What a quiet, unassuming hero Ladar Levison has turned out to be. This guy had a calling, and stuck to it. Without this incident the majority of us would not have known how deeply principled and committed to freedom he is. Our society is better because of him, I wonder how many more Ladars are out there? I'm sad to say, I'm not sure I would have endured so much duress for so little reward.
We'll always need people to fight for freedom. It would be so much better if the masses were half as impressed with him as we are. They don't even care enough to opt-out of airport scanners, though.
In the last week I've read 1984 and Brave New World, and what struck me most about both was the strict segmentation of people groups.
I've heard people say, as you do, that "the masses" will never do such and such, and I agree. But in the past, I haven't really been willing to separate "the masses" into their own group. Instead, I've considered myself, and you, and others on HN, as part of "the masses".
Anyway, I wonder now if I'm wrong. Maybe we should think of the masses as if they are proles (85% of the population in 1984)? Are "the masses" actually just a large group of people who are—literally—no help whatsoever is securing and protecting a just and free society for themselves and others? And worse, completely unaware that they are no help?
Perhaps the masses should be ignored, since their opinions—when they have any—are politically powerless.
I think they don't like the situation but not enough to turn off their TVs? Maybe they feel powerless. Maybe they feel like the government is the good guys and the ends justify the means. Nobody they know personally has been waterboarded.
In my ideal society the majority has more respect for education and rationality and ergo they would have thought, "hm, maybe this PATRIOT Act and increased surveillance is exactly in line with the goals expressed by the terrorists."
Or they'd at least think, "what's going on with these congressional districts, some sort of Uzumaki?"
But what seems to be happening is that nobody is angry enough to even vote differently. So I'll probably move to Canada or something.
The more I think on this, the more I actually start to side with the government's argument. I hate it, but I think they're justified.
Lavabit intentionally structured their service such that there were only two ways to get at a criminal's email: obtain a copy of the suspect's private key or compromise the entire service. Lavabit was capable of reading the suspect's email, but only by slurping from the firehouse and reading everyone's email.
What Lavabit set up to be their greatest strength ("Nobody can read your email unless they somehow have our SSL key") turned into a terrible systemic weakness ("If the government want to exercise its legal right to obtain a warrant and read a suspect's email, then the only way it can do that is to get the key to everyone's email").
My personal real-world analogy is a safe deposit box that opens either with a key the suspect has or with a master key that opens everyone's lockbox. The bank would defintely be required to turn over the master key. The fact that the only key that opens the suspect's lockbox also opens every other customer's lockbox is a fault of the bank's own devising.
(Of course, who the suspect is in the investigation is irrelevant to everything else.)
In the bank analogy it's obvious that the bank's representation would be present and witnessing the use of their master key to ensure that only the box in question was searched, and that's all that Lavabit asked for.
We take it for granted when it comes to a physical search so why should they have unsupervised access to everything for a digital one?
The government shouldn't have the right to COMPEL someone to hand over data. They should have the right to ASK and they should have the right to complain publicly that AT&T or Google isn't cooperating with a specific case, but as communications get more international it is silly to suggest that they have the ability to intercept every communication.
This way there is some actual balance to this madness. If Google refuses to help track down Osama, then the government can announce this, and people will be outraged at Google. Snowden is a different matter, many people don't believe he did anything wrong, so it is hard to take the government's side of things.
The US Government absolutely has the right (under court order) to compel a US-based company to hand over data about a US citizen.
Do you really think that if Google had access to OBL's whereabouts and wouldn't comply with court orders to provide the information, that the acceptable outcome would be the CIA whining about Google on TV?
If Google refuses to help track down Osama, then the
government can announce this, and people will be outraged
at Google. Snowden is a different matter, many people
don't believe he did anything wrong, so it is hard to
take the government's side of things.
Are you really suggesting that our laws should be based on public opinion?
If giving up Osama Bin Ladin's location also required giving up the privacy of everyone that uses Google to the CIA, then I would say that act would become OBL crowning achievement.
He already succeeded in destroying an icon of our economy and taking thousands of lives with it. Are you really suggesting that its acceptable for us to debase one of the basic human rights that are the foundation of this country in order to capture one man? This is exactly what is happening with Lavabit.
I don't think any law should be based on public opinion, but when the interpretation of a law is potentially unconstitutional, then that interpretation becomes a matter of public opinion that should be decided in the US Supreme Court.
Lavabit had the option of providing access to only Snowden's account. They declined that option. The FBI then escalated their demand to get the data they were entitled to.
