"That other information not subject to the warrant was encrypted using the same set of keys is irrelevant"
Oh, that makes sense...said no one ever.
Let's trust our involuntarily-transparent government not to go on a fishing expedition through troves of data that users intentionally chose to encrypt, and then not find justification to get warrants against them for other reasons that can bring the investigation full circle. /s
let's say he gave them the SSL keys. how would anyone ever prove afterwards what they did with the decrypted info?
evidence of this type of official misconduct doesn't exist except through leaks which (i imagine) as far as the law is concerned is pretty far from admissible evidence.
The unrelated evidence in this case (from other users) just can't be used in court, they need probable cause. In this case there is no probable cause to arrest Joe Blow for a crime, this was all about getting to Snowden.
i think you're missing the point. having the SSL keys would give them access to all users' decrypted data, not just Snowden's. If Joe Blow happens to have an undeclared overseas bank account at Bank Foo, with account #1234 which can be seen from decrypted emails, then the FBI can investigate this "anonymous tip" overseas with no probable-cause requirement, then arrest Joe Blow for tax evasion. the origin of the tip would not ever need to be disclosed, they will just have gained knowledge of this bank account. afterwards, they can say "we have knowledge that Joe Blow has undeclared offshore funds, let's get a warrant for his email"...and so we have an illegally gained tip, used to get legal access to his whole email account.
Anonymous tips have been used to procure search warrants in specific circumstances [1], i'm sure there's no shortage of lawyers who can convince a judge, "cause 9/11!"
If it becomes the official policy in U.S. that companies must provide the government with keys, passwords, and broad proprietary information related to system design, this will have an effect on the IT industry. Its the key escrow thing all over again.
Companies has a few option: Implement perfect forward security and see government create laws to counter it. They can also move the data centers to countries without key escrow laws.
They can also implement discrete per-customer cryptographic solutions, so that if they receive a warrant for the data and traffic relating to Customer-X then they don't have to compromise all their other customers.
It'll cost more to set-up and run, but the benefit is that your business won't go down the drain when the warrant arrives.
Thats a set-up that not even the military deploys, or banks for that matter. Its arguable also in the same league of PFS, as the government could easy just issue general warrants or alternative create laws that does the same.
You probably intended only a descriptive term, but fittingly the Americans' opposition to what was called the "general warrant" was precisely what led to the 4th Amendment to the US Constitution. [1]
But you are correct that this is the likely outcome, now that the rule of law is essentially dead in the US.
1. See, e.g., http://legal-dictionary.thefreedictionary.com/Fourth+Amendme..., "The Framers drafted the Fourth Amendment in response to their colonial experience with British officials, whose discretion in collecting revenues for the Crown often went unchecked. Upon a mere suspicion held by British tax collectors or their informants, colonial magistrates were compelled to issue general warrants, which permitted blanket door-to-door searches of entire neighborhoods without limitation as to person or place. The law did not require magistrates to question British officials regarding the source of their suspicion or to make other credibility determinations.
"The writ of assistance was a particularly loathsome form of general warrant. The name of this writ derived from the power of British authorities to enlist local peace officers and colonial residents who might "assist" in executing a particular search."
I was referring to how the National Security letters has been used.
Stories like the court order requiring Verizon to turn over records of every call "on an ongoing daily basis", or any of the many times when a blanket searches and seizures has happen to people or their property. Their numbers are so great that many lawyers and professors openly state that the 4th amendment do not exist anymore.
"Marketing a business as 'secure' does not give one license to ignore a District Court of the United States"
Which is why we should always prefer technical approaches to resisting surveillance. Promising that you will not compromise user privacy is pretty weak.
“After knocking on his door, FBI special agents witnessed Mr.
Levison leave the rear of his apartment, get in his car, and drive away.”
Maybe his car was parked out rear?
Maybe he needed milk?
Maybe the local convenience store wasn't within walking distance?
I'm just saying that we needn't jump to any hasty conclusions. This does look mighty suspicious though.
