For the unfamiliar: Lavabit was a webmail service, that (claimed to) encrypt emails in such a way that they literally did not have access to the content stored on their own servers. The linked email would lend some credence to those claims. It was originally designed in contrast to gmail scanning your email for targeted advertising, but my imperfect memory says that their system should also have been resilient to "we have a warrant, hand over the data."
Edit: I was a PM on Exchange and Exchange Hosted Encryption for some time, so it looks like Lavabit tried to fight the government on whether they are required to release private keys. I've seen one other customer try to fight, and it was not pretty either. The US government in these cases are serious.
Takeaway for fellow hackers: If you are building a system that stores user-generated data, prepare for the eventuality that someone other than the user will demand to see it.
In general, the prevailing theory is that all companies are required to release private keys or passwords needed to unlock evidence. As a consequence of Lavabit fighting, they likely got slapped with some pretty harsh contempt of court rulings, including a demand to record all private keys needed for decryption going forward. The worst case (that I can talk about) I saw involved requiring a specific employee be demoted due to improper care of a company's systems.
What's sad is that because Lavabit was such a small service provider, they never had the previous rounds of government threats and must have been caught off guard. As I've said in past posts (before Snowden), it is common knowledge among large-scale service providers that the local government can always come in to take a look. Doesn't matter if you are in the US, EU, or China, you have to comply. I've seen the US DOJ threaten pretty harshly a customer who simply asked about 'options' of how to comply.
(Forgive a 5-year-old memory of one of many cases -- I probably have the numbers wrong) It went something like this: The director of engineering approved a log retention plan that kept access logs for 7 days or something. They wanted to reduce costs and issues with log files were the top reasons for getting called to support the service. The government needed to demonstrate that someone had accessed the service 14 days ago, and the government could not understand why the 'minimum' of 30-day access logs were not present. I think something else was missing, too. There was a back-and-forth, and since the company couldn't produce the logs as requested the government got a contempt of court with the understanding that the director would be demoted to an IC and not be anywhere near the production service. I think the company lawyers agreed to the conditions to make a worse outcome go away.
If it's not clear, there were strong personalities involved. One way to tell the story is the director went out of his way to poke a bear and got mauled. Another way to tell the story is that a bear went walking down main street looking for trouble ("How do we know you didn't change the retention policy to protect the individual?"). In both cases the guy lost his hand and the bear is still loose.
Is there a legal precedent for minimum time that logs must be kept, say for an email service or messaging service? I'm talking about US policy, if that makes it more clear.
Generally speaking unless you are specifically required to keep records for a regulatory purpose (i.e. tax), you don't have to keep logs at all. Lavabit used to keep logs for a limited time (I think a week?).
More concerning are key disclosure laws [1] and their crazy penalties that seem to be creeping in all over the world.
You also need to take reasonable measures to preserve relevant data when you have reasonable cause to suspect that litigation or an investigation will begin.
Not having a policy can hurt you. If you have no deletion/retention policy, and happen to destroy data for some random reason when a litigation begins, you or your company may be in trouble.
Note: IANAL, and different industries or data categories have specific legal requirements or best practices for retaining things.
It was likely agreed on (possibly via contract) to meet the compliance policy of the government agency. So I could see breach of contract. I don't know about legal precedent for logs per se, but there is precedent for retention of other files. For instance HIPAA involves some well known regulations around keeping and destroying medical data.
Don't be so bleak. If you're going to do something that will get the attention of any government, here's a simple rule to follow. Don't use 3rd parties. And if you must, do it in a way that can never be traced back to you in the "real world". It isn't hard and it isn't even illegal.
I think the worst they can realistically do is 1) threaten contempt if you can comply but don't and 2) threaten to disrupt your business operations by seizing servers. There are gag orders on certain legal requests, but you don't have to talk about it to not comply (if you can't comply).
As long as you can't comply, I don't think there's an uncounterable risk in the US, since we don't have any key disclosure requirements (the exception being CALEA, which only applies to the PSTN; I'd skip CALEA for an interconnected VOIP system and fight them in the courts/media, personally). Presumably they could put other weird pressure on you like threatening to investigate your nanny's immigration status or whatever, but enh.
I still maintain that if you do things properly, you can operate safely in the US while resisting pressure from USG. You can't literally wipe your ass with an NSL in front of the agents, but if you don't have it, and can't get it, they're at worst a DoS. Forcing a provider to implement a huge new logging infrastructure would be an interesting 14A issue, and one could have a system where even that wouldn't recover customer keys.
Could you name some examples from Europe? Cases when police physically takes servers are common. But I never heard of case where police would require encryption keys for 'maybe we will needed it'.
It's risky to relocate the servers in another country. You will have to obey the other country's laws, but the US gov will still claim jurisdiction if the staff and/or owner is in the US. The US will even claim jurisdiction as soon as you use a ".com" domain [1]
Of course the hosting nation will also claim jurisdiction. So relocating your servers to one country while staying in another will expose you to two national laws as well as any international agreements between these nations.
Depending on how bad the government wants the data, that's essentially just charging a high premium to get all the data instead of a specific user's data.
If the purchasing party is less scrupulous, you've thwarted nothing. In extreme cases (or for smaller companies), the purchaser could even be a government front.
I'm pretty sure there are known entities offshore you could sell to who are unlikely to be government fronts. Imagine selling to someone Wikileaks affiliated...
Well, he may not have been able to hand over the old data, but he may have been asked to include an exploit for all mail going forward. That could have been as simple as the authorities inserting some middleware.
This actually did happen with hushmail. It's hosted in Canada, but the US leaned on them hard enough that they ended up backdooring the client to let the feds snoop on the targeted user.
That is not quite what happened. As the link below says, it was not an exploit. Users were warned that using pure IMAP access and/or webmail, which was a convenience feature and continues to be with them, would require your private key. It was recommended you do not do that, and use the provided Java applet or mobile app. The person in question in those criminal proceedings used one of those convenience functions, if memory serves.
Not that defend Hushmail. I do not, fuck 'em for that. There are plenty of services like Lavabit that avoid that problem, but that requires intelligent users/criminals/what-have-you.
I think Hushmail are pretty up front about being no protection if the person who wants access has a court order. I would not go so far as to say 'snake oil'.
From wikipedia:
"The issue originally revolved around the use of the non-Java version of the Hush system. It performed the encrypt and decrypt steps on Hush's servers and then used SSL to transmit the data to the user. The data is available as cleartext during this small window; additionally the passphrase can be captured at this point. This facilitates the decryption of all stored messages and future messages using this passphrase."
"Hushmail has stated that the Java version is also vulnerable in that they may be compelled to deliver a compromised java applet to a user.[5][7]"
In [7] "Brian" working for hushmail responds to a wired journalist agreeing that the applet was an attack vector and Brian even points to a schneier.com article stating the same[2].
He did weasel around a bit about "viewing applet/HTML source" which he admits is no use for determining the validity of the applet as it is compiled.
"I think Hushmail are pretty up front about being no protection if the person who wants access has a court order"
It is not just about having a court order. The court order is not some kind of secret key that decrypts messages, it is just a way to compel Hushmail to decrypt those messages. Pointing a gun at a sysadmin would work just as well. Paying a sysadmin would also work. Getting a spy to work for Hushmail would also work.
Let's say you are trying to protect the names of activists in China. There is no reason to think that the Chinese government could not find a sympathetic Chinese immigrant / national with an IT background who is willing to pass on some messages every so often. You can imagine other scenarios -- maybe you have highly valuable business secrets, maybe you are running a political campaign, etc.
Snake oil is the right term for Hushmail, because that is what they deliver. The only term that is more polite than snake oil is "key escrow," but why should we be polite here?
For sure, but can I fault idiots for inability to read the documentation and caveats? Maybe, but not really lest most on this site could not "do computers" professionally.
Unfortunately, the trust problem you mention is pervasive. It was a signed applet IIRC, but we both requires you trust the original and modified applets from the developer. I am wishing someone released an auto-encrypting PGP service and client, open-sourced on purpose.
We all know only four people would read the source of that, and two of those would verify the dev key given with the release. :-)
The correct way to do a signed applet or signed extension is to give the signing key to a third party who has responsibility for auditing it, or at least being "out of the subpoena chain" so when bad stuff happens, they suddenly stop signing new versions.
I kind of wish there were a (well armed) organization which did this for other projects.
Unfortunately, I cannot find a clip of this from the movie Ronin. One of my favorites with Robert DeNiro as a criminal or spy, and not even his own gang of crooks are trusting of him. Among my many favorite quotes (I am reviewing all of them and laughing; the movie is a goldmine [0]):
Spence: You think too hard.
Sam (DeNiro): Nobody ever told me that before.
In my eyes a backdoor is a subcategory of exploit. But the term used doesn't matter. The point is that they altered the software used by their clients to not only encrypt emails with the key, but to forward copies to be given to the government.
The warning they gave out was to point out lower security, it does not absolve them of the obligation to try to keep their severs secure.
The feds wanted to install a prism device on his network, not sure if he shut everything down to prevent that from happening or if there are other factors at play.
The guy who runs the service is one of my best friends. He's the kind of guy who would burn the server farm to the ground before he did something that violated the terms dictated in his privacy policy.
That's reasonable. And while you can get already in trouble for not having stored user data in the past, you cannot really refuse to store user data from now on. Ergo probably this surprise shutdown now … :(
And this reads as if someone was trying to force him to install means to spy on his users, and it wouldn't be surprising if the aim was to spy on Snowden directly (if he really used this service).
It may be simpler than that. Even if Snowden has walked away from this service, the publicity may have attracted a lot of people the authorities find interesting, including legitimate (whatever that means) persons of interest.
The political backlash attached to slapping an NSL on "Snowden's email provider" would have looked obvious to a 5-year-old, and any real player worth its salt would have run from Lavabit as soon as it hit the news.
No, this has nothing to do with common criminals and everything to do with Snowden.
What I find interesting is that the lavabit homepage says that the owner has been fighting this for 6 weeks, but the reporter that released Snowden's email address did it July 13th.
The Government has been trying to get into Lavabit longer than that.
Although, perhaps they already knew that Snowden was using Lavabit and started the process immediately after his flight to HK.
That's exactly what happened. He can't afford to continue fighting the feds in court, so he's shutting everything down. His lawyer is expensive and he will go bankrupt if he stays the course.
If anyone can recommend someone who can provide counsel pro-bono let me know and I'll forward the message along.
More likely he was compelled to turn over emails relating to the case, and he doesn't want to have to be forced to do that again, so he's shutting down the service.
The data may have been protected, but the senders and recipients probably were not. Similarly to SSL, it encrypts the traffic, but does not hide which websites you use.
I bet that data are still valuable to the government.
I have been thinking of starting a business in the privacy space. This has shown me that that all customer data needs to be periodically obliterated in safe way and that a kill switch or nuke button is needed as well to destroy everything on a moment's notice.
Where and how to host is a major concern. Cloud, etc., is obviously out of the question.
Apparently a business where some guy is moving paper mail icognito from one point to the ther could be a possible business. I guess lawyers may want this, especially lawyers working to defend issues related to abuse of privacy breach or executive actions.
Of course it will be hard to advertise such business.
If you'll be trying to keep this secrect by creating small cells of people not knowing each other and smart mailboxes preventing people exchanging t identify each other, you'll become suspect of supporting spying activity.
So you better work for the minimal number of clients and charge a lot to remain sustainble.
My understanding is that as long as keep the info concentrated in one spot (i.e. Paper mail) it is easy to grab it. If you dilute and spread the info using shared secret and hide it smartly in images or random text, this info would be much harder to catch but could use conventionnal transport means.
Extending this idea further, turn the mail network into one big world wide hologram. The information would then be spreaded, available from everywhere, very hard to censor, and private since you need some specific reference signal to extract the info. It's like shared secret.
Note however that the need to catch evil people using such communication system for evil means is needed. Just considering our own privacy regardless of what can go wrong with such system is in my opinion selfish. We will always need method to protect against abuses.
Reminds me of the plot in the game Mirror's Edge, where couriers would physically deliver data instead of electronically, since there is no way to be sure that it isn't being intercepted. Such a thing might already be in practice already.
IANAAL, but I'm guessing the U.S. would just pressure your flag state to revoke your license. Then they'll arrest you for piracy or something. Or even better issue a letter of marque and reprisal so private citizens can hunt you down and take your stuff.
Why bring in privateers? They'd complicate it, and mean reneging on public commitments. Just label the boat as terrorist and send the Navy or Coast Guard.
By "better" I just meant it would be "cooler", in the sense of invoking old, rarely used provisions of the Constitution. But you're right, Navy/Coast Guard would be much more effective.
I suppose, but looking at it another way: for the first time in human history we can imagine a world where this wouldn't be the case. We are closer to that world than we've ever been, even if right now the west is moving away from it again.
People have thought about this, and Sealand actually hosted a very secure datacenter.
The problem is that you have to connect up to the Internet somewhere, and they can always get you there. Either tapping and listening in on sessions, or just plain disconnecting you.
It seems like the most secure way to send a message these days might be snail mail. While I know the feds to open it from time to time in specific cases, they definitely don't open all.
no, they don't open the mail, but they scan all the addresses as part of their routing process. We should assume that all postal "metadata" is stored forever.
There is a lot to be said for Snail Mail in that regard. There are far more privacy guarantees (i.e. clearly defined requirements for warrants, and stricter terms) relative to electronic forms of communications.
I did a fun experiment once. I wrote the actual recipient address in the return address place, and put a non existant address in the front. I also didn't stamp it. It did arrive to the recipient 2 weeks later, with a "return to sender" banner.
Working in the mailing business and dealing with the USPS carriers; they are not dummies (the usual people warning here) and if someone gets curious on why so many pieces arrive at a certain address w/o postage, I would expect that address to get flagged for a special looksee.
This is somewhat true. RFC3207[1] describes opportunistic TLS encryption for SMTP communications. Our postfix deployment uses this and a fair amount of our email is sent over TLS-encrypted SMTP.
Of course, an MITM attack could hide the STARTTLS option and there are questions around the strength of the CA cert infrastructure, but SMTP is not just plaintext.
