Lavabit Email Back and Better than Ever

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
54,103
If you are not familiar with Lavabit email, the story surrounding it for the last couple of years is interesting on its own.
The Lavabit service was shut down several years ago after it was forced by the US Government to hand over SSL keys to Edward Snowden's email account allegedly. Last Friday, Lavabit again opened its doors to paying customers with a new cryptology technology.


Today, we start a new freedom journey and inaugurate the next-generation of email privacy and security. In 2014, with Kickstarter funding, I started the development of the Dark Internet Mail Environment (DIME), a revolutionary end-to-end encrypted global standard and Magma, its associated DIME capable free and open source mail server. Today, I am proud to announce that we are releasing DIME and Magma to the world. DIME provides multiple modes of security (Trustful, Cautious, & Paranoid) and is radically different from any other encrypted platform, solving security problems others neglect. DIME is the only automated, federated, encryption standard designed to work with different service providers while minimizing the leakage of metadata without a centralized authority. DIME is end-to-end secure, yet flexible enough to allow users to continue using their email without a Ph.D. in cryptology.
 

SvenBent

2[H]4U
Joined
Sep 13, 2008
Messages
3,319
I really wish more of my friends with use the 30 mins it does to get going with pgp for email or IM's
that the annoying part of encryption is you are depending on your partner to do it rights as well
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
So how long will it be until the "only criminals use encrypted e-mail services" crowd shows up to try and shut this iteration down?

Although I agree that it's stupid to claim that only criminals use these services. I also wonder about your statement.

I mean, LavaBit didn't get shut down. LavaBit closed their doors and shut themselves down in a deliberate attempt to oppose the court order. It was LavaBit's decision, so please don't forget that.

What is unclear to me is what "crowd" you are talking about? A "crowd" putting pressure on this company or a "crowd" of [H] people, perhaps you mean, like me?
 

jardows

2[H]4U
Joined
Jun 10, 2015
Messages
2,200
Interesting technology. If it is a free server, I may look into it. Does the encryption technology work seamlessly with remote addressees without additional configuration on their part?
 

umeng2002

Gawd
Joined
May 23, 2008
Messages
923
So how long will it be until the "only criminals use encrypted e-mail services" crowd shows up to try and shut this iteration down?

Use Protonmail. They're at least formed by Cern scientists that want to prevent snooping.

Unless governments want to try to claim Cern scientists are terrorist, drug dealers, and pedophiles... they'll stay around longer.
 

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
35,448
If you need security, never trust a service where you are not the sole holder of any encryption key.

If the service offers seamless access between devices without you manually needing to install your key/cert then the service holds your key, and they can be legally coerced to divulge it.
 

LurkerLito

2[H]4U
Joined
Dec 5, 2007
Messages
2,537
I think I'll sign up for lavabit now in paranoid mode just to support them :). I applaud their resolution for shutting down instead of caving to the government's overreaching court orders. I found the lavabit case really interesting, government wanted the private keys lavabit refused due to it also compromising the other 400k users, lavabit offering to code the government a way to access just the targeted account but then the government refusing it due to not trusting lavabit ROFL. I am always amused at the whole government "you can trust us honest" mentality but they don't trust when offered solutions when they themselves are limited to just what they need.
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
I think I'll sign up for lavabit now in paranoid mode just to support them :). I applaud their resolution for shutting down instead of caving to the government's overreaching court orders. I found the lavabit case really interesting, government wanted the private keys lavabit refused due to it also compromising the other 400k users, lavabit offering to code the government a way to access just the targeted account but then the government refusing it due to not trusting lavabit ROFL. I am always amused at the whole government "you can trust us honest" mentality but they don't trust when offered solutions when they themselves are limited to just what they need.

You know, when a guy is being accused of your average felony charge and the government goes all crazy that's one thing and over reaching certainly would com to mind.

But when a Contractor with a Top Secret security clearance dips into the treasure trove cause he is on a personal crusade and has fled the country, over reach starts looking a hell of a lot more like justifiably sane procedure.

Have you ever once challenged your personal thoughts regarding what Ed Snowden did and ask yourself, "would I feel the same if it had been secret data about our latest Stealth Aircraft and Nuclear Submarine acoustic test data", instead of phone call meta-data ? Would you still call the FBI's demands for Ed Snowden's data that Lavabit had, an over reach?
 