This 'unconstitutional' demand from the FBI was Lababit's creation by being obstinate to begin with. Did they just expect the government to give up after Lavabit told them they couldn't access that data?
So let's blame the victim? If only Lavabit had capitulated then the poor FBI would not have had to escalate their demands. If only the battered wife had just done what her husband wanted, he wouldn't have had to break her nose. The government does not apply the law uniformly. It escalates when it wants to, when it's been embarrassed or slighted. Keep your head down and don't make trouble.
> Are you really suggesting that its acceptable for us to debase one of the basic human rights that are the foundation of this country in order to capture one man?
That ship has already sailed. Take a look at the Boston marathon bombing manhunt if you need any more evidence of how far 'out the window' your fundamental human rights can go, given the right circumstances.
You can't refute a normative claim with a positive claim.
----
>Are you really suggesting that our laws should be based on public opinion?
I think he's suggesting that violence (which ultimately backs state compulsion) is not an appropriate response to a non-violent act (declining to hand over keys).
I think he's suggesting that violence (which
ultimately backs state compulsion) is not an
appropriate response to a non-violent act
(declining to hand over keys).
I'm sure that's what he is saying, but it's an intellectually lazy claim.
If you only look at the scope of the demand (hand over the keys or we will put you in jail), it may seem like an escalation of force by the government. The real normative claim being made is that contempt of court charges are unconstitutional. Which is patently absurd.
The threat of force exists because through contempt, 'non-violent' dissenters can enable further violence.
the rights of the U.S. government are determined by the constitution of the U.S.
the 4th amendment of the constitution makes it perfectly clear that the government can only receive a warrant when they can establish probable cause of criminal activity AND that the warrant is specific and particular. no blanket searches.
Unfortunately, precedent holds that intercepting stuff broadcast over the wires is not a search.
"In Smith v. Maryland, the Supreme Court held that a pen register is not a search because the "petitioner voluntarily conveyed numerical information to the telephone company." Since the defendant had disclosed the dialed numbers to the telephone company so they could connect his call, he did not have a reasonable expectation of privacy in the numbers he dialed. The court did not distinguish between disclosing the numbers to a human operator or just the automatic equipment used by the telephone company."
While I can see why lawyers and judges should care about that bit of information, I completely fail to see why the common man should. Bad precedents, destined to be overturned, are created all the time. Even the Supreme Court overturns its own "precedents".
So while I agree that info is not completely useless, it's not actually relevant to the question of what the common man should do, because that doesn't change: he should do what's right and just, regardless of the present position of the state.
IANAL, but "reasonable expectation of privacy" sounds like a default position when no expectation has been set between the customer and the service provider. In this particular case, there was an explicit expectation of privacy set out in the terms of service, and in fact that expectation was the entire justification for charging for the service amid a proliferation of free competitors.
Of course my interpretation could differ from established case history, or even with a technical legal reading of that particular clause, but there seems to be a logical argument there (whether or not there's a legal one).
I believe that statute is the reason why Lavabit considered it legal to provide metadata information only. Numbers dialed is a form of metadata. The contents of the call (or email in this case) is another thing entirely. Thats really the basis of the appeal.
The government had a specific and particular warrant to a single account on the Lavabit service. Lavabit denied them access to that account. So the government requested broader access.
false. Lavabit declined to hand over its secret keys. The technical design of the system made it so Lavabit did not have a key that could unlock only one user's account. This was not denial of access. This was a technical limitation. The system was specifically designed to have this limitation as a form of privacy protection. That privacy protection ought not be considered illegal though. This is the essence of the 4th amendment. Its the reason this case is going to a court of appeal.
You can argue that the government shouldn't have the right to compel someone to hand over data or documents.[1] But the fact is that a broad subpoena power, enabling the government to do precisely that, has been part of American law since before there was a United States. So if you think the government shouldn't have this power, the real question is: how do you change this hundreds of years old practice?
[1] You can argue this, but it should be noted that nobody on HN seems to have a problem with the subpoena power when it's say used to subpoena documents from say Enron's accountants.
The difference is, Enron was suspected of committing a crime. Lavabit committed no crime.
If the government subpoenas an individual for their encryption key, because they have reason to suspect the individual for a crime, it is different than to subpoena an innocent, indirect 3rd party. To me, it's like saying "We don't have enough police to handle this crime. So here - you have to take this gun and help us find the criminal. If you refuse, we throw you in jail."
