Secrets, lies and Snowden's email: why Ladar Levison was forced to shut down Lavabit - Polidicks

[quote]My legal saga started last summer with a knock at the door, behind which stood two federal agents ready to to serve me with a court order requiring the installation of surveillance equipment on my company's network. My company, Lavabit, provided email services to 410,000 people - including Edward Snowden, according to news reports - and thrived by offering features specifically designed to protect the privacy and security of its customers. I had no choice but to consent to the installation of their device, which would hand the US government access to all of the messages - to and from all of my customers - as they travelled between their email accounts other providers on the Internet. But that wasn't enough. The federal agents then claimed that their court order required me to surrender my company's private encryption keys, and I balked. What they said they needed were customer passwords - which were sent securely - so that they could access the plain-text versions of messages from customers using my company's encrypted storage feature. (The government would later claim they only made this demand because of my "noncompliance".) [/quote] [url]http://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email[/url]

wow couldn't they just idk... use the legal channels to subpena the contents of snowden's account like idk... the laws were originally written for?

[QUOTE=Sableye;44861114]wow couldn't they just idk... use the legal channels to subpena the contents of snowden's account like idk... the laws were originally written for?[/QUOTE] That's [URL="http://www.volokh.com/2013/10/11/lavabit-challenges-contempt-order/"]exactly what they did[/URL], they issued a subpoena for the encryption key necessary to read the contents of Snowden's account. Levison refused to comply with any of the requests made by the government, even as they altered the requests to try to appease Levison. That article I just linked was written by a professor of law at GWU and it very neatly lays out why the case went the way it did. Levison basically didn't have a hope in hell because he was trying to skirt around laws that have been on the books for decades and already very heavily debated and revised on the issue of civil liberties.

[QUOTE=catbarf;44861183]That's [URL="http://www.volokh.com/2013/10/11/lavabit-challenges-contempt-order/"]exactly what they did[/URL], they issued a subpoena for the encryption key necessary to read the contents of Snowden's account. Levison refused to comply with any of the requests made by the government, even as they altered the requests to try to appease Levison. That article I just linked was written by a professor of law at GWU and it very neatly lays out why the case went the way it did. Levison basically didn't have a hope in hell because he was trying to skirt around laws that have been on the books for decades and already very heavily debated and revised on the issue of civil liberties.[/QUOTE] So basically, instead of complying with laws he'd known about since before he started the service (but apparently didn't plan for if he was storing everyone's encryption keys), he shut down email access to 410,000 people? Kind of a dick move.

[QUOTE=supersnail11;44861464]So basically, instead of complying with laws he'd known about since before he started the service (but apparently didn't plan for if he was storing everyone's encryption keys), he shut down email access to 410,000 people? Kind of a dick move.[/QUOTE] But it was done for the sake of his customers. His customers want privacy from all intrusions, not just the government, and he provided privacy. The thing about providing the encryption keys is that the risk of these keys leaking increase exponentially for every person with access and the government team responsible will likely composes of a significant number people. Once access is given to a person whom you can't trust, you can not promise competent security.

[QUOTE=Mastermind of42;44864978]But it was done for the sake of his customers. His customers want privacy from all intrusions, not just the government, and he provided privacy. The thing about providing the encryption keys is that the risk of these keys leaking increase exponentially for every person with access and the government team responsible will likely composes of a significant number people. Once access is given to a person whom you can't trust, you can not promise competent security.[/QUOTE] Don't forget though that there was just one encryption key for the whole service, rather than hashing individual keys to individual accounts. The only reason giving up the key meant compromising the whole service is because Lavabit was designed that way. The government (successfully) argued that poorly designing a service isn't an appropriate defense against a subpoena.

[QUOTE=Mastermind of42;44864978]But it was done for the sake of his customers. His customers want privacy from all intrusions, not just the government, and he provided privacy. The thing about providing the encryption keys is that the risk of these keys leaking increase exponentially for every person with access and the government team responsible will likely composes of a significant number people. Once access is given to a person whom you can't trust, you can not promise competent security.[/QUOTE] If he really cared about security, he would generate these keys, give them to his users, and then remove them from his servers. That way, no one can force him to give up an account's keys, because he doesn't have them.

Yeah lavabit was designed badly, email in general is just designed really badly (Shows it's age, it pre-dates 8 bit character encodings and any notion of security) If people really want a secure email service they have to host it themselves, that's the only way you can actually be sure your messages are secured.

[QUOTE=TheDecryptor;44865435]it pre-dates 8 bit character encodings[/QUOTE] ASCII was 1963, ARPANET email was 1971.

[QUOTE=supersnail11;44865760]ASCII was 1963, ARPANET email was 1971.[/QUOTE] Yep, that's because ASCII is 7-bit. It wasn't until later that it got extended to 8-bit (Stuff like Windows-1252, etc.). Edit: The ISO standard covering ASCII wasn't published until 1972, and is 7-bit.

This case really exposes the legal doublespeak rampant in our communications laws. Katz v. United States determined that the government can't eavesdrop on private conversations without a warrant, and that all conversations in which the participants had a reasonable expectation of privacy were protected. Lavabit was a service provider that "guaranteed" privacy, so its users should have been protected. The government circumvented this inconvenience by referring to email records as property rather than speech, and then issuing the subpoena to the service provider based on a warrant for a single user's communications. Lavabit was unable to dispute the subpoena because they were a legal "third party," and the thousands of other users who risked having their communications seized were unable to dispute because they had no legal right to know about the governments seizure of Lavabit's "property."

Lavabit was a quite secure service used by many. I think that they had one encryption key just so they could argue against any subpoenas. Ultimately all data was deleted and physically destroyed because the point of the whole email service was that no one should be able to access it legally or not.

[QUOTE=supersnail11;44865113]If he really cared about security, he would generate these keys, give them to his users, and then remove them from his servers. That way, no one can force him to give up an account's keys, because he doesn't have them.[/QUOTE] SSL private key, not the encryption used on the stored messages. But yes, I don't understand why they don't just double wrap, there are plenty of PGP encryption programs out there that allow you to embed encrypted pgp messages in your email: so even if your email was not SSL secure, they could only get metadata.