Meeho

Supreme [H]ardness
Joined
Aug 16, 2010
Messages
5,697
Have you ever once challenged your personal thoughts regarding what Ed Snowden did and ask yourself, "would I feel the same if it had been secret data about our latest Stealth Aircraft and Nuclear Submarine acoustic test data", instead of phone call meta-data ? Would you still call the FBI's demands for Ed Snowden's data that Lavabit had, an over reach?
That is quite a jump you made there. Besides, they didn't want access to just Snowden's data, they wanted access to all of it.
 

Jagger100

Supreme [H]ardness
Joined
Oct 31, 2004
Messages
7,710
Although I agree that it's stupid to claim that only criminals use these services. I also wonder about your statement.

I mean, LavaBit didn't get shut down. LavaBit closed their doors and shut themselves down in a deliberate attempt to oppose the court order. It was LavaBit's decision, so please don't forget that.

What is unclear to me is what "crowd" you are talking about? A "crowd" putting pressure on this company or a "crowd" of [H] people, perhaps you mean, like me?
I think the date they came back online says more about who forced them to shutdown.
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
That is quite a jump you made there. Besides, they didn't want access to just Snowden's data, they wanted access to all of it.


I'm sorry, I took this Wiki page as gospel. You have a more accurate source for your claim?

Lavabit is an open-source encrypted webmail service, founded in 2004. The service suspended its operations on August 8, 2013 after the US government ordered it to turn over its Secure Sockets Layer (SSL) private keys, in order to allow the government to spy on Edward Snowden's email.

It's not a big jump. It's real life and there are men currently in prison for actions exactly like these.
Sentencing is scheduled for August. Saucier facing a maximum sentence of 10 years in prison and a $250,000 fine.

This is from just last year.
http://thehill.com/policy/national-...ty-to-espionage-charges-for-classified-photos

This is one of the worst;
https://en.wikipedia.org/wiki/John_Anthony_Walker

All I am asking you, or actually in this case LurkerLito, to do is take any of these cases that are real and involved other crimes of espionage to substitute these names and actions for Snowdens and then see if you still feel the same way about Levison's refusal to obey a court order.


Look, Levison has pushed this product as, in his words, "a technological solution which would take the decision away from the will of man." I understand this to mean, it will be impossible for anyone to access data no matter why someone would want it or under what justification.

I understand Levison's drive and moral conviction. But he is wrong in assuming that the pursuing this is a good thing. It isn't a good thing. The reason this whole thing developed so slow is because he lost many of his developers because they have come to realize that Levison is doing this not just to provide a great resource for people. He's mostly doing it just to try and piss off the government. These people have to be wondering if Levison will drag them all into a court room over his convictions and it's a risk they may be unwilling to take.
 

Meeho

Supreme [H]ardness
Joined
Aug 16, 2010
Messages
5,697
The same Wiki will suffice:
"In July 2013 the federal government obtained a search warrant demanding that Lavabit give away the private SSL keys to its service affecting all Lavabit users."

Which is sourced from here:
"THE U.S. GOVERNMENT in July obtained a search warrant demanding that Edward Snowden’s e-mail provider, Lavabit, turn over the private SSL keys that protected all web traffic to the site, according to to newly unsealed documents."



It's not a big jump. It's real life and there are men currently in prison for actions exactly like these.

This is from just last year.
http://thehill.com/policy/national-...ty-to-espionage-charges-for-classified-photos

This is one of the worst;
https://en.wikipedia.org/wiki/John_Anthony_Walker


All I am asking you, or actually in this case LurkerLito, to do is take any of these cases that are real and involved other crimes of espionage to substitute these names and actions for Snowdens and then see if you still feel the same way about Levison's refusal to obey a court order.

I don't care about these and it is a big jump from Snowden's data. This was regarding Lavabit and Snowden. Also, what do these cases have to do with government obtaining access to private data of 400,000 unrelated individuals?

Look, Levison has pushed this product as, in his words, "a technological solution which would take the decision away from the will of man." I understand this to mean, it will be impossible for anyone to access data no matter why someone would want it or under what justification.

I understand Levison's drive and moral conviction. But he is wrong in assuming that the pursuing this is a good thing. It isn't a good thing. The reason this whole thing developed so slow is because he lost many of his developers because they have come to realize that Levison is doing this not just to provide a great resource for people. He's mostly doing it just to try and piss off the government. These people have to be wondering if Levison will drag them all into a court room over his convictions and it's a risk they may be unwilling to take.

"The court records show that the FBI sought Lavabit's Transport Layer Security (TLS/SSL) private key. Levison objected, saying that the key would allow the government to access communications by all 400,000 customers of Lavabit. He also offered to add code to his servers that would provide the information required just for the target of the order."

