"Court records show that, in June, Lavabit complied with a routine search warrant targeting a child pornography suspect in a federal case in Maryland. That suggests that Levison isn’t a privacy absolutist. Whatever compelled him to shut down now must have been exceptional."
Wow. Now I'm even more interested at what the NSL/court order was looking for here.
I will put dollars to donuts they were after Snowden's contact list. They want to know about his deadman's switch, who holds the keys, and who they have to squeeze to defuse that particular landline.
They're not asking for any particular information that lavabit has now. If they were, shutting down wouldn't be a solution to not handing it over. They are asking for additional access going forward.
I know, but I don't think it's unreasonable to expect that Snowden may be in contact with people that his pursuers are not yet aware of. Tapping his communications would give them a much larger attack surface.
But that additional access would probably include various keys that would let them decrypt previous communication. Maybe the order was to log passwords on login, or something like that, that would allow recovery of the key and decryption of stored data, which may not be possible depending on the original architecture of the system.
Their shutdown letter talks about the ordeal of the "last 6 weeks", so it definitely has to do with the US Govt trying to force them to change their system to allow them access to emails because of Snowden. The way Microsoft put a back door into the new Outlook.
Probably secret keys for all the users, along with TLS secret keys, user records, etc. Nothing extraordinary for the US government to demand; what is extraordinary is for a service provider to shut down because of it.
Most privacy advocates I've seen don't like child pornographers either, they just don't subscribe to the idea that people's privacy should be infringed (even if that means it's easier for child pornographers to communicate).
So I don't see why he would do 1). Perhaps 2), but then you would think the same would apply here, unless the NSL/court order is demanding a wiretap to be installed for the future.
TL,DR: "This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States."
If this is happening in the USA with its famous constitution, then well, I think the end of this statement can be easily converted just to _any_country_.
What makes the American Constitution exceptional is not its content but the fact that it was written in the late 18th century. In the intervening two centuries, several other industrialized liberal democracies have adopted constitutions that are broader and more inclusive than the Bill of Rights.
There are very few countries with as broad a constitutional protection for speech as the United States.
The problem now is that we have a government which has discovered effective work arounds for those protections. The government can pressure intermediaries who don't have the right incentives to vigorously defend their users by going to court, and then the actual targets of First Amendment violations never encounter a court proceeding in which to raise a constitutional defense, they just get cut off by the "private" service provider. The government can try to gag everyone involved so that, again, the people whose privacy or right to anonymous speech is invaded are never told and so they can't challenge the constitutionality of the invasion.
If any of this could be challenged in a public court proceeding there is a good chance the courts would find it unconstitutional. That's why they're twisting themselves into such contortions to make sure that never happens.
With "Parallel Construction", we see an explicit attempt to avoid Judicial Review, with the DEA mysteriously dropping charges whenever a case goes to court. Which is bad, as we've now trusted the constitution entirely to Judicial Review - congress has washed their hands of a responsibility to uphold it.
I suppose you could argue that the DEA knows it's unconstitutional and is willfully violating, and that raises even more troubling questions.
I also wish the constitutionality of FISC court itself could be challenged, as I think it clearly doesn't fall under article 3. But I have no idea how this would be done.
Some countries, like Germany, have Supreme Courts with more interventionist abilities, and more recourse against willful violations.
The English Civil war 1642–1651, and the pro-parliamentarians led by Cromwell, and the Glorious Revolution of 1688, and English Bill of Rights of 1689, using the ideas of Locke's Second treatise(same year), were most important for laying the foundations of the ideas of liberal democracy. Of course, the Magna Carta is also a precursor.
The only thing making the U.S. Constitution unique is that the U.S. was the first major country to be explicitly founded as a Republic, and the first country to overthrow a monarchy. The South American revolutions against Spain were pretty explicit copies of this example - Simon Bolivar, for example, loved Thomas Jefferson, and actually sent his nephew to the University of Virginia. (The Monroe Doctrine was originally about preventing re-colonization of the independent Republics. It's too bad the U.S. did so many evil deeds in the Cold War)
The two intellectual groups involved in the founding were the Democratic-Republicans, led by Jefferson, and the Federalists, led by Hamilton. The Federalists basically, more conservative and sought a close emulation of Britain, were slightly elitist and monarchist sympathizing, and of course, wanted a strong central government. They elitism eventually proved unpopular, but they kept a stronghold in the Supreme Court with John Marshall (the Jeffersonians opposed Judicial Review)
The Jeffersonians were more radical, favoring a weaker federal government and individual rights. Thus they were instrumental in the creation of the Bill of Rights. They tended to favor France and had more diplomatic connection with them. The most radical founding father, Tom Paine, went to France to help the revolution, and narrowly escaped execution in the reign of terror for being a "reactionary".
But clutter isn't what makes a legal document effective. I'd rather have a concise definition of what is a right and what not than pages upon pages of dancing around that issue.
