Widely unrecognized in the other discussions on HN is that:
"During an investigation into several Lavabit user accounts, the federal government demanded both unfettered access to all user communications and a copy of the Lavabit encryption keys used to secure web, instant message and email traffic."
Note that the initial court order although appearing to target the specific user demanded explicitly that Lavabit "shall furnish agents from the Federal Bureau of Investigation, forthwith, all information, facilities, and technical assistance necessary to accomplish the installation and use of the pen/trap device." (http://s3.documentcloud.org/documents/801182/redacted-pleadi...)
Then defying the initial order was definitely not Lavabit protecting one (famous) person as some wanted to present this case, as the goal of FBI as stated in this announcement was unfettered "access to the Lavabit network without (Lavabit) being able to audit the information being collected."
For the first time in history the general public can actually see the most of the documents related to such kind of orders. Up to now the people receiving such orders weren't allow to tell anybody even that they received them.
And quite frightening. It makes you think how many more companies are out there where the owners just decided to give in and allow them access and have remained quiet.
The initial order was to provide metadata for all traffic involving a single account. It was only when Lavabit said they couldn't do this without disclosing their SSL private key that the FBI asked for the key.
EDIT: somehow I ended up in the wrong HN topic so my comment was not directly related to this topic. I have not read the press release from Lavabit that this topic links to. My bad.
If you haven't got time to read the whole thing, consider these sentences:
In fact the FBI agents even admitted their intention to collect passwords in transit so they could access emails protected by Lavabit’s encrypted storage feature. This was in stark contrast the DOJ attornies who maintained that only the metadata authorized by the court order would be collected.
Levison was running a business. A privacy business. After years of peaceful co-operation with federal authorities, the FBI suddenly told him he was about to not be in the privacy business anymore, that the business he'd poured ten years of his life into would now shamble forward as a living lie, a thrall of the surveillance state it was conceived to oppose in the first place.
And the motive for this dramatic move? An attempt to find the guy who broke the news about how much spying the government's been doing.
That is, the FBI's instinct about how to handle a scandal about unprecedented levels of domestic surveillance was to increase their level of domestic surveillance.
More important is that the collection was initially already demanded to be via the FBI's own device (that they referred to as a "pen/trap device") that they were to install and control effectively providing them unwarranted access to all the traffic and all the content of it of all users. Nobody actually gave FBI the warrant to access everything but they were to effectively have the access. Later on they also demanded the SSL keys which have more or less the same effect. There's a major difference between collecting the data of the specific individual under investigation and accessing the data of everybody. And this is the first time such secret orders are accessible to the public.
He's only received $50,000 so far, which seems pretty low to me for such an important case like this. If you can't/won't participate in protests against the mass surveillance and privacy abuses of the government, then at least consider supporting those that fight for our 1st Amendment, 4th Amendment, and human right to privacy, like Ladar Levinson does:
This is a real opportunity to fight for user privacy and support the only company that openly defied the government's unconstitutional demands. A virtue we all longed for just a couple of months ago at the height of the NSA scandal. But here it is now and instead we see comments picking on Lavabit and questioning their moral qualities...
People just can't get past character debate. Bickering while their rights are gradually stripped off under their noses.
While I agree he needs more money, it's not like he's going to have to pay $800/hr to get the world's best lawyers on his team. Since he appears to be the poster child for a test case on this, I think the money will mostly only need to be spent on expenses (travel, etc.), vs. lawyer time, and there will probably be in-kind donations of services.
Lader is the kind of person you want to bring to a case before SCOTUS, not weev.
For all of Google's talk of "don't be evil" - it's pretty amazing to me that this one tiny player has more balls to stand up for his principles & users than some monolithic organization like Google.
Note that Lavabit's battle was fought in silence; the first we heard about it was the announcement that Lavabit would be shutting down.
Assuming similar warrants to other companies would also come with gag orders, there is no way to know whether Google has tried to fight. The only way we would know is if Larry Page announced they was closing up shop tomorrow.
