Hacker News new | past | comments | ask | show | jobs | submit login
EFF Has Lavabit’s Back in Contempt of Court Appeal (eff.org)
240 points by DiabloD3 on Oct 25, 2013 | hide | past | favorite | 60 comments



It's interesting that the two strongest practical arguments EFF is making (based on how people will react to an adverse decision) are also the two that probably the least persuasive from a legal standpoint (based on laws and court precedents).

I'm talking about service providers moving their operations to more privacy-friendly jurisdictions, and improving protocols with e.g. perfect forward secrecy to make this sort of attack impractical.

So everyone suffers under an adverse decision in this case:

The US economy suffers because businesses seriously concerned about privacy choose to locate elsewhere

Law enforcement suffers because those businesses are no longer reachable when they have a legitimate reason to obtain the communications of spies, terrorists, or plain old criminals, and get a narrow warrant that properly protects the privacy of innocent bystanders.

Individual liberty suffers because a precedent will make it easier for people who don't care about privacy and use domestic providers subject to these overbroad warrants to be caught up in a surveillance dragnet

That being said, Congress, not the courts, is the proper venue to address those practical arguments. Will anyone care outside of technophile bubbles like HN? Unfortunately, I think we all know the answer.


Bravo, EFF.

Seriously, that is one heck of a broad warrant, namely the private key used to decrypt all business records of all customers.


The warrant was specifically for the data relating to Mr Snowden. Go and read the disclosed documents: that is the only individual on whom data was requested.

There was no warrant for the SSL keys; that was issued as a subpoena when Mr Levison stated that the data-in-transit was encrypted. The judge told him to disclose the keys that were protecting Mr Snowden's data.

That Mr Levison happened to use the same SSL certs for all paying customers isn't the fault of anyone but... him.


That is how SSL is intended to work. You cannot have more than one SSL certificate for a given domain. That is an intentional design decision by the committee that created the SSL RFC.

Does the door to your house support multiple types of keys? Or is it designed to work with a single, specifically machined key? Can you open your front door with your car key? Why not?


You cannot have more than one SSL certificate for a given domain.

No, you cannot have more than one SSL cert for a given hostname (and port combo). You can assign a unique hostname to each user. The "oh, no, SNI doesn't work with IE 6" problem shouldn't have been a major problem for lavabit.

Does the door to your house support multiple types of keys?

The door to my apartment building is opened by one key. Everybody in the building has a copy. The door to my apartment is opened by a different key. The shared key is not the key that protects my stuff.


Why is one SSL key the only thing protecting these customers?


Because that is how SSL works. I don't understand your question. Your bank uses one SSL key as well. Google has one SSL key for their homepage. It is not possible for a top level domain to have more than one SSL certificate. Are you asking why SSL works the way it does? You'll have to talk to the people who wrote the RFC.

SSL is what is used to protect communications between a client and the Lavabit endpoint. Once a request is inside the lavabit network other security measures are used. For example, each email message is signed using the account key for a given member, the account key is itself encrypted with the members password. The only way to decrypt a message is with the account key and the only way to decrypt the account key is with the member password. If you lose your password, your mail is gone forever. The feds had access to snowdens encrypted emails, but they had no way to decrypt them without his account password and the only way to do that is with snowdens personal password, which is why they wanted to sniff unencrypted traffic (to snag his password en route to the lavabit server). I've simplified a few things but this is a rough overview of how his system is designed.


Why is SSL the only thing protecting these customers? It's a really simple question and I think you are intentionally avoiding it and attacking a straw man.


The entire second paragraph addresses the internal security beyond the SSL protection used in transit. But yes, in effect, SSL is the only thing protecting the user's password on the wire and this password is what is used to generate the master key for the encrypting the messages server side.


> That Mr Levison happened to use the same SSL certs for all paying customers isn't the fault of anyone but... him.

Name me one large company using HTTPS, with separate SSL server certs for each user.

Just one. I'll wait.


When your business is secure email, I think we can fault the creator for designing the system in such an insecure way.

If it wasn't a warrant, a single leak of the key would expose everyone's data.


It's fairly obvious that you have no clue how SSL actually works.

Do you honestly think that it would make sense to set up a completely new domain for each and every user? Do you have any idea what a nightmare that would be to support? Do you think it would be cost effective to spend $50/year per user to implement such a system?

And do you really think that SSL has anything at all to do with the encryption used for storing data inside his system?


Actually you could implement it rather easily using a wildcard cert and a CA provider that provides unlimited signings (like DigiCert). The user goes to "https://myuser.whatever.com", and you use SNI to select the private key.

It might be a pain to manage, and you'd need to get your wildcard cert resigned for each private key, but that's just logistics.


That would cause any particular user to leak what user on the site they were. In other words, if I connect with https to lavabit normally, anyone watching my connection knows I went to lavabit, but don't know what account I am associated with. If I have to hit a subdomain specific to my user, then they know.


It would be a nightmare to manage, and you would have to explain to all 400k of your customers how connect to the smtp/imap endpoint for that particular user.