The Bill of Rights, on the other hand, is so terse that debate rages continually about what a given statement actually means (see, e.g. the 2nd Amendment).
So there aren't any people trying to latch onto every nook in order to subvert the original message? That's...intresting.
I'm mostly familar with the American Bill of Rights and the German Grundgesetz, which is much longer and contains more rights, albeit not always more solid definitions. I've been in discussions before, where I'd defend one right, and was contered with another, equally valid right that was somehow conflicting with the other. In that way, the Grundgesetz trips over itself, and it's hard to argue for a given interpretation (so are these rights equal, or is this right of a lower denomination than the other, and how far can you compromise this right so this right can be put into effect, and if everyone has a Recht auf Arbeit (Right to have work), aren't we infringing on that?).
Obviously, I'd rather have a terse, but in itself noncontradicting bill of rights than a long list of irreconcilable demands. But they're both not neccesairily optimal.
Most liberal democracies don't have anything like First Amendment or Second Amendment (at the level of protections they provide) and the rights guaranteed to US people by those are routinely violated in other liberal democracies.
Most liberal democracies do have protections equivalent to the First Amendment. For example, here's the list of Fundamental Freedoms under the Canadian Charter of Rights and Freedoms:
> 2. Everyone has the following fundamental freedoms:
> (a) freedom of conscience and religion;
> (b) freedom of thought, belief, opinion and expression, including freedom of the press and other media of communication;
> (c) freedom of peaceful assembly; and
> (d) freedom of association.
You're right that most other countries don't have anything like the 2nd Amendment, but frankly I don't think the "right to bear arms" belongs in a constitution. It's an 18th century throwback to the discredited notion that the only thing stopping a government from tyranny is fear of uprising.
"freedom of the press" and freedom of speech are very different things. "Press" is regulated and licensed by the government and expression in the press is available to a select few. Speech is available to anybody.
Taking Canada as an example, doesn't Canada have Human Rights Council which prosecutes people for expressing opinions not condoned by the government?
Existence of such laws and commissions proves that protection available to Canadian citizens in the realm of free speech is nowhere near what First Amendment provides.
A country cannot be on the United States' good side without bending to its will. Also, the governments of other countries would love to have a peek on whatever intel the NSA has regarding their enemies.
So, if the US wants your data, they have great diplomatic resources to compel a country to hand it (read: CIA). I'm speculating as I don't know if there is a precedent of the US requesting data from another country using secret warrants, but as long as they have a warrant and the country does not have an overtly adversarial relationship with the US, it's a target.
Based on their tradition of bank secrecy, Switzerland may be an exception, but I wouldn't bet on it.
The US doesn't need a 'secret warrant' to ask for information from another country. They don't really need a warrant at all. They just ask for it. IIRC, even the NSA isn't legally bound to avoid spying on American citizens when they are out of the country.
To avoid it, no. But if they do uncover evidence on American citizens it could not be used in a trial and must be filtered out (although, see 'parallel construction').
The same can be happening in any country, but we know for a fact it is happening in the USA. Uncertainty is better than a certain, unfavourable outcome.
I'm keeping my US cloud services, but I have no illusions: they're being logged by the NSA.
Swiss banking (famously) had this niche biz model, but its future seems unteneable in the digital era. Silicon Valley has been complicit behind the scenes. Both overtly with technical hw/sw, and also more subtly (ie, "personalization" from which you can't opt out).
That is absurd. Do you think every country, and every country folk, would let the government pass a bulldozer all over their rights like this? This is just projecting.
In other words, that shit wouldn't fly everywhere, for sure. This all emanates from the 9/11 and Patriot Act and Secret Laws with no oversight, that's your problem specifically, of course every government must be wanting it's own surveillance supermachine too, but it doesn't mean every single one of them is willing(or have means) to pass every possible barrier to do it.
Other countries have their own constituitions too and people guarding it, and different political systems, and different relation of the people with their government. Brasilians, for example, are not patriotic(as you are), we like the localization and our folk but absolutely everyone despises the government, the governants are completely cowering with the demonstration, pulling their repression apparatus out and on...
It's absurd and it's also a derrotist statement, this lavabit guy is a hero and the more people go against this rotten government, more clear it becomes the damage is shared by everyone AND the country itself.
I wholehearteadly agree with your larger point, but as a Brazilian I think Brazil is not a good example in this regard.
People here despise the government because of corruption of the "stealing" kind, and inefficiency. Despite our recent experiment with dictatorship ended in the 80's, We have a long road to travel in terms of awareness about the dangers of tirany.
The government takes the fingerprints of every citizen when we go make our I.D. Cards, for example. No one makes a fuss. Official propaganda is standard practise (how else would one call the government-bought advertisements to raise awareness about its deeds?) Recenty the folks who organize electios are all over the TV with their campaign to take everyone's prints (see "inneficiency") in order to "make our elections even more secure". Though the last president's plans for "social control of the media" were soundly rebutted, it's telling that he even thought he could try.