The problem is that you don't sent to the destination SMTP server. You send to your SMTP server. That goes at least one hop via SMTP and eventually ends up on the destination's domain server.
So even if I setup and host my own SMTP server, and even if I verify the TLS certs on my side, I have no way to verify that I'll get (1) A TLS connection (2) with an authenticated cert all the way to the ultimate destination.
It's beyond my control to ensure that I'm secured when emailing to an arbitrary domain with arbitrary configuration.
It's quite likely however that Lavabit, being a service that focusses on privacy, delivers enough emails directly to the target server over a secure protocol to cause problems for the NSA in this investigation.
The problem is that all of the people you correspond with use gmail, which participates in PRISM. No amount of transport encryption or storage encryption on your own end will stop Google from sharing that data with US authorities.
Well anything that hits an MTA or MDA and sits in a queue somewhere on rust is liable to be snagged. That's usually every host between you and the destination MUA.
The whole protocol and mail delivery system is fucking hopeless.
As an ex-ISP mail architect and ex-operations guy, I hope the whole existing email protocol suite and architecture dies in a fire.
"Participates" is the wrong characterisation, they are under the jurisdiction of FISA orders, if the NSA wants to call that PRISM, it's their business. Also worth mentioning is that providers in non-US countries are subject to their respective country's surveillance efforts, so either way it's a red herring argument.
"Participates" is a perfectly acceptable word for silently complying with a law. Especially for an international company that could have changed jurisdiction of the relevant servers.
"Participates" is not at all an acceptable word for actions taken under duress, and for an international company, changing jurisdiction of the relevant servers would have made no difference whatsoever. As long as your flesh-and-blood body is located in the US, or in a country that chooses to enforce US law in such matters (or will ever be so located in the future, even for a stopover on an international flight), your servers could be on the moon for all it matters; you still have to obey the government.
There are different levels of duress. Nobody pointed a gun at Google. They could have refused if they truly wanted to.
Can the US serve a warrant to a server in Europe run by Europeans? I was assuming the answer was no, in which case you don't need violate any laws or worry about repercussions.
This is why the speculation that even with encrypted emails, to and from address is in the clear and that could be valuable info to government. So we're back to meta data in plain text both in transit and storage.
What? I don't think this is true at all. Plaintext data, email or not, can be protected with robust encryption. Your end security is the main consideration, but that has nothing to do with the protocol or content, really.
The difficulty is that most recipients of your message will not be willing to use whatever crypto technology you've chosen. PGP is probably the most popular email encryption system, but good luck finding people who use it. I work in the software industry, and I don't regularly correspond with a single person whom I know to use PGP.
It'll be interesting to see whether companies start to shift to using encrypted email over the next few decades - it's not that hard to set up if you know the counterparty will be using encryption of the same kind, and if it's not a service bought in from an external company you can fairly sure it is secure.
Companies could at least insist that intra-company email is encrypted, which would be a huge amount of their normal communications, and then extend that outside their boundaries with partners who also accept (say) S/MIME.
At present I sign my mails but like you have no clients who use encryption.
Key exchange is still a huge issue. Sure, you can post a public key online, but I have no guarantee it is actually your key. How do I do business with somebody new?
The core problem with widespread crypto use today is not encryption, it's trusted key exchange.
Fingerprint in hex at the bottom of the business card is something I've done for the past 15 years -- pretty much the only reason I even bother with business cards these days.
This is a really interesting problem that needs to be solved. We need some sort of P2P secure protocol to exchange keys between people. Bypassing all sorts of stuff and connecting directly and sharing over an encrypted channel. This sounds really tough the way the internet works right now but I think solutions will come up now that there is a real need for them.
"encrypt emails in such a way that they literally did not have access to the content stored on their own servers"
how is that possible? I'm curious to know as to how they achieved that technically. I mean if the user is reading an email in their browser, then it would've had to have been created on the server first.
It's just how encryption works; you don't store the plain passwords or keys the users submit to decrypt their stuff, thus you have no way to access it.
The same server(s) also control the JavaScript code run by the client/browser. They could serve special code (to any one the government wanted to spy on) that returned their password to the server.
right, but incoming and outgoing emails from lavabit servers won't necessarily be encrypted, unless the other party is using GPG or whatever - it's just the way they're stored.
Hushmail is a similar service. There's been some speculation that authorities could compel the owners to perform a sort of internal phishing scam to get the passwords.
> a federal prosecution of alleged steroid dealers reveals the Canadian company turned over 12 CDs worth of e-mails from three Hushmail accounts, following a court order obtained through a mutual assistance treaty between the U.S. and Canada.
So he pretty much does say why he's shutting down, the US gov. has demanded access and he said no. Kudos for standing up for his users, and he does raise an interesting point at the end:
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.
The worst thing about this situation is that other governments like the UK, France and Germany are equally guilty.
For history on lavabit, see the cache, this page is now gone:
Where did you get this one from? I think its a bit of a stretch to say he is "standing up to his users". I would rather say he is standing up against the GOV, and that's nice for a change, but we have no idea what has happened with all the emails residing on their servers.
Knowing just a bit that I know how the us gov operates, I am pretty sure he was given two options at exact the same time: either you accept our black box, OR you will not. If you not, then you are not allowed to delete or alter any messages on your servers. Given the business lavabit was in, I am sure Feds will punish him to the extends of the law (or more) if he decides to "stand up to his users" and delete content of their mailboxes.
Hello, I didn't say stand up to, but for (i.e. on behalf of) . The most he can do is stand up to the government, for his users, in court, deleting servers would not be a wise move, and I wouldn't expect it of him, would you? Just standing up and saying no in a climate like this takes some courage, for which I admire him.
by the time he is done wish courts defending their users, Feds will be given chances to copy all users data over and over again about 250 times. So it doesn't matter whether he loses or wins. Not a bit.
I thought it was encrypted. If they are, they can copy user data as much as they want, they will get nothing.
However if it was still running, they could ask him to intercept password, network traffic, etc...
Well, I can't agree with that. I do believe the only way to fight this sort of overreach is in the courts, and in the court of public opinion. Publicly standing up to bullying like this is the only way to provoke larger discussions, and ultimately to stop such actions in the future. In addition he doesn't have permission to just unilaterally wipe all his users' data, even if he wanted to.
It was too late for his users' data the moment representatives of the government walked through the door of their data centre/offices, but their rights he can stand up for, which is what he has done.
Yep. Now I naturally have to e-mail all my friends and work contacts (from my throwaway Gmail address), not to mention the person I know who opened a personal Lavabit account on my recommendation, announcing to all that my e-mail address is changing - and such a message wouldn't be complete without mentioning the reason why, venting a little of my shock and disappointment, and perhaps dropping in a little potted history of the recent developments in government net snooping leading up to this with newspaper article links. Messages that I wouldn't have otherwise sent without this justification, for fear of boring my dear friends, having assumed that any of them who are likely to care about this stuff, will already have read about it themselves without me telling them.
Despite the annoyance of not being able to use my e-mail the past couple of days, and the possibility that the US Gov may have some copies of my e-mail (which I imagine will be perfectly useless to them) I am immensely gratified at the stand Lavabit's owner appears to have taken, and having chosen them in the first place due to these values which I am in broad alignment with, I feel it confirms that it was a good choice, despite the fact that I now have to find another provider. I am sorry for the guy that he's effectively had his business - perhaps his livelihood - pulled out from under him, and I will be donating to his defense fund out of sympathy, though I am not an American.
I'm in the process of moving any Saas offerings I use off USA-affiliated companies, but it's actually more difficult than I first thought. I believe there might even be a very profitable market in simply duplicating the functionality of Saas offerings at a higher price with security/privacy guarantees in Germany/HK/etc. Might be the next hot business to be in? You'd be surprised as to the number of people seeking alternatives at this point.
EDIT: Relevant XKCD for people calling for technical solutions to the problem: http://xkcd.com/538/
It's not just going to be hosting providers that are affected by this. It's going to lawyers, software engineers, sys admins, writers and graphic designers who are going to lose work/business from SAAS companies. Software is one of the few areas where the US economy is growing somewhat sustainably (as opposed to banking/gambling/housing speculation/medical expenses for elderly). The NSA and all those NSA contractors are taking money out of our hands and destroying our professions. We should be fighting this tooth and nail.
- Politically, we should punish anything associated with the NSA.
- Socially, we should shun everyone from this date forward who works directly with or as a contractor for anything associated with NSA/FBI/CIA/DEA/DIA. We should not hire any programmer who, from this date point forward, has worked in those capacities. They are destroying our profession and businesses.
- On the engineering front, we should be designing technologies for evading the NSA et al, and spread those technologies. We need to do everything possible to make them easy to use and make them widespread.
- Any person or company who stands up to these organizations should be lionized and we should try to patronize their businesses or employee them. Especially if the suffer consequences like jail and torture.
- Facebook, Google, especially Palantir are known collaborators and we should treat them as such
The nails are already in the coffin for US internet behemoths. Any non-NSA cooperating country has strong interests in keeping their search engines, social networks, and cloud software internal to their country.
Google, Microsoft, and Facebook basically have had billions of dollars shaved off of their future market capitalization -- though I have not seen anyone say this yet.
For everyone abroad who is technically adept and talented, the vaults of wealth have been unlocked for you; just copy the successful offerings of American companies. Don't worry about software patents or trademarks unless your country is complicit, you'll have the autonomy of a oligarch (said with some sarcasm.)
There is one solution here: open source, distributed software. If you want to build a company to promote real security this is your only option.
Agreed. The nails are in for the current system, but that is not The System, just one of many potential ones.
If you are non-US citizen and your customers request a product similar to US product please do exactly as AJ007 says. It will help you, the world, and the US long term. I say this as US citizen and SW dev. Please take our jobs and customers! We don't deserve those customers if we can't protect them and their data.
However, you should only build it if customers are requesting SAAS (or other offerings). Be very careful about blindly copying US business b/c many are successful simply b/c they are almost "Apparatchik" entities, supplying and protected by the US Gov. For example, if you copy Palantir or even Google/Facebook you may not succeed b/c you won't have customers in the same way the US does. But overall, this is a great opportunity for devs from Switzerland (and the like) to get some new customers.
Caveat: If you are planning to follow the above advice, and you think your country will not enforce the wishes of the US government on such matters, check that assumption carefully before you bet your fortune and your life on it.
Simply not true. There aren't enough people who care. Maybe 1% care. Everyone is going to keep using windows, facebook, and google. There are no nails in any coffin for any of these companies.
It is a major national security issue to any country to have foreign countries spying on them. The only controversy in the US is that the NSA is spying on American citizens in America. Any and all communication by foreigners at home and abroad is fair game. There is a reason why Google & Facebook are not market leaders in either China & Russia -- vkontakte, baidu, yandex, etc.
Likewise, this is also very bad news if you are a Chinese or Russian internet company and expect to become a dominant player in the US consumer web/digital/mobile market place.
What are you doing on your own checklist? Those are some pretty extremist notions.
If part of your hiring criteria was to exclude anyone who had worked for a contractor or directly for a government organization, I doubt many people would want to work for you. Not because they had violated your criteria, either.
Generally, I won't be hiring them, in hiring interviews I'd recommend against them for ethical reasons, and I'll avoid doing work for them if possible.
I'm referring to a very small percentage of the government and contract workers who are involved in security and surveillance. I'm not talking about VA or even the regular marines/navy/police.
I won't be doing this explicitly.
Whether people would want to to work in a place that explicitly will not work with former NSA contractors depends on the area. In SF, Boston, NYC, Portland, maybe LA it would probably help you hire good workers. Obviously, in DC or Houston it would be more controversial and hurt the company. Remember these organizations/contractors are destroying our jobs, especially in silicon valley.
The safeguards for foreigners are much less than those for US citizens. For example, the NSA doesn't need to go through FISA court to spy on non-citizens. So if you store your data on a non-US server, you're probably just making it easier for them to get to it, not harder.
Not to mention, most countries will pretty much cooperate with the US when it comes to intelligence. The only ones that might not are countries like Russia or China that have their own military-industrial complexes, which are just as eager to get at your data and a lot less scrupulous about using it.
I'd love to believe that the authorities in Germany are not also tapping lines like France or the UK. Do we have any proof that is the case? I agree this has made me think twice about hosting in the us, but also about crossing national boundaries full stop without encrypting traffic.
Encrypting is a given - obviously you'd want to only be using Saas services in Germany etc that are fully encrypted. The problem in using USA services is that even if everything is fully encrypted, the USA can and will send goons around to take your data. Encryption is simply useless when dealing with a company in the USA who is forced to hand over the keys and whose data-centers can be legally entered and modified by thugs. Once someone has physical access to the server, the game is over.
Germany is a better bet. While they are no doubt tapping lines, Germany and the EU have made no moves to actually perform hostile interventions into data-centers or private servers. This means that encryption is still a very viable security measure for protecting your data in the EU. The EU simply has a far better track record with privacy related issues.
It's not about perfect security, it's about getting the best security you can hope for - and that means moving away from anything USA hosted.
Don't choose Germany. We may have strict privacy laws here, but we also have the BND cooperating with the NSA, tapping directly into the main internet nodes (Frankfurt). And don't forget that part of the method of the NSA is to use a mule inside the target company, which would be very easy in Germany given its status of being a wannabe ally of the USA and the longstanding sympathy of the german public for the USA.
And Germany has also laws which force every mail provider to install an access point to the German authorities and intelligence agencies. I am not sure if also a generic saas platform would have to do it, but it is quite possible.
"And Germany has also laws which force every mail provider to install an access point to the German authorities and intelligence agencies. I am not sure if also a generic saas platform would have to do it, but it is quite possible."
Thanks for the heads up - as I said in the OP, it really is a difficult task. Those kind of laws are exactly what need to be avoided when choosing a country to host in. I don't believe that this kind of thing can be carried out in absolute silence though, so if a country is actively modifying and silencing hosts it's fairly likely that word of it will leak somewhere.
If I get a chance, I might try to put together a red/orange/green overview of known laws and practices in different countries that would affect hosting services there. Unless someone is already working on that and needs a hand?