Any service on the Internet could be used by all types of people, for good and bad purposes, just like a hammer can be used to drive nails or kill someone. You don't throw a hammer manufacturer in jail when someone uses a hammer to kill someone. Lavabit is an innocent 3rd party in all of this, regardless of how their computer system was designed.
I agree that the current status of the pen register (it doesn't constitute a search and thus doesn't require probable cause, only that it's "likely" the data will be relevant) is a bar too low.
If it had the same requirements as a search warrant, though, I can't say I register an objection.
Beyond that, saying that the government's recourse is to put out a press release that says, "So, we're trying to get into Osama's email, but Google won't let us," is the appropriate way to handle a secret criminal investigation, then I think we'll always disagree.
> Lavabit intentionally structured their service such that there were only two ways to get at a criminal's email: obtain a copy of the suspect's private key or compromise the entire service.
This is a very disingenuous way of phrasing this. A far more accurate way of phrasing this is: lavabit did not implement a feature that would allow you to compromise a specific user's emails. They simply implemented the most secure option. Of course you can compromise any user of a service by compromising the whole service. That is not something they did "intentionally", that is simply how the world works. If it were possible to make it completely impossible to compromise a user's emails, I'm sure they would have done so.
If you're offering encryption as a service, you need to consider technological and legal best practices[1]. If, at any point, you have the technological ability to see a client's plaintext, that's something you need to strongly address.
The most secure technological option is not always the most secure option. If you don't trust the government, then you have to choose one of 3 options:
1. Consider a system that's resilient against rubber-hose techniques (aka warrants and contempt of court). You'll probably want one where you are technologically incapable of seeing the plaintext. Perhaps offer your paying customers the option of using an open-source program or browser extension.
2. Consider a less technologically secure system where you have access to private keys so that you can fold on one client but not every one.
3. Consider never visiting that country again.
I'm not sure what other choices you really have. Obviously, we can all campaign for better privacy. We can support the EFF and the ACLU, as I do. But we have to work within the laws of our countries, or they'll come down very hard on us.
[1]After this incident, the only way I see Encryption as a Service as being sustainable is an open-source suite with consultation contracts.
The thing is, you can't design a web based system where you can't read the plaintext. If you have to give up your SSL key all bets are off. The FBI can perform a MITM attack to your users. The best you can do in that case is shut down the service, which is what they did.
That is exactly how safe deposit boxes work, and the bank never turns over the master key. The government specifies a box number in the search warrant, the bank officer goes and retrieves that box and hands it over to the official.
In this analogy, however, the government is saying "we know one of your deposit boxes is owned by John Doe, we'll look at em all, figure out which one is John's, and retrieve his stuff".
One fact that people seem to be ignoring is that SSL private keys are used for authentication. Having an SSL private key doesn't automatically give you access to a user's data; it gives you the ability to impersonate a trusted person/site, which can have the effect of fooling users into handing over their data.
Has anyone analyzed whether the government has the authority to compel you to help them impersonate you? From what I can tell, that's central to the private key issue.
[Edit: Yes, you can passively eavesdrop if you're not negotiating a TLS ciphersuite with forward secrecy. Added "automatically" to clarify.]
In regards to the subpoena power, a point that Kerr doesn't address is that the subpoena power is to compel the production of evidence (as his US v Calandra quote illustrates). In this case, the SSL private key is not itself evidence - it is merely an artifact that the investigators require in order to look for evidence.
Is it the equivalent to using a subpoena to force a third party to produce the physical key to a safe in which the investigating authority believes evidence will be found.
The key itself is not evidence, contraband, fruits, or instrumentalities of crime, Lavabit argues, but is merely a way to get to evidence, contraband, fruits, or instrumentalities of crime. This is a clever argument pressing an undeveloped aspect of Fourth Amendment law, but I don’t think it ultimately works. It’s pretty standard for computer warrants to authorize the seizure of passwords, encryption codes, operating manuals, “and other information necessary to access the computer equipment, storage devices or data.” I haven’t seen a Fourth Amendment challenge to such provisions, but I would think they are okay because they involve instrumentalities of crime. That is, the password or encryption key is part of the tool used to commit the crime, so it is part of the instrumentality of crime and can properly be obtained in a search warrant.
I'm not sure you could reasonably claim that Lavabit's private key is an instrumentality of crime, since Lavabit's private key is in the control of and used by Lavabit, the service provider, not the alleged criminal. This would be like claiming you could seize the entire phone network because someone somewhere used it to commit a crime.
