If this happens, I hope more US companies or start-ups move their headquarters/servers abroad. Maybe then Congress will do something serious about it. This, perhaps more than anything revealed so far, would make me switch to a non-US based service as soon as possible.
The NSA can just crack into your servers abroad, if they want to; no warrants required. Admittedly they'd have to work a bit harder if it's not in a jurisdiction friendly to them, but breaking into foreign servers is basically their job.
If people running the company in question still hold US citizenship or keep money in the US, the US legal system can still reach them unless they never want to go home.
Yes if companies move off shore then the NSA doesn't even have to give a second thought to the legality of their actions(not that they're giving it much thought now). But if enough big US businesses move elsewhere and take their jobs and tax revenue with them, that will probably serve as a strong motivator for Congress critters.
Maybe google is planning this with their secret barge buildings? Float them offshore and become sovereign on their own? This way they wouldn't have to comply with government requests to turn over data and use the possibility to evade taxes as well?
It was incredibly far-fetched until you mentioned dodging taxes... That is apparently the only government action that will stir these tech behemoths to action.
I agree, evade taxes and maybe user data not getting into the hands of NSA/US Gov't via court request would be a byproduct. Obviously the NSA would just try exploiting their floating data centers.
We need to assume a threat model today where Advanced Persistent Threats can seize private keys from hosting providers and US companies. Both secret court orders and hypervizor exploits are part of this threat profile. This threat is greater from smaller companies. Large companies will be better able to resist secret court orders.
I'm not sure that the current track record supports "Large companies will be better able to resist secret court orders." They have more resources that they could use for that, but they also have more to lose. I don't think we've seen evidence that they are resisting those orders - and certainly have seen evidence that, for example, Verizon and AT&T are just handing eavesdroppers everything they want and then some.
Based on the conversations, I've had with various internet companies lawyers. They consider their private keys to be their crown jewels and they believe the US government would be not be able to keep it secret in the long run if they turned them over.
Wired is pretty bad when it comes to actual journalism. I've noted this elsewhere on HN in the past (and have seen others echo my sentiments) but any time I read one of their stories covering a field where i have a lot of knowledge, they always get basic concepts as well as things like simple domain vernacular wrong. I can only assume this also applies to areas where I have little expertise. The more knowledgeable about tech I become, the more I view Wired as a tabloid/click bait farm.
Really, Kevin Poulsen is the Wired writer you are going to pick on?
He co-created Secure Drop with Aaron Swartz. If your memory doesn't go back that far, there was that cool article the other day about how a hacker reverse-engineered OKCupid. He's written stories that have put pedophiles in jail and exposed the FBI's use of malware on criminal suspects.
Someone else can defend Wired in toto these days, but, I will say it'd be hard to choose a less appropriate writer as proof for your first sentence.
I understand that. Where does the poster ever specifically mention "the fucking article" as the target of their discontent? It's directed at Wired as a whole, is it not?
b) Ladar talked about this in an interview with Leo Laporte from October. He says "I looked into [using PFS]. The version of OpenSSL I was running in production at the time didn't support Diffie Hellman. That's a newer addition to the SSL protocol. I did support it in my development tree and I thought about upgrading, but it really came down to two things. One, I was worried I could get hit with an obstruction of justice or a contempt of court order if I did that knowing with full knowledge what they were trying to do ... Here's the other problem. Even if you're offering perfect forward security, very few clients would have taken advantage of it, particularly mail clients."
2) Ladar has explained this. And even with PFS, if a service provider hands over SSL keys and gets hit with a gag order, perfect secrecy only helps in regards to past communications.
It's only irrelevant for the past, not the future. So, even a PFS service is compromised once the private key is compromised and the MITM is established.
PFS doesn't provide any resistance against an active attacker; ie: one that can substitute any message between the client and server.
pFs provides resistance to previously passively recorded cipher texts being decrypted when the static secret key is disclosed. It does this by ensuring the session key exchange is protected by an ephemeral key; it is not possible to derive the session key from any static configuration, ie: rsa private key.
With the PFS ciphers, the static secret key provides server authentication; so you know your talking to the correct server or in this case FBI carnivore device. The mitm appliance can even support PFS between you and it so you wouldn't even know the difference!
Yay for client-side crypto. I think aside from making it hard(er) to steal CC#s and making online banking a bit safer, SSL is fairly useless and has been for a while.
I think a new crop of services that generate keys completely on the client and use servers as dumb, data-ignorant conduits between clients are going to be a lot more pervasive in the next 10 years. At least, that's what I'm betting on =].
