Whoa, I had never heard of an attorney-client gag before:
> LADAR LEVISON: Well, just to add one thing to Greenwald’s comments, I mean, there’s information that I can’t even share with my lawyer, let alone with the American public.
My understanding was attorney client privilege was basically absolute. So it would be nigh unto impossible to actually prevent you from sharing something with your lawyer. I wonder if the guy is embellishing some of this.
Of course, if you engage in a criminal conspiracy with your lawyer, it's breakable(sorry Walter White). So they could claim espionage. But the catch 22 is proving it it if the only evidence is itself covered by said privilege.
According to Wikipedia, NSLs used to prohibit you from disclosing their existence from anyone, including your lawyer. This was changed in 2006:
"On March 9, 2006 the USA PATRIOT Improvement and Reauthorization Act was signed into law... Other amendments included that the recipient of an NSL was allowed to explicitly inform their attorney about the request" [1]
Scary stuff. It wouldn't surprise me if there's still some things, like implementation details, that you're compelled to keep secret from your attorney.
Whether or not that would stand up in court is another issue.
Edit: It's not entirely clear to me whether or not this was an actual prohibition on consulting with an attorney, or whether the NSL is worded sufficiently vaguely to make most people believe that's the case. Some case notes from Doe/ACLU v. Ashcroft make me believe it's the latter:
"Because neither the statute, nor an NSL, nor the FBI agents dealing with the recipient say as much, all but the most mettlesome and undaunted NSL recipients would consider themselves effectively barred from consulting an attorney or anyone else who might advise them otherwise, as well as bound to absolute silence about the very existence of the NSL." [2]
Just saying, there is no law on god's earth that would stop me talking to my girlfriend. The government simply does not have that right and I would NEVER recognise it.
You don't have to recognize that right so long as you're willing to take Snowden's route: flee to a country that is willing to stand up to the US and never return.
It does seem like NSL's are fundamentally unconstitutional, but I think every person needs to prove it now in Court, so if you get one, you should contest it.
I'm getting the impression that shutting the service down was the goal perhaps, although the lenience in not just finding a charge to put him away for seems surprising. But really how many rational serious business owners without legal training would do anything to do with the federal government without legal representation?
"Lavabit had complied with 'narrowly tailored' court orders for user information on at least two dozen occasions in the past"
In other words Lavabit is not any better than Hushmail. Lavabit did not base its security on cryptography, it based on it trusting the people who worked for the company. Cryptography was just a side show, just like with Hushmail, because Lavabit could get the plaintexts whenever someone working there wanted (or whenever they were compelled to do so by a government, criminal organization, etc.).
Lavabit was hosted webmail, and therefore inherently dependent on the host not being evil. It is not possible to construct a hosted webmail service that is safe against a malicious/compromised host.
The phrase "user information" is vague; it could include timestamps of all requests from a particular IP, for example. Given that he was willing to shut down his sole source of income on principle, I'm willing to believe that he had reasonable crypto in place to protect user data at rest.
Cryptography was just a side show, just like with
Hushmail, because Lavabit could get the plaintexts
whenever someone working there wanted (or whenever they
were compelled to do so by a government, criminal
organization, etc.).
Assuming good faith and a reasonable storage implementation, it is possible that Lavabit is not capable of providing plaintext messages on demand. I heard somewhere that messages were stored with a key derived from the user's password; if true, then a warrant for johndoe@lavabit.com might not be fulfillable until after the next successful login from johndoe@.
"I heard somewhere that messages were stored with a key derived from the user's password; if true, then a warrant for johndoe@lavabit.com might not be fulfillable until after the next successful login from johndoe@."
...or to try brute forcing the password offline, which has a reasonable probability of working. Either way, it is not any different than the situation with Hushmail, and I would put both squarely in the "snake oil" category.
> ...or to try brute forcing the password offline, which has a reasonable probability of working. Either way, it is not any different than the situation with Hushmail, and I would put both squarely in the "snake oil" category.
You have an awfully high standard of what you define as "snake oil" cryptography. If a brute force effort to derive the secret key constitutes snake oil, I have bad news for you regarding the state of crypto.
First of all, brute forcing the password is not needed unless the user fails to log in. The system is designed for the user to send the most important secret, on which the rest of the system's security depends, to a third party.
