client) is offline? Should the email bounce around in the network (like bitmessage does)? Or should you notify the sender with the standard "Mail Subsystem Delivery failure" that we all know and love.
Actually after reading this, I want to seriously sit down and write a spec but if I include the assumption that there is a chance for the end-server/recipient to be offline, it throws everything into chaos.
[+] [-] tootie|12 years ago|reply
[+] [-] gst|12 years ago|reply
Of course, the gateway could still log your messages, but the same security issue applied to Lavabit. The main advantage is that once the gateway has forwarded your message, no one can force the operator to retroactively decrypt the message.
Bitmessage sounds like one potential solution for this, but it has some scalability issues. Using RetroShare would be another approach.
[+] [-] mvkel|12 years ago|reply
[+] [-] alan_cx|12 years ago|reply
I very appreciate his actions, what he has felt able to say publicly and his dilemma in general. Part of me wants to call him a coward, but I can not say I would do better. I can't criticize. What this does show is how brave and "heroic" people like Snowden, Bradley, and the like really are.
What would be interesting is to see if he tries to get his story heard via routes acceptable to government, and if so, what happens.
[+] [-] kintamanimatt|12 years ago|reply
[+] [-] jafaku|12 years ago|reply
Where have you been all this time? Have you not read the news recently? Basically every US IT company is being NDA'd and backdoored/taped. Lavabit is the first one in choosing a different option: closing the business.
[+] [-] ukandy|12 years ago|reply
[+] [-] chmike|12 years ago|reply
What about an alternate messaging system addressIng these issues ?
[+] [-] kintamanimatt|12 years ago|reply
Also, email is generally stored unencrypted at rest. Even if you take precautions to secure your own mailbox, the recipient might just have it floating around in plain text in their Gmail account, just waiting for it to be nabbed by whoever can get a court order, or whatever.
Also, even if your email is encrypted, the metadata isn't. So you can figure out who is talking to whom, when, and usually from where (by the IP address). Also, there are a lot of headers indicating details about your computer (if you used a fat client rather than webmail), such as the user-agent header which indicates what software you're running (e.g. Thunderbird, version x, on Linux/Windows/OS X for x architecture, etc) which can give clues about how to attack that client with some 0day exploit.
[+] [-] northwest|12 years ago|reply
In case he was talking about unencrypted email, it's obvious:
-> Only use encrypted email (with an email client).
In case he was talking about encrypted email, all the "metadata" is still open (sender/receiver address, time/frequency, message subject). Then you can cross-reference that data with other data to get a more precise picture of the users.
-> Only communicate using one of the "darknet" platforms: https://en.wikipedia.org/wiki/Darknet_%28file_sharing%29
[+] [-] spyder|12 years ago|reply
[+] [-] ezl|12 years ago|reply
it doesn't have to be used for all communication.
assume a world where all your emails are archived in publicly accessible databases. you've lost privacy, but could it still be a useful tool?
send birthday emails. send your friends funny cat videos.
you don't have to use email for everything you used it for before -- you can just use it in different ways. i would still like to be able to near-instantly communicate with relatives across the world.
i know bacon clogs my arteries and making bacon has a terrible environmental footprint relative to eating only grains, but i love it.
[+] [-] samstave|12 years ago|reply
[+] [-] dombili|12 years ago|reply
[+] [-] noahc|12 years ago|reply
1. Documenting everything so it's actually usable. At a minimum, "here is how to install the dumb thing" should probably be documented.
2. Often times there are hard-coded values that would need to be extracted out for security reasons or to simply allow someone to install it on a system not quite like yours.
3. Often times there are other dependences that would also have to be open sources such as modifications to libraries, internal libraries released, shell scrips, cron jobs, messaging queues, delayed job worker tasks, etc that the system may rely on. These all need to be packaged up, documented and/or released.
In short it is a ton of work to take something that is running in our way on our hardware and generalize it enough that anyone else can run it.
On the other hand, you wouldn't need their service to give you the protections they offered. Essentially, encrypted email storage. You can get that mostly off the shelf using any linux distro if you run your own mail service.
[+] [-] ssimpson|12 years ago|reply
[+] [-] e12e|12 years ago|reply
http://wayback.archive.org/web/20130530023856/http://lavabit...
As far as I can tell it is a service that suffers from many of the same things as other services, especially concerning email that is sent to a recipient in clear text:
I've thought about engineering a similar system; but one based around GPG -- have users upload/associate a public key with their account, and if they receive unencrypted email encrypt it to them using their public key. 1,2,3 and 4) remain though -- and 4) may be the worst as it is almost impossible to detect/defend against AFAIK.An alternative would be to set up a service that detects whether or not incoming mail is encrypted, and rejects it if it is not (along with information of where/how to install and set up GPG).
As others have mentioned this would not help with the who talks to who meta-data problem.
[+] [-] vishal0123|12 years ago|reply
Is it really what I understand from this or LL is trying to say something else.
[+] [-] bengrunfeld|12 years ago|reply
I am a new immigrant to America. I came with my wife from Australia 8 months ago. All my life I heard about how the US supported the freedom and rights of its people, and now that I'm here, I find that that was a sick joke. This place is a KGB state on the brink of happening.
[+] [-] beedogs|12 years ago|reply
It's pretty heartbreaking.
[+] [-] crusso|12 years ago|reply
The irony is that the original impetus for the Federal government to assert supremacy was to give freedom to the slaves -- the right thing to do, but it's unlikely that we'll recover from that power shift any time soon.
[+] [-] chasing|12 years ago|reply
[+] [-] enupten|12 years ago|reply
[+] [-] digipaper|12 years ago|reply