We have a great privacy commissioner ( http://www.priv.gc.ca/index_e.asp ) but the office holds no power so far as I can see, and the Canadian government has a pretty solid track record of being obsequiously cooperative with u.s. interests
Canada is green simply because nobody familiar with Canada's security politics and policies has chimed in yet and there does not seem to be any evidence of foul play that is visible from an outsider's perspective.
Cooperative with U.S. interests is generally assumed by almost any country - this map is more about the (hopeful) safety of your servers in data centers in different countries.
I think you can pretty much colour the Echelon Five Eyes countries (USA, Canada, UK, Australia, New Zealand) red right off the bat. If they don't have totally intrusive surveillance legislation yet they will have soon - New Zealand is currently trying to implement it.
EU is a very generic term here. There is very little consistency across member states on this topic; UK laws, for example, are probably worse than US ones in most cases. I'm not 100% sure, but I believe Italian ones aren't much better atm.
The short-term answer is to encrypt everything users have to store, and don't handle their keys, but it's a stop-gap: the only real answer is political and that's where things have to be fixed for good.
Then the most obvious answer to me seems to use technology to affect the political landscape.
How that actually manifests itself, depends on how desperate people become to retain some sovereignty over their livelihoods… which begs the question, where are we now and who could provide the resources/environment to foster the type of change that is needed?
The EU has minimum standards for surveillance and most EU member states are clearly American vassals. Even France proved to a vasall in forcing the Bolivian president's aircraft to make an unplanned stopover in Vienna … and even the neutral countries are full in favor of surveillance – Switzerland for example is just revising its surveillance laws and many other legal areas, for example copyright, see an increased level of surveilance too.
Line tapping is pretty much a given. Looks like the BND has the possibility to do so. But this is still not officially confirmed. However a german blogger (fefe) had some examples for overly detailled dementi from german companies. E.g. no foreign intelligence service can read your traffic...
But in regards to cryptography and chances for legally fighting against such orders it could be better. At least on paper. The most likely outcome if lavabit would be hosted in germany would be a police raid that would take all servers for investigation with them. This happenend e.g. for poeple running Tor exit nodes.
Under data sharing agreements, if the NSA takes an interest, your data will probably go to them without questions or oversight. Drone bases (Ramstein) and listening stations (Dagger Complex) are located in Germany, and Germany was one of the most targeted locations in the boundless informant set of slides. It's probably illegal, and hopefully will be challenged in court, but it does apparently go on on a massive scale, with or without our consent.
Accountability and culture. German intelligence services are "weaker" in the sense that they (seemlingly) still are under the control of the legislative body (secret contracts with the Western Allies sadly nonwithstanding). They are also regarded with deep distrust by large parts of the populace and by a significant segment of the legislature.
It is quite possbible that, come September, some of the government parties might lose a few percentage points due to the citizens being annoyed about the erosion of the rule of law. We'll see.
This may be the most ignorant comment I've ever -- and I mean ever -- read on a web discussion board. And I frequent many discussion boards.
Current German culture is equivalent to German culture under the Third Reich? Really?
Is current American culture equivalent to early-through-mid 19th century American culture? Should we discount everything the USA does because you once kept/traded/abused black people as property? Then continued to legislate such thinking via Jim Crow well into the 20th century?
Now that I look, I notice your post history is littered with anti-German racism rooted in complete historical ignorance. I'm wondering what your angle is.
No, it's the reverse. The nazi era and the Stasi have resulted in a modern Germany that is fiercely oppositional to anything that leads in this direction.
There are very strong open source, transparency and anti surveillance movements in Germany. Stasi is the entire reason WHY we have strong privacy laws here.
As Goebbels pointed out, all it takes is the right kind of threat, either real or manufactured ("Think of the children!"), and those "transparency movements" you speak of will fade out more rapidly than the grandparent post.
That doesn't work as well if the culture has been inocculated.
How does one do that?
Well, I don't know if this is still done today, but when I was in 7th or 8th grade, they (school) drove us, by the busload, to visit a concentration camp.
We were shown the lampshades and wallets made of human skin. The place to stand where inmates would be executed during what they thought were medical examinations. And so on and so on.
It is quite possible that the next "Western" genocide will happen somewhere in Europe. But as somebody who has grown up here, I can assure you it won't be in Germany.
I just wish that history was thaught like this everywhere.
I have to agree. I spent two days in Berlin this week and went to the Holocaust memorial, etc. I was impressed with the way these things are talked about with such openness - to make sure that this stuff never happens again. Also, I've traveled to several european countries and found Germans to be quite open minded regarding race, religion, etc. since I think the past has a lot to do with that. Happy that the german education system and culture appears to have a strong culture of 'learning from mistakes'. Clearly that isn't the case for the US with Vietnam, Afghanistan and now Iraq.
Really? Really? With an account that is as old as yours you cannot avoid posting a comment like this? Do you consider that mature? Useful? Reasonable?
I don't. You just disqualified yourself from any meaningful discussion, ever.
My wife treated people with mental issues for some time and I have the utmost respect for people that can handle this stuff.
You, instead, are without protection. You post stuff like this and shout out to the world that you have no clue, that you have no idea what your are talking about, what the topic of this thread is and .. just show that HN really should provide a feature to ignore other people.
Please - go away. You didn't contribute and you're a sad, sad idiot.
Ostensibly the US doesn't have that framework either, the Constitution would seem to preclude it (I realize we are talking about a myriad of offenses at this point so it may get hazy). But as you can see, shit gets ignored. Secret government agencies in Germany could ignore laws there just as easily as the NSA does in the US.
There are no countries where you are allowed to go public on surveillance measures applied to your customers, user etc. – at least not before the surveillance has been completed. And while traditional surveillance measures have an end, today's +/- total surveillance is continous.
At some point, maybe the citizens of the world will understand that laws don't apply to the people who make them. They never have, and they never will.
Moving services off USA-based companies is like using two bicycle locks instead of one. A determined government is still going to get your data, they just need to spend a bit more time.
The goal is not necessarily security (I have nothing to hide (I still do hide as much as possible))-- the goal is political change. That's the only real way out of this mess. By not using US companies, you incentivize those to lobby for better laws.
Political change on it's own won't work. They will still keep the infrastructure in case they need to spy on someone(with a court order). But if they have the infrastructure , conceptually it's just a press of button again to full blown illegal surveillance.
there has been infrastructure to read snail mail contents for 200 years. Doesn't matter, the US Gov isn't routinely reading snail mail because of politics. I think he's right, make it a political issues. Actually, more: make it political issue, encryption issue, hosting issue, social issue (denied nsa contracting recently based on Snowden), I mean total war - make their life as difficult as possible using all means possible. As long as it's legal of course.
Doesn't really matter. To read a regular mail you just need so much more in legal terms compared to reading somebody's email that it's just not worth contemplating no matter what. It's not like with emails where after 6 months they automatically are open to the Government sniffing. Because of the political reasons it's not even worth contemplating -- look -- you need regular court order, not some BS whatever rubber-stamp.
It is just as bad or worse. You have to move the data in/out of the country. It definitely isn't protected when it leaves the country. The only advantage I see is that it punishes US businesses for failing to protest.
I don't blame the companies; they're about as much a victim of USgov as we are IMHO. That being said, if all the online-storage/cloud-server/email-providers/social-whatever companies in US start going out of business because nobody trusts them I strongly suspect something will have to change. It's just too bad we have to do a "scorched earth"[1] to bring about change.
> I don't blame the companies; they're as much a victim of USgov as we are IMHO.
While it's true that they are victims, they are in a far better place to demand change or to defend themselves. Money buys the ears of lawyers that the average person couldn't even afford to speak to.
This is where I disagree. I do blame companies like Google for not fighting this more. At the very least they make users aware that these laws exist, even if they cannot detail specifics related to their surveillance involvement.
Fighting the USgov isn't a decision to take lightly regardless of how much money & resources you have. I cannot condemn a company that backs down from that battle. It could hurt an employee(s) significantly, or the whole company.
While I agree they have the most resources to fight it, they're not immune to harm from USgov.
You can't convincingly make that argument since you don't know what lawyers have been doing behind the closed doors of secret court rooms nor do you have knowledge of their relevant lobbying, you're just assuming things. No to forget that Google was the first to publish a transparency report in which it publishes the number of NSLs, so there is that - it's not correct to use "Google" as a shorthand for "US tech companies".
Dual US/Polish citizen here. Just wanted to say that in many cases abroad (i.e. Poland) the case isn't about the laws protecting your privacy but rather about the Government having no means (technical, resources, know-how, etc) to enforce ridicolous things like reading and storing email contents of all the people. Even with court order just to read stuff in your inbox, I would imagine that the Polish police would have big time difficulties doing anything. These are guys making 700usd a month and the Government doesn't have money and/or the need/desire to hire folks who could execute these things. And I can just imagine that in places like Ukraine the law may say whatever but what happens is this what the highest bidder asked for ;-) Remember, not the whole world works the way the first world or the USA does.
Unless of course, what you referred to is that most of the traffic goes via the US soil anyway. But then again, why to stay in the US? Move whole business and yourself abroad :-)) Ironically, I found much, much, much more freedom in post communistic Poland than - oh irony! - Land of the Free.
I second to that. If you want security (at least on a servers/ISP level) choose some 3rd world country which government (preferably not very fond of USA) does not have technical means on surveillance. I live in a small EU country and government’s IT forces are just laughable, so I can just imagine that in less civilised countries it should be close to non-existent. Combined with strong encryption to protect data in broad Internet it should do, at least for a while..
I understand what you mean but I think the term '3rd world country' could be a bit discouraging to some of our American friends who might not have a clear picture about realities in our part of the world.
For example I also live in a small EU country. By no means this is a 3rd world country - we have pretty strong IT industry (e.g. some globally successful antivirus companies etc.) and the country is certainly developed enough to host companies providing SAAS. Yet we have certain advantages against the US:
1. our government is way weaker than the US government - their resources are obviously not even close and they would not be able to do what US government does even if they wanted to. But we are still an EU state and we can use EU as a shield when Americans come knocking.
2. it is a post-communist country and people still remember the experience of living in totalitarian/authoritarian country. Opposition against any sign of 'bad old times coming back' seem to be much stronger than the opposition of common American people against recent freedom-stripping. For example there was a proposal that our internet providers should be required to block un-licensed online gambling. The public backslash against 'censorship' was so big that the plan had to be abandoned in few days and the politician who proposed it had to apologize. Many things that are now normal in US or UK and some other western countries would not be possible here.
3. we are still an 'American ally' but the US are not nearly as popular with common people as they used to be here and anti-Americanism seem to be growing. Many politicians exploit that and see opposing to American requests as an easy way to score political points (we have seen this for example when US government wanted to build a part of their missile defence system here).
Hah, good point. I bet most of Americans (no offence here) imagine that "3rd world" means "people still live in caves and hunts wild animals for food". However, a very good counter example is Skype which went worldwide even though started in a small, 3rd world country known as Estonia.
Are you czech by any chance ? I think it's a great place and completely understand why your people would be against government surveillance. The days of asking random people for IDs just to make sure they aren't spies still aren't forgotten there.
Yep. And thanks. And to be honest, I think that asking random people for IDs was the smallest thing. People from always-free countries do not realize how much authoritarian regimes damage society. It's not just that some people became victims of the regime. Maybe the worst thing (at least in my opinion) is that society in an authoritarian regime is set in such ways that the system rewards dishonesty and cowardice and the most unscrupulous people get to the top... and stay there even after the regime falls.
This is only because our mobile market is so small that we only have 3 providers and they are all subsidiaries of global companies (O2, T-Mobile and Vodafone) with headquarters under different jurisdictions. This is not enforced by our government and if anyone wanted to circumvent this filter (which would be easy - VPN would do) AFAIK it would not be illegal here.
Some countries have a problem with bribery and corruption. Routing sensitive data through those countries risks that data being exposed by anyone in the chain who is willing to take a bribe.
I am much more worried by corrupt workers in my ISP or telephony provider than I am about my government.
That's an issue with plain text data. However, nowadays absolutely no sensitive data should be transferred/stored unencrypted. The problem is, that it seems like eavesdropping is not enough for some certain governments and now they require physical access / backdoors to companies' servers in order to bypass encryption and/or other security means. What I, and few others have suggested is to move services away from such countries so their governments would have harder times to obtain physical access.
> The problem is, that it seems like eavesdropping is not enough for some certain governments and now they require physical access / backdoors to companies' servers in order to bypass encryption and/or other security means. What I, and few others have suggested is to move services away from such countries so their governments would have harder times to obtain physical access.
Many governments are much worse than the US; they not only snoop on data but they imprison or kill people as a result of the things they find.
I'd be interested to hear about countries who will i) stand up against the US & ii) not be at large risk of corrupt employees.
The problem is that most 3rd world countries will just come knocking on your doors and take everything away, if the US goverment requests it.
After all, those countries wouldn't be 3rd world countries, if they had the power to resist US threats/requests.
Or they are part of the "axis of evil" (or whatever the current propaganda term is), in which case the internet connection to that country could either be cut off, or be heavily censored, if it isn't already happening.
I would imagine that for example in Ukraine US may request stuff, but then the low level chief of the Police in the town where you reside would give you a hint in exchange for money. That's how it rolls there. What US is going to do about that? Bribe the Ukrainian police to bring you to their Embassy? ;-)
That's a good point but don't assume that the CIA/US-govt is above bribing or even threatening/blackmailing agencies in foreign countries. They do this all the time!
Focus on encryption, to keep ahead and protect the data.
Move out of the US, because it sucks, is far from 'the land of the free' anymore and needs to learn that its place in the digital world is not at the top, but more around the center. Between lots of other states that fail and fail again, in terms of surveillance..
There's not even the time factor. Western countries at least might theoretically not spy on their own citizens but the exchange data with partners intelligence services. And the US is by far not the only country that mandates surveillance cooperation for providers etc.
Encryption is OK but doesn't solve the problem. There's always metadata and whom can your trust with your encryption? You have to assume that hardware and software you use has backdoors. Mobile phones for example has even official backdoors, your SIM card can be remotely changed and so on …
> Western countries at least might theoretically not spy on their own citizens but the exchange data with partners intelligence services.