That being said, brute forcing a password is not the same thing as brute forcing a secret key. The distribution of passwords that people can remember is not even remotely uniform, and the distribution of passwords that people actually use is even more heavily biased.
Compare to GnuPG: the attacker needs access to your computer before he can even attempt to brute force your password or try to capture it.
Lavabit had two account types. The no-cost one stored the messages unencrypted and the for-fee one stored the messages encrypted.
You have not established that that warrant was for accounts of the second type.
You have not established that the contents of the DVD were readable by the authorities.
You have not established that the type of person who would have a Lavabit account would be the type of person who would choose a password which has "a reasonable probability" of being brute-forced in under a decade.
I don't think so. He based his service on the premise that he didn't have the keys o the encryption, and I can imagine he was able to respond to the requests "this is what I have." Specifically, as the service customers paid for, he was able to give, for example, the name and the credit cards of the specific investigated customers if he billed them directly. But it is OK, there were narrow court orders, everybody is expected to get and respond to such. What happened now must be different. Otherwise, why would he decide to do what he did now?
BTW it's a really nice article, gives a nice personal side to the whole story.
Take a quick look at attachment B and you'll see that Lavabit was asked to provide the plaintext message bodies and attachments of emails sent by the user. This was not a demand for metadata, it was a demand for messages, and it was a demand that Lavabit complied with.
You have no basis to say that everything sought was produced.
It is true that the subpoena asked for it, but a response to a subpoena that supplies what can be supplied and explains why the rest can't be supplied would not trigger another court docket entry unless the government didn't believe the explanation.
Because a subpoena is filed before the government actually contacts the witness, the government typically asks for everything it could possibly get or want.
Why would the government believe a claim that Lavabit could not provide them with plaintexts? Hushmail did it, and Lavabit's architecture is not all that different. At best Lavabit could claim that the user had not logged in and thus they were unable to capture the user's password.
Hushmail is in Canada, I have no idea what the rules surrounding cooperating with the government are there.
In the US when it comes to subpoenas from civil or criminal courts, you only need to produce "books, papers, documents, data, or other objects" in your possession. The passwords were not in Lavabit's possession at the time it received the subpoena. Furthermore, subpoenas can be quashed if they are " unreasonable or oppressive" (see e.g. FRCrimP 17c). Asking a witness to write custom code in order to capture a user's password is a textbook example of an unreasonable request.
The rules for national security requests on the other hand are entirely different. 50 USC 1805(c)(2) requires the recipient of an electronic surveillance order to:
"(B) that, upon the request of the applicant, a specified communication or other common carrier, landlord, custodian, or other specified person, or in circumstances where the Court finds, based upon specific facts provided in the application, that the actions of the target of the application may have the effect of thwarting the identification of a specified person, such other persons, furnish the applicant forthwith all information, facilities, or technical assistance necessary to accomplish the electronic surveillance in such a manner as will protect its secrecy and produce a minimum of interference with the services that such carrier, landlord, custodian, or other person is providing that target of electronic surveillance;"
> Take a quick look at attachment B and you'll see that Lavabit was asked to provide the plaintext message bodies and attachments of emails sent by the user
From what I see, they were ordered to provide all messages, records etc. stored on that account and related logfiles. It does not specifically say "plaintext", so Lavabit might have provided them with the encrypted e-mails and no logs (if they had none) and still be in compliance with the warrant (IANAL!). You cannot possibly be forced to provide something you do not have, right?
Do we know the user was the one who paid for the service? I understood only those had the stored e-mails encrypted. Otherwise, free users had only clear text, and the e-mails in transit which happened after the order were also in clear before they were encrypted, so Lavabit simply had to provide such, for those they weren't able to say "we can't."
Lavabit could almost never claim to be unable to provide plaintexts. In the worst case they would only need to wait for the user to log in again, or perhaps to just brute force the user's password (this does actually work, even for seemingly hard-to-guess passwords).
Lavabit wouldn't be these that bruteforce the passwords. We all know who's in charge for such things. That they earlier provided what they had is to be expected, those were normal court orders, as you were able to prove by linking to them. What happend now must have been something significantly different to make the owner shutting down the company. The owner is not even allowed to say what, which is directly against the First amendment. That's really a huge issue. Please don't keep trying to distract from that by mixing up the normal court orders with what's going on now. Thanks in advance.