Similar arguments apply to every tech company. I am certain that {Google,Yahoo,Microsoft,Facebook,Twitter} has received similar warrants, and has filed objections, and has been given the choice of compliance or corporate death.
Publicly held organizations cannot choose to close shop. They don't own the shop. Something I quote from Bruce Schneier was that if Google or Facebook were in the same position and the CEO refused to cooperate, the shareholders would just fire the existing CEO and get a less moral one!
Yahoo! did much the same, and, like Lavabit, did much of the fighting in secret. Well, except for the "shutting down" part -- although I think you can defensibly argue that the harm to privacy done by Yahoo! effectively sending its users to other random webmail services would be worse than the harm to privacy from keeping operating. Lavabit's users have more capability to fend for themselves or just stop using electronic communications.
That judge is kind of a pushover. Hes not happy the government would have to trust Lavabit with their solution, but he doesn't even begin to question the governments proposal to just MITM all the traffic through a box with unknown software operated by whoever with certainly no tamper-safe logs of any kind.
It's likely because his level of technical competence barely suffices to turn a computer on, but yet he gets to decide on these cases, and the gov lawyer happily aids in his ignorance by supplying factually wrong technical sounding terms (the 'metadata stream') and analogues from an analog world (a 'filter').
I'm reading/skimming through this now, and most of the beginning exhibits repeat a lot of stuff. Also, IANAL, so I may be interpreting some of this incorrectly.
On the PDF's page 51, there begins a record of a court proceeding, deliberating what, exactly, the government is looking for in these proceedings. They discuss the coverage that the FBI thinks its pen register needs. Of note is that Levison was not opposed to the pen register (which, to my understanding, would provide the FBI with all encrypted traffic going through Lavabit's servers), he was opposed only to providing the encryption keys, which Levison asserts would provide the FBI the ability to decrypt all traffic, and not just the traffic of the aforementioned SUBJECT, (read: probably Snowden).
The judge appears to not be a rubber-stamp entity, which is nice, as shown on pages 58-59.
Page 60, Levison states that all the gov needed to do to install the pen register, was set up an appointment with him. But, again, he would not provide any keys.
Ha. On page 61, the court explicitly says that all requests for oversight and monitoring will be denied:
MR. LEVISON : I guess while I'm here in regards to the pen register,
would it be possible to request some sort of external audit to
ensure that your orders are followed to the letter in terms of
the information collected and preserved?
THE COURT : No. The law provides for those things, and any other
additional or extra monitoring you might want or think is
appropriate will be denied, if that's what you' re requesting.
On page 100, Levison states that he can manage to get the information the FBI is looking for, without providing the FBI with Lavabit's encryption keys. Someone (AUSA[censored]) says that the proposed solution does not satisfy the subpoenas and court orders, because it would not provide real-time access to the data.
On page 107-108, the court has this to say about a loss of trust from Lavabit's customers, in the event that Lavabit hands over its SSL keys: "Any resulting loss of customer "trust" is not an "unreasonable" burden"
Starting on page 121, there is a court discussion about "a motion to quash the requirement of Lavabit to produce its encryption keys and the motion to unseal and lift the nondisclosure requirements of Mr. Levison."
Page 126, the court on the government's "right to information". Within the bounds of a criminal investigation, this position seems correct, but they are still requesting a key that would decrypt the communications of about 400,000 customers. Within that context, it seems like overreach.
THE COURT : I can understand why the system was set up,
but I think the government is -- government's clearly entitled
to the information that they're seeking, and just because
you-all have set up a system that makes that difficult, that
doesn't in any way lessen the government's right to receive that
information just as they would from any telephone company or any
other e-mail source that could provide it easily. Whether
it's -- in other words, the difficulty or the ease in obtaining
the information doesn't have anything to do with whether or not
the government's lawfully entitled to the information.
Man, read page 128 and 129. The judge basically says that because it's a criminal case, the 4th Amendment doesn't apply to the data they are requesting (Lavabit's SSL key, which is very emphatically NOT Snowden's data (or, sorry, THE SUBJECT's data)).
