Kafka, meet Orwell: Lavabit's founder explains why he shut down his company


#1

[Permalink]


#2

question about some phrasing. 'contempt' isn't a charge, as I understand it. there isn't a defense. its like an executive order or legislative fiat? IANAL.

sounds entirely like a railroading, but it also sound like a well planned and researched rabbit hole that he got dropped in.


#3

So much for the 5th and 6th amendments then?


#4

I'm pretty sure it is a charge. One can be found guilty or not, and fined or imprisoned. A few US journalists spring to mind. The insidious thing is that, because it's an administrative action, a lot of the usual protections don't apply. A speeding ticket is the same way - they don't have to hold a trial, because it's not a criminal offense, although you do have the right to request a trial.

As for planned and researched, I think you're giving the Feds too much credit. They do this to witnesses all the time, Levison wasn't all that special. The only thing outstanding is the encryption/privacy issue, which the courts still seem confused by.


#5

What if you, as business manager, do not ever possess your private keys, merely use them to set things up and then ship them off someplace for safe-keeping? Then run your servers in the clear, but the content encrypted. If anyone wants the private keys, they'll have to hunt down that third entity. Or don't do this. Just encrypt and if the feds ask, hand them the keys... because....

The backend encryption should sit on top of per-user encryption. So even if things were decrypted on the backend, they would need to be decrypted again on a per-user basis, i.e. the law would have to go after the individual users who set up their own private encryption.

And be selective about what you keep in your logs and for how long; don't leave a paper trail of non-technical, per-user transactions unless it's necessary.

Anyways, I know people have already thought of this stuff and there are fancy acronyms for it; I just can't recall them.


#6

Once again, sneakernet solves all these problems, although it opens up other ones.


#7

Wasn't allowed to mount a legal defense?
I don't know how stuff works in that third rate banana republic in which Ladar lives, but here in the United States of Freedom we just call up a few of our rifle-packing buddies...


#8

Truth and Justice, the America Way.


#9

Until they subpoena your Converse.


#10

Levison is very special in an important way - he stood on his principles and didn't take the easy way out and play 'go along to get along' like almost everybody else in the tech industry. The feds did everything they could to put him in an impossible situation, assuming he wouldn't nuke his own company out of natural self-interest. It is indeed outstanding that he chose to fold Lavabit rather than comply with this unconstitutional Star Chamber ruling.


#11

While I agree that the government's actions here are a true miscarriage of justice, I am a little unclear on what Levison's position was. If the technology of your business makes it impossible to carry out a court-ordered search of a particular person's communications without violating the privacy of every other customer, which seems to be the case here, then isn't that a real problem with the business plan? The government has a perfectly legal right to subpoena communications pertinent to a particular investigation, and I don't see how setting up barriers to doing so in a proper legal framework is a good solution for anybody. Isn't there some way to set up a similar service in which one person's emails can be accessed under court order without subjecting everyone else to unwarranted surveillance?


#12

If I recall correctly, Levison had deliberately included a loophole that let him (somewhat laboriously) set up individual account access, and offered to do so. The feds didn't trust him and insisted on total access.


#13

Agree with @Boundegar, this isn't necessarily well planned and researched, but more of Standard Operating Procedure. When the feds really want you, they can put you through the wringer at will and do.

Sad and scary.


#14

Yes there are technological ways of doing that. And while I can't hand over details the end result is a 'legal portal' , similar to Google, where law enforce gives you a wink-wink before searching for whatever they want. Warrant it no.

This is not an exaggeration.

So the reason to encrypt monothically is precisely to prevent that attack vector. And as we now know there are legal shenanigans to punish those that choose that path.

So it turns out the strength of good encryption is its downfall--if you use it you are suspect by definition. Time to start tattoo ing messages in shaved heads again? (Obscure?)


#15

The Constitution protects unwarranted searches and seizures, but I don't see how you necessarily have a legal right to protect against warranted searches just because you presume the government is going to abuse that power. It's unfortunate, because they certainly are abusing that power, but it sounds like Lavabit was set up in such a way that gives them an excuse to snoop on everyone because there was no easy way to snoop on just a few people. That has nothing to do with being a suspect as a result of using encryption, it's just getting caught in a net that was cast too wide for technological reasons, at least under the justification that the government seemed to be using in this case. Although if what PhasmaFelis said is true about the possibility for individual account access, then that's certainly another important angle to the story that Levison didn't mention in the article.


#16

But isn't that the whole point? Secret warrants for all data regardless of users without access to counsel or the ability to be represented? If law enforcement comes with a warrant for snowdens data then that warrant is executed. But that isnt--and from experience--doesnt happen.

When this happens to large companies you don't hear about it. Shutting down say Microsoft isn't an option. So they just roll (not specifically msft, not making any accusations). But law enforcement is not completely clued into what security and privacy controls imply, so overreach is quite common.


#17

Sure, but unfortunately, I don't see how a third party can legally oppose a court-issued warrant for a customer's data just because the warrant happens to be of dubious constitutionality. The person being snooped on would have to make that argument, even though it might be impossible in the current system, which I think is a separate but related issue. And I guess the moral of the story is that if a third party, even a trusted one, has access to the plaintext of your emails, then the government is going to be able to get their hands on it.


#18

illegal warrants, dubious warrants--especially unconstitutional warrants--must be refused. just because law enforcement asks for something doesn't mean you are obligated to provide it. granted it is difficult and there will likely be repercussions (i.e. legal fees), but that doesn't mean you can't or shouldn't pursue it.


#19

Maybe you're right, but it doesn't sound like Levison was contesting the government's right to access the data of the particular customers under investigation. Those warrants or subpoenas or what have you might have been dubious, and the revelations about the rubberstamping FISA courts back up that claim, but from the article it sounds like Levison's issue, and what he wanted to claim in court until his right to due process was stymied, was that he could not comply with the court order without sacrificing the privacy of his other customers. Which is true, but very well might not have held up in court if he had indeed been able to argue it because that argument says that it's OK for a third party to set up technological barriers to law enforcement investigations even if they do happen to be completely legitimate. Do we want that to be the case? I'm not sure.


#20

The problem is that you first have to define the term "illegal warrant." As far as I understand, it's a contradiction in terms.

What article of the constitution can a search warrant violate? The fourth amendment prohibits search without a warrant.

I'm not saying you're wrong morally, I'm saying that I don't think our existing constitution has any notion of an "illegal warrant." Until we have a new amendment -- or until the supreme court rules that searching data is not the kind of "search" the writers intended (though it basically was, if "searching" included reading letters) -- then we don't have any laws to protect the Lavabits in this country. Put the servers on Sealand or somewhere.