Levinson offered more than he had to and that still wasn't enough for them. The government can go fuck itself if they think they're entitled to private information of almost half a million people because they can't keep their own house in order.
 
D

Deleted member 133315

Guest
Wonder if I will now get my money back from him, 2 days after signing up for two years on lavabit, he shut the shop down and I never saw an email or my money again :/

Using tutanote and proton mail now.
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
The same Wiki will suffice:
"In July 2013 the federal government obtained a search warrant demanding that Lavabit give away the private SSL keys to its service affecting all Lavabit users."

Which is sourced from here:
"THE U.S. GOVERNMENT in July obtained a search warrant demanding that Edward Snowden’s e-mail provider, Lavabit, turn over the private SSL keys that protected all web traffic to the site, according to to newly unsealed documents."





I don't care about these and it is a big jump from Snowden's data. This was regarding Lavabit and Snowden. Also, what do these cases have to do with government obtaining access to private data of 400,000 unrelated individuals?



"The court records show that the FBI sought Lavabit's Transport Layer Security (TLS/SSL) private key. Levison objected, saying that the key would allow the government to access communications by all 400,000 customers of Lavabit. He also offered to add code to his servers that would provide the information required just for the target of the order."

Levinson offered more than he had to and that still wasn't enough for them. The government can go fuck itself if they think they're entitled to private information of almost half a million people because they can't keep their own house in order.

Then let this page be our battleground.

There was a warrant?

A warrant must specify what was to be searched for and seized?

If the warrant is specific to Ed Snowden's data then that is all the FBI would be able to take legal action on or legally seize.

It doesn't matter what "illegal" activities you or Levinson might assume the FBI might use those keys for. The law makes no allowance for such things.

So instead of guessing or supposing or assuming why not go look for the warrant.

I am going to try and find that warrant so we can see for ourselves just what the warrant allowed the FBI to search for. In the meantime, keep this in mind, in the end, Levinson did give the FBI the digital encryption key as required by the court order, then he closed down his business. In the end, Levinson did give up the key.

Failing in his bid to protect those users, Levison reluctantly turned over the key to the government in the form of an 11-page, largely illegible printout with the key's 2,560 characters in four-point type. Needless to say, the FBI was not pleased, and a judge eventually forced Levison to furnish the keys electronically.
 

LurkerLito

2[H]4U
Joined
Dec 5, 2007
Messages
2,537
Have you ever once challenged your personal thoughts regarding what Ed Snowden did and ask yourself, "would I feel the same if it had been secret data about our latest Stealth Aircraft and Nuclear Submarine acoustic test data", instead of phone call meta-data ? Would you still call the FBI's demands for Ed Snowden's data that Lavabit had, an over reach?
Yes I have and I would still say it was overreach even under those hypothetical circumstances. It would be exactly the same thing as repealing the right to bare arms due to a mass shooting. I am pro gun control (ie tight requirement for registration of all firearms) but completely defend the right to own guns. Just because some nut job goes on a killing spree does not mean I support the unilateral repeal of the right to bare arms. Same applies to Snowden and any other persons under investigation. Just because he stole government secrets does not mean I want the right to privacy to be repealed even temporarily. Requiring to give the private keys to access every person's email, cloud storage, etc... of any data service is absolutely an overreach of government powers. You get a warrant it applies to the data of a individual or small group of individuals who are under investigation, not all the users of an entire service who only happen to use the same service as the ones under investigation.
 
  • Like
Reactions: Meeho
like this

Meeho

Supreme [H]ardness
Joined
Aug 16, 2010
Messages
5,697
^this

A warrant must specify what was to be searched for and seized?

If the warrant is specific to Ed Snowden's data then that is all the FBI would be able to take legal action on or legally seize.

It doesn't matter what "illegal" activities you or Levinson might assume the FBI might use those keys for. The law makes no allowance for such things.

Trust the FBI to only peak at Snowden's data on a site specifically set up to hide people's data?

Ha, no, thank you. That warrant provision wouldn't be worth the paper it's printed on.

In the meantime, keep this in mind, in the end, Levinson did give the FBI the digital encryption key as required by the court order, then he closed down his business. In the end, Levinson did give up the key.
After trolling them first with the printout and then by closing the site. I say well played, sir, well played.
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
Yes I have and I would still say it was overreach even under those hypothetical circumstances. It would be exactly the same thing as repealing the right to bare arms due to a mass shooting. I am pro gun control (ie tight requirement for registration of all firearms) but completely defend the right to own guns. Just because some nut job goes on a killing spree does not mean I support the unilateral repeal of the right to bare arms. Same applies to Snowden and any other persons under investigation. Just because he stole government secrets does not mean I want the right to privacy to be repealed even temporarily. Requiring to give the private keys to access every person's email, cloud storage, etc... of any data service is absolutely an overreach of government powers. You get a warrant it applies to the data of a individual or small group of individuals who are under investigation, not all the users of an entire service who only happen to use the same service as the ones under investigation.