While there may be legal and policy differences between "normal" court orders and PRISM, the only technical difference is the scale. If Lavabit could respond to "normal" court orders, then they could have participated in PRISM. Lavabit's users are lucky that the company's founder took a stand for their privacy rights; he could have just gone the other way and kept a record of all their passwords / secret keys / etc.
Of course Lavabit would not be the one brute forcing the passwords. That is not the point. The point is that the security of Lavabit is a matter of the user's password, and only in the best case where the user does not log in.
Ultimately Lavabit's security is a matter of the trustworthiness of Lavabit's employees, not the size of your key; it is marginally related to the strength of your password, but only under very specific circumstances. The fact that cryptography is being used somewhere in the system is a distraction. If instead of the US government showing up with a court order it had been a Chinese spy sending business secrets back to the Chinese government, would you still be defending Lavabit?
Your entire argument comes down to "I don't think anyone but me can be right, and further I can't imagine any way this software could have been architected, therefore lavabit must be evil". Or something. It is very hard to follow your argument. You keep claiming various contradictory things....
I don't care if the government asked for the data of one particular user, when investigating a serious crime and having probable cause. Did you read the documents you linked to? Are you saying that you don't believe that investigating authorities should ever be able to access the contents of an email account, even with probable cause?
If somebody sells me a service saying they can't provide that data, then I expect that data to not be provided. It's what I'm paying for, and it's the commitment they made to me.
Some argue that the government has no right to investigate the contents of an individual's email accounts, even with probable cause.
There's always a way to access the data. Cloud-based email is...cloud-based...which means that it's susceptible to man-in-the-middle and other forms of attack.
It's possible that the government was asking Lavabit to modify its systems such that the encrypted data guarantee would no longer be real, and then they demanded that he hide that fact.
I'm honestly not sure what to think about that. Should private data storage be permitted? Is there a difference between your private data in the cloud and your private data on a system at your home?
"Some argue that the government has no right to investigate the contents of an individual's email accounts, even with probable cause"
Who is arguing that? In this case, the issue is not about whether the government has probable cause. The issue is that any system that allows Lavabit to respond to a warrant can be used for mass surveillance, industrial espionage, etc. This conversation happened 20 years ago when people were arguing about key escrow. Almost nobody argues that the police should not be able to investigate crime; the argument is that backdoors are a massive vulnerability that leave innocent people, for whom the police have no warrant (or no "specific" warrant), at risk.
"Cloud-based email is...cloud-based...which means that it's susceptible to man-in-the-middle and other forms of attack."
The problem is not that the mail service is run by a third party. The problem is that encryption, decryption, key storage, and even key generation are being performed by a third party. I send encrypted mail through GMail all the time -- and Google is not able to decrypt those messages, even if they are presented with a warrant. While it may be problematic for the police to face such a situation, it would be problematic for me if criminals and spies could read my emails, and at the end of the crypto wars Congress determined that the need for good civilian crpytography vastly outweighed the government's needs to enforce laws and spy on other countries.
It is also important to remember that the police can still get messages that are encrypted/decrypted offline, they just have to work a bit harder for it. For example:
No, that isn't the case. Lavabit's emails were encrypted on the server for paying users, and only if enabled by them. In a case where one of those users (whose numbers were less than 2000) had their data subpoenaed, Lavabit would be unable to do so without MITMing themselves in a way that grabbed the plaintext password in transit. Since that didn't happen (why would he close the site when he was asked to do it again?) we can surmise that the only data that was given over was free users and only when compelled by the government.
Because a warrant can't force you to log something you never logged, and he doesn't seem like the kind of person that would sell out when he didn't have to, and then shut down when forced to sell out.
Why do you assume he's a lying bastard like the people at hushmail?
Actually, I read about a case (US) where the court ruled that a service operator had to turn on logging. The rationale was that the required data existed on the server, albeit only transitorily in memory, and therefore was "in possession" and therefore subject to seizure with a warrant.
This was maybe a year or two ago. Sorry I don't recall enough, or have time to look this up. It may have been a lower court decision, subject to appeal.
This is really the point that bothers me - if the NSL type of thing is now going to extend to removing the right of server operators to decide what code will or won't run, then this campaign against citizens being able to communicate privately shifts from "design a non-tappable service" to more like a whack-a-mole situation with only transitory, small scale possibilities of private communication being available.