I'm an optimist regarding the next decades, but it's a long road indeed.
Yeah, I didn't mean it like Brazil would be anything near 'an example to follow', I was just trying to illustrate how the landscape can be different everywhere else, also to the scope of how the population interacts with their state, for which Brazil definitely has a long way to go...
The picture I was going for would more of how it would not be so simple to have this elsewhere in the same manner, the starting point being that, I'd think, without a good Boogeyman, most peaceful countries do not have especial exception laws to walk over the basics of democracy, without secret laws, secret courts, secret interpretations, it's way harder, possibly impossible in some countries to get to this situation, not to mention technical limitations, budget(imagine the disparity between Inteligence and Military spending around the world x US), media, 'political temperature'(most of Europe and Latin-America are liberal/libertarian-leaning, currently, no?), public and judiciary scrutinity... Basically the framework of democracy is meant to prevent this kind of thing, there may be holes, but still.
So for those of you wondering about Jury nullification, the way it would work in this case is that Levison would reveal that the NSA was hounding him with NSL letters, they would charge him with violating the terms of the NSL and the jury would acquit him anyway.
I hope we can get a case like that to move that aspect of the conversation forward. It helped get bad laws off the books in the civil rights cases and it would help here.
> It helped get bad laws off the books in the civil rights cases and it would help here.
I'm assuming you're referring to Rosa Parks-style civil disobedience and not so-called "jury nullification". The latter had an important role in the history of the civil rights mvt, but not a pretty one.
No, he's referring to jury nullification. Like almost any tool, it can be misused for unethical purposes, as it sometimes was against my fellow Americans of African descent in hundred years leading up to the civil rights movement. However, at an earlier point in history, jury nullification was used against the slave trade when many juries refused to convict anti-slavery activities of breaking the fugitive slave law.
Presumably, using jury nullification to protect core values embedded in our constitution would not count as a misuse.
Assuming he is a US citizen, and doesn't waive his right to a jury trial (which he should not), the only way to try him would be in front of a jury. That doesn't apply if you are an 'enemy combatant' and held at Gitmo.
I am not aware of any criminal proceeding in which the prosecution can prevent it from being heard by a jury, but I am also not a lawyer. Do you know of a situation other than military tribunals or court marshalls where the jury right does not apply?
Let's say the US were at war with Mexico and you were an American but fighting for the Mexican Army, you would not get special treatment from the American side for being an American --at that point you're just a foe. That's how they view that.
Of course, they are the ones determining if you're fighting for the other side.
Let's say I'm an American living in a foreign country and I read the Koran, or attend a Mosque, or even actually hang out with some known Al Qaeda guys because they are hilarious (not because I in any way want to do anything they do).... I'm labeled guilty and murdered without a court case to determine what I was even doing.
Who would risk their own life to do that for "the good of many"? People like Snowden are exceptions, not a rule, because the guns are out there pointed to everyone. Why don't we instead of asking individual heroes to fight a killing machine called "the state", do that:
1. Acknowledge the evil of the state.
2. Find practical non-violent ways to boycott it. E.g. blacklist personally everyone involved in violent aggression. Switch off USD to Bitcoin. Expose violence of the state consistently in every relevant circumstance etc.
Hell, do it for your own self interest. If a country with indefinite detentions, broad spying on the public and government strongarming of businesses for "national security" reasons is a place you don't want to live in, help fight against it.
The group dynamic of "yeah, someone will stand up for us" is what creates situations like this in the first place.
Some chick says,
'Thank you for saying
all the things I never do.'
I say, you know, the thanks I get
is to take all the shit for you.
-Ani DiFranco, "Face Up and Sing"
Given the treatment of
Snowden: will never set foot in the US again as a free man
Manning: given solitary just to fuck with him with no punishment dished out for doing so (a room full of military assholes all saying "I didn't give the order" and no responsibility nor punishment; he just magically ended up in solitary. somehow. it's a mystery.); he shared a video of US soldiers joking about killing children
Gary Webb [1]: told us that Reagan (another piece of shit) was financing weapons with drug sales in inner cities, with profits sent to the Contras
John Kiriakou [2]: told us that George Bush and the cia now torture detainees
Who exactly is going to step forward no matter what the wrongdoing is? We ruin the lives of whisteblowers. If you want people to come forward, you simply have to not ruin their lives for doing so. Because right now it's clear what the price is for telling us what our government is truthfully doing. Hell, you could make the argument that what the NSA does is okay (I totally disagree), but CIA/president approved crack sales in inner LA. Amazing.
