The more I think on this, the more I actually start to side with the government's argument. I hate it, but I think they're justified.
Lavabit intentionally structured their service such that there were only two ways to get at a criminal's email: obtain a copy of the suspect's private key or compromise the entire service. Lavabit was capable of reading the suspect's email, but only by slurping from the firehouse and reading everyone's email.
What Lavabit set up to be their greatest strength ("Nobody can read your email unless they somehow have our SSL key") turned into a terrible systemic weakness ("If the government want to exercise its legal right to obtain a warrant and read a suspect's email, then the only way it can do that is to get the key to everyone's email").
My personal real-world analogy is a safe deposit box that opens either with a key the suspect has or with a master key that opens everyone's lockbox. The bank would defintely be required to turn over the master key. The fact that the only key that opens the suspect's lockbox also opens every other customer's lockbox is a fault of the bank's own devising.
(Of course, who the suspect is in the investigation is irrelevant to everything else.)
In the bank analogy it's obvious that the bank's representation would be present and witnessing the use of their master key to ensure that only the box in question was searched, and that's all that Lavabit asked for.
We take it for granted when it comes to a physical search so why should they have unsupervised access to everything for a digital one?
The government shouldn't have the right to COMPEL someone to hand over data. They should have the right to ASK and they should have the right to complain publicly that AT&T or Google isn't cooperating with a specific case, but as communications get more international it is silly to suggest that they have the ability to intercept every communication.
This way there is some actual balance to this madness. If Google refuses to help track down Osama, then the government can announce this, and people will be outraged at Google. Snowden is a different matter, many people don't believe he did anything wrong, so it is hard to take the government's side of things.
The US Government absolutely has the right (under court order) to compel a US-based company to hand over data about a US citizen.
Do you really think that if Google had access to OBL's whereabouts and wouldn't comply with court orders to provide the information, that the acceptable outcome would be the CIA whining about Google on TV?
If Google refuses to help track down Osama, then the
government can announce this, and people will be outraged
at Google. Snowden is a different matter, many people
don't believe he did anything wrong, so it is hard to
take the government's side of things.
Are you really suggesting that our laws should be based on public opinion?
If giving up Osama Bin Ladin's location also required giving up the privacy of everyone that uses Google to the CIA, then I would say that act would become OBL crowning achievement.
He already succeeded in destroying an icon of our economy and taking thousands of lives with it. Are you really suggesting that its acceptable for us to debase one of the basic human rights that are the foundation of this country in order to capture one man? This is exactly what is happening with Lavabit.
I don't think any law should be based on public opinion, but when the interpretation of a law is potentially unconstitutional, then that interpretation becomes a matter of public opinion that should be decided in the US Supreme Court.
Lavabit had the option of providing access to only Snowden's account. They declined that option. The FBI then escalated their demand to get the data they were entitled to.
This 'unconstitutional' demand from the FBI was Lababit's creation by being obstinate to begin with. Did they just expect the government to give up after Lavabit told them they couldn't access that data?
So let's blame the victim? If only Lavabit had capitulated then the poor FBI would not have had to escalate their demands. If only the battered wife had just done what her husband wanted, he wouldn't have had to break her nose. The government does not apply the law uniformly. It escalates when it wants to, when it's been embarrassed or slighted. Keep your head down and don't make trouble.
> Are you really suggesting that its acceptable for us to debase one of the basic human rights that are the foundation of this country in order to capture one man?
That ship has already sailed. Take a look at the Boston marathon bombing manhunt if you need any more evidence of how far 'out the window' your fundamental human rights can go, given the right circumstances.
You can't refute a normative claim with a positive claim.
----
>Are you really suggesting that our laws should be based on public opinion?
I think he's suggesting that violence (which ultimately backs state compulsion) is not an appropriate response to a non-violent act (declining to hand over keys).
I think he's suggesting that violence (which
ultimately backs state compulsion) is not an
appropriate response to a non-violent act
(declining to hand over keys).
I'm sure that's what he is saying, but it's an intellectually lazy claim.
If you only look at the scope of the demand (hand over the keys or we will put you in jail), it may seem like an escalation of force by the government. The real normative claim being made is that contempt of court charges are unconstitutional. Which is patently absurd.
The threat of force exists because through contempt, 'non-violent' dissenters can enable further violence.
the rights of the U.S. government are determined by the constitution of the U.S.
the 4th amendment of the constitution makes it perfectly clear that the government can only receive a warrant when they can establish probable cause of criminal activity AND that the warrant is specific and particular. no blanket searches.
Unfortunately, precedent holds that intercepting stuff broadcast over the wires is not a search.
"In Smith v. Maryland, the Supreme Court held that a pen register is not a search because the "petitioner voluntarily conveyed numerical information to the telephone company." Since the defendant had disclosed the dialed numbers to the telephone company so they could connect his call, he did not have a reasonable expectation of privacy in the numbers he dialed. The court did not distinguish between disclosing the numbers to a human operator or just the automatic equipment used by the telephone company."
While I can see why lawyers and judges should care about that bit of information, I completely fail to see why the common man should. Bad precedents, destined to be overturned, are created all the time. Even the Supreme Court overturns its own "precedents".
So while I agree that info is not completely useless, it's not actually relevant to the question of what the common man should do, because that doesn't change: he should do what's right and just, regardless of the present position of the state.