Firstly, because I trust Lavabit. For two, because he recently shut down the site instead of doing that. It's not definitive, but it doesn't make sense to me that he'd decrypt one user's data but shut down instead of decrypting anothers.
The way I read the story, he shut down the site because he received a non-specific warrant e.g. demands for access to every user's messages. It seems to be pretty clear that he believed that specific warrants are fine. I saw nothing here, nor in any of the other HN front-page stories about Lavabit, to suggest that Lavabit was unable or unwilling to provide law enforcement agencies with plaintext for suspected criminals. Lavabit's users are lucky that the founder is not willing to participate in wholesale surveillance.
For one thing, Ladar is the only person at Lavabit with access to the servers or hosting environment. Absolutely no one could access the plain text version of anything (password or email contents) without the password to an account, because all data for a specific user is encrypted using a key that is stored as an encrypted string in the database, without the account password the key cannot be decrypted.
Now, it would be possible for him to have installed software to intercept the password for a specific user when they authenticate, I have no idea if he ever had to do that. I do know that he's obligated by law to comply with court orders, you can't just refuse to cooperate if federal officials give you a warrant, if you don't cooperate they will throw you in jail until you change your mind. Those rules apply to every American company, not just Lavabit.
Not as far as the security of the system is concerned. If you can comply with one then you can technically comply with the other, and the users are at the mercy of your decision on that matter.
But that's just it. Some users would not mind a service that can be ordered to comply with a particularized and specific warrant. Not everyone's threat model includes what your threat model includes, so as long as users are aware of that going into it then let the user decide.
1. This is a different issue. You can't design a service that doesn't comply with a specific warrant and guarantee this.
2. N-part keys go along way for this. No one employee has the ability to do the things for warrant compliance. Yes still gamable, but so is any system. See 1.
3. Shut down when a non specific warrant is received. Have a big red button that kills everything. Make the system so that it deletes everything if more than N warrant accesses occur in M time units. In the worse case, passive agressive compliance that causes big outages, unintentional security leaks, and so on (while implementing the removal of BRB and N/M scheme) would go a long way in making the paranoid move on before following the world.
The issue of malicious hackers is not separate from the issue of warrant compliance. Whatever system you use to comply with warrants is a system that can and will be attacked. This was widely discussed in the 90s during the push for key escrow and key recovery systems.
Secret sharing makes sense, but not in the context of a system like Lavabit. Where secret sharing makes sense is in identity based encryption, which is similar to Lavabit in that keys are generated by a trusted authority, but is different in that the authority does not store keys or decrypt messages. Threshold IBE is useful in settings where there are multiple key generation authorities, which must jointly compute secret keys from their shares of the master secret.
Finally, I would not rely on anyone to shut their service down in the name of fighting an overly broad warrant. First, whether or not a warrant is too broad is a matter of opinion, and the service operator's opinion may differ from my own. Second and more disturbing, there is no guarantee that the service operator can legally shut the service down when such a warrant is received. As I said elsewhere, Lavabit's users are lucky that the founder was willing to take a stand like this; it is not something I would expect.
You are blatantly point missing for my response to 1. I merely stated that designing a system that cannot be used to comply with warrants in no way stops the ability of hackers to be malicious with the system. Period. End of assertion. They are different considerations from each other, just they have some overlap. I presume the rest of your post is more of the same, therefore won't read.
You can't. That's why trust comes into play. Even if you can design such a system, you must still trust the implementer to get it right, and in the case of email, trust the receiver not to do anything stupid with the cleartext.
I think the distinction between providing aid to the FBI (or whoever) for a specific, targeted warrant but telling them to fly a kite when they want access to everyone without reasonable cause is perfectly reasonable from his perspective.
"After his announcement last Thursday, a second company, Silent Circle, based in Maryland, said it would close its secure e-mail service. That company said it had not been served with a government order of any kind. In a pre-emptive bid to protect its customers’ data, Silent Circle said it had obliterated everything in its server."