Hoping that this is true, moving to services from one’s home country would make some sense. Of course, this is more easily possible for people from larger countries than, say, Luxembourg.
I saw a frustrating article the other day on a mainstream news site that was saying that the economic damage to the US for the Snoden leaks was in the tens of billions of dollars because of all the non US business that will be leaving US based cloud providers.
That's infuriating. It's the same as having an insecure system and then charging a hacker millions of dollars in restitution to re-architect the system to do it right.
Those firms wouldn't have to leave the US cloud providers if they had assurances that the US wasn't spying on them for no good reason.
Not quite. Storing ciphertext and keys in legal jurisdictions (like the US) that can be forced to turn over both is a bad idea.
Also, practical key management is still an unsolved problem. The web of trust never took off and the PKI is fucked. Encryption is only as useful as the keys being used to encrypt.
Encryption is useless when the government knocks on their door and says give us a backdoor to your system.
If enough people leave US based companies for foreign companies it will put pressure on the government. I have a feeling this pressure is already underway.
The problem with encryption in this case when it comes to US companies is that the US can compel US companies to install custom backdoors while pretending they are still secure and not notify their customers that this happened.
> I'm in the process of moving any Saas offerings I use off USA-affiliated companies, but it's actually more difficult than I first thought.
You should try finding a SSL cert retailer that's outside of the US. The only ones I could find that would actually sell me certs without a phone call charged at least $200 for a basic certificate. https://swisssign.com/en were the most sensible looking ones I could find.
"No longer"? It could never be trusted, and many of us said so when it was first introduced. It's just taken a while for everyone else to realise that we were right.
Lulzily, a browser trusted CA can actually fuck a customer of that CA slightly less than a non-customer, since you'd at least be vaguely aware of multiple certs issued for the same site from the same CA with different keys (maybe). No one would know if Iran were using a pet CA to go after specific users going to sites which normally used a cert from another CA.
How about a local cloud? I understand that this may seem pointless, as you're owning and paying for all the hardware, but it would really help in deployment, scaling and maintenance just like a "classic" cloud service can.
That sounds great. What if there were an email client that included an email server? If families left one desktop on 24/7 they could all use it as an email server. An open source email client could also include built in PGP or OTR encryption. Anyone know if it's feasible from a deliverability standpoint? Domain registration and DKIM signing may be tricky for the average user. As well as dealing with blacklisting, of course. But if it became prevalent maybe all of these difficulties could be overcome by instituting a new, truly decentralized infrastructure. Key exchange would still be an issue but could be achieved using a mobile app with QR code scanning.
The US government is destroying one of the few bright spots in the American economy with its out of control military. It is unconscionable. And the sad thing is it has been enabled by the betrayal by many of the web 2.0 giants, Facebook, Google etc. Google especially is sad to see since they were willing to forgo the Chinese market on principle, but then decided that taking on the authoritarian US government was too lucrative for principle to be involved. If Google had done what Lavabit just did we would be living in a freer country today.
Agreed, these US Gov contractors and agencies systematically destroying our industry and our prospects.
As a community, let's shun and shame all those who continue work for those agencies (NSA/CIA/FBI/DIA/DEA) both directly and as contractors from this date forward. If you didn't quite in August 2013, we don't want to hire you. If you quite now in disgust, we should view that in a positive light. If you or your company stand up to the US Gov, that should view that in a VERY positive light and we should be looking to hire them.
Let's shun and shame FB, Google, et all as collaborators. Let's make it a point to avoid google app engine and other Google services.
It would be one thing if Google, Facebook, Microsoft, and other big firms were selling out their customers' privacy for money. They do it all of the time for advertising. I wouldn't like that, but it would be somewhat understandable that a big uncaring firm would look at their bottom line as the only determining factor. But are they making more money by being the government's snitch?
The really weird thing here is that what's going on isn't even in these companies' self-interest because they're going to make people and businesses not trust online storage of their data in any way. So all of these cloud services, all of these online storage services, anything that impacts peoples' privacy in any way is going to be put at risk of customers choosing other options for managing their data.
Go is open source so anyone is free to inspect it for backdoors. I would be very surprised if Google, on behalf of the NSA, tried to sneak anything in like that. It would also be fairly obvious if it used the underlying OS's networking to send info back.
Obviously you're being somewhat facetious. If you're good/confident enough to write your own crypto, go seems fine as it's open source so you can inspect it. I don't trust myself to write my own crypt for important things, so obviously I would not use Golang for that and I would pause before using the Golang crypto module, but that's probably a bit paranoid. In general, I would probably use Golang on projects. I use Angular.s and Python and those have been funded in ways by Google.
Things like Google App Engine/Data store are an issue b/c your backend is Google's backend...fundamentally the same issue Gmail faces. If the NSA/FBI/DEA/TSA mistakenly fingers one of my customers as a drug dealer or "terrorist" or thinks they are associated with a drug dealer/whistleblower/"terrorist", google will hand over all my apps data.
Then again, you hear about Microsoft or Sun/Oracle passing notes to the NSA about insecurities in the OS or JVM so that they can go about their stealthy ways. I wouldn't be surprised if the same happened with Go. But good point, it's open source.
Good point about the dependencies. If it was something that someone's life depended on, especially mine, I'd do the encryption operations in a vetted C/C++ library due to possible dependency issue in GOLANG. I just don't know enough about GO or even encryption for that matter.
I can imagine what would happen to Google if, through some dark miracle, their leadership decided to do this.
Most of their top engineers live in America. So do the leaders, but ignore them, we've already decided they want this. The employees don't, though: There are eleven thousand people, there, who'll need to be relocated to - where? Europe, probably Ireland, where many of them have never been.
Certainly not where they have roots, or where their family is.
Google has deep pockets. They can afford to pay massive relocation bonuses, and they'll have to do so. Still, this is eleven thousand people; we're probably talking about a billion plus, just to get a reasonable number of them to follow. After all, most of these engineers would be perfectly capable of finding work at a different company.
Okay, so they've done that. They lost a lot of good people; probably a lot of their best people, the ones that care least about money. Still, they're now in Europe.
Now what?
Most of their infrastructure is still in the US. Compute clusters, god only knows how many. Storage clusters. User data, placed in the US under safe harbor provisions because an attempt at keeping it in Europe is unfeasible given the rather diverse tapestry of privacy laws here.
They'll need to move it all to Europe. They'll need to figure out a place to put it, and they'll need to pay billions - quite a few - to rebuild and expand their infrastructure here.
By the time this is all done, they'll have new problems. Realistically, they'll go bankrupt somewhere in the middle. And that's not mentioning possible reactions from the US government.
It would be great if leaving the US was an option, but it really.. just isn't.
Would you want to be the one who makes that stand against them? You can be guaranteed that you are from that day onwards a marked man. Everything you do, everywhere you go, and every person you talk to will be monitored. They will look for the tiniest chin in your armour, and once shown they will hang you out to dry. This explains why companies like Google and Yahoo had little choice but to comply. It might also explain why Obama so drastically changed hs beliefs.
If Google et al are facing major potential economic loss due to a widespread lack of confidence in the security of their data, they had better come up with a plan to combat that loss.
The actions of Lavabit actually caused me to cancel my account with Google Play All Access today (proof: http://i.imgur.com/KbmaBnS.png, if anyone cares), that I've had since day one.
It's not that I didn't know that Google was ok with the spying before, but seeing the difference between the reaction of Lavabit, to the non-reaction from Google -- well THAT gave me the final push to stop doing business with the company.
I really like Google's products. I really like All Access, but I don't think I'll be supporting the company financially anymore.
It probably won't matter much, but it's still something.
Lavabit was a tiny private operation. If you think that a publicly traded multi billion dollar company with millions of users and customers can just shut down to avoid complying with government requests then you are a deluded moron.
I never suggested that it was feasible for Google to shut down, but that doesn't mean that I have to just accept what they are complicit in. I no longer choose to do business with them. That hardly makes me a deluded moron.
The burden isn't on Google (I'm not sure why you are singling out Google) their hands are tied from a legal and practical standpoints.
They receive warrants and subpoenas with which they have to comply to keep doing business, if you don't care for that blame the politician and the legal system, focusing on Google is not only missing the point, it's unfair
If you are seriously suggesting that abandoning the US market is a realistic option, especially for a multibillion dollar corporation, then you are (and I'm not using this word lightly) an idiot.
Not to mention that there is no US equivalent to the rampant human rights violations and censorship in China.
I'd say that's exactly what they want everyone to think.
Of course we see more violations in china, but who's to say you don't have 10 times more of that from the US?
Just because they don't do it to US citizens (in most cases) it doesn't mean they don't do it.
Believing the other side is worse just cause you "see" more of that stuff, ends up being just blissful ignorance. Every party has it's faults and I have no doubt in my mind that the US has the most.
But we shouldn't worry... that's all to "protect the american citizens from terrorism" :D
There are plenty of human rights violations that the US commits as a matter of policy, due to its "War on Terror" - drone strikes and Guantanamo Bay are two major ones.
One of the benefits of a high-paying software industry job is that I can afford to support causes like this now. I suspect many other HN readers are in a similar position. I encourage everyone to give what they can, as standing up for our rights at the cost of ten years of labor is an incredibly difficult thing, and deserves reward.
> "This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States."
It's kind of fitting. The nation that spawned the internet is the nation that's killing the internet biz on its own turf.
I wonder if there is some historical regularity here. After all, my own country, "Das Land der Dichter und Denker" turned on its "Dichter und Denker" when it was at (or close to) the apex of intellectual achievement.
Yes, there is a strong parallel between pre-Nazi Germany and current USA. Of course, Americans will not literally follow Nazi ideology.
What we see in America is an increasing merger between industry and government. Finance is the most regulated sector; hence "too big to fail" and all the exploits pulled by big banks. Telecom is almost completely government controlled (through the graning of regulatory monopolies). The government spies on everyone all the time now. This is the fulfillment of Progressivism: regular people are ignorant, but we can fix all social ills through government control. It is also, literally, the fascist model. I sound like an immature teenager for saying that, but I mean it in the full, intellectual sense.
tl;dr the American Progressive movement occurred in parallel, but to a must greater extent, in Weimar Germany. American Neo-conservativism is Progressivism in a right-wing flavor. The modern USA is Weimar Germany all over again.
As the USA's societal ills continue to accelerate (because we're taking anti-corrective action instead of corrective action at every step), the USA will increasingly resemble a command-and-control system like Nazi Germany.
> we're taking anti-corrective action instead of corrective action at every step
That's not true. The Congress almost defunded the NSA recently. It was a far closer thing than anyone in the establishment suspects. In the end, we are a country that values it's privacy, values small government, and we'll assert that sooner or later. It may be later. But hey, it took a long time for us to figure out slavery, women's rights, civil rights, gay rights, and drug rights. But in the end we did the right thing, and we'll do the right thing on this.
Maybe there will be a turnaround, but given that the education system has long been (and continues to be) controlled by Progressives, it doesn't seem that likely to me.
But yes, the USA is the only nation founded on the principles of individual freedom, and many people remember that, so there is a chance.
Education is controlled by corporate interest and always will be. In fact the education system was founded by wealthy industrialists so they could churn out great factory workers. To learn more about this read Seth Godin's Linchpin. It's not profitable to have a smart populous.
I don't believe there's any evidence at all for what you're claiming regarding "corporate interests." In fact, I think it's obvious that it's wrong.
As far as I know, Otto von Bismarck started modern education so that he could indoctrinate the German youth, but I'm less certain on the details of that.
"Finance is the most regulated sector; hence "too big to fail" and all the exploits pulled by big banks."
The problem with finance is that we didn't have the right regulations in place because big banks lobbied to get them taken off the books. Canada's financial industry is heavily regulated and they haven't had a banking crisis in 150 years.
"American Progressive movement occurred in parallel, but to a must greater extent, in Weimar Germany. American Neo-conservativism is Progressivism in a right-wing flavor. The modern USA is Weimar Germany all over again."
This just reeks of ignorance. Progressivism and fascism are on the opposite sides of the political spectrum. In fact, fascists tried to overthrow widely celebrated progressive Franklin Roosevelt.
> The problem with finance is that we didn't have the right regulations in place because big banks lobbied to get them taken off the books
But they have lobbied to keep all kinds of regulations that they benefit from. A half-regulated industry is likely to be worse than either a fully public or fully private one (especially if we take American insurance/healthcare as an example).
A good example is Fannie Mae/Freddie Mac, which were implicitly guaranteeing financially irresponsible mortgages, and various home ownership encouragement policies pushed by the US federal government for decades.
> Progressivism and fascism are on the opposite sides of the political spectrum
They're both fundamentally moved by the idea that we need big government to get to some kind of "better" society, which is anathema to freedom and individual rights. They just disagree about the specifics of that "better" society.
Technically, you're right to call me out, because I shouldn't call the entire thing "Progressive," as that's just a a part of it. The whole intellectual trend actually comes from the anti-Englightenment German philosophers who taught that individuals are unimportant, and only society and duty matter.
I like the part where he can't tell you why he's shutting down. As if we won't engage in rampant irresponsible speculation that they have told him to decrypt and forward everything to them in real time.
what would you have him do? He's clearly under NSL, so he can't tell you what he was asked for. This is the strongest statement he can legally make (in fact, i'm sure some US lawyers would argue that it's actually beyond that).
I guess we now know how it must have felt to watch republican institutions spiral into tyranny in ancient Rome.
Yes, unfortunately; I'm a student of that period of history and it's getting pretty bad by its standards. No proscriptions yet, though ... perhaps because that doesn't work so well with a well armed populace.
I think they were found unconstitutional when they were forcing people to not even tell their lawyers. You can tell your lawyer now, and you can fight the gag order in Court - but in secret. Until the court tells you can tell everyone about it, you can't.
This is infuriating, and the worst part is that a clear solution isn't in sight.
Sure, we can fight this in the courts, and a few secret programs might get shut down, but operations will just continue under a different name. We can encrypt our data, move our services and data offshore, but that just paints a big target on our heads - doesn't actually address the fundamental issue. This is supposed to be a democracy, but I don't see any democratic way of addressing this.