Now, you may be able to demand that Lavibit hand over the user's password or encryption keys, if it is able to do so. Those could likely be considered instrumentalities of crime. But handing over Lavabit's own private keys goes beyond that, to something that Lavabit merely uses to keep it's communications private with all of its customers, the people under investigation and everyone else.
Asking for Lavabit's private key is like asking for the master key to let you into any room the building, when only one tenant is actually under investigation. It goes beyond what is necessary to investigate the actual case in question.
If the landlord uses identical locks on all the apartment doors, he can't turn around and complain that turning over the key to the apartment being investigated would open all the doors.
As for the instrumentality of the crime, even though it's Lavabit's SSL key the government's contention is that Snowden made use of it in his alleged crimes (by for example encrypting leaked data with the public half of the key for transmission to lavabit's web to email gateway, where it would ultimately be decrypted by lavabit using the private key, and then emailed to the a recipient.) Suppose a criminal rented a car and used it as a getaway vehicle and then returned it. The police could get access to the car for forensic evidence from the rental company, notwithstanding the fact that the car belonged to the rental company who was not accused of any crime.
If the landlord uses identical locks on all the apartment doors, he can't turn around and complain that turning over the key to the apartment being investigated would open all the doors.
Why?
When setting up a business, are you required to organize it in such a way that in the future, the government can come along and perform a certain kind of search/and/or seizure? It that your obligation, failing which all of your customers must suffer?
It's one thing to have a law that states the government can ask for things. But I haven't heard anybody argue that the law requires you to organize your affairs in such a way that you can comply with requests like this "cleanly."
>It that your obligation, failing which all of your customers must suffer?
> It's one thing to have a law that states the government can ask for things. But I haven't heard anybody argue that the law requires you to organize your affairs in such a way that you can comply with requests like this "cleanly."
Generally you don't have to set up your business in such a way as to comply with requests cleanly, though there are exceptions for certain telecom providers (not applicable here). But by the same token your inability to comply cleanly doesn't absolve you of the responsibility to comply.
So our landlord hypothetical the landlord certainly is allowed to use the same lock on every door, but he still has to turn over the key when it is demanded.
As for the collateral consequences to third parties the court will not assume that the government is going to abuse their access to search more than they are authorized to. That seems to be the biggest disconnect. The judge didn't think that the ability to decrpyt all the traffic was a pertinent harm because his order didn't allow the agents to look at it. Whether or not that's a reasonable assumption as a matter of fact is an empirical question, but it is certainly a reasonable, perhaps even compelled, one from a legal standpoint.
If the business is allowed to send its customers a form letter telling them that hey has given the master key to the government, I would understand the position that the interests of the other customers were reasonably safeguarded.
If, for example, one of them was discussing some business and then suspicious trading occurred, she might ask whether a government employee abused the master key and was doing some insider trading on the side.
But if the business is not allowed to tell the customers that their privacy has been compromised, I would not want to give the government the "benefit of the doubt" about their use or abuse of a master key.
Trust, but verify, as they say. How does one verify when these security letters are handed out like candy?
> When setting up a business, are you required to organize it in such a way that in the future, the government can come along and perform a certain kind of search/and/or seizure?
No you aren't required to, however, you are required to cooperate with legitimate searches/seizures even if the you have structured your business so that doing so inconveniences other customers unrelated to the target of the search/seizure.
You can't structure your business in such a way as to make narrow searches/seizures impossible without inconveniencing unrelated customers and then use that as an excuse not to cooperate with otherwise-legitimate searches and seizures.
But it's not a matter of using identical locks. He has offered to turn over particular pieces of evidence about particular suspects; but he refused to hand over his private key which would allow the feds to snoop on everything. It's like asking for the master key, when only the key to one particular room (or one particular car) would be sufficient for the investigation.
Analogies extended too far can be unhelpful, but I'll risk it one more time.
His offer, made rather late in the game, was the equivilent of the super telling the police they couldn't enter the apartment, but that he (the super) would search it for them and pick up whatever they were asking for, if they were willing to pay him some money for his time.
That might be a reasonable offer, but I don't think there's anything in fourth amendment law, or the statutes, that require the police to take him up on it, rather than just insisting that they do the search themselves.
In my own reading of the case, the area of the government's actions that seemed the weakest was the applicability of the rationale for the probable-cause-less pen-trap and stored communication act requests (i.e. the third party doctrine from Smith v. Maryland) to email headers and usage logs from a service that held itself as not being able to access these things. In that circumstance it looks to me like the user does have a reasonable expectation of privacy in those (meta)data, and so a warrant issued upon probable cause should be necessary. However, this case also involved a grand jury subpoena. That's a whole other (troublesome) kettle of fish, one that frankly I'm not too familiar with.