Uh, what? This could almost be the story satirized by this passage from 1911:
"A certain German art expert, who had obtained from the municipality of Bergamo permission to inspect the famous masterpiece, declared it to be a spurious Pincini... The editor of an Italian art journal refuted the contentions of the German expert and undertook to prove that his private life did not conform to any modern standard of decency. The whole of Italy and Germany were drawn into the dispute, and the rest of Europe was soon involved in the quarrel. There were stormy scenes in the Spanish Parliament, and the University of Copenhagen bestowed a gold medal on the German expert (afterwards sending a commission to examine his proofs on the spot), while two Polish schoolboys in Paris committed suicide to show what THEY thought of the matter."
They're nothing alike. Suppose Silent Circle sent an email to all its users announcing that they would destroy the data on the server in 7 days. It's a good bet the government has accounts on most privacy-advocating web services, simply to keep tabs. That gives the government 7 days to try to get a FISA warrant, or if they think they can get away with it, unilaterally issue a NSL.
They would only be able to subpoena a few of the email accounts (or maybe a lot, but certainly not all), but that still breaks the privacy model many people assume given its advertisement as "secure" webmail.
Silent Circle didn't want to take the chance, and your hyperbolic parallel notwithstanding, they had good reason to do what they did.
Hmm, I think we're making different assumptions about what happened to Lavabit, so it might be useful to discuss this more.
I was assuming that:
a) Lavabit can't access its users' email, so any subpoenas are ineffective at getting at emails stored in their servers.
b) However, the feds would force them to snoop on decrypted data for specific accounts as it is served back to the user. This would only give access to what the user happens to read after the order goes into effect.
c) They received a new order that was a lot more invasive, perhaps to snoop on all plaintext data as it left their servers.
d) They suspended operations before any such snooping could occur.
If all this is true, any other operation can follow the same steps. If the feds ask for too much, we suspend operations immediately, no 7 days. But they wouldn't need to preemptively suspend before the feds come knocking. Is there something wrong with my reasoning? Were you making different assumptions?
Actually they would, with a NSL the Government can (and has been suspected of in the past) force a Service provider to remain operational, or not to do anything that would interfere with the collection of the data they are looking for.
Now I dont know if the NSA attempted that with Lavabit, or if Lavabit willfully ignored that demand, etc but the government does have that legal power.
"In the name of the general welfare, to protect the people's security, to achieve full equality and total stability, it is decreed for the duration of the national emergency that:
...
Point Two. All industrial, commercial, manufacturing and business establishments of any nature whatsoever shall henceforth remain in operation, and the owners of such establishments shall not quit nor leave nor retire, nor close, sell or transfer their business, under penalty of the nationalization of their establishment and of any and all of their property.
Where does the money come from in that case? Does the Government writes checks to keep things up and running then? Or does it prohibit declaring bankruptcy?
It depends what you care about more, the emails or the privacy. The privacy is now ensured, and it isn't like they've erased the emails from the users' minds, only the records of the email.
“I’ve always sort of believed it’s important for Americans to have private conversations with other Americans,” Mr. Levison said in a telephone interview Monday, “and not fear that their conversations were being monitored by the government.”
The problem with that is you know your service is going to be used by criminals, child pornography, organized crime, terrorists etc. So if you start this service you know you're going to have to comply with government requests for that data. It seems disingenuous to complain about their requests as though you didn't expect them and that they wouldn't e reasonable. And I think he's saying that in his own way when you get into the details: "Yep, I supported the narrowly defined ones but the broadly defined ones are the straw that broke the camels back"
> The problem with that is you know your service is going to be used by criminals, child pornography, organized crime, terrorists etc.
Thats a huge stretch and abuse of logic IMHO. Don't build roads because criminals and terrorists will drive on them. There will be also UPS/FedEx couriers delivering printed child pornography driving those roads. So better, setup checkpoint and unmanned vehicle x-ray type scanners and set them up every where on highways.
More insane: don't open a barber shop, because if you have hairy guy robbing bank next door, he can get a haircut at your place and cops will have hard time recognizing him.
I don't think every one and each of Lavabit 1,500 paid customers were terrorist. I understand and respect people willingness to have a safe and secure email, as Constitution says you should feel save and secure in your own skin.
> So if you start this service you know you're going to have to comply with government requests for that data.
We don't know what really happened. Knowing how feds work just a little bit, I wouldn't be suprised if owners were intimidated via FBI/CIA/DEA/IRS and plenty other Government Organisations. I wouldn't be suprised if owners, their families and their friends would fall under heavy scrutiny and deep IRS audits. There is really soo many things Feds can do not to break the law, technically, and still harass $hit out of you and your family.