Distributed cryptography/services in multiple jurisdictions is the only permanent solution or as a delaying tactic at a minimum. Where keys or parts of data or multiple onion style encryption rests in a chain of services distributed globally in multiple jurisdictions. Something like the Ceph file system but for everything.
Sounds like anonymous remailers to me. Unfortunately it is impractical to run a remailer in many countries, the USA included, because of the approach law enforcement agencies take to remailers (basically, "attack the datacenter with a team of soldiers").
Like many "technical solutions", at least most of the answer is easily found - PGP.
Also, like many "technical solutions", the answer _isn't_ a technical solution. The bigger problem is people. PGP _will_ secure my email. But out of my almost 1000 contacts I've got only a few dozen with PGP keys.
While 95%+ of an email network's users _aren't_ using encryption, the network is fundamentally insecure. That's not an engineering problem - that's a people problem. The EFF, Wikileaks, CryptoParties, and individuals like you and me – have a far more important role in making sure "a sustainable, fully encrypted email service untouchable by the Feds" exists – not by building anything new, but by convincing your friends and coworkers and bosses and parents that it's important and possible right _now_.
It's not a people problem, it's a design problem. The technology is there, it just needs to be integrated in a way that makes it 'just work' for everyone.
I'm not so sure - "strong passwords" mostly "just work", but ~25% of passwords in published hash dumps still fall to the RockYou wordlist, and another 10 or 15% with the best64 rules in hashcat.
When given the option between "laziness" and "security", it's abundantly clear which most people choose.
I strongly believe that as well as "easy to use technology", we very much need to educate our friends/family/coworkers on the need for encryption and the risks of not using it.
It already exists. Use PGP, send messages through anonymous remailers. If you cannot use anonymous remailers, post messages to Usenet in alt.anonymous.messages using Tor. If not Tor, then via a proxy server. If none of the above, just make sure you are not doing it from your house. If even that is impossible, know that traffic analysis will be possible.
Why is this something that needs to be repeated to the technically skilled people on HN?
Tor is funded directly by the US govt. Something like 60-80% of their annual million-dollar budget.
Maybe being superstitious isn't helpful, but in this instance, I'm not so sure Tor is able to be relied on.
A proxy server won't work for the same reason a personal server wouldn't work. It's tied to you eventually, either through a paper trail or a packet trail.
"Maybe being superstitious isn't helpful, but in this instance, I'm not so sure Tor is able to be relied on."
Tor has been analyzed extensively by cryptographers and security researchers; there is literally a mountain of published research about it. It is operated by an independent organization. I would be more cautious about the Linux kernel, a vastly larger codebase that could and probably does have numerous back doors, than about Tor.
"A proxy server won't work for the same reason a personal server wouldn't work. It's tied to you eventually, either through a paper trail or a packet trail."
Which is why it is below anonymous remailers and Tor on my list. Proxy servers are better than nothing at all.
Tor has been analyzed extensively by cryptographers and security researchers; there is literally a mountain of published research about it.
And that research says that if an entry node and an exit node are both under control of an adversary, then that adversary can deannonymize the target.
I don't know enough about it, but I know that deannonymizing someone is a matter of resources, not a matter of ability. And the USG has a lot of resources.
Much in the same way that communicating insecurely with 90% of your contacts is not going to help PGP keep your emails encrypted, requesting sites from outside of the tor network is not going to help keep your internet usage anonymous. It's a problem of behavior and adoption rate
I assume he means one that is user-friendly enough for regular people to actually use. There's tons of ways to be totally anonymous, just very few that are practical for my day-to-day use.
I would think using something like DHT to "publish" an alias/address and PGP key, to relay up to X MB/GB of data per day could work... decentralized... anyone can see the messages going across, but only the intended recipient could actually read said messages. There would be no login system to intercept.
Only by comparison with snake-oil like Hushmail, or with not having any security at all. We are talking about a non-trivial problem here.
For what it's worth, it is not hard to encrypt a message and post it to Usenet. It is imperfect and vulnerable to traffic analysis, but it is not hard. It is even easier to just send encrypted emails and not bother with anonymity. I have personally seen non-technical people using PGP or S/MIME without assistance.
And you probably should, if you want to maximize your legal protections against governments where third-party access to your data gives the government easier access to your data.
> His letter states that he has already made representations twice to the authorities (the FISA court?)
A Foreign Intelligence Surveillance Court order wouldn't be appealed to the Fourth Circuit Court of Appeals, it would be appealed to the Foreign Intelligence Surveillance Court of Review and from there to the US Supreme Court; from the context, then, its likely either a District Court under the Fourth Circuit or the Fourth Circuit itself (possibly both, given the "twice made the appropriate requests") to which application has been made.
Which would make sense if Snowden was targetted, since he is a US person, and an order for surveillance targetting him would go through the regular District Courts, not the FISC/FISCR.
Wow. Now I'm even more interested at what the NSL/court order was looking for here.