I am not a lawyer, but I have a hard time imagining that subpoena power couldn't be used to obtain a physical key necessary to obtain evidence in a physical safe. As long as the goal is production of evidence, even if it's not necessarily directly obtained, it seems like a valid use of a subpoena. A subpoena would be pretty toothless otherwise since it would be relatively easy to avoid, something I doubt the courts would show much support for.
I would imagine it could be found in past cases where such containers requiring a physical key that couldn't/wouldn't be produced were confiscated and opened by whatever other means necessary.
If the law is certain the needed evidence is within the container, the lack of a physical key would not stop the attempt to collect that evidence.
I'm curious if there are cases of the police requiring a physical key that is in effect a skeleton key. Say, for instance, an apartment manager's master key that opens every door in the building. Having possession of that would mean the police would have access to every apartment in the building regardless of whether the search warrant allows for that or not. That would be similar to having the SSL key in this case, the authorities would have access to everything.
Now, in that case, imagine the police department had recently been shown to not be trustworthy enough to have access to a key that opens every door in the building. I think you could see the dilemma here.
Sorry fellow Americans, you don't have Fourth Amendment rights anymore.
You've got Fourth-Amendment-As-Defined-By-A-Government-Lawyer-In-A-Secret-Court rights. They're similar, except that Federal agencies can snoop the hell out of whatever you're doing.
You know, to keep our children safe from terrorists.
If the number is "1 of his other clients" it is just as bad.
This is the educational problem we face ('we' being people who have the particular libertarian bent that Ladar is showing with his actions here). The masses, on all sides of the political spectrum, do not understand just how truly special our constitution is, and how offended they should be that the current holders of office are trampling it underfoot in so many ways. The 4th amendment could be paraphrased as "if officers of the state don't have good reason to think you're guilty, they have no right to invade your person in any way".
If we were talking about a fluke whereby the FBI, in the process of intercepting Snowden's communications, mistakenly saw the SMTP traffic of an innocent user of lavabit, OK, mistakes happen. But that's not what's going on here. The FBI requested, and was granted by a federal judge, the ability to search people for whom it had no probable cause of criminal action. Ladar's side brings this up in hopes that the judge will understand that more narrow measures would be just as useful to the FBI, without violating anyone's 4th amendment rights (including Snowden's since he did break the law) and without destroying the core of his business.
At least for citizens of the US, if the government isn't prepared to arrest you and press charges against you, it's supposed to leave you the heck alone.
As far as I know, Edward Snowden has not been tried and convicted in any US jurisdiction that I am aware of. I typically do not like being pedantic, but I can say if I was on that jury I would be hard-pressed not to push for jury nullification (http://en.wikipedia.org/wiki/Jury_nullification).
If you want to be pedantic, per your link jury nullification occurs in cases where the jury agrees the defendant is guilty but deserves to be acquitted nevertheless. Or in other words, did break the law.
The Guardian[1] is notorious for typos and other little inaccuracies (mostly back from the non-digital printing days, but they proudly keep the tradition going even with modern presses.)
1. a.k.a. The Grauniad. www.grauniad.co.uk redirects to theguardian.com
I thought that - I wondered if that was only the number who were paying? In fairness though, the SSL cert would compromise even those who weren't..so I guess you're right.
Pity is, 'lawyers' say that, we all agree on it BUT, and this is the big BUT, as longs as the secret 'court' thinks otherwise, we are completely helpless.
If (another big IF) this case goes to the SCOTUS and they (after quite a bit of money) they support Ladar and all of us, then you can take it for granted that a new 'decision' will take place in a secret 'court' which 'reinterprets' the facts.
There is no secret court involved in this case. The initial case was overseen by the US District Court for the Eastern District of Virginia and is currently in appeals at the 4th Circuit Court of Appeals [1]. The Foreign Intelligence Surveillance Court has no part in this decision.
In this whole episode the judge came out as a complete loon when it comes to technology with power to trash any privacy expectations. I don't understand why he was so eager to do what he did (fining $5k per day ? what kind of a joke is that..).
They are reporting the fact that his lawyer made this claim, it's expected that people have basic reading comprehension.
Discerning the difference in meaning between "Demands on Lavabit violated Fourth Amendment, lawyers say" and "Demands on Lavabit violated Fourth Amendment" is not an onerous task.
