Whoa, I had never heard of an attorney-client gag before:
> LADAR LEVISON: Well, just to add one thing to Greenwald’s comments, I mean, there’s information that I can’t even share with my lawyer, let alone with the American public.
"Lavabit had complied with 'narrowly tailored' court orders for user information on at least two dozen occasions in the past"
In other words Lavabit is not any better than Hushmail. Lavabit did not base its security on cryptography, it based on it trusting the people who worked for the company. Cryptography was just a side show, just like with Hushmail, because Lavabit could get the plaintexts whenever someone working there wanted (or whenever they were compelled to do so by a government, criminal organization, etc.).
Lavabit was hosted webmail, and therefore inherently dependent on the host not being evil. It is not possible to construct a hosted webmail service that is safe against a malicious/compromised host.
The phrase "user information" is vague; it could include timestamps of all requests from a particular IP, for example. Given that he was willing to shut down his sole source of income on principle, I'm willing to believe that he had reasonable crypto in place to protect user data at rest.
Cryptography was just a side show, just like with
Hushmail, because Lavabit could get the plaintexts
whenever someone working there wanted (or whenever they
were compelled to do so by a government, criminal
organization, etc.).
Assuming good faith and a reasonable storage implementation, it is possible that Lavabit is not capable of providing plaintext messages on demand. I heard somewhere that messages were stored with a key derived from the user's password; if true, then a warrant for [email protected] might not be fulfillable until after the next successful login from johndoe@.
I don't think so. He based his service on the premise that he didn't have the keys o the encryption, and I can imagine he was able to respond to the requests "this is what I have." Specifically, as the service customers paid for, he was able to give, for example, the name and the credit cards of the specific investigated customers if he billed them directly. But it is OK, there were narrow court orders, everybody is expected to get and respond to such. What happened now must be different. Otherwise, why would he decide to do what he did now?
BTW it's a really nice article, gives a nice personal side to the whole story.
No, that isn't the case. Lavabit's emails were encrypted on the server for paying users, and only if enabled by them. In a case where one of those users (whose numbers were less than 2000) had their data subpoenaed, Lavabit would be unable to do so without MITMing themselves in a way that grabbed the plaintext password in transit. Since that didn't happen (why would he close the site when he was asked to do it again?) we can surmise that the only data that was given over was free users and only when compelled by the government.
For one thing, Ladar is the only person at Lavabit with access to the servers or hosting environment. Absolutely no one could access the plain text version of anything (password or email contents) without the password to an account, because all data for a specific user is encrypted using a key that is stored as an encrypted string in the database, without the account password the key cannot be decrypted.
Now, it would be possible for him to have installed software to intercept the password for a specific user when they authenticate, I have no idea if he ever had to do that. I do know that he's obligated by law to comply with court orders, you can't just refuse to cooperate if federal officials give you a warrant, if you don't cooperate they will throw you in jail until you change your mind. Those rules apply to every American company, not just Lavabit.
I think the distinction between providing aid to the FBI (or whoever) for a specific, targeted warrant but telling them to fly a kite when they want access to everyone without reasonable cause is perfectly reasonable from his perspective.
"After his announcement last Thursday, a second company, Silent Circle, based in Maryland, said it would close its secure e-mail service. That company said it had not been served with a government order of any kind. In a pre-emptive bid to protect its customers’ data, Silent Circle said it had obliterated everything in its server."
Uh, what? This could almost be the story satirized by this passage from 1911:
"A certain German art expert, who had obtained from the municipality of Bergamo permission to inspect the famous masterpiece, declared it to be a spurious Pincini... The editor of an Italian art journal refuted the contentions of the German expert and undertook to prove that his private life did not conform to any modern standard of decency. The whole of Italy and Germany were drawn into the dispute, and the rest of Europe was soon involved in the quarrel. There were stormy scenes in the Spanish Parliament, and the University of Copenhagen bestowed a gold medal on the German expert (afterwards sending a commission to examine his proofs on the spot), while two Polish schoolboys in Paris committed suicide to show what THEY thought of the matter."