The only nonviolent solution I've found is to move away and stop paying taxes to the US war machine. Don't use or support services that pay US taxes, either.
It's what I did.
PS: It is very, very, very difficult, because most of the people you care about will not move with you.
That may or may not be the best solution available to you, and one that I've started to consider very, very seriously as well, given that I have a EU passport.
However, if you're a US citizen, you do have other choices. I think the only real permanent solution is to organize and vote the totalitarian representatives out of US Congress. Vote out every single incumbent and vote for representatives that care about We The People rather than their own re-electability.
That'll take at least a decade, minimum, possibly much, much longer.
Not to put words in the OP's mouth, but I think it's not so much about the USA's not respecting human rights as about that _and_ its having too much power for everybody's good.
By not having to pay taxes to USGov, they probably hope to make that power diminish.
EDIT: Good God, I've always been the guy arguing with your average America hater that we should count ourselves lucky that in the monopolar world we live in, the US is that only superpower that remains (as other candidates, such as Russia and China, would be a lot worse for everybody). I still think this is the case, but it's getting harder and harder to justify the position, with USGov seemingly hell bent on tranforming the country into a surveillance state.
What big liberal democracy isn't becoming a surveillance state? The U.K. seems 10-15 years ahead of us on that front, and people seem to like it just fine over there. Maybe the answer is just that pervasive surveillance isn't something that upsets people?
Maybe that's because the US exports the surveillance state, not because the locals like it so much. It will be interesting to see if any US allies go their own way on this issue.
At least they dont have Guantanamo with prisoners with the same racial/religious profile..
wake up dude, US is at the end of the list when it comes to human rights.. (not to say the damage in human rights it has caused to other countries like cuba, iran or iraq, hurting economy or with wars)
Where are you going to go? People playing up third world countries don't know shit. The day-to-day corruption in nearly every such country is so bad that after awhile you'd rather have someone reading your e-mail but otherwise leaving you alone. And let me tell you from first hand experience--it is soul sucking to live in a country like that where you're constantly surrounded by people living on the edge of subsistence (or if you aren't you've segregated yourself into 1%-er bubbles, which is its own kind of bad).
Look at the BRIC countries, which are supposedly on an upward trajectory. Russia, India, and China are out off the bat. Russia and China do not have functioning democracies, and while India does, it is corrupt from top to bottom. Someone commented about Brazil yesterday how debts are inherited in that country, not to mention it's got outrageous income inequality.
Out of the big European countries, you've got the U.K. with cameras on every corner, and France where until recently it was a crime to insult the President. It has come out that Germany spies on people too, though apparently less than the U.S. to a degree (I guess just because of shorter retention periods).
Libertarians like to put up Hong Kong as some shining example, but that's just proof that libertarians don't really value democracy (since Hong Kong doesn't even pretend to have democracy). Hong Kong apparently does less internet surveillance, except if you're a pro-democracy activist in which case all bets are off.
That leaves the Scandinavian countries, I suppose, but I have a hard time seeing a lot of libertarian-minded people fleeing the U.S. for that collectivist utopia.
> That leaves the Scandinavian countries, I suppose, but I have a hard time seeing a lot of libertarian-minded people fleeing the U.S. for that collectivist utopia.
As a pragmatic libertarian, I am willing to pay many more dollars in taxes to provide services I don't agree with so long as little to none of my tax dollars go towards bombing brown people and spying on citizens.
I hear Human Rights Watch maintains a rank-order list. Probably Amnesty Internation does as well. But I'm about to leave to go home or otherwise I'd dig it up myself.
Don't be delusional. Unless you have business intentions, that rely on government not knowing what your business is, it is NOT, by any stretch of imagination" a reason to leave a country like USA, the more so for a Central American country. This issue is so minor to most people that many don't even give it much thought. I am sure you can live with the government watching you and still make some kind of contribution towards solving the problem. Besides NSA spies on the whole world if you use USA services. I live in a God's forgotten land of country you probably haven't even heard, yet I too am spied while using popular services. So my advice would be to avoid using USA based internet services when possible to minimize any potential damage your leaked private information might do to you and, together with thousands of others, help find the solution and make it happen.
USA have power in most countries. Look at the case when venesuela president plane was forced to land in austria because of the rumors there could be showden inside. Americans who downvoted me think only america is affected, but it is not. It's sad that people even here don't understand that.
The democratic solution is to get people to care about your issue. If the anti-abortionists can do it, so can privacy advocates.
Also, we have no idea whether Lavabit's operator's real situation is (though I certainly fault the government for the ridiculous NSL scheme that prevents him from spilling the beans). Is he objecting to installing a PRISM-style scheme, or to legitimate wiretaps?
This is why the "first amendment" issue might be the most important part of this - he might want to stand up and say "the Govenment wants to force me to backdoor my system, and I think Congress should change the law so this can't happen", but he's not allowed to do so. Restricting this kind of clearly political speech is not right, is not just and is not democratic.
>>The democratic solution is to get people to care about your issue. If the anti-abortionists can do it, so can privacy advocates.
Not quite the same thing. Abortion is an inherently sensitive topic that is susceptible to emotion. Saying something as simple as "they are killing helpless babies!" is enough to get a ton of people on the anti-abortion side.
What's the equivalent of privacy? How do we make the 4th amendment an emotional issue? Because there lies our victory.
"Obama is going to take away your guns" (by spying on online gun transactions).
"Obama is going to make it illegal to speak out against abortion" (by spying on anti-abortionists).
"Obama is going to make religion illegal" (by spying on your church e-mails).
"Obama is going to shut down the Tea Party" (by spying on their emails).
"Obama is going to criminalize anti-Obama criticism" (by spying on Facebook).
Raise money and run ads in red states associating Nancy Pelosi with the whole scheme.
These sound out there (and are), but: 1) there is a grain of truth embedded in each one; 2) they speak viscerally to things people care about; 3) they will get an emotional reaction.
I have a theory that actually They don't care about surveillance, They don't care about a few measly terrorists or dissenters.
It's all about the massive federal money to implement these surveillance systems. They are just doing their jobs because its profitable.
It's the new Military Industrial Complex. War is profitable. So we have to disrupt and eradicate that as an incentive.
Encryption and political solutions are just playing defense. Destroy the core problem : the profit incentive to violate our privacy and constitutional rights.
Dont forget the political power all this information gives to whoever is in charge at the white house..
even if you guys do manage to elect a guy sensitive to privacy.. in the minute he see all the information provided to him about all his adversaries.. and all the other players around the world.. this guy will be converted instantly to the mass data surveilance state "cult"
If the mere capability of surveillance is what upsets you, then I'd recommend yoga and encryption. Investigatory powers have been used in pretty much all nations for hundreds of years and so if your big plan is to remove the very ability for governments to do that, you're going to be in for a long and arduous slog.
If instead your concern is with unchecked and expansive untargeted surveillance, we need to push hard for transparency and oversight, which is something that is politically viable and gets 99.9% of the benefit to the average person of surveillance not being possible at all.
Enough people using strong encryption (both for data over the wire and data at rest) makes big-data collection (can't dedupe random noise) and processing/datamining prohibitively expensive if not impossible.
Nobody is getting in trouble for moving their data and services offshore.
Aside from that? I'd suggest finding a few friendly people in various countries and establish a constant /dev/urandom | ssh | > /dev/null stream when your internet connection is idle.
I wonder if, more than crypto, false positives would make them work harder. They know who you are emailing too, and so likely are not going to target you in any case, since you are not part of an interesting network.
But if you start talking about a movie, where they plan to detonate a dirty bomb in Times Square or something...
Emacs automates this with M-x spook:
morse War on Terrorism encryption Forte Blowpipe LLNL John Kerry Albright Kh-11 22nd SAS ANC Semtex SEAL Team 6 smuggle CIA
Also, everyone here from the US has placed a phone call to their representatives to politely, succinctly, and clearly state their opposition to this stuff, right? Ultimately, a political solution is best. False positives make them waste their time, and there are a lot of them who probably really do care about catching genuinely bad people who want to do bad stuff. Just that they need less secrecy, more focus, and much more oversight.
6 degrees, though. The network of connecting one person to any other person on the earth is usually quite small.
Hmm.. here's a silly idea.
A peer to peer network, let's go with a cool web-2.0-ey name like Chaffr, that assigns you a GUID and establishes a stream of truly random (or pseudorandom) data which is propagated out via a P2P system kinda the same way Tor nodes communicate with each other.
This stream of noise is generated and runs 24x7. Might require a hardware dongle of some kind to keep the entropy pool full enough.
This data is random for the most part, but if you have the GUID of another user, you can send them messages which will be encoded into the stream and received by the other person either immediately, at a set time, or at a random time inside a given window.
Garbage, uncompressable, unusable data for the snoops (and the nature of the system as explained in the Snowden leaks will require them to store every useless byte), an anonymous, decentralized communication network for everyone else.
You would still have to encrypt that though, which reintroduces the problems of key management and authentication/trust. I'm sure that issue is resolvable though, although I would expect that most ISPs simply drop that type of traffic completely as it can only hurt their operations. So you'd also need to find ways to route around ISPs that don't choose to participate in this.
haha, I just tried M-x spook, I didn't think it would actually work.
Here was my output:
national information infrastructure Ceridian INSCOM supercomputer AIEWS Afghanistan Blowpipe chameleon man sweep M-14 hackers Roswell lock picking codes spies
second time:
world domination cracking Operation Iraqi Freedom IRA Reno analyzer M-14 David John Oates electronic surveillance pipeline INS security Tony Blair national information infrastructure ASLET
"""
spook is an interactive compiled Lisp function.
(spook)
Adds that special touch of class to your outgoing mail.
"""
; Variables
(defgroup spook nil
"Spook phrase utility for overloading the NSA line eater."
:prefix "spook-"
:group 'games)
(defcustom spook-phrases-file (expand-file-name "spook.lines" data-directory)
"Keep your favorite phrases here."
:type 'file
:group 'spook)
(defcustom spook-phrase-default-count 15
"Default number of phrases to insert."
:type 'integer
:group 'spook)
--
Looks like it'd be a good idea to update and expand the spook.lines file.
This is a brilliant suggestion actually. If I ever make a crypto messaging system I'll surely bake in a module that sends bogus messages to random nodes in the system. Then any sorts of metadata are useless to evil people.
> Pond doesn't transmit messages as needed because that would disclose when messages were being sent. Instead it transmits messages at random, whether there's anything to be sent or not. When there's a real message pending, it has to wait until the next randomly timed slot, which could be many minutes.
White noise has distinct statistical properties that allow to mitigate it's effect on detection of meaningful signal. E.g. filtering white noise from audio stream is a very common operation.
Sending packets to all contacts at random is a form of introducing white noise, vulnerable to signal processing techniques known and used from 1950s.
Your noise can be non-white. Your noise can favour some of your peers, some time of day, messages can be elaborately routed around in circles. You can even make clients download new message distribution patterns each day. Genetically enchanced patterns.
If your noise is algorithmic, and even worse, the algorithm is known (as would be the case of an open source project), it makes your protection fairly vulnerable.
E.g. in case of biasing the method towards time of day, the attacker likely can filter it out using fairly basic statistical methods. Generally any kind of pseudo-randomization would render the method vulnerable; at least to the caliber of mathematicians which work at NSA.
If there's messaging system's own statistical analyzer, that learns your communication patterns and adjusts false messaging to rectify that, it could work. However the other messaging clients have to play along, which makes it fairly challenging problem.
As developers perhaps the most effective thing we can do from a long-term perspective is baking strong cryptography in to all of the products we create, and opting for open source whenever possible. (After all, open source is the only way we can guarantee that the software we're using really doesn't snoop on us.)
If crypto were easier to use and presented as a default, more regular people would wind up using it and we'd slowly start stymieing the NSA and similar organizations.
Playing politics and calling your congressman isn't going to work in the long term, as you said. We might get one or two laws changed in the short term, but things can change back in the scale of decades and we could be even worse off. The only real solution is to make it mathematically impossible for agencies to read our communications now and in the future.
To make crypto truly secure, the end user has to take on management of their key and that key can never reside on your servers. Users can barely manage their password; expecting them to manage something that, if they lose, takes all their data with them, is asking a lot.
I tried to get a startup off the ground for 2 years that would secure gmail, and we went round and round on this. We wanted to not be able to read the user's mail, but the impact on usability was so large, users wouldn't touch it.
How do we train users to manage keys? What would be really nice is true homomorphic encryption.
Give us a try? It seems this is the default line and that the users never get to piss off the support people because they're never given the chance.
Let us burn ourselves and then we can learn to use the stove. If we never understand the importance of that key we'll never get used to maintaining it properly.
Quite clearly - is there any messaging service that allows users to end-to-end encrypt? That is not PGP? There is such a conspicuous void in the market here...
I'm going to throw in a suggestion that I haven't otherwise seen made in this discussion.
Governments' justification for surveillance is that it's necessary for fighting terrorism. Okay, I can't say how useful it is for that purpose, I'm not privy to the relevant data; hopefully we can all agree fighting terrorism is a good thing as far as it goes, and it's clear governments believe surveillance is part of that.
And if surveillance data was only going to be used against terrorists, that would be fine. The reason many of us are so wary of pervasive surveillance is that we reasonably fear it won't stop there.
Would it be politically easier, would governments be more amenable, to attacking that problem instead? To say: fine, the NSA and its counterparts in other countries can have their surveillance, but only if the firewall between the NSA and other branches of government is strengthened to stop the data being used for any purpose except counterterrorism.
People aren't using the first amendment while they can -- and by that I mean that they 1) do not engage each other on politics nearly enough; 2) when they do, they are generally not very honest or rational.
In short -- on average and with exceptions, we deserve what we are getting.
> Lavabit processes 70 gigabytes of data per day, is made up of 26 servers, hosts 260,000 email addresses, and processes 600,000 emails a day. That’s a lot of email.
70 GB / 600K emails = 122KB per email. That's a large average even with headers. To put things in perspective, Costco's massive marketing email sent to me this morning is 138K including headers.
So the question is, what were people sending though Lavabit that averaged 122K and would have attracted attention? Therein probably lies the reason for all of this.