Seriously though. Ladar Levison acted contra to his own best interests and in alignment with _all_ of our best interests in thwarting the FBI's attempts at quickly locating and apprehending Edward Snowden. Whatever we may think about Dark Circle it is clear that his heart is in the right place. I wouldn't have the ability and guts to do what he has done and I praise him for it. Yes, he could have designed his previous system better, seems like he's going to try harder next time. We should help.
I've been to Ladars apartment multiple times, he lives on the 5th or 6th floor of a high rise. His "back door" is a sliding glass door that leads out onto a 5 square foot metal balcony.
So, unless Ladar happens to be spiderman, the FBI agent is lying through his teeth.
I heard Ladar speak on this topic. Apparently his apartment isn't on the first floor and only has a balcony out back. He just walked out the front door, as he says it.
You're being very literal minded if you interpret 'leave the rear of his apartment, get in his car, and drive away.' wrongly. I mean, his car wasn't parked on his balcony, was it? It's obvious what is being referred to unless you're picking nits.
The elevator leads to the parking garage, which is where Ladar parks his car. There are a couple of side doors that lead out into a shopping center/dog park, but if you leave that way you can't get to your vehicle easily.
The FBI says he drove away, implying he got in his car, which means he took the elevator down to the lobby and walked through the big glass doors into the garage.
The most likely just didn't get there in time to catch him in his apartment (or missed him while he was heading down the elevator). I don't understand why they are lying about something as stupid as this, though.
> The most likely just didn't get there in time to catch him in his apartment (or missed him while he was heading down the elevator)
That seems to fit what's said in the article and what Levison said himself ('I was just leaving my house'). What the FBI said _could_ be read to imply causality between their knocking and him leaving, but perhaps it's due to paraphrasing (and putting a spin on) the agent's report by the US attorney.
I don't understand why they are lying about something as stupid as this, though.
Obviously, they lie because they can.
There are no consequences for government officials who lie, even under oath. As procedures have become more and more formal, the immunity of officials for lying has become more ironclad. The result is that they do it reflexively. They lie now just because it's a habit and nobody ever is called to account for it, except private citizens.
If you're a private citizen, making a false statement to the feds is a felony. It doesn't even have to be a lie -- just a mistake or faded memory is automatically a felony.
The interesting thing here is if there exist conditions under which you can just disappear such that it is impossible to subpeona you. For example, if they had contacted him prior to serving a notice from a judge and he expected to receive a subpeona soon or eventually, what stops him from simply leaving town for a while on a fishing trip or to visit family and conveniently returning when its been long enough that getting the information is of much less use?
Once they served him with a warrant (this was several weeks before Snowden came public with anything) he could not skip town without getting nailed with an obstruction of justice charge and a subsequent trip to prison.
He had no idea the warrant was related to Snowden until several weeks after it had been issued.
I'm wondering if the warrant was actually about Snowden but they used child porn as cover. If so, would that be grounds to dismiss things in a court of law?
It was my impression that an incorporated company is required to have a registered point of contact. A sole proprietor wouldn't be subject to that requirement, obviously, but most enterprises are not operated as proprietorships.
Yep, I have a couple of single-member LLCs and I'm required to have a registered agent (basically someone who is normally available during typical business hours at a given location) to accept service.
Is that point of contact required to be able to be able to handle unconstitutional law enforcement requirements like NSLs? The only person that needs to "disappear" is the person who can satisfy the requirements of an NSL. i.e. the person with the SSL cert and password.
Disclaimer: I have absolutely no idea what I'm talking about. Every single thing in this comment is speculation.
That said, I wouldn't be at all surprised to see the following features in the system:
- Point of contact must be available during normal business hours.
- If the point of contact is not able to handle a particular request from the government, the company is legally responsible for making someone who can available, within a reasonable window of time after the contact point gets the request.
- I don't see that the employees can be subject to a legal requirement to appear, or be located anywhere in particular, or be reachable by any means. But the company can.