They're nothing alike. Suppose Silent Circle sent an email to all its users announcing that they would destroy the data on the server in 7 days. It's a good bet the government has accounts on most privacy-advocating web services, simply to keep tabs. That gives the government 7 days to try to get a FISA warrant, or if they think they can get away with it, unilaterally issue a NSL.
They would only be able to subpoena a few of the email accounts (or maybe a lot, but certainly not all), but that still breaks the privacy model many people assume given its advertisement as "secure" webmail.
Silent Circle didn't want to take the chance, and your hyperbolic parallel notwithstanding, they had good reason to do what they did.
It depends what you care about more, the emails or the privacy. The privacy is now ensured, and it isn't like they've erased the emails from the users' minds, only the records of the email.
“I’ve always sort of believed it’s important for Americans to have private conversations with other Americans,” Mr. Levison said in a telephone interview Monday, “and not fear that their conversations were being monitored by the government.”
The problem with that is you know your service is going to be used by criminals, child pornography, organized crime, terrorists etc. So if you start this service you know you're going to have to comply with government requests for that data. It seems disingenuous to complain about their requests as though you didn't expect them and that they wouldn't e reasonable. And I think he's saying that in his own way when you get into the details: "Yep, I supported the narrowly defined ones but the broadly defined ones are the straw that broke the camels back"
> The problem with that is you know your service is going to be used by criminals, child pornography, organized crime, terrorists etc.
Thats a huge stretch and abuse of logic IMHO. Don't build roads because criminals and terrorists will drive on them. There will be also UPS/FedEx couriers delivering printed child pornography driving those roads. So better, setup checkpoint and unmanned vehicle x-ray type scanners and set them up every where on highways.
More insane: don't open a barber shop, because if you have hairy guy robbing bank next door, he can get a haircut at your place and cops will have hard time recognizing him.
I don't think every one and each of Lavabit 1,500 paid customers were terrorist. I understand and respect people willingness to have a safe and secure email, as Constitution says you should feel save and secure in your own skin.
> So if you start this service you know you're going to have to comply with government requests for that data.
We don't know what really happened. Knowing how feds work just a little bit, I wouldn't be suprised if owners were intimidated via FBI/CIA/DEA/IRS and plenty other Government Organisations. I wouldn't be suprised if owners, their families and their friends would fall under heavy scrutiny and deep IRS audits. There is really soo many things Feds can do not to break the law, technically, and still harass $hit out of you and your family.
If they fall on each gov request, next we will have that barber share his info, just because feds want to. You know, terrorists are humans; they do get haircut sometimes too.
The more I see arguments of this sort, the more I can see where we're heading. Not that there's anything wrong with your argument, this is the world live - we expect our state to have access to data on citizen when the said citizen is under investigation.
Too bad communications are only going to get more digitalized. I guess that soon we will live in a world where a citizen entire communication will be stored somewhere, ready to be mined on first suspicions.
One day, the thin line that makes a citizen a suspect will be blurry enough that we'll wonder how did we get the state this level of access in our lives in the first place. It'll probably be too late then.
So what? That's like saying Comcast, AT&T, and other service providers should feel guilty for what their users do with their networks? Please. As if they would.
So you don't see a serious difference between narrowly-defined and broadly-defined snooping?
How about the different between narrowly-defined detention and wholesale just-in-case detention of everyone?
The two are directly analogous, in that scope makes all the difference in both cases. It's entirely possible to support detention of reasonably suspected criminals, and at the same time oppose formation of mass concentration camps. Nothing disingenuous about that.
If the terrorist, kiddie porn arguments have primacy, free society is well and truly over. We can apply those criteria to everything, and, well, shut down.
If you think this mass surveillance was set up to fight child porn or terrorists, you're extremely naive.
It's a power grab. Pure and simple. Those who control this system can easily find dirt on their political/corporate opponents, while being completely immune.
They might stop some occasional clueless idiot terrorists or CP distributors, but that's not the end goal, that's just the political theater.
You really think terrorists don't properly encrypt their conversations?
You really think high-level criminals don't properly encrypt their conversations?
The problem with centralized privacy-as-a-service is the Fed raid problem. In order to be "fed proof," a service must be sufficiently distributed.