If they fall on each gov request, next we will have that barber share his info, just because feds want to. You know, terrorists are humans; they do get haircut sometimes too.
> Thats a huge stretch and abuse of logic IMHO. Don't build roads because criminals and terrorists will drive on them.
Just thought those two sentences were funny being right next to each other.
Let's be honest here, though: The percentage of people using his email service for illegal reasons is much higher than the percentage of people using roads for the same illegal reasons. It's the same problem that Pastebin faces,[0] and it's the reason paste.pocoo.org shut down.[1] Services that advertise complete privacy and anonymity get swamped with people who want to hide illegal activity.
I think ceol covered this pretty well below (above?) I think the mistake you made was assuming I somehow meant all users would be of this type. My point was that if your position in the marketplace you're going to attract a higher % of these folks than a regular email service - not that the only user he ever would have would be this type.
The more I see arguments of this sort, the more I can see where we're heading. Not that there's anything wrong with your argument, this is the world live - we expect our state to have access to data on citizen when the said citizen is under investigation.
Too bad communications are only going to get more digitalized. I guess that soon we will live in a world where a citizen entire communication will be stored somewhere, ready to be mined on first suspicions.
One day, the thin line that makes a citizen a suspect will be blurry enough that we'll wonder how did we get the state this level of access in our lives in the first place. It'll probably be too late then.
So what? That's like saying Comcast, AT&T, and other service providers should feel guilty for what their users do with their networks? Please. As if they would.
So you don't see a serious difference between narrowly-defined and broadly-defined snooping?
How about the different between narrowly-defined detention and wholesale just-in-case detention of everyone?
The two are directly analogous, in that scope makes all the difference in both cases. It's entirely possible to support detention of reasonably suspected criminals, and at the same time oppose formation of mass concentration camps. Nothing disingenuous about that.
If the terrorist, kiddie porn arguments have primacy, free society is well and truly over. We can apply those criteria to everything, and, well, shut down.
If you think this mass surveillance was set up to fight child porn or terrorists, you're extremely naive.
It's a power grab. Pure and simple. Those who control this system can easily find dirt on their political/corporate opponents, while being completely immune.
They might stop some occasional clueless idiot terrorists or CP distributors, but that's not the end goal, that's just the political theater.
You really think terrorists don't properly encrypt their conversations?
You really think high-level criminals don't properly encrypt their conversations?
To be fair, I think most would-be terrorists are not terribly sophisticated. If they were very sophisticated we'd be seeing a lot more successful attacks against targets abroad. The current terrorist threat is overhyped to a large degree in my unprofessional opinion. I mean, the head of Al Qaeda was holed up in a small compound watching porn, he didn't even have any sort of backup plan for when SpecOps eventually came to his doorstep.
High-level criminals otoh are most certainly savvy enough to not communicate important information through unencrypted channels.
> Hi Guys, We got a big position in 3m libor for the next 3 days. Can we please keep the libor fixing at 5.39 for the next few days. It would really help.
(I actually think there are high-level criminals among terrorists, mafiosi, Wall St., and even computer programmers. But of course the existence of such high-level criminals isn't an excuse for a government to abandon the rule of law and violate its constitution...)
The problem with centralized privacy-as-a-service is the Fed raid problem. In order to be "fed proof," a service must be sufficiently distributed.
PS: I'll say what has been said again, Lavabit was so close to being wildly successful, it's a shame that an insecure govt leadership decided to squash a thriving venture. Though it was a likely conclusion because of centralized ownership.
The problem is not limited to any specific government; the problem is that you are doing something inherently insecure when you allow a service provider to generate, store, and utilize your private keys. Exploits by law enforcement are not the only problem -- spies, criminals, etc. can also exploit the weakness.
I'm no lawyer but I think Mr. Levinson should lay low and avoid talking to the media. I think he is already in deep trouble, if he keeps talking, he is pretty much challenging federal prosecutors to have him "Swartz'd"
An idea for fixing this is having an email provider broken up between several countries that are not expected to cooperate (like U.S., Russia, Equador and Iran) and coded in a way that renders information worthless unless pieces from all parts are used. Then no court order can help.
http://www.democracynow.org/2013/8/13/exclusive_owner_of_sno...