- I'm pretty sure whether or not the law enforcement requirements are putatively unconstitutional makes no difference.
You're allowed to leave your apartment if people come to your door. Since the officers did not touch him there's no possible way he could be under arrest.
It's a free country you can leave and enter your premises as you see fit.
> You're allowed to leave your apartment if people come to your door.
The FBI and co. are not regular people.
> It's a free country you can leave and enter your premises as you see fit.
I'm not sure I understand what you're trying to imply. I mean, if it's such a free country then why did the FBI special agents make note of the fact that they "witnessed Mr. Levison leave the rear of his apartment, get in his car, and drive away" and furthermore why did they include this noted piece of information in the court brief. My understanding of it is that they are insinuating?/stating? that Ladar Levison actively evaded the law. Anyway, it's a minor issue, is it not?
“After knocking on his door, FBI special agents witnessed Mr. Levison leave the rear of his apartment, get in his car, and drive away.”
What leaving the rear of the apartment is against the law after being visited by the FBI?
Anybody else think the FBI is trying to paint an image of Ladar Levison as the typical movie bad guy here?
I get where the government is coming from he went a little overboard resisting them but getting the SSL certificate for the entire website for 1 guy is unacceptable and if they don't agree they don't understand the internet.
> A U.S. email provider can promise its users all the security and privacy it wants; it still has to do whatever it takes to give the government access.
Correct.
Again: Just because Lavabit designed its security in a shitty manner to make it easier for end users, doesn't mean he can somehow wave his hands and claim "but but but but, I've designed this system such that you will be able to also read other peoples emails whom you've not subpoenaed. That is against my mission statement!".
doesn't mean he can somehow wave his hands and claim "but but but but, I've designed this system such that you will be able to also read other peoples emails whom you've not subpoenaed. That is against my mission statement!".
Sure it does. If the police want to do something that impacts a very large number of innocent bystanders they need to have a higher level of accountability than if they just want to target one specific individual. For example it is unreasonable to search every house in a neighborhood in order to arrest one guy who owns a house there.
Yes, but the problem in this case is that the housing developer used one master key for all of the houses in the neighborhood. And now he is being asked to give over the master key to the police, so that they can search the house.
Will they copy it? Who knows... this is a question related to how much you trust the government and all of it's actors, policies, and procedures.
Or you can just not have master keys for all of the houses you build, or buy houses with unchangeable master keys.
Yeah except that's not how it works. The police/law enforcement/courts can simply get a warrant which says they're allowed to look at exactly 1 guys email, and you are to provide decryption keys.
You don't get to play "well I don't trust the government so I'm not going to let you" against the courts if the relevant parties promise they're not going to look at anything else - since amongst other things that would actually be breaking the law, and whatever they get would be inadmissible under various umbrellas - they certainly couldn't build a case off of it.
You might want to look into parallel construction.
"Parallel construction is a police process of building a parallel - or separate - evidentiary basis for a criminal investigation which otherwise would rely upon evidence or tips received either from a confidential source or that might fall under the category of fruit of the poisonous tree. By building a separate evidentiary basis for an investigation, such as corroborating evidence using other resources or finding other valid reasons to investigate, prosecutors are able to avoid disclosing confidential or otherwise unusable evidence."
(From: http://en.wikipedia.org/wiki/Parallel_construction)
Yes. Note the important point though: it's based on the fact that a crime has other sources of evidence which would independently confirm a crime if they are found, which would be legal to pursue if they were discovered by other means.
i.e. the murder victim, the weapon and the security tape you buried in the local national park. The police might not find them, but they also don't need a search warrant to go looking.
Claiming you should for some reason be above the law entirely is absurd - the general point is to provide protection from stuff like "thought-crime" prosecutions, or at least a warning sign if that would otherwise be a thing.
He never said "I'm not going to let you", he offered to give them the snowden document dumps but the emails could not be decrypted without snowdens personal password. They demanded his SSL keys (something completely unprecedented) and Ladar refused on the grounds that it would compromise the security of all Lavabit users, not just Snowden.