IANAL, but "reasonable expectation of privacy" sounds like a default position when no expectation has been set between the customer and the service provider. In this particular case, there was an explicit expectation of privacy set out in the terms of service, and in fact that expectation was the entire justification for charging for the service amid a proliferation of free competitors.
Of course my interpretation could differ from established case history, or even with a technical legal reading of that particular clause, but there seems to be a logical argument there (whether or not there's a legal one).
I believe that statute is the reason why Lavabit considered it legal to provide metadata information only. Numbers dialed is a form of metadata. The contents of the call (or email in this case) is another thing entirely. Thats really the basis of the appeal.
The government had a specific and particular warrant to a single account on the Lavabit service. Lavabit denied them access to that account. So the government requested broader access.
false. Lavabit declined to hand over its secret keys. The technical design of the system made it so Lavabit did not have a key that could unlock only one user's account. This was not denial of access. This was a technical limitation. The system was specifically designed to have this limitation as a form of privacy protection. That privacy protection ought not be considered illegal though. This is the essence of the 4th amendment. Its the reason this case is going to a court of appeal.
You can argue that the government shouldn't have the right to compel someone to hand over data or documents.[1] But the fact is that a broad subpoena power, enabling the government to do precisely that, has been part of American law since before there was a United States. So if you think the government shouldn't have this power, the real question is: how do you change this hundreds of years old practice?
[1] You can argue this, but it should be noted that nobody on HN seems to have a problem with the subpoena power when it's say used to subpoena documents from say Enron's accountants.
The difference is, Enron was suspected of committing a crime. Lavabit committed no crime.
If the government subpoenas an individual for their encryption key, because they have reason to suspect the individual for a crime, it is different than to subpoena an innocent, indirect 3rd party. To me, it's like saying "We don't have enough police to handle this crime. So here - you have to take this gun and help us find the criminal. If you refuse, we throw you in jail."
Any service on the Internet could be used by all types of people, for good and bad purposes, just like a hammer can be used to drive nails or kill someone. You don't throw a hammer manufacturer in jail when someone uses a hammer to kill someone. Lavabit is an innocent 3rd party in all of this, regardless of how their computer system was designed.
I agree that the current status of the pen register (it doesn't constitute a search and thus doesn't require probable cause, only that it's "likely" the data will be relevant) is a bar too low.
If it had the same requirements as a search warrant, though, I can't say I register an objection.
Beyond that, saying that the government's recourse is to put out a press release that says, "So, we're trying to get into Osama's email, but Google won't let us," is the appropriate way to handle a secret criminal investigation, then I think we'll always disagree.
> Lavabit intentionally structured their service such that there were only two ways to get at a criminal's email: obtain a copy of the suspect's private key or compromise the entire service.
This is a very disingenuous way of phrasing this. A far more accurate way of phrasing this is: lavabit did not implement a feature that would allow you to compromise a specific user's emails. They simply implemented the most secure option. Of course you can compromise any user of a service by compromising the whole service. That is not something they did "intentionally", that is simply how the world works. If it were possible to make it completely impossible to compromise a user's emails, I'm sure they would have done so.
If you're offering encryption as a service, you need to consider technological and legal best practices[1]. If, at any point, you have the technological ability to see a client's plaintext, that's something you need to strongly address.
The most secure technological option is not always the most secure option. If you don't trust the government, then you have to choose one of 3 options:
1. Consider a system that's resilient against rubber-hose techniques (aka warrants and contempt of court). You'll probably want one where you are technologically incapable of seeing the plaintext. Perhaps offer your paying customers the option of using an open-source program or browser extension.
2. Consider a less technologically secure system where you have access to private keys so that you can fold on one client but not every one.
3. Consider never visiting that country again.
I'm not sure what other choices you really have. Obviously, we can all campaign for better privacy. We can support the EFF and the ACLU, as I do. But we have to work within the laws of our countries, or they'll come down very hard on us.
[1]After this incident, the only way I see Encryption as a Service as being sustainable is an open-source suite with consultation contracts.
The thing is, you can't design a web based system where you can't read the plaintext. If you have to give up your SSL key all bets are off. The FBI can perform a MITM attack to your users. The best you can do in that case is shut down the service, which is what they did.
That is exactly how safe deposit boxes work, and the bank never turns over the master key. The government specifies a box number in the search warrant, the bank officer goes and retrieves that box and hands it over to the official.
In this analogy, however, the government is saying "we know one of your deposit boxes is owned by John Doe, we'll look at em all, figure out which one is John's, and retrieve his stuff".
Lavabit intentionally structured their service such that there were only two ways to get at a criminal's email: obtain a copy of the suspect's private key or compromise the entire service. Lavabit was capable of reading the suspect's email, but only by slurping from the firehouse and reading everyone's email.
What Lavabit set up to be their greatest strength ("Nobody can read your email unless they somehow have our SSL key") turned into a terrible systemic weakness ("If the government want to exercise its legal right to obtain a warrant and read a suspect's email, then the only way it can do that is to get the key to everyone's email").
My personal real-world analogy is a safe deposit box that opens either with a key the suspect has or with a master key that opens everyone's lockbox. The bank would defintely be required to turn over the master key. The fact that the only key that opens the suspect's lockbox also opens every other customer's lockbox is a fault of the bank's own devising.
(Of course, who the suspect is in the investigation is irrelevant to everything else.)