Completely and totally unrealistic for an email provider. The support costs alone would bankrupt the company.


Really? Server: <username>.provider.com.

Anyways, I'm just pointing out that it is possible to provide per-user certificates.


Sad that the parent is being down voted for being 100% correct.

He designed his system to have a single point of failure. The government then exploited that fact because it would allow them to get access to the data they want. This is Lavabits fault, not anyone elses.


So you're saying lavabit is at fault for using SSL exactly how it was designed to be used?

Did you know that your bank uses the same exact approach to SSL security? Did I just blow your mind?


Perhaps the problem is believing that using SSL exactly as designed is the right solution. Somehow tarsnap manages to keep my data safe without relying solely on SSL.


Yes, yes and no.

Design a system where if the government wants access to one account, you have to give them access to everyones account to comply? Your fault.


No one designs systems like that because, up until now, the threat of having the feds confiscate your private SSL keys was unthinkable for those of us who don't wear tinfoil hats.

And it's still not 100% clear that forcing a business to hand over their keys is even legal from a constitutional standpoint.


The site wasn't designed to be 100% secure most likely due to it being overly complex and burdensome on the end user, thus reducing uptake. So a comprise was made and that is why it was designed the way it was...thus leading to a subpoena for the entire site since Lavabit didn't comply with handing over a specific users data.

Also it is legal for the site to hand over their keys, it already happened. The only way it will become illegal is if the law somehow gets repealed.


What? The site WAS designed to be 100% secure, which is why the government demanded he hand over his private keys.

There was no compromise anywhere, financial institutions use the same exact security strategy. An insecure system would be one that makes it easy for a 3rd party to intercept communications (via warrant or through a disgruntled employee or whatever), that is basically what you are suggesting.


Financial institutions haven't promised to keep your info secret from the government when served with a warrant.


But that bolsters the EFF's argument, does it not?

I mean, on a technical level, you may be right, but the 4th Amendment is not something that protects only as long as the government does not exploit these technical details. See Kyllo v. United States.


It's obvious that your straw man has no clue how SSL works. Why should the disclosure of one SSL key compromise all users of your service?


Because an SSL certificate is linked to a specific domain. It has nothing at all to do with user accounts. Creating a custom domain for each and every user is totally nonsensical from both a business and technical standpoint.


God did not say "Lavabit must only use SSL and cannot use any other measures to fulfill its understood and contractual obligations with customers". That is ridiculous.


> That Mr Levison happened to use the same SSL certs for all paying customers isn't the fault of anyone but... him.

I'm not sure you or the judge understands how SSL works. I would love to see them subpoena a bank for their SSL private key and see the reaction of the world.


The government obtained a 2703(d) order for the stored non-content data of a particular user (suspected to be Snowden, but redacted from the court documents). They then obtained a pen register order, for real-time metadata about that same user. Lavabit told them they couldn't comply, so the government sought to use the 3rd party assistance language in the pen register statute to compel the company to provide its private SSL keys. The government then followed up with a grand jury subpoena and Stored Communications Act warrant specifically seeking Lavabit's private SSL keys.

So, no. The warrant the government obtained was not specifically for the data relating to Mr Snowden, but rather, was for the SSL keys.


"Lavabit told them they couldn't comply"

That's not accurate. Lavabit offered to construct a backdoor for that particular user at well below cost. Instead the government demanded they destroy their business model by making all users insecure.

Imagine you run a hotel. The police are looking for a fugitive that's been known to check in occasionally. You offer to build a system that notifies the police if that user checks in. They refuse. Instead they demand you place a camera in each room.


Now, the courts get to decide how to run your business?


When they have a warrant? Absolutely they do. They've always had that power, and every country I know of has warrants of similar power.

If you're hosting encrypted data that focuses on privacy while remaining law abiding, it's just sensible to maintain separate SSL keys so you avoid this very scenario. It's not as if it wasn't foreseeable.


Doesn't separate ssl certd allow someone to know which user is using the service?


Yes.

If you have separate server certs per user (as suggested above), then you can tell which user is using the service.

If you have separate client certs per user, then you call tell which user is using the service.

The Lavabit response to the original order was not the best, IMHO. As he was in possession of the certs and private keys, he could have decrypted Snowdon's traffic himself, and handed it to the court.

Instead, he tried to hide behind a BS "it's encrypted" defence. The court called his bluff. He lost.


I thought he offered to do that and they turned him down?

I would imagine him decrypting the data himself would cause problems in a chain-of-evidence type of way though.


hmm... is there a way to obfuscate that to the outside? Can you wrap the individual certs? Or use the same cert for everyone, but do a zero knowledge key exchange for people who want to log in, and then have them authenticate with a signed document keyed to a public key they gave when they signed up for the service?

Anyway, at least in the physical security industry, security isn't about preventing intrusions. It is about delaying it and limiting it until a sufficient response can be mobilized. Perfect security is impossible


No. A warrant doesn't allow anyone to dictate how one runs their business.

How the guy chose to run his business and what the warrant was requesting are two different things.


When the warrant requests data, it says you can't burn it all down and delete it. Well, you can't without breaking the law.