And that's where he screwed up. Again just because your crypto sucks and has a weak spot doesn't mean the government is going to feel sorry for you and stop their investigation.
Imagine a system similar to Lavabit's, but with PFS.
The FBI demands the key so they can spy on one user. I'll give them the key, ban the user, and continue with a new key. The government then will have no plaintext of anyone's comms on my server.
If they demand the new key, they'll have to have a warrant for another user, and we'll repeat the above process.
If they object to the particular users being banned, or order me not to ban them, I'll shut down the server, and object in public based on the 13th Amendment [1]. They're entitled to take over the server if they want, but they're less likely to get away with compelling innocent citizens to actively perform services to help them deceive third parties.
1. "Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction."
AFAIK, Lavabit might very well be able to do just that.
If Lavabit can convince the appeals court that providing the keystone to the entire security model of the whole company imposes an unreasonable burden (in my mind, a quite convincing argument), they can vacate the decision and thereby set some precedent that compelled key disclosure by subpoena is, at least in these circumstances, inconsistent with US law.
The "shitty security" you are referring to is the defacto SSL standard implementation. The same implementation used by your bank, fortune 500 corporations, and the federal government.
I'm guessing the GP was referring to the fact that Levison didn't update Lavabit to prefer ciphers that provide perfect forward security. Here is his own admission on the subject:-
"
When I was designing the Lavabit encrypted storage feature in 2004, it simply wasn’t possible for an attacker to intercept and decipher a large number of SSL connections in real time. This assumption was presumed true even if an attacker managed to gain access to the SSL private key. The situation has obviously changed. Network tools now decipher SSL connections efficiently, and servers are fast enough to make this attack a reality. A theoretical weakness became practical. I missed that development. More importantly, I failed to update the Lavabit SSL configuration to prefer ciphers that provided perfect forward secrecy.
"
I agree that he should have been more pro-active with PFS, but he did not consider a national security request to surrender his SSL keys as a legitimate threat. He's somewhat paranoid but he doesn't wear a tinfoil hat or anything.
These comments sound like the guy is getting a pass for his screwup, and the only reason why is because the government is the one doing the subpoenaing.
If the situation was reversed everyone where would be cheering at how incompetent and idiotic the government is.
It should be owned up that he designed his system with a weak spot, and that weak spot was obviously used to legally subpoena the data the government wanted access to.
My bank has never claimed anywhere that my banking records are totally secure and that they would never have a chance of being turned over to the Feds if there was an investigation.
Im not sure how this distinction applies in this case since in each iteration the government was trying to obtain their legally subpoenaed data in the most specific way possible.
They were not able to decrypt the data without the account password, which can only be derived using Snowdens personal password, so that poses a problem. To get the password they were forced to demand that Lavabit hand over private SSL keys (so they could potentially intercept the password in transit over the network). Now the courts have to decide whether such an act is legal or if it constitutes a violation of the 4th amendment (and possibly free speech). Should be interesting to see how this pans out.
I somewhat wish this case was a simple secret order and immediate subsequent self shutdown of a service, to test in court whether shutting down a service would be legal when presented with such an order.
> A U.S. email provider can promise its users all the security and privacy it wants; it still has to do whatever it takes to give the government access.
Not necessarily, it is not at all clear that the government has the authority to demand a private business surrender SSL keys. Such an could very well be in violation of the 4th amendment.
You are correct, in that the government does have the authority to demand information on a specific person, but due to how Lavabit was designed that information was encrypted in such a way that only Edward Snowden could provide the password for decryption.
In most systems data is stored in plain text (or encrypted with a cipher key known by the system administrator), so surrendering data in readable form is not an issue.
Oh, that makes sense...said no one ever.
Let's trust our involuntarily-transparent government not to go on a fishing expedition through troves of data that users intentionally chose to encrypt, and then not find justification to get warrants against them for other reasons that can bring the investigation full circle. /s