It's interesting that the two strongest practical arguments EFF is making (based on how people will react to an adverse decision) are also the two that probably the least persuasive from a legal standpoint (based on laws and court precedents).
I'm talking about service providers moving their operations to more privacy-friendly jurisdictions, and improving protocols with e.g. perfect forward secrecy to make this sort of attack impractical.
So everyone suffers under an adverse decision in this case:
The US economy suffers because businesses seriously concerned about privacy choose to locate elsewhere
Law enforcement suffers because those businesses are no longer reachable when they have a legitimate reason to obtain the communications of spies, terrorists, or plain old criminals, and get a narrow warrant that properly protects the privacy of innocent bystanders.
Individual liberty suffers because a precedent will make it easier for people who don't care about privacy and use domestic providers subject to these overbroad warrants to be caught up in a surveillance dragnet
That being said, Congress, not the courts, is the proper venue to address those practical arguments. Will anyone care outside of technophile bubbles like HN? Unfortunately, I think we all know the answer.
The warrant was specifically for the data relating to Mr Snowden. Go and read the disclosed documents: that is the only individual on whom data was requested.
There was no warrant for the SSL keys; that was issued as a subpoena when Mr Levison stated that the data-in-transit was encrypted. The judge told him to disclose the keys that were protecting Mr Snowden's data.
That Mr Levison happened to use the same SSL certs for all paying customers isn't the fault of anyone but... him.
That is how SSL is intended to work. You cannot have more than one SSL certificate for a given domain. That is an intentional design decision by the committee that created the SSL RFC.
Does the door to your house support multiple types of keys? Or is it designed to work with a single, specifically machined key? Can you open your front door with your car key? Why not?
You cannot have more than one SSL certificate for a given domain.
No, you cannot have more than one SSL cert for a given hostname (and port combo). You can assign a unique hostname to each user. The "oh, no, SNI doesn't work with IE 6" problem shouldn't have been a major problem for lavabit.
Does the door to your house support multiple types of keys?
The door to my apartment building is opened by one key. Everybody in the building has a copy. The door to my apartment is opened by a different key. The shared key is not the key that protects my stuff.
Because that is how SSL works. I don't understand your question. Your bank uses one SSL key as well. Google has one SSL key for their homepage. It is not possible for a top level domain to have more than one SSL certificate. Are you asking why SSL works the way it does? You'll have to talk to the people who wrote the RFC.
SSL is what is used to protect communications between a client and the Lavabit endpoint. Once a request is inside the lavabit network other security measures are used. For example, each email message is signed using the account key for a given member, the account key is itself encrypted with the members password. The only way to decrypt a message is with the account key and the only way to decrypt the account key is with the member password. If you lose your password, your mail is gone forever. The feds had access to snowdens encrypted emails, but they had no way to decrypt them without his account password and the only way to do that is with snowdens personal password, which is why they wanted to sniff unencrypted traffic (to snag his password en route to the lavabit server). I've simplified a few things but this is a rough overview of how his system is designed.
Why is SSL the only thing protecting these customers? It's a really simple question and I think you are intentionally avoiding it and attacking a straw man.
The entire second paragraph addresses the internal security beyond the SSL protection used in transit. But yes, in effect, SSL is the only thing protecting the user's password on the wire and this password is what is used to generate the master key for the encrypting the messages server side.
It's fairly obvious that you have no clue how SSL actually works.
Do you honestly think that it would make sense to set up a completely new domain for each and every user? Do you have any idea what a nightmare that would be to support? Do you think it would be cost effective to spend $50/year per user to implement such a system?
And do you really think that SSL has anything at all to do with the encryption used for storing data inside his system?
Actually you could implement it rather easily using a wildcard cert and a CA provider that provides unlimited signings (like DigiCert). The user goes to "https://myuser.whatever.com", and you use SNI to select the private key.
It might be a pain to manage, and you'd need to get your wildcard cert resigned for each private key, but that's just logistics.
That would cause any particular user to leak what user on the site they were. In other words, if I connect with https to lavabit normally, anyone watching my connection knows I went to lavabit, but don't know what account I am associated with. If I have to hit a subdomain specific to my user, then they know.
It would be a nightmare to manage, and you would have to explain to all 400k of your customers how connect to the smtp/imap endpoint for that particular user.
Completely and totally unrealistic for an email provider. The support costs alone would bankrupt the company.
Sad that the parent is being down voted for being 100% correct.
He designed his system to have a single point of failure. The government then exploited that fact because it would allow them to get access to the data they want. This is Lavabits fault, not anyone elses.
Perhaps the problem is believing that using SSL exactly as designed is the right solution. Somehow tarsnap manages to keep my data safe without relying solely on SSL.
No one designs systems like that because, up until now, the threat of having the feds confiscate your private SSL keys was unthinkable for those of us who don't wear tinfoil hats.
And it's still not 100% clear that forcing a business to hand over their keys is even legal from a constitutional standpoint.
The site wasn't designed to be 100% secure most likely due to it being overly complex and burdensome on the end user, thus reducing uptake. So a comprise was made and that is why it was designed the way it was...thus leading to a subpoena for the entire site since Lavabit didn't comply with handing over a specific users data.
Also it is legal for the site to hand over their keys, it already happened. The only way it will become illegal is if the law somehow gets repealed.
What? The site WAS designed to be 100% secure, which is why the government demanded he hand over his private keys.
There was no compromise anywhere, financial institutions use the same exact security strategy. An insecure system would be one that makes it easy for a 3rd party to intercept communications (via warrant or through a disgruntled employee or whatever), that is basically what you are suggesting.
But that bolsters the EFF's argument, does it not?
I mean, on a technical level, you may be right, but the 4th Amendment is not something that protects only as long as the government does not exploit these technical details. See Kyllo v. United States.
Because an SSL certificate is linked to a specific domain. It has nothing at all to do with user accounts. Creating a custom domain for each and every user is totally nonsensical from both a business and technical standpoint.
God did not say "Lavabit must only use SSL and cannot use any other measures to fulfill its understood and contractual obligations with customers". That is ridiculous.
> That Mr Levison happened to use the same SSL certs for all paying customers isn't the fault of anyone but... him.
I'm not sure you or the judge understands how SSL works. I would love to see them subpoena a bank for their SSL private key and see the reaction of the world.
The government obtained a 2703(d) order for the stored non-content data of a particular user (suspected to be Snowden, but redacted from the court documents). They then obtained a pen register order, for real-time metadata about that same user. Lavabit told them they couldn't comply, so the government sought to use the 3rd party assistance language in the pen register statute to compel the company to provide its private SSL keys. The government then followed up with a grand jury subpoena and Stored Communications Act warrant specifically seeking Lavabit's private SSL keys.
So, no. The warrant the government obtained was not specifically for the data relating to Mr Snowden, but rather, was for the SSL keys.
That's not accurate. Lavabit offered to construct a backdoor for that particular user at well below cost. Instead the government demanded they destroy their business model by making all users insecure.
Imagine you run a hotel. The police are looking for a fugitive that's been known to check in occasionally. You offer to build a system that notifies the police if that user checks in. They refuse. Instead they demand you place a camera in each room.
When they have a warrant? Absolutely they do. They've always had that power, and every country I know of has warrants of similar power.
If you're hosting encrypted data that focuses on privacy while remaining law abiding, it's just sensible to maintain separate SSL keys so you avoid this very scenario. It's not as if it wasn't foreseeable.
If you have separate server certs per user (as suggested above), then you can tell which user is using the service.
If you have separate client certs per user, then you call tell which user is using the service.
The Lavabit response to the original order was not the best, IMHO. As he was in possession of the certs and private keys, he could have decrypted Snowdon's traffic himself, and handed it to the court.
Instead, he tried to hide behind a BS "it's encrypted" defence. The court called his bluff. He lost.
hmm... is there a way to obfuscate that to the outside? Can you wrap the individual certs? Or use the same cert for everyone, but do a zero knowledge key exchange for people who want to log in, and then have them authenticate with a signed document keyed to a public key they gave when they signed up for the service?
Anyway, at least in the physical security industry, security isn't about preventing intrusions. It is about delaying it and limiting it until a sufficient response can be mobilized. Perfect security is impossible
I disagree, but it depends on what type of warrant we're talking about. I'm speaking of a search warrant. A search warrant is used to find and collect evidence that already exists. If authorities need you to change how your business runs to collect new evidence that doesn't yet exist then that runs into a whole different set of laws. A search warrant doesn't allow, or at least it shouldn't, authorities to walk in and take over your business for their own purposes. Search warrants shouldn't have that level of power because they are so easy to obtain, police just ask a judge to sign a piece of paper. It's easy to obtain because all it should be is a piece of paper that allows law enforcement to enter your property without permission, which would normally be a crime, so that they can search for particular evidence. Search warrants can even be very, very specific as to what exactly law enforcement is really looking for within the property if the judge doesn't want to be overly broad.
What you are describing does happen, but I fail to see how it would happen under a search warrant.
As for your destroying data being against the law if it is requested by the courts. You are correct, except that if your business model is to destroy data in a timely manner then you cannot be held in contempt for destroying data before it was requested. At that point it becomes something different as they have to request you no longer destroy that data so that they can collect it. I don't see how that request falls under a search warrant. I suppose it could happen if a judge likes being overly broad in search warrants (which could cause problems in the criminal case), but it seems unlikely that's how a typical search warrant would be executed.
It was litigated in the courts in the USSR too. Not so much discussed in public but I am not sure that matters.
The whole issue of making such a taboo topic is that it makes it hard for opposition to mobilize. However in the US we have other ways of doing that. Hyperpartisanship is something which has a remarkably similar effect while at the same time allowing us to say with a straight face that we are not a police state.....
I'm afraid this is what you get when you architect your political system to institutionalize gerrymandering. I suspect that hyperpartisanship, and the thorough political dysfunction we're seeing over in the US at the moment, is pretty much an unavoidable consequence of developing very stable partisan electoral ghettos.
In the UK such gerrymandering is taken very seriously because it's a fundamental attack on the integrity of the electoral system. People found guilty of it have had their political and personal lives ruined, and quite rightly too. But in the US it's standard practice. I don't think this is taken seriously enough.
...and wouldn't it be nice, if we could actually stop this kind of problem before it became something the courts dare not touch, spoken of only with rare whispers. Those types of situations historically end up rather nasty for all involved.
It's probably a bad sign when the sane legal solution to avoid a rebellion (or worse) seems like fanciful wishful thinking.
nice one, EFF--you guys are bad ass. EFF has of course also for the past decade, been a relentless warrior against Patent Trolls. i don't know, but i would be willing to bet, that the new troll-killing bill is in part due to their efforts as well.
EFF is a pointless figurehead that does none of it's own work. It simply coopts ongoing legal action and puts their name on it anyway they can. This is a pointless case, like the EFF can fix https by this case? No, the cat is already out of the bag. https has been broken for some time, first by cyber criminals and businesses being stupid, and then the NSA trying to keep up with the game.
Yes. Lavabit's filing [0] is to the Fourth District Court of Appeals. Page 1 of their brief (after all of the disclosures and tables of content) explains the jurisdictional stuff pretty well.
Why did Levison have access to their users mails in the first place? Didn't they claim that only you can see your emails? Isn't that the reason you can't reset your password?
I'm talking about service providers moving their operations to more privacy-friendly jurisdictions, and improving protocols with e.g. perfect forward secrecy to make this sort of attack impractical.
So everyone suffers under an adverse decision in this case:
The US economy suffers because businesses seriously concerned about privacy choose to locate elsewhere
Law enforcement suffers because those businesses are no longer reachable when they have a legitimate reason to obtain the communications of spies, terrorists, or plain old criminals, and get a narrow warrant that properly protects the privacy of innocent bystanders.
Individual liberty suffers because a precedent will make it easier for people who don't care about privacy and use domestic providers subject to these overbroad warrants to be caught up in a surveillance dragnet
That being said, Congress, not the courts, is the proper venue to address those practical arguments. Will anyone care outside of technophile bubbles like HN? Unfortunately, I think we all know the answer.