PS: I'll say what has been said again, Lavabit was so close to being wildly successful, it's a shame that an insecure govt leadership decided to squash a thriving venture. Though it was a likely conclusion because of centralized ownership.
The problem is not limited to any specific government; the problem is that you are doing something inherently insecure when you allow a service provider to generate, store, and utilize your private keys. Exploits by law enforcement are not the only problem -- spies, criminals, etc. can also exploit the weakness.
I'm no lawyer but I think Mr. Levinson should lay low and avoid talking to the media. I think he is already in deep trouble, if he keeps talking, he is pretty much challenging federal prosecutors to have him "Swartz'd"
An idea for fixing this is having an email provider broken up between several countries that are not expected to cooperate (like U.S., Russia, Equador and Iran) and coded in a way that renders information worthless unless pieces from all parts are used. Then no court order can help.
[+] [-] grey-area|12 years ago|reply
http://www.democracynow.org/2013/8/13/exclusive_owner_of_sno...
[+] [-] guelo|12 years ago|reply
> LADAR LEVISON: Well, just to add one thing to Greenwald’s comments, I mean, there’s information that I can’t even share with my lawyer, let alone with the American public.
[+] [-] dombili|12 years ago|reply
[+] [-] betterunix|12 years ago|reply
"Lavabit had complied with 'narrowly tailored' court orders for user information on at least two dozen occasions in the past"
In other words Lavabit is not any better than Hushmail. Lavabit did not base its security on cryptography, it based on it trusting the people who worked for the company. Cryptography was just a side show, just like with Hushmail, because Lavabit could get the plaintexts whenever someone working there wanted (or whenever they were compelled to do so by a government, criminal organization, etc.).
[+] [-] jmillikin|12 years ago|reply
The phrase "user information" is vague; it could include timestamps of all requests from a particular IP, for example. Given that he was willing to shut down his sole source of income on principle, I'm willing to believe that he had reasonable crypto in place to protect user data at rest.
Assuming good faith and a reasonable storage implementation, it is possible that Lavabit is not capable of providing plaintext messages on demand. I heard somewhere that messages were stored with a key derived from the user's password; if true, then a warrant for [email protected] might not be fulfillable until after the next successful login from johndoe@.[+] [-] acqq|12 years ago|reply
BTW it's a really nice article, gives a nice personal side to the whole story.
[+] [-] nilved|12 years ago|reply
[+] [-] MagicWishMonkey|12 years ago|reply
For one thing, Ladar is the only person at Lavabit with access to the servers or hosting environment. Absolutely no one could access the plain text version of anything (password or email contents) without the password to an account, because all data for a specific user is encrypted using a key that is stored as an encrypted string in the database, without the account password the key cannot be decrypted.
Now, it would be possible for him to have installed software to intercept the password for a specific user when they authenticate, I have no idea if he ever had to do that. I do know that he's obligated by law to comply with court orders, you can't just refuse to cooperate if federal officials give you a warrant, if you don't cooperate they will throw you in jail until you change your mind. Those rules apply to every American company, not just Lavabit.
[+] [-] kaonashi|12 years ago|reply
[+] [-] aqme28|12 years ago|reply
[+] [-] andrewcooke|12 years ago|reply
[+] [-] stevenrace|12 years ago|reply
While cited as an 'encrypted' email service, it apparently operated as a normal (web)mail server by default.
[+] [-] consultant23522|12 years ago|reply
[+] [-] mtgx|12 years ago|reply
[+] [-] akkartik|12 years ago|reply
Uh, what? This could almost be the story satirized by this passage from 1911:
"A certain German art expert, who had obtained from the municipality of Bergamo permission to inspect the famous masterpiece, declared it to be a spurious Pincini... The editor of an Italian art journal refuted the contentions of the German expert and undertook to prove that his private life did not conform to any modern standard of decency. The whole of Italy and Germany were drawn into the dispute, and the rest of Europe was soon involved in the quarrel. There were stormy scenes in the Spanish Parliament, and the University of Copenhagen bestowed a gold medal on the German expert (afterwards sending a commission to examine his proofs on the spot), while two Polish schoolboys in Paris committed suicide to show what THEY thought of the matter."
-- Saki, "The Background" (http://ebooks.adelaide.edu.au/s/saki/clovis/chapter6.html)
[+] [-] harshreality|12 years ago|reply
They're nothing alike. Suppose Silent Circle sent an email to all its users announcing that they would destroy the data on the server in 7 days. It's a good bet the government has accounts on most privacy-advocating web services, simply to keep tabs. That gives the government 7 days to try to get a FISA warrant, or if they think they can get away with it, unilaterally issue a NSL.
They would only be able to subpoena a few of the email accounts (or maybe a lot, but certainly not all), but that still breaks the privacy model many people assume given its advertisement as "secure" webmail.
Silent Circle didn't want to take the chance, and your hyperbolic parallel notwithstanding, they had good reason to do what they did.
[+] [-] notaddicted|12 years ago|reply
[+] [-] jusben1369|12 years ago|reply
The problem with that is you know your service is going to be used by criminals, child pornography, organized crime, terrorists etc. So if you start this service you know you're going to have to comply with government requests for that data. It seems disingenuous to complain about their requests as though you didn't expect them and that they wouldn't e reasonable. And I think he's saying that in his own way when you get into the details: "Yep, I supported the narrowly defined ones but the broadly defined ones are the straw that broke the camels back"
[+] [-] joering2|12 years ago|reply
> The problem with that is you know your service is going to be used by criminals, child pornography, organized crime, terrorists etc.
Thats a huge stretch and abuse of logic IMHO. Don't build roads because criminals and terrorists will drive on them. There will be also UPS/FedEx couriers delivering printed child pornography driving those roads. So better, setup checkpoint and unmanned vehicle x-ray type scanners and set them up every where on highways.
More insane: don't open a barber shop, because if you have hairy guy robbing bank next door, he can get a haircut at your place and cops will have hard time recognizing him.
I don't think every one and each of Lavabit 1,500 paid customers were terrorist. I understand and respect people willingness to have a safe and secure email, as Constitution says you should feel save and secure in your own skin.
> So if you start this service you know you're going to have to comply with government requests for that data.
We don't know what really happened. Knowing how feds work just a little bit, I wouldn't be suprised if owners were intimidated via FBI/CIA/DEA/IRS and plenty other Government Organisations. I wouldn't be suprised if owners, their families and their friends would fall under heavy scrutiny and deep IRS audits. There is really soo many things Feds can do not to break the law, technically, and still harass $hit out of you and your family.
If they fall on each gov request, next we will have that barber share his info, just because feds want to. You know, terrorists are humans; they do get haircut sometimes too.
[+] [-] sybhn|12 years ago|reply
[+] [-] gsibble|12 years ago|reply
[+] [-] DenisM|12 years ago|reply
How about the different between narrowly-defined detention and wholesale just-in-case detention of everyone?
The two are directly analogous, in that scope makes all the difference in both cases. It's entirely possible to support detention of reasonably suspected criminals, and at the same time oppose formation of mass concentration camps. Nothing disingenuous about that.
[+] [-] alan_cx|12 years ago|reply
I think people forget that freedom includes risk.
[+] [-] muyuu|12 years ago|reply
[+] [-] rorrr2|12 years ago|reply
It's a power grab. Pure and simple. Those who control this system can easily find dirt on their political/corporate opponents, while being completely immune.
They might stop some occasional clueless idiot terrorists or CP distributors, but that's not the end goal, that's just the political theater.
You really think terrorists don't properly encrypt their conversations?
You really think high-level criminals don't properly encrypt their conversations?
Think again.
[+] [-] ballard|12 years ago|reply
PS: I'll say what has been said again, Lavabit was so close to being wildly successful, it's a shame that an insecure govt leadership decided to squash a thriving venture. Though it was a likely conclusion because of centralized ownership.
[+] [-] betterunix|12 years ago|reply
[+] [-] vpeters25|12 years ago|reply
[+] [-] mtgx|12 years ago|reply
[+] [-] epo|12 years ago|reply
[+] [-] anovikov|12 years ago|reply
[+] [-] anovikov|12 years ago|reply