Yes a warrant imposes certain restrictions on your business.


I disagree, but it depends on what type of warrant we're talking about. I'm speaking of a search warrant. A search warrant is used to find and collect evidence that already exists. If authorities need you to change how your business runs to collect new evidence that doesn't yet exist then that runs into a whole different set of laws. A search warrant doesn't allow, or at least it shouldn't, authorities to walk in and take over your business for their own purposes. Search warrants shouldn't have that level of power because they are so easy to obtain, police just ask a judge to sign a piece of paper. It's easy to obtain because all it should be is a piece of paper that allows law enforcement to enter your property without permission, which would normally be a crime, so that they can search for particular evidence. Search warrants can even be very, very specific as to what exactly law enforcement is really looking for within the property if the judge doesn't want to be overly broad.

What you are describing does happen, but I fail to see how it would happen under a search warrant.

As for your destroying data being against the law if it is requested by the courts. You are correct, except that if your business model is to destroy data in a timely manner then you cannot be held in contempt for destroying data before it was requested. At that point it becomes something different as they have to request you no longer destroy that data so that they can collect it. I don't see how that request falls under a search warrant. I suppose it could happen if a judge likes being overly broad in search warrants (which could cause problems in the criminal case), but it seems unlikely that's how a typical search warrant would be executed.


And there is still doubt we live in a police state?


At least the issue is being discussed in public and litigated in the courts.


It was litigated in the courts in the USSR too. Not so much discussed in public but I am not sure that matters.

The whole issue of making such a taboo topic is that it makes it hard for opposition to mobilize. However in the US we have other ways of doing that. Hyperpartisanship is something which has a remarkably similar effect while at the same time allowing us to say with a straight face that we are not a police state.....


I'm afraid this is what you get when you architect your political system to institutionalize gerrymandering. I suspect that hyperpartisanship, and the thorough political dysfunction we're seeing over in the US at the moment, is pretty much an unavoidable consequence of developing very stable partisan electoral ghettos.

In the UK such gerrymandering is taken very seriously because it's a fundamental attack on the integrity of the electoral system. People found guilty of it have had their political and personal lives ruined, and quite rightly too. But in the US it's standard practice. I don't think this is taken seriously enough.


The UK has had bad experiences with gerrymandering too, right? I am remembering the term "pocket borough."


Yes but we reformed those in 1832! I sometimes think the US politics is still stuck in the 18th century.


Of course, the only reason I knew the term is:

"I grew so rich that I was sent

By a pocket borough into Parliament

I always voted my party's call

And I never thought of thinking for myself at all!

...

I thought so little, the rewarded me

By making me the ruler of the Queen's Navee!"

-- Arthur Sullivan, from "The HMS Pinnafore"

The scary thing is how well that verse describes American politics these days..... So maybe you are right....


I think this is the first time I've seen Gilbert and Sullivan quoted on HN. Bravo, sir. :)


...and wouldn't it be nice, if we could actually stop this kind of problem before it became something the courts dare not touch, spoken of only with rare whispers. Those types of situations historically end up rather nasty for all involved.

It's probably a bad sign when the sane legal solution to avoid a rebellion (or worse) seems like fanciful wishful thinking.

edit: As other have said: Thank you, EFF!


There is no doubt we are not living in a police state.


These days, anyone who isn't getting their way politically just asserts that it is a dictatorship calling for revolution.


nice one, EFF--you guys are bad ass. EFF has of course also for the past decade, been a relentless warrior against Patent Trolls. i don't know, but i would be willing to bet, that the new troll-killing bill is in part due to their efforts as well.


EFF is a pointless figurehead that does none of it's own work. It simply coopts ongoing legal action and puts their name on it anyway they can. This is a pointless case, like the EFF can fix https by this case? No, the cat is already out of the bag. https has been broken for some time, first by cyber criminals and businesses being stupid, and then the NSA trying to keep up with the game.


So, how does one fight a contempt of court? Is it even possible?

(PS: Great job EFF!)


I'm guessing it involves appealing (or similar) the court order that the contempt finding depends on.


Yes. Lavabit's filing [0] is to the Fourth District Court of Appeals. Page 1 of their brief (after all of the disclosures and tables of content) explains the jurisdictional stuff pretty well.

0: [pdf] http://cdn.arstechnica.net/wp-content/uploads/2013/10/gov.us...


Glad the EFF is joining.

For background, Lavabit filed their appeal a few weeks ago [0]. Ars covered it [1], and it was discussed here on HN [2] as well.

0: [pdf] http://cdn.arstechnica.net/wp-content/uploads/2013/10/gov.us...

1: http://arstechnica.com/tech-policy/2013/10/lavabits-appeal-w...

2: https://news.ycombinator.com/item?id=6531814


Why did Levison have access to their users mails in the first place? Didn't they claim that only you can see your emails? Isn't that the reason you can't reset your password?


Because email is an insecure protocol. The email comes in unencrypted from the sender's SMTP server.


But remember, that doesn't matter because "that's just how SSL works".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: