#1 By: Cory Doctorow, October 3rd, 2013 11:53
#2 By: Jaco, October 3rd, 2013 12:06
LOL, 11 pages of tiny printed keys. Ballsy!
#3 By: ChrisL, October 3rd, 2013 12:11
"11 pages of 4 point type...the court didnt' go for that" ...do you even Photoshop, Bro??
#4 By: brainflakes, October 3rd, 2013 12:41
"To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data"
Surely it would be trivial to OCR that?
#5 By: Andrew Singleton, October 3rd, 2013 12:47
I dunno how good OCR is but when ONE character wrong makes the whole thing not work. Yea Still, ballsy move. Kindof like that one site way back when getting told to remove links and instead left the text up and just de-linkafied (meaning people could just copy the addresses in.)
The grand tradition continues.
#6 By: PlutoniumX, October 3rd, 2013 12:58
I would maybe have "accidentally" transcribed one wrong character before sending the print off out. Blame the key entry/OCR.
#7 By: Nonentity, October 3rd, 2013 13:20
Getting someone to spend the time carefully keying it in surely would have cost less time and money than litigating the whole thing out.
#8 By: rocketpj, October 3rd, 2013 13:24
Well, anything goes because terrorism.
#9 By: JoeWithabee, October 3rd, 2013 13:35
I guess I don't really understand what the point of Lavabit was, or why users were supposed to trust them in the first place, if the users depended on them to keep some key a secret which could maliciously be used to decrypt all their data.
#10 By: hughstimson, October 3rd, 2013 13:56
Because it's better than the alternative I suppose.
#11 By: xzzy, October 3rd, 2013 14:02
Because it was a third party that two people who want to communicate through the internet could agree to trust as an intermediary. There could never be a guarantee that Lavabit was trustworthy, but the site claimed up front that everything was encrypted so that intruders wouldn't be able to steal anything.
Compare to something such as sending email from a gmail account to a hotmail account. You have no promises that the email on either end is encrypted (and in fact those messages are completely unencrypted and are data mined as a matter of habit), and unless the connection between gmail and hotmail is encrypted, anyone sitting on the wire between the two sites could capture it as well.
End result: Lavabit was a "least bad" option for sending communication over the internet. For anything truly important it's still not secure enough, say for a cache of classified NSA documents. But for organizing an in-person meeting to discuss those documents it's a lot better than many other methods.
#12 By: Paul Renault, October 3rd, 2013 14:10
He wouldn't need to transcribe, he'd just have to make sure they use the 'correct' Xerox scanner.
#13 By: Zandr, October 3rd, 2013 14:16
Given the advertising for Lavabit centered around security, wasn't this a court order effectively compelling Levison to commit fraud?
I didn't think a court could compel you to break the law.
#14 By: Nick Harvey, October 3rd, 2013 16:27
I suspect the point of spending the time/money litigating to get it in electronic format was less about efficiency, and more about asserting dominance and setting a precedent.
I find it telling that responses to FOIA requests are routinely delivered in formats that are intentionally difficult to digitize, copy, or proliferate, and I've yet to hear about a judge who has a problem with that.
#15 By: kmoser, October 3rd, 2013 16:36
He should have printed one character per page, but without page numbers.
#16 By: Alice Weir, October 3rd, 2013 17:08
Weeellll - it would 'only' require breaking a civil contract and undermining the product of his own business. So it doesn't really count.
#17 By: Andrew Singleton, October 3rd, 2013 19:49
But that would mean all these civil services would have to actually serve We the People.
#18 By: Kimmoth, October 4th, 2013 03:57
Wow, what a face.
#19 By: Bard, October 4th, 2013 09:13
For its premium (paid) customers, there was an option to provide Lavabit with a public key from a private - public key pair; it would drop all incoming mail to your account through the public key and delete the original plain text, leaving only an encrypted blob. Since Lavabit never had the private key, and deleted logs, if they were compromised on the server, there would be nothing to analyse.
#20 By: edthehippie, October 4th, 2013 10:42
when ssl keys are outlawed , only outlaws will have ssl keys ?
next page →