What appears to be the now infamous 11 page of 4-point key starts at page 145, as Attachment A. I can't actually verify, from this PDF, that it is text. With the image's resolution, it looks like lines of visual noise. Zooming in, there also appear to be visual artifacts reminiscent of JPG compression.
IANAL, so I don't know what the actual process is called, but that judge needs to be fired.
When confronted with an issue about which the judge knows nothing, the court basically deferred to whatever the government suggested. I'm not reading into it, it's basically how the transcript reads.
I particularly enjoyed this Freudian slip:
MR. BINNALL: I would suggest that the
government -- I 'm sorry -- that the Court
can craft an order to say...
The court here is more marionette than anything else, with the FBI on the strings.
> MR. TRUMP: That's one and the same, Your Honor. Just so the record is clear. We understand from Mr. Levison that the encryption keys were purchased commercially. They're not somehow custom crafted by
Mr. Levison. He buys them from a vendor and then they're installed .
Wrong. You pay to have your public key signed by a commercial entity. The private key was generated by Mr. Levison.
I find it incredibly ironic that in the process of investigating against Snowden's leaks that the NSA is spying on netizens, we see such court orders where feds ask for broad unregulated surveillance where a single targeted tap would have sufficed. The worse is that the judge happily enables this.
Interestingly, the letter states he's received over 150k in support. The rally.org campaign now states over 50k has been pledged. I'm not finding the campaign for support to be terribly transparent.
When receiving the link to the rally.org campaign yesterday (through pinbord on twitter or gruber) I thought it represented the entire universe of assistance Lavar had received. On top of that, the upper limit of the rally campaign keeps changing. Originally I saw 40k, then last nigth 50k, now this morning 96k.
I'm not saying that they're trying to be misleading, but as someone who is interested in this and is considering a donation, I was disquieted by the moving target at rally.org and the lack of transparency until this morning about how much had truly been raised.
Lavabit was created so every law-abiding citizen has access to a secure and private email service.
What an intriguing statement. I'm not sure if I should read anything into it, but 'law-abiding' and 'citizen' seem odd in that context.
Edit: Why not just say 'everyone'? Otherwise it sounds as if Lavabit was making a decision as to whether someone was eligible or not, which I don't think is what he means.
I think he said that because he was happy to work with reasonable law enforcement requests for specific individuals that were part of a criminal investigation.
It was just when they were asking for the ability to completely backdoor his system for all users that he started with the civil disobedience.
I think you are reading too much into the statement. It's likely to be a figure of speech so that regular folks i.e. not child pornographers, drug smugglers, terrorists or other ne'er do wells, can feel good about using the service.
Because it's a statement in front of a court. Specifically, in giving the rationale for why handing over the private key is a 4th amendment violation, it's helpful to point out that lawbreakers (for whom specific, particular, narrow warrants have been issued) have no expectation of privacy even on Lavabit's system.
Nothing unexpected from this announcement. It was heavily implied that he was asked to provide the encryption keys to decrypt the communications of all users.
I'm surprised that some academic lawyers aren't helping take on this case for no cost, due to the precedent it may set and the exposure it will get.
[+] [-] acqq|12 years ago|reply
"During an investigation into several Lavabit user accounts, the federal government demanded both unfettered access to all user communications and a copy of the Lavabit encryption keys used to secure web, instant message and email traffic."
Note that the initial court order although appearing to target the specific user demanded explicitly that Lavabit "shall furnish agents from the Federal Bureau of Investigation, forthwith, all information, facilities, and technical assistance necessary to accomplish the installation and use of the pen/trap device." (http://s3.documentcloud.org/documents/801182/redacted-pleadi...)
Then defying the initial order was definitely not Lavabit protecting one (famous) person as some wanted to present this case, as the goal of FBI as stated in this announcement was unfettered "access to the Lavabit network without (Lavabit) being able to audit the information being collected."
For the first time in history the general public can actually see the most of the documents related to such kind of orders. Up to now the people receiving such orders weren't allow to tell anybody even that they received them.