Most of the companies I receive email from these days have 122Kb of crap attached to the bottom by their outgoing MTA. You know: awards, disclaimers, twitter icons, facebook icons.
It is possibly 600k non-spam emails per day? With the 70GB including all data w/ spam. Because with ~300k accounts 600k emails per day is only 2 per account which isn't much taking spam into account.
He's using the same logic that's used against extremists: if they're disenfranchised then they're a threat, and if we're disenfranchising them then they're a threat to us.
Why does the military have indefinite detention? It's simple: as a matter of policy they torture suspects, but since they were tortured then it stands to reason that they will become radicalized upon release, so they're held indefinitely.
Let me spell it out again in simpler terms: the military holds them because the military tortured them.
Not torturing them isn't even an considered an option despite the dollar cost of maintaining an off-shore super-maximum-security prison for hundreds of people guarded by a large military presence.
No, he's saying that there are groups on the Internet known for lashing out at companies for various politically motivated reasons, and this Snowden story is going to be one such reason.
His choice to call them terrorists isn't something I'm going to really defend, but if it makes you feel any better, he hasn't been in charge of anything for 4 years.
He may not have been in charge of anything for four years, but it would be nice to see General Alexander condemning such specious reasoning and fear-mongering.
Pretty sure we are going to be into at least two or three presidents trying to hang Snowden from the flagpole. They will never pardon him because of their fear of the next sysadmin exposing crimes of the state.
Do you blame them for that fear? This time it's spying, next time what if it's troop deployments? What if CI names get leaked by someone who finds the CIs to be scumbags?
Is it fear-mongering? Sites actually do get hacked and defaced all the time for political advocacy (e.g. LulzSec). I've long been more afraid, in general, of computer hackers than government.
Yes, seriously. People like to think that computer hackers have some perfect sense of morality, I have real-life experience that they don't.
The government, though occasionally surreal, has not once been a serious impediment to anything I've wanted to do, and in fact has occasionally been an exceptional aid in what I've wanted to do.
I find it amazing that anyone can still justify what the government is doing. Every line has been crossed. To the DEA, to the IRS. And, still, you are okie dokie. I am amazed.
Read what I wrote. Did I justify what the government is doing? Or did I say that relative to non-governmental threats that the government has not yet reached the top of the list?
If those like you were in charge of invention shops in the 19th century the light bulb would never have been invented. "Ugh, look, this piece of shit failed for the 20th time, this will never work, we should just give up entirely."
Luckily we have had innovators throughout history who are not afraid to see the future as it should be and to iterate, iterate, iterate and iterate some more to bring the world closer to that ideal reality.
Does the government still have work to go? Absolutely, but it can be made better, which is not something I can say for everyone.
The following is a bit of a stretch, but the quoted abusive language from Hayden brings it to mind, as the movie "Eastern Promises" just came up in conversation the other day.
There is a scene in "Eastern Promises" where the protagonist, a "deep cover" police officer infiltrating the Russian / Eastern European mob in London, is compelled to have sex with an enslaved woman in order to prove that he isn't gay. (Because, up to this point, he has not shown interest in these "usual" activities.)
The quote from Hayden, after raising my ire, quickly made me think of this. So, Hayden is more or less saying that, um... "lack of demonstrated sexual prowess" is tantamount to being a misanthrope -- and worse, from the criminal justice perspective, a "criminal" (I'll refrain from using the t-word, including because it probably bumps the ranking of a post in today's data collection systems).
Of course, one might presume to take it as implied also, that if you're gay, you belong to this group.
That such a figure of authority can and does so loosely -- or perhaps purposefully -- bandy about such prejudiced language...
These are not consummate professionals. They are... apparatchiks.
Too bad that he does not have donations page. I would gladly donate. Also - respect for the decision he made. If he kickstarts a campaign for restoring the service I will be there too.
There is a link at the bottom of the email to a PayPal page for donations to a Legal Defense Fund.
I do wonder if PayPal was a good choice for this, or just a choice of convenience. I have trouble trusting PayPal given how many horror stories about accounts being suspended, funds seized (or returned to the senders), and phantom account locks for fraud investigations.
> I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this.
Anyone know what happens if he just says "F it" and writes a massive blog post on what exactly happened or what exactly they said to him?
Probably arrested, held in jail optionally in solitary and eventually charged with large crimes of violating a national security letter. I'm not sure but considering other recent events probably leaking top secret government info. Followed by jail time and possibly financial ruin. Don't fuck with the US gov. They are publically making it very clear.
This guy didn't break the law, just "offended" the gov and his life "is over" in that he has a 7 year jail sentence and financial ruin to look forward to when he gets out.
Bradly Manning offended the gov and broke the law, and is facing over a lifetime in jail after some torture like jail conditions pretrial (and nearly faced execution).
Blogging a NSL would probably get you somewhere in between.
He'd probably go to jail immediately and then spend years working the case through the courts in the hopes of getting a Supreme Court decision striking the law down as unconstitutional.
Seems like it would make sense for users to demand that any US based service includes a warrant canary, just like rsync.net's implementation. A global canary + separate canaries for individual accounts would also make sense.
I don't think canaries are effective. You can't get around a court order just by mental gymnastics, they'll hold you in contempt. I'd be happy to be proven wrong, but I suspect that they'd simply order you to keep updating the canary.
This would imply that the court can order you to lie to your customers. I think this is not the case.
If there is any precedence for any US court requiring public citizen to lie I definitely want to know about it.
If the courts are acting like they have this power then it will greatly change my perception of how the courts, NSA, and congress are currently acting.
There was a HN discussion about this two months ago [1]. The general consensus seemed to be that a court would not take the same kind of philosophical and logical approach that most HN types use, and would classify a failure to update the canary as effectively a communication that a NSL has been received. Since the courts only care about the facts that communication is occurring and that the court prohibited it, contempt of court would be the most likely result.
TL;DR: Judges don't philosophise about specific methods for circumventing their intentions.
After reading the thread the conclusion seemed to be that courts can not order you to lie, but may try to hold you in contempt of court for failing to update your canary.
If all actions but the one the government wants are ment with punishment then it is functionally equivalent to ordering/mandating/requiring a specific action.
If there is precedence for punishing all but the course of action desired by the government I would be interested. If there is legal precedence for ordering/mandating/requiring an action being different form punishing all but the desired action I would also be interested in knowing.
They have in the past - there are definitely situations where you are required to lie, for example, when working on classified materials or covert operations.
Slightly different, that is an operative agreeing to be an operative with up front knowledge of what it entails. So the person lying has agreed to lie before being given the information or a mission. If you know a case where a person has been prosecuted for not lying rather then breaking an agreement I would still be interested.
I am not sure what I think about your scenario off the top of my head but I do consider it different.
Well, there is one last piece, and that is the geographically disparate canaries that we maintain.
The question is not "can a US court compel XYZ US citizen to lie", it is "can a US court compel XYZ swiss citizen to lie".
So you should take note, of course, if our warrant canary ceases to update. You should also take note if the US one updates but the swiss (or Hong Kong) one does not ...
This is made easier as a local warrant canary is available to all account holders in their /tmp dir ...
I'm sure they would argue that you weren't supposed to reveal that you were under an NSL, and that your inaction did reveal it, so you violated the terms. As the grandparent says, it probably just a cute legal trick that wouldn't impress a judge.
The "judge is not impressed" means they would probably view it as the same as just warning the public directly, with equivalent penalties.
And thus the canary is legally useless--if you're going to have the penalties of violating a national security order, might as well just do it in a straightforward manner.
I agree, but your analysis is missing something: the canary-threatener may be secretly, without a public ruling, within the refresh interval, be convinced that if he doesn't keep updating (falsely) the canary, he'll go to jail. In other words, the precommitment to stop producing the canary signal isn't fully credible (though it seems much more likely to get the message out than a promise to actively say if something happens).
The technical solution to that social problem (yeah, we know how well those work) is to set the refresh interval to be less than the time required to process a motion contesting the government's order to update the canary.
Canaries always stunk of that juvenile "technically correct" stuff many tech people seem to grow out of later than others.
If the judge says "don't paint your wall red" that means "or anything close by any means".
It doesn't matter you tried to hack your way out with an automatic vermillion paint flinger setup before the order. You still are supposed to "make the wall not get painted red".
The government can compel you to paint a wall green. They can't compel you to say you liked it. They especially can't compel you to break the law (assuming you set up some kind of situation where it's fraud/perjury/whatever to lie).
>They especially can't compel you to break the law (assuming you set up some kind of situation where it's fraud/perjury/whatever to lie).
They can most certainly hold you in contempt because you got your self in that mess.
>look at how email retention works.
Document retention policies are allowed because otherwise the civil court system would be prohibitively expensive (lawyers have to read all your email once you get sued basically). Once you get a court order that says to, you have to stop destroying email, etc, disabling your automated destruction systems.
The only reason to have canaries is to violate the terms of gag orders. Judges aren't sympathetic to that.
Hold you in contempt for something you did years before the case was filed or the investigation even started? God, that's even worse than contempt of court for failing to say passwords under the fifth amendment.
I'm pretty sure I have some truecrypt containers I've forgotten the passwords to, sure hope I never get arrested!
I think automatically breaking a gag order by a complicated mechanism is pretty contemptuous of someone trying to not get that information out?
I am not saying they're not worthy of that contempt, merely that they don't care if they are, just if you're showing contempt for the process and violating the order
>But to say that a canary I set up a decade ago is contemptuous of a court filing made a month ago is ridiculous.
No it's not: You show contempt for the idea they could demand you silently turn over information. It's seething out of your posts here on HN even.
I don't think it's right they can do this, but I do think it's quite clearly preemptively raising a middle finger to the whole thing; it is "I cross my fingers behind my back so my swears don't count" type of stuff that judges don't accept and toss you in jail for.
You don't get to outthink and out maneuver this crap: You have to beat it in the system.
Right, it shows extreme past contempt for the very idea that it could be possible, but this is in no way contempt toward the specific judge, nor must there still be contempt at this point.
Usually contempt of court is used for not taking an action. Examples would be in situations where the court was attempting to compel journalists to reveal their sources, and contempt of congress during the House Unamerican Activities era for not revealing information they wanted.
I don't think it would be any different from holding you in contempt for doing something. The court notices that your inaction caused you to contravene a court order, and the court then holds you in contempt.
The canary trick is roughly on par with "I was NOT served a letter on July 20, 2013, which did NOT say the following..."
To be honest, I'm even a little nervous that something as innocuous as "I wish I could tell you more about the circumstances leading to the decision" could be seen as communicating the presence of an NSL indirectly, and lead to contempt of court.
I don't know how FBI/NSA notifications are received in the US. But you can communicate to your uses any FBI/NSA/LE notification before reading the content. Of course, the notification should be posted to a medium where you don't have further control over, so there's no way for you to remove the notification.
This presumes that the host has an actual warrant filed against them. I assume that if the feds want data from a service which is ultimately hosted on Amazon they'll just go straight to Amazon.
This is very unfortunate and sad. I hope he wins in Court. The NSA/administration are really trying to destroy the last bit of privacy in the world, and they will fight relentlessly until they do (especially if the People aren't fighting back).
um okay. If it is what we think it is, what makes you think that he will wrestle with Feds if Google, Facebook, Yahoo, Microsoft and other billion-dollars giants were not even interested pursuing the legal way?
Most likely, this is all so secret with secret courts foreseeing secret rulings that unless he has solid capital to burn on legal defense, he won't get far. He won't get far probably either if he has the money. I am sure courts would stretched it in infinity. And I am sure the owner is businessman more than a libertarian.
Sometimes a David makes a bigger impression than a Goliath.
It's been years since I've worked with Ladar. However, he's a man of great intelligence and principle. It's not unheard of for "the little guy" to take on the machine and win. I believe that Ladar will prevail in the end, and I hope he'll resume operations or come up with something even better.
I'll be donating something as soon as I finish my post.
I really would want to donate to them. But you know I kind of feel weary now connecting my PayPal Account with them. I hope some kind of organisation is standing up for them. Like EFF or something. Not because I don't trust them. But because I don't trust the NSA. They might flag me as a terrorist or something. Then again I'm probably already on this list for having some technical involvment with something the US gov doesn't like.
I guess it purely a coincedence that Snowden used a lavabit address the last few weeks. I guess there is no relation at all.
There's no reason to trust me, but if you send me bitcoins, I'll convert to dollars and send to the fund. You preserve your anonymity. I'll convert all donations at the end of each month.
Thanks for the offer, unfortunately I don't have any bitcoins so i would first have to buy them. Which I would have to do with money that can be traced back to me...
I had the exact same thought. The chilling effects here are tangible - I am avoiding exercising what are ostensibly my freedoms because I fear reprisal by my government.
Because the list of mere sympathizers, while surely long, is not nearly as bad a list to find oneself on as a list of material supporters. Squeal all you want, but if you want to speak with your wallet... Watch out. That is of course assuming that donations are even possible and that the recipient is not the target of an international banking blockade designed specifically to financially starve politically undesirable organizations.
I've posted this link on HN before, but it's potentially relevant - we might find out more, but it sounds like this might be the result of a National Security Letter preventing Ladar from talking about the reason behind the shutdown.
I would suspect he has tried to protect his users from a request for information (NSLs are allegedly limited to metadata), but would prefer to discontinue the service than take the other possible legal action (silently disclosing information). Perhaps it is possible he will/has been forced to disclose information anyway.
This link is a video featuring Nicholas Merrill who (if this is in fact NSL-related) went through a similar situation with his ISP Calyx, and gave as much information as legally possible about the frustrating process as a talk at the yearly Chaos Communication Congress in 2010.
I had just signed up for 2 years pro service, and had been wondering why thunderbird couldn't log in all day (and I've been waiting to send an email all day!)
I also recently had a chat with their support about this (before purchasing,) and they told me something like "don't worry, we're not big enough to get hit by this stuff, and if we are we'll tell them where to shove it!" -- it looks like they were telling the truth.