"Levison turned over the keys as a nearly illegible computer printout in 4-point type. In early August, Hilton – who once served on the top-secret FISA court – ordered Levison again to provide them in the industry-standard electronic format, and began fining him $5,000 a day for noncompliance. After two days, Levison complied, but then immediately shuttered Lavabit altogether. Levison is appealing the contempt order."
I was once a witness to a traffic accident, and had to go to court. The judge asked the defendant (whose inattention caused the accident) what happened, and his story wound up "and so the other guy was shaken up but not injured". The judge then gave a several minute harangue over his presumption in knowing what happened to the other guy.
Finally he asks the guy "how do you KNOW that he wasn't injured?". The guy replies, "I went to see him to apologize, and he TOLD ME that he wasn't injured."
Of course, the "told me" what second-hand so probably not admissible, but it sure didn't warrant the rant that the judge gave him.
wow lol. When I went to court years ago to defend a traffic ticket, I took the elevator up to the 3rd floor. At the second floor, the doors opened to reveal a group of people waiting to hop in.
The judge in the elevator with me quickly reached over me and pressed the "Door Close" button. This closed the doors, preventing the waiting people from getting on and the car continued to the next floor where he and I got off.
>Anecdotal, but every Judge I've met (outside of their working environment) was a pretty self-important asshole
I'm not terribly surprised, given that judges are pretty used to being referred to (ridiculously enough) as "Your Honor", are they not? Or is that TV shit?
That's because speculation about what someone knows is not admissible. If there was a jury there the judge was probably upset it might affect their verdict.
Also, hearsay can be admissible. In this case the "told me that he wasn't injured" would be allowed because statements by someone going against their own interest are allowed.
It sounded less like being interrupted with questions, more so with accusations that what the lawyer intended to argue was unrealistic, because the agency (that has been shown to work outside of the bounds of their intended mission spying on personal interests/lying to congress/etc) would only do what was morally right, and within the intended (but unwritten) letter of the law.
But you are right in that he probably should have been prepared for this as well. Its not unthinkable that judges would be adversarial to this sort of defense/line of thinking.
Why can't SSL be used to secure a symmetric key exchange that clients then save on their own computers or USB dongles?
Of course, privacy obsessed clients can simply run their own email client off a USB stick with their own private keys.
But anyway, if the servers simply store keys which the clients themselves unlock via their passwords, and the server stores nothing, the NSA would have to either sabotage the hardware the clients use or else do rubberhose cryptanalysis.
That's pretty much how it works, but without persisting the symmetric key for too long. Asymmetric crypto is expensive, so first the symmetric crypto key is exchanged and then only that is used for data transfer.
the only solution is if the client (open source so it cannot be compromised) did all the encryption and decryption. that way you can store your keys and the server can store your encrypted data. otherwise you trust a compromisable third party to authenticate the server as legit.
Unless you provide sources, and, really, a viable build environment -- see RMS's discussions on this, and such counterexamples as Red Hat's rather difficult-to-reverse-engineer build environment (the real value-added of CentOS and other RHEL free forks), as well as Microsoft's long-standing source licenses to academics (build environment not included AFAIR) -- it's possible to hide either failures or backdoors in your products. True crypto is well-tested crypto. That doesn't mean "verified" (can't prove a negative), but it does mean very thoroughly vetted.
Even proprietary security companies have long practiced source provided (different from "open source") code for their key crypto engines. PGP comes to mind in this regard (the company, not the protocol).
But fully open source means you've got vastly more exposure of your crypto guts to examination.
Because availability of the source without conditions is the only way you can get effective independent audit. It's not a magic wand, but you're relying much more on trust without it. This, on top of many-eyes and the pressure not to rely on secrecy of the source for security (a bad practice) improve the situation substantially. Even so, nothing will be perfect, of course.
It seems to me that the number of computer programmers in the world contrasted against the number of judges and politicians who still do not get privacy, security, and technology provides the perfect mix for WWIII via not armed combat but by attacks against spying powers, no matter which country it might be.
Imagine that the old mails aren't stored anymore on the servers in the data centers, but that you have all the encrypted traffic saved and you can unlock and read all the old mails. The same keys unlock the old mails and all the mails that are going to be made. Why wouldn't you want such keys?
Interesting question to which I do not know the answer, can I, as an individual, give SpaceX a satellite to launch into a polar orbit without disclosing the function of that satellite?
There's also some information on the Kickstarter page: https://www.kickstarter.com/projects/ladar/lavabits-dark-mai...