This is unprecedented.
[+] [-] at-fates-hands|12 years ago|reply
And quite frightening. It makes you think how many more companies are out there where the owners just decided to give in and allow them access and have remained quiet.
[+] [-] tedunangst|12 years ago|reply
[+] [-] axcv|12 years ago|reply
[+] [-] jack-r-abbit|12 years ago|reply
[+] [-] Lagged2Death|12 years ago|reply
In fact the FBI agents even admitted their intention to collect passwords in transit so they could access emails protected by Lavabit’s encrypted storage feature. This was in stark contrast the DOJ attornies who maintained that only the metadata authorized by the court order would be collected.
Levison was running a business. A privacy business. After years of peaceful co-operation with federal authorities, the FBI suddenly told him he was about to not be in the privacy business anymore, that the business he'd poured ten years of his life into would now shamble forward as a living lie, a thrall of the surveillance state it was conceived to oppose in the first place.
And the motive for this dramatic move? An attempt to find the guy who broke the news about how much spying the government's been doing.
That is, the FBI's instinct about how to handle a scandal about unprecedented levels of domestic surveillance was to increase their level of domestic surveillance.
[+] [-] acqq|12 years ago|reply
[+] [-] devx|12 years ago|reply
https://rally.org/lavabit
[+] [-] znowi|12 years ago|reply
This is a real opportunity to fight for user privacy and support the only company that openly defied the government's unconstitutional demands. A virtue we all longed for just a couple of months ago at the height of the NSA scandal. But here it is now and instead we see comments picking on Lavabit and questioning their moral qualities...
People just can't get past character debate. Bickering while their rights are gradually stripped off under their noses.
[+] [-] rdl|12 years ago|reply
Lader is the kind of person you want to bring to a case before SCOTUS, not weev.
[+] [-] alxndresp|12 years ago|reply
[+] [-] ISL|12 years ago|reply
[+] [-] joelrunyon|12 years ago|reply
[+] [-] jmillikin|12 years ago|reply
Assuming similar warrants to other companies would also come with gag orders, there is no way to know whether Google has tried to fight. The only way we would know is if Larry Page announced they was closing up shop tomorrow.
Similar arguments apply to every tech company. I am certain that {Google,Yahoo,Microsoft,Facebook,Twitter} has received similar warrants, and has filed objections, and has been given the choice of compliance or corporate death.
[+] [-] walid|12 years ago|reply
[+] [-] hobs|12 years ago|reply
[+] [-] jpwagner|12 years ago|reply
[+] [-] geofft|12 years ago|reply
https://www.eff.org/deeplinks/2013/07/yahoo-fight-for-users-...
[+] [-] adamnemecek|12 years ago|reply
[+] [-] revelation|12 years ago|reply
It's likely because his level of technical competence barely suffices to turn a computer on, but yet he gets to decide on these cases, and the gov lawyer happily aids in his ignorance by supplying factually wrong technical sounding terms (the 'metadata stream') and analogues from an analog world (a 'filter').
[+] [-] trobertson|12 years ago|reply
On the PDF's page 51, there begins a record of a court proceeding, deliberating what, exactly, the government is looking for in these proceedings. They discuss the coverage that the FBI thinks its pen register needs. Of note is that Levison was not opposed to the pen register (which, to my understanding, would provide the FBI with all encrypted traffic going through Lavabit's servers), he was opposed only to providing the encryption keys, which Levison asserts would provide the FBI the ability to decrypt all traffic, and not just the traffic of the aforementioned SUBJECT, (read: probably Snowden).
The judge appears to not be a rubber-stamp entity, which is nice, as shown on pages 58-59.
Page 60, Levison states that all the gov needed to do to install the pen register, was set up an appointment with him. But, again, he would not provide any keys.