I thought about how the Gestapo had Lazlow in their midst, at the same TABLE as them, and yet didn't do anything immediately other than deny him further travel. Of course, it's a movie, but it was an interesting thought. Nowadays, if Snowden were known to be hiding in a foreigner's Moroccan cafe, we'ds drone half the building.
Also, I noticed the pride and the wonder that America inspired in the workers and patrons of Rick's. It was a symbol of freedom and opportunity. I wonder how many people see it that way now.
Old European elites shared a common culture that went beyond borders, at times perversely so (e.g. the whole Geneva Convention mindset where war is all a big game in need of more gentlemanly rules). They respected each other more than they did their fellow countrymen from lower classes. It's the same today: you'd never see a Saudi billionaire droned, even if we knew he'd been "the real Osama" all along.
Snowden is a little fish and as such he's being treated, as an example to his uppity peers. His friends are little fish, and as such are being burnt down without a second thought.
Iterated prisoner's dilemma isn't exactly a 'perverse' way of looking at war. Taking the high road helps you more than it hurts you. And remember that a country taken with minimal casualties is going to be much less rebellious.
> When the FUCK did we become a nation that starts shutting things down that don't comply with the government?
This is not new. When a company doesn't comply with fire code, the business is shut down. When a company doesn't comply with law enforcement, it's shut down. This is the case when the law is just or not (until the courts rule it unjust, best case.)
But to your actual point: we've been a nation that enslaved an entire race, locked up another one because of war, genocided yet another, banned speech against the government, ruined careers of famous scientists and actors because of political affiliations, passed laws against sex acts, shot water cannons and unleashed dogs at protesters, shot others, tore up the shanty towns of veterans, trained our soldiers to be racist so they'd be more effective, classified encryption as munitions, and on and on and on and on.
This NSA crap is infuriating, but pretending that we've suddenly turned into Nazi Germany (and conveniently ignoring our history, such as J. Edgar Hoover,) turns a complete blind eye to the fact that we've dealt with this before. We need to tell our representatives that this is not okay -- not hyperbolize it.
Also, and most importantly, quoting things from the Holocaust is absolutely disrespectful to the survivors of the Holocaust and the millions who died. Not only is that poem diluted by it being towed out whenever a government does something that someone doesn't like, but your argument is better served by coming up with something original.
> But to your actual point: we've been a nation that enslaved an entire race, locked up another one because of war, genocided yet another, banned speech against the government, ruined careers of famous scientists and actors because of political affiliations, passed laws against sex acts, shot water cannons and unleashed dogs at protesters, shot others, tore up the shanty towns of veterans, trained our soldiers to be racist so they'd be more effective, classified encryption as munitions, and on and on and on and on.
Yes, and police in US has historically acted to protect the regime and not the citizens regardless of whether the citizen actions were justified and lawful or not. Environmentalists have been dealing with this for decades[1], so it's not something new and probably not getting worse: internet activists' homes could as well have been raided, family members handcuffed and their eyes pepper-sprayed. This is fairly common, unfortunately. The question is what do we do about it?
[1] See the "If a tree falls" documentary for an excellent example.
Crap, I had just recently migrated all of my accounts to my new Lavabit address, paid for a year of service, etc.
Although I've seen some mentioned, what recommendations does HN have for a new e-mail service? Preferably something stable and also respecting of a user's privacy. Or perhaps you can only have 1 of the aforementioned attributes.
This is why I contributed to Mailpile(http://www.mailpile.is/)'s fundraiser and hang out in their IRC channel. We need more, better, easy-to-use distributed, crypto-friendly mail software, and we need them yesterday. :/
Bitmessage is fairly atrocious to use in practise. It's slow (by design) and extremely difficult to use properly. Moreover, I'd bet my hat that it's not secure.
Me too. It took a long time to update all of my account information for every website and service I use. It took me a long time to get all of my friends, colleagues, etc. notified that I had switched.
I now have a trail of being under my Lavabit account. Commits, patches, websites, services, friends all thinking I'm still under that account. Now I've got to do it once again, only a few weeks later.
Sigh. I can't blame Lavabit really. Just a situation I'd hope to avoid.
Actually, I don't think so, if he was a paying user. Everything on-disk was encrypted for paying users, and since lavabit had to shut down completely to not "be complicit in a crime against the American public", I assume that the NSL wanted them to make a change like Hushmail did in the past, to send the user's password to the server on the next login so that they can decrypt all emails.
I would assume that the NSA had already forcibly installed something that would compromise all further access to lavabit mail. Therefore the only option that doesn't reveal data is immediate shutdown.
I have my own domain name, currently hosting with Google Apps. If I get the motivation to move to another host like myself, I can do it without changing contact information.
Yeah, I thank my stars that I had the sense to do this almost 2 years ago. It really is much better. Another neat hack of using your custom domain is when people ask for your email address you can make one up without you appearing in their chat list. So for instance on Google Talk you're registered as iam@firstlastname.com, you could simply give them i@firstlastname.com so they can still converse with you (catch-alls ftw) yet they don't annoyingly appear on your Talk list.
And yeah, changing providers is just a matter of altering a field or two in the host records page.
At the moment, I accept the danger and resent myself for it. Moving to a custom domain is one step in the process, though.
And really, since all your email hops through relays constantly, the only truly effective anti-spy technology is message encryption, which wouldn't depend on where the messages end up.
If you're a SAAS provider, be aware if you need to shutdown that many users are not prepared for this. Several posters in the linked thread rely on a recover password feature sent to e-mail for access to other accounts. Not a prudent practice but this is common for many.
This is not an orderly shutdown, this is basically a civil disobedience act. As such, the more people are pissed off, the better (as long as their rage is channeled to the real culprits, i.e. the feds).
Interesting thread, thanks for sharing. Huge difference between page 5 (when people still believe it's just a badly-handled storage system problem) and afterwards (when the true story is revealed).
You know, all these counter measures we come up with are just 'patches' to a set of bugs in our society. We need to rewrite the damn thing. This will just become a cat and mouse game against our own gov't and indirect defensive movements are meaningless without some sort of offensive to change policy. This is becoming a full blown arms race over people's private information. The funding, the computational power, the human capital used to create these things... if the gov't can't or won't listen to the people's will and the situation is bad enough, then something will rise to replace the broken system. Someone's got to spearhead a defense of the individual.
Political & social realities are reactions to physical realities. Physical reality is changed by technology.
This kind of dragnet communication surveillance was literally impossible in the 1960s. The social world is still changing in reaction to the existence of the birth control pill. Hell our social reality has already been fundamentally changed on many levels by facebook & smartphones world wide. It's a balance of both.
If Congress has passed laws abridging the freedom of speech, then those laws are illegitimate. Unfortunately, it feels as if speaking favorably of the Constitution is enough to get put on a watch list anymore.
Congress can legally pass laws abridging freedom of speech, and has always been able to do so. For example, if someone were to talk up and threaten my life, that is not legally protected speech. Nor is blackmail, for that matter, nor the famous adage of shouting "fire!" in a crowded theater.
For that matter, Congress can legally restrict speech in certain national security issues, and has, again, done so for a very long time. The Supreme Court has (in my opinion, correctly) understood that restricting people handling classified documentation from repeating that information is, without extraordinary circumstances (more on that in a second), completely legal, for example.
The trick here is the sheer breadth of the NSLs. I completely agree that they're unconstitutional, and I sincerely hope they are struck down in court. But I hope that I've just highlighted why this isn't a slam-dunk situation for those on the receiving end of an NSL. Add in that, at least so far, any disputes with NSLs have to be taken up with the FISA court, and even wins against NSLs don't actually count as binding precedent, because FISA itself does not create binding precedent.
Congress can, in certain circumstances, make laws restricting freedom of speech. This isn't one of those instances. But suing our way to that conclusion will take time, money, and personal risk for the petitioner.
> In 1969, the Supreme Court's decision in Brandenburg v. Ohio effectively overturned Schenck and any authority the case still carried. There, the Court held that inflammatory speech--and even speech advocating violence by members of the Ku Klux Klan--is protected under the First Amendment, unless the speech "is directed to inciting or producing imminent lawless action and is likely to incite or produce such action" (emphasis mine).
So, secret court case, started by a secret spy service gets an email service shut down. We know next to nothing, except the service went down, with out an open honest explanation. The owner is left with leaving a cryptic-ish message to their users.
So, I ask again: at what point is it reasonable to use words like fascist, police state, etc? What is a reasonable tipping point?
I used a similar term, with the word "becoming" first about a month ago. Maybe we should start running regular polls. It's not a cliff you're going to fall off, it's more like slowly sinking into a pool of it.
The line "A favorable decision would allow me resurrect Lavabit as an American company." seems to suggest that he may be working to create lavabit outside the borders of "Mordor".
Can he reopen it as a foreign business?
Some questions given the reasons why they had to shutdown:
1. Can Lavabit now set up shop overseas (with a different TLD)?
2. If not 1, can Lavabit license their software infrastructure in such a way such that someone overseas can set up shop for them?
3. If not 2, can Lavabit open source their software such that someone anywhere else in world can start their own Lavabit?
The point that I am trying to get across is that if Lavabit has been forced to shutdown through no wrongdoing of their own by the US government, a case can be made that certain American government actions are making American companies uncompetitive/non-viable in an increasingly competitive global marketplace.
I am speculating because I am genuinely interested.
Assuming this event is the result of an NSL, what can the owners do next? An NSL would have to have been served against an organization. If said organization no longer exists, there should be no reason why another organization that performs exactly the same activity as the first could not be formed.
If the answer is no, then it's as if a coffee shop was destroyed by a hurricane, but now the government says you aren't allowed own/operate/license coffee shops anymore except the hurricane is actually an arm of the government.
This event really gives a new meaning to "invisible hand", except this time, it's in the shape of a fist[1].
How in the hell are national security letters constitutional? It's mindboggling to me that they haven't reached the Supreme Court. I don't mean to sound like a hippie or patriotic douche, but it seem rather tyrannical that you aren't even allowed to talk about something that happened to you.
I have been wondering the same thing. They very clearly abridge on one's freedom of speech, so if they have been tested in the courts at all (?) then some mental & legal gymnastics were no doubt required to justify them, probably invoking analogies about "tradeoffs" of dubious validity in the justification.
If someone knows of any court precedents here, I'd genuinely be interested in hearing & reading about it.
How long until PayPal suspends their legal defense fund?
On a serious note, if you want to donate to their defense fund, consider doing so anonymously. Pay cash for an Amex or Visa gift card, and use that to make your donation.
This is a really great way to get their PayPal account frozen for sure. Abnormally high rates of Visa gift cards will absolutely trip all the fraud alarms.
If only there was some way to securely transfer money across the internet, psuedo-anonymously, without involving PayPal or banks. Almost like transferring coins via bits?
Maybe someday someone will invent such a system. We can dream.
Can you imagine how strange it would be if such a system already existed, and we failed to use it? But that could never happen.
Lavabit needs to contact their congress representative and raise stink. Explain to the representative that jobs and money is at stake. And explain to the local community how there will be jobs lost due to this behavior.
We need to start getting on both local communities and their representatives to emphasize the long term dangers of NSA's actions towards tax revenues, jobs, etc.
In other words speak their language and make them understand that inaction is not an option.
And yeah spare me the comments about how all Congress representatives are owned by corporations etc. It is still possible to get your representative to pay attention as they still need votes for the next election every two years.
Sounds like any country willing to guarantee a snoop free environment could have a lot of servers hosted there. I'm thinking the Caymen islands of data. Set up a shell company and a shell server in the Caymens to protect your money and your customers.
Well, that's it. I am now going to move everything onto my own infrastructure. I signed up for lavabit a while back, and I like them as a secondary email service; and now they just shut down!
Is there a way to verify that the service has been shut down for the reasons stated/(not-stated)? I want to call my political representatives and let them know that these secret court filings that prevent people from speaking about their case hurts businesses & individuals alike. Before I do that though I'd like be sure that the reason Lavabit shut down is due to the government's interference. Is there any way of finding out?
Also, can someone recommend a trusted alternative?
I've had a lavabit email as one of my main emails for years (close to when they first started) and this is a major inconvenience. I'm not sure I'll be able to change the email address associated with a lot of my various accounts now that they're offline.
Assuming you're using (and lavabit supported) custom domains, all you'd need to do is sign up for a dummy email address for now and go to your domain settings and reenter the MX records. But if it was an username@lavabit.com or something like that, then I'm afraid you're out of luck.
MD5 message authentication for the site. No PFS (ephemeral key exchange). Mixed content. I couldn't find a statement where the servers are hosted. Not exactly encouraging.
Any other Obama supporters out there so utterly disappointed in this administration? Call me naive, but good god this is depressing. Seems like the country at large is so much more willing to let this stuff slide because it's not Bush/Cheney doing it.
Congrats Democrats. Your complicity here has pretty much converted me to a third-party voter.
Actually, open source provides plausible deniability where a programmer would be able to provide information about a backdoor to the community anonymously.
When I read the Lavabit statement, I felt like this was "The Strike" Ayn Rand predicted. Guy took his marbles and left. Tough to be optimistic about our future after seeing this happen for realsies.
Lavabit's UI was a bit imperfect, but their death is a horrible loss to people who were using it and looking to defend their privacy. Additionally, the fact that this guy running the service was clearly threatened with some kind of national security letter that clamped down on his freedom of speech is rage inducing.
There's a lot of ridiculously smart folks on here who are making good money working on advertising, social networking, and other typical web 2.0 startups and companies. There's nothing wrong with these things, they are certainly enriching peoples' lives and create value.
But if what is going on in the world isn't a clarion call for a lot of these smart people to look into startups, networks, services, software, open source projects, etc that try to defend peoples' privacy I don't know what is.
I urge everybody to look at your notes, ideas, forgotten projects, and see what you can come up with to provide services and ideas and concepts that will work to defend people's security and privacy from government entities that have gone drunk with power.
Not only is this vital to everybody's liberty, but there is a ridiculously huge business opportunity here for services and software that can provide some measure of defense for people.
If we don't stop what is going on soon there will not long be a market for a lot of cloud based services that people are going to want to use.
Wired says "Court records show that, in June, Lavabit complied with a routine search warrant targeting a child pornography suspect in a federal case in Maryland. That suggests that Levison isn’t a privacy absolutist."
