Kafka, meet Orwell: Lavabit's founder explains why he shut down his company

Well there HAVE been warrants that have been ruled after the fact to be too broad because they asked for material that could not reasonably be related to crime being investigated.* But I’m not sure that would (legally) justify a third party to fail to provide the documents ordered.

  • one could imagine that when investigating an accident, the phone records immediately before the accident would be quite relevant (was the driver texting) but that last months records would be thrown out, even if there was evidence of a (different) crime.
1 Like

As an individual on the receiving end, an illegal warrant is one that your counsel can defend yourself against. And that is precisely why the Lavabit fiasco has me so agitated. Large, financially secure companies do one of two things–get their general counsel to tell law enforcement to eat dogfood or roll over. For small companies it’s virtually always roll over, because defending against illegal warrants is extremely expensive.

Also, illegal warrant isn’t a contradiction. If all judges were equal in their understanding and application of law then yes, I would agree with you. But they are human beings, with failings and misunderstandings just like you and me. And secret courts with secret warrants makes the entire process much higher stakes.

SamSam, I don’t think we are disagreeing on fundamental principles. However overreach and misinterpretation of law happens every day. And national security letters, FISA courts, and overly broad warrants must be held to a higher standard.

(crap, now I am positively on a watch list :D)

1 Like

We’re all on a watch list. And the government should be on each of our watch lists. I don’t know quite how I would respond to something like this, or what happened to Aaron Schwartz. I would, however, immediately go talk to my friend who is a lawyer and make a plan of action. Everyone should personally know at least 1 lawyer. Not necessarily for representation, but just as a sounding board or to help look for other lawyers. It’s not what you know, it’s who you know!!!

I have had the privilege of being friends with a privacy lawyer at a very, very large company. You are absolutely correct, a good sounding board is a very sane thing to have.

1 Like

That’s a very good point. Cops aren’t constitution scholars. Never have, never will be. Presumably that’s why they have management, but since they promote from within, that’s not much of a solution.

1 Like

And the ironic thing is that’s a feature and a bug at the same time :slight_smile: What you brought up is the linchpin of the argument–where does the enforcement of law, basically by decree, happen in our legal system? And what are the mechanisms that mere non-rich mortals have against those decrees?

(btw, Boundgear, fantastic post)

IIRC, Levison could give them access to an individual customer’s data and in fact had done so for law enforcement in the past. Although he wasn’t able to do it in real time.

The people he dealt with this time (if I’m guessing, being pressured and backed by higher ups because of Snowden), weren’t interested in setting up the process and getting one individual’s data. They wanted it all and they wanted it now. And since they had the power to work the system against him, they did. It likely would have worked better for them, and faster, if they had worked with Levinson, but they apparently felt like they shouldn’t have to because, um, justice?

1 Like

thank you. i guess i failed to make this point eloquently as you did. this is exactly the problem, and happens every day.

(edit: just because you comply with a warrant does not make it a legal request. similarly just because an officer tells you to empty your pockets, search your car, or ask revealing questions are legally obligated with compliance. when you comply, that is what makes it legal. grr, i need to go calm down some place :D)

because Fuck You That’s Why.

The go-to excuse of the intellectually bereft who have unlimited power.

2 Likes

Large, financially secure companies do one of two things–get their general counsel to tell law enforcement to eat dogfood or roll over. For small companies it’s virtually always roll over, because defending against illegal warrants is extremely expensive.

Exactly. We need to stop pretending this isn’t yet another class war issue where there’s legal recourse for some and a legal turn of the screw for most.

Also, illegal warrant isn’t a contradiction. If all judges were equal in their understanding and application of law then yes, I would agree with you. But they are human beings, with failings and misunderstandings just like you and me. And secret courts with secret warrants makes the entire process much higher stakes.

Agreed.

crap, now I am positively on a watch list :smile:

Lists? Feh… mere antiquated lists were for the KGB.

If you’re an activist in the United States, they’re watching your phone metadata very closely to include who you call, who calls you and where you are with your phone at all times, etc. - Bank account info, transactions, etc.

Tasty, but not overfilling… Freedom Lite

That gave me a chuckle. Then I got sad again.

2 Likes

And the gummint’s got all those Nikes stashed in bunkers in the desert.

1 Like

Isn’t it kind of terrifying when you re-read something you wrote and in a different day and age you could be construed as a nutjob? But I guess that comes with actually working ‘for the man’ and seeing how the sausage is made. And furthermore, I really need to stop using so many turns of phrase and idioms…

2 Likes

Let’s just say that when the government put’s Nikes in bunkers, they’re the GOOD looking ones. http://en.wikipedia.org/wiki/MIM-14_Nike_Hercules

What if they gave you an order to intentionally sabotage the encryption so they could start snooping on your clients? Even worse, they could order you to sabotage encryption without disclosing the fact.

I have a suspicion that this was either happening or he felt was about to happen, since the decision to shut down makes a lot more sense in that context. If it were the case his options were:
A) go along with it and secretly violate his users trust
B) speak out and probably get thrown in jail
C) try to fight a byzantine legal battle in Kafkaesque secret courts, and either compromise users or risk going to jail in the meantime
D) shut the whole thing down.

That is exactly what happened–hand over private keys, you can’t discuss or acknowledge this is happening, and get slapped with contempt without the possibility of a trial.

My response is the same: set up a system where the per-user encryption is unbreakable by the company. The decryption happens only locally to the user. That way you can always comply fully with any court order, secret or open. And people’s stuff is still theirs.

And what software is performing the encryption? If they were using lavabit software then lavabit could push a mandatory update that breaks the encrypting process, merely pretending to encrypt the data… If the customer is using 3rd party software to perform the encryption client side, then there’s no point in using lavabit at all… they might as well just encrypt it locally and gmail the resulting blob of data.

1 Like

Ahah! putting a finger to the side of my schnozz

People used lavabit because it offered convenience, not because it was the most secure option.

Using pure open PGP is inconvenient. It means you need to manage keys and backups manually. It’s also not integrated with a mail client, so you have to download the blob, decrpyt it and read it locally. I don’t think there are any open source implementations for mobile devices. And as heartbleed demonstrated, even open source is no guarantee against vulnerabilities.

The entire Internet is one big watch list.

1 Like