Ha. On page 61, the court explicitly says that all requests for oversight and monitoring will be denied:
On page 100, Levison states that he can manage to get the information the FBI is looking for, without providing the FBI with Lavabit's encryption keys. Someone (AUSA[censored]) says that the proposed solution does not satisfy the subpoenas and court orders, because it would not provide real-time access to the data.On page 107-108, the court has this to say about a loss of trust from Lavabit's customers, in the event that Lavabit hands over its SSL keys: "Any resulting loss of customer "trust" is not an "unreasonable" burden"
Starting on page 121, there is a court discussion about "a motion to quash the requirement of Lavabit to produce its encryption keys and the motion to unseal and lift the nondisclosure requirements of Mr. Levison."
Page 126, the court on the government's "right to information". Within the bounds of a criminal investigation, this position seems correct, but they are still requesting a key that would decrypt the communications of about 400,000 customers. Within that context, it seems like overreach.
Man, read page 128 and 129. The judge basically says that because it's a criminal case, the 4th Amendment doesn't apply to the data they are requesting (Lavabit's SSL key, which is very emphatically NOT Snowden's data (or, sorry, THE SUBJECT's data)).What appears to be the now infamous 11 page of 4-point key starts at page 145, as Attachment A. I can't actually verify, from this PDF, that it is text. With the image's resolution, it looks like lines of visual noise. Zooming in, there also appear to be visual artifacts reminiscent of JPG compression.
[+] [-] p4bl0|12 years ago|reply
[+] [-] notdonspaulding|12 years ago|reply
When confronted with an issue about which the judge knows nothing, the court basically deferred to whatever the government suggested. I'm not reading into it, it's basically how the transcript reads.
I particularly enjoyed this Freudian slip:
The court here is more marionette than anything else, with the FBI on the strings.[+] [-] darkarmani|12 years ago|reply
Wrong. You pay to have your public key signed by a commercial entity. The private key was generated by Mr. Levison.
[+] [-] pilom|12 years ago|reply
[+] [-] epsylon|12 years ago|reply
[+] [-] frank_boyd|12 years ago|reply
[+] [-] marquis|12 years ago|reply
[+] [-] hyperbovine|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] Perseids|12 years ago|reply
[+] [-] jlebrech|12 years ago|reply
[+] [-] jmaygarden|12 years ago|reply
[+] [-] hyperbovine|12 years ago|reply
[+] [-] asparagui|12 years ago|reply
[+] [-] debacle|12 years ago|reply
[+] [-] orofino|12 years ago|reply
When receiving the link to the rally.org campaign yesterday (through pinbord on twitter or gruber) I thought it represented the entire universe of assistance Lavar had received. On top of that, the upper limit of the rally campaign keeps changing. Originally I saw 40k, then last nigth 50k, now this morning 96k.
I'm not saying that they're trying to be misleading, but as someone who is interested in this and is considering a donation, I was disquieted by the moving target at rally.org and the lack of transparency until this morning about how much had truly been raised.
[+] [-] thrillgore|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] antocv|12 years ago|reply
https://ezcrypt.it/fl7n#RL16xMj9JWYSezVvk5FxnG68
[+] [-] dingaling|12 years ago|reply
What an intriguing statement. I'm not sure if I should read anything into it, but 'law-abiding' and 'citizen' seem odd in that context.
Edit: Why not just say 'everyone'? Otherwise it sounds as if Lavabit was making a decision as to whether someone was eligible or not, which I don't think is what he means.
[+] [-] kybernetikos|12 years ago|reply
It was just when they were asking for the ability to completely backdoor his system for all users that he started with the civil disobedience.
[+] [-] smackay|12 years ago|reply
[+] [-] notdonspaulding|12 years ago|reply
[+] [-] deanclatworthy|12 years ago|reply
I'm surprised that some academic lawyers aren't helping take on this case for no cost, due to the precedent it may set and the exposure it will get.
[+] [-] acqq|12 years ago|reply
For the first time in history the public can actually see the most of the documents related to such kind of orders. See also: https://news.ycombinator.com/item?id=6487986
[+] [-] andrewcooke|12 years ago|reply
then when it is confirmed we have "but we already knew this".
neither adds anything. but people seem to vote up world-weary comments. yay for internet points.