Can you imagine if this had been the response from Google, Microsoft and Yahoo when the FISA court demanded they hand over data? I commend Ladar Levison.
If I was using Google, Microsoft or Yahoo I wouldn't have found out that my primary email account was shut down abruptly, my subscription canceled without refund and my email lost without any ability to download it. Not sure if that's really a worthwhile tradeoff for the average person.
One big question I have for the legal beagles: It's understood (if not well-liked) that Fourth Amendment protections don't apply to data given to a third-party...
What if, instead, you host server space within the U.S. and run your own software (email, listserv, whatever) and data on the leased hardware? I would think there's a good argument that Fourth Amendment protections then resume, and the domestic-ness of the server would also mean the NSA is not legally allowed to look at it, at least without a real Article III warrant.
Do similar rights apply IRL, e.g. if you rent a storage closet, can law enforcement just open the door when they wish or do they need to get a warrant?
You need a warrant, but honestly we don't know if that isn't the case here. It's come up before that the NSA, FBI et al, serve warrants for encrypted data and can demand it be decrypted. Otherwise, services like lavabit are equivalent to Swiss bank accounts that are unreachable by any means, legitimate or otherwise. Realistically, this service was almost certainly hosting a ton a illegal activities.
In this case the government is probably trying to pull a hushmail: getting the service provider to install spying equipment targeted at their users, and then sharing the spy data with the government.
1. The government should not be able to force this kind of spy equipment to be installed.
2. If we had good privacy laws it would be illegal for the company to even willingly share this data without a warrant.
I think the trick here is that lavabit can't share data even with a warrant. Their inability to do so is pretty much their entire business model. That protects people from unwarranted intrusions, but it also insulates people from legitimate investigation. If they build a backdoor for only duly authorized warrants, they are no more or less obligated to comply with an NSL.
I would hope that if they've received an NSL ordering them to wiretap their own email, that the NSL is at least limited to specific targets of an investigation.
But some people do strongly believe in throwing out the whole bathtub if that's what it takes to keep the data safe, and to those people I will certainly tip my hat, even if I disagree myself.
I can accept a company complying with a warrant and divulging data for some customers.
I will not accept a company that promises complete security and then sends a trojan to customer computers. Anyone that betrays the security promises made to the entire user base (eg. hushmail) should be ostracized.
I'm thinking now that if he had just been ordered to turn over some data, shutting down his service wouldn't let him off the hook. They must have asked for a back door or some other ongoing intrusion.
Here, yes I agree that's what it sounds like (and that it's an overreach in general, unless there's something I don't know).
I wonder though, whether this presumed requirement to install spying software is being done by only an executive-level NSL or by a court order/warrant.
Google, Yahoo, MS, etc don't encrypt their data and they had the same choice to make when served with a NSL or whatever. They fought through legal channels to some degree before caving. Shutting down operations was technically possible, though infeasible. They could have spoken out publicly and accepted the consequences. I doubt they think twice about handing over data requested in a warrant nor should they.
I personally wouldn't have expected Google/Yahoo/MS/etc. to cave, but that's because I would have naturally assumed that as U.S.-based providers that they may eventually be served with a U.S. subpoena and simply wrote it off as a valid possibility.
I think most people expect that the Fourth Amendment would have applied to email hosted at these places, but that's because they don't understand how the case law has been applied to things like this.
If people really just want cloud-based email they can check from multiple devices, that does have "normal court protections", and without having to host on their own PC this kind of thing is a possible solution. There are existing turnkey software frameworks to make it work too (e.g., Kolab, which is developed by some of my fellow devs in Europe).
You put your data into a server owned by someone else. Game over.
The real solution, I think, eventually incorporates HSMs. There have been reports of EU authorities seizing racks if servers while keeping them powered up for forensic analysis (presumably key recovery out of running RAM).
> You put your data into a server owned by someone else. Game over.
That's admittedly a good point, and is the same reason I don't personally use SaaS (even in the user-brings-the-software mode) where I don't encrypt the data for myself.
But most people don't seem to care about that and are perfectly willing to use SaaS, as long as they can be assured government isn't able to indiscriminately peek at all their data (just the hardware host). If you're that kind of person, this might be the thing.
I am looking forward to a real solution to that problem though, as it would be useful in situations where you simply can't rely on trusting the hardware host (e.g. handling sensitive PII).
Would it be naive for me to ask if the private key can also be encrypted?
User logs in, password is used to decrypt the private key which is used to decrypt the emails.
I guess this method would mean that the password is not stored as such. Perhaps there is a method of encryption that you could use that generates different sentence structures and word choices instead of obfuscation. So even if a user tried to bruteforce the login, they would always get a message back in the language it was written with no idea if it was the correct message unless they demand the password from the user.
Therefore, all the 'keys' can be handed over but it's all meaningless.
I just signed up three days ago, and was exchanging mail with one of their reps about opening a couple more accounts with them. I went to log in last night and noticed that the service was down, which I thought was a little odd (since everything was down at once). I'm going to have to read this again later when I get a chance but for now, wow. I respect their decision but I'll bet the timing sure was bad for a lot of people (especially those coming to Lavabit specifically to escape what's going on here).
Apparently they just cut off all email access. From Facebook:
"Could you please at least forward the messages for a couple of days to some other e-mail accounts? I can't reset/change the e-mails I used on other websites because they require validation PER EMAIL."
"While I approve of what you've chosen to do, I just purchased a decade of advance service from you, and you've left no contact addresses or information. Who are your customers supposed to speak to at this time?"
"i do respect your decision. But as a long time lavabit customer(8 or so years) I am very upset. I have paid money every year to upgrade and have spam protection and now lost all my emails. I would have liked some notice and a forwarding option for us."
https://www.facebook.com/KingLadar?fref=ts
I doubt they truly have much choice in the matter. It sounds more like a pull-the-plug-and-run sort of situation than one that leaves any actual planning. As their servers now just flat out don't have an SMTP service running, it seems like a fairly reasonable guess.
Here's my speculation, to be buried 450 comments deep:
The government said, "you must update your software to compromise your encryption, and deliver us this information we have a warrant for." Lavabit said, "well, no, that defeats the purpose of our business". The gov't said "we don't care, we have a valid warrant" and now Lavabit is out of business.
If I'm right, nobody's files were compromised because Lavabit refused, but I imagine that doesn't bode well for returning user data because there could be huge legal consequences if one of the confirmed users is strongly suspected of XYZ.
If I'm right, it shouldn't prevent the owner from starting a new secure email service outside of the US. I suggest Iceland.
The whole system is collapsing under it's own weight. There is no simple solution, we simply need to accept that the current power structure in place and anything resembling it will always cling to power for it's own sake.
It's up to us to decide if we want to continue having our cake and eating it too. What I mean is that we cannot continue incensing our shiny techno-gadgets based system, and then also be surprised that the same system tries to keep itself 'on top' by whatever mean necessary.
We need to change our attitudes and actions within the current system, anything else is simply a band-aid on an open wound.
god, no. that weasel ran bbs systems for the whole purpose of ratting out warez users to the authorities, making money through it as he coorporated with a lawyer. he actively spied on the users. https://de.wikipedia.org/wiki/Kim_Schmitz#Werdegang
The USPS reportedly has some very expensive machines that can read letters without opening them now. I believe it was Russell Tice that said that, though I can't find the specific source at the moment.
But it's technical feasible and a desirable tool to get around being unable to legally open letters.
I support his dicision. I just wish there was some warning so I could have prepared for losing all of my contact information, etc. This couldn't have happened at a worse time as my backup server took a rather ultimate farewell yesterday.
I really don't want to use gmail or hotmail, so what other service can I use? Ugh. It might be time to get back to the roots and invest more time and effort in decentralized services instead of relying on centralized services.
This is terrible, I'm thinking about migrating my personal stuff out of Digital Ocean to some VPS host under the Netherlands legislation or other... any suggestions?
Doesn't the fact that Snowden was using Lavabit lend credence to the allegation that he has been leaking information?
If you're just a regular joe who, one day, realizes that what he's working on is bad for the public and decides to release it to the public, surely you have had no reason to use an encrypted email service before this realization dawned on you.
Some people are aware of the long history of government surveillance, or of the lack of privacy in regular email. Some of those people will have encrypted their email in an attempt to reduce the amount of casual snooping they leave themselves open to.
It's very sad news. For those who didn't use it, Lavabit has been down for 2 days prior to releasing this statement.
To give you an idea what it felt like I wrote up my experience here: http://mareksuppa.com/blog/notes/lavabit/
Snowden isn't a general purpose tool. As far as Russia is concerned, he presents no threat to them; it's not like they are going to let him pursue a career in the FSB.
This service however is a general purpose tool. It would attract the attention of the FSB immediately.
Exactly. A lot of the fallout from this seems to be revolving around the idea of getting a service in 'not the USA'. Never mind the fact that:
a) The US has been shown to actively compromise targets in their ally's jurisdictions and then share that information. We can assume allies are doing similar.
b) Countries not allied to the US are not necessarily your friends either.
Odd times, when the data havens proposed by Neal Stephenson in his sci-fi books start to look more and more important... to the citizens of (supposedly) the most freedom-loving country in the world.
Host in Brazil, we're never at war so spying, national security and etc budgets are always low, besides, we can barely handle basic stuff like education, security, public transport, so if there's a BRPrism, part of the money probably goes to some corrupt, and then it must be shitty!
Given what we know about all this; the NSA has a legal right to retain access to everything - you have no right to complain or to stop it (because of the terrorists/children/anything that'll wash), we can assume Google Glass is a dead product at this point right?
I really wish he had chosen some other means for accepting donations. PayPal has gotten so bad that I literally can't donate money to a worthy cause because I can't even change my fucking address on file without some generic error message popping up.
A "complicit in crimes against the American people" - he's just providing a tool, if he's a complicit then ANY weapon-/gun-manufacturer in the US is a complicit in armed crimes/murders against American citizens!
Anyone care to comment on the chances services like LastPass are compromised in some way? I would expect they would have been approached. Even if the data is end-to-end encrypted there have to be ways - injecting something client side etc.
You may not include the Drudge Report http://drudgereport.com in your definition of MSM, but they have huge readership. They linked the WaPo story this morning.
This is big news to a persistent minority. The larger population will never care. They simply don't have the context required to understand the extent and severity of the problem.
It's true.. I think Americans might sleep through the whole thing. It seems TV news doesn't even try to ask questions and whenever they do it's about where Edward Snowden might be and what Obama's favourite vegetable is.
I just don't get it. Why not create and store the encryption keys client side? That way, even Lavabit would not have any keys to hand over. Just like Mega does.
This will never go away, what we need is strong email encryption to become the norm. Then the US would need to go see the individual users if they wanted to spy.
If you want security, avoid VPSes. Your VPS is at the mercy of the hypervisor. You need to own a physical machine under lock and key if you want to be assured of its security.
Jesus! The guy is being leaned on by the Government. This is his only option to maintain customer privacy. "disrespectful"? There aren't polite words to describe the contenpt I have for whiners like you.
I'd suggest Owncloud for that, on a server running in your own home. Encrypted file system (LUKS), the works.
Pretty much identical to Dropbox and just as stable, IMHO.
Pricewise? You can buy an HP Microserver for about $300 that's capable of 12TB of storage on the top end (more if you get fancy with external arrays), whack it into a APC UPS for another $50, and just run it off your home internet connection. Hang a free domain hame at afraid.org off of it, and run a script on the box to keep the hostname pointed at your dynamic IP if your ISP won't give you a static one on reasonable terms.
In communism there was no progress exactly because of laws like this. Who wants to operate hosting business in the US now? Why not Asia? HK, Singapore? Or even New Zealand at this point. See how much business is lost. See how much Google, Yahoo, MS, Facebook are hurting now. That's true people will still use them, but not for business critical stuff. No way. In the name of catching a few idiots from a desert who try to blow up themselves they just handled over the whole IT industry to the rest of the world. How stupid you must be to do that?
Where's the "I wish you hadn't done that, lavabit, I'm a customer and I feel very screwed over by this action" comments?
Or is this appropriate for any SaaS vendor? You're OK with this? Should all customers, even those who really don't care if the NSA could be watching, be put out because some feel that this cause trumps actually doing business and having customer-vendor relationships?
I could see someone suing an SaaS vendor for an action like this, actually. "You cost me $XX in actual costs and $YYY in lost business. Your TOS says nothing about your shutting down because the government asked you to do something you didn't agree with."
> I could see someone suing an SaaS vendor for an action like this, actually.
So? A SaaS vendor that shuts down operations in to avoid complying with a mandate of a court is taking a major risk of losing all its assets to legal action by the government. On top of that, the risk of legal action by dissatisfied customer is a pretty small marginal cost.
> "You cost me $XX in actual costs and $YYY in lost business. Your TOS says nothing about your shutting down because the government asked you to do something you didn't agree with."
You'll probably find that, unless you have specific contract terms relating to expected costs of failure to provide service, expectation damages of the type you describe are barred by the foreseeability prong of the test for expectation damages.
>Your TOS says nothing about your shutting down because the government asked you to do something you didn't agree with.
Technically, you can't say that this happened, because they can't confirm that they shut down for this reason. In light of recent events this seems obvious, but in an actual court, you would not be allowed to use this as a sole defense.
> Should all customers, even those who really don't care if the NSA could be watching, be put out because some feel that this cause trumps actually doing business and having customer-vendor relationships?
If they don't care, why pick lavabit then?
From my point of view they did exactly what they were supposed to do.
Yep, you're right. I wasn't thinking about their specific business model and customer set. Thanks for setting me straight.
I wonder what the Lavabit TOS and privacy terms actually said? Usually they say something like "we will not disclose ... Except to comply with legally served requests..." I'm curious whether Lavabit had something different here.
Perhaps this suggests a new business model, a sort of turbo canary, where the service explicitly commits to shut down rather than comply with a secret order which it would otherwise be compelled to obey.
If you're buying a secure email service, the compromise of that security would be a bigger screw-job. Lavabit must have shut down in the interest of its customers, otherwise why would they have shut down?