Don't try and bring the 2nd amendment into this in order to bolster your bad argument.

I found all documents that were unsealed about this case and the best single writeup I can right here.

https://www.wired.com/2013/10/lavabit_unsealed/

This thing is really simple.

The FBI wasn't over-reaching anything. Levinson was wrong. In the end, he complied because he had no legal standing not to, and he shut his doors not to "safeguard his users privacy" but because he wanted to ruin the FBI's investigation cause he was pissed off at them.

This one statement from the Judge says it pretty clearly;
“[The] government’s clearly entitled to the information that they’re seeking, and just because you-all have set up a system that makes that difficult, that doesn’t in any way lessen the government’s right to receive that information just as they could from any telephone company or any other e-mail source that could provide it easily,” said Hilton.

But here Levinson is at it again and he is trying to construct a secure mail system that will make it impossible for his company to comply with legal and justifiable demands from the government should the need arise. Why does this hard head think it will end any differently?

Remember, Apple has been trying to work this angle on the government with it's phones and have they walked out of the courtroom a winner yet? All they got was a buy, not a win. Apple didn't have to cave because the FBI found another way to what they needed that no longer required Apple's assistance. But had that case continued Apple would have lost it.

If these companies really wanted to safe guard their customer's privacy they would;

Ensure that, when presented with valid and justifiable warrants for user information, that they can comply with the law in a manner that does NOT risk their other customer's data, not try and engineer things so that compliance increases risk. And not try and engineer their systems so that they are putting their business in the path of a bulldozer.

I want you to understand something. I am sure you have heard that there are different levels of classification regarding Intelligence and other information. You've heard the words Secret and Top Secret and Confidential, but do you actually understand what they mean?

These different levels of classification are used to protect information based on how much potential there is for damage if the information becomes known.

These are the Webster's definitions that most closely match the government's definition;


Definition of confidential
  1. 4 : containing information whose unauthorized disclosure could be prejudicial to the national interest
Definition of secret
  1. 5 : containing information whose unauthorized disclosure could endanger national security
Definition of top secret
  1. 2a : containing or being information whose unauthorized disclosure could result in exceptionally grave danger to the nation
So looking these over, Confidential, that stuff would be a real inconvenience, it might effect jobs and trade agreements or maybe be a small embarrassment. Now Secret, that's more serious, that means that we could really get messed up, it could get people killed, it could effect the outcome of a war. But Top Secret, "exceptionally grave danger". This doesn't just mean a spy could get burned and killed, it means that because the spy gets caught it actually threatens the Country as an entity, the population en-mass. Top Secret is no bullshit serious stuff.

Now you might see something that is Top Secret and not get what the big deal is and that would be because you just don't know "why" it's so important. You might not get it, but the people at the other end, they sure might and that is the problem.

There was nothing illegal or over reaching about the FBI's warrant. By fighting it and refusing, Lavabit (Levinson), just kept making it worse. By Levinson's reasoning, we have to take the guns away from all the cops because they might murder someone. If a cop murders someone we prosecute the cop for murder, we don't take away all their guns.

So there is my position on it.

If you disagree, well the sun will still come up tomorrow.
 

Meeho

Supreme [H]ardness
Joined
Aug 16, 2010
Messages
5,697
You're confusing legal and right.

Also, your interpretation of Levinson's motivation is irelevant, the end result is he did what many believe was the right thing to do. I hope he sets up the new version so he can't disclose anything even if he wanted to.

There was no grave danger in Snowden's case.

“The government’s clearly entitled to the information that they’re seeking, and just because you-all have set up a system that makes that difficult, that doesn’t in any way lessen the government’s right to receive that information just as they could from any telephone company or any other e-mail source that could provide it easily,” said Hilton.
They may be entitled to Snowden's data, but they asked for something that would provide them everyone's data. When they ask for phone records of the suspect they don't receive the records of every single one customer and pinky promise to only read some.
 
Last edited:

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
You're confusing legal and right.

Also, your interpretation of Levinson's motivation is irelevant, the end result is he did what many believe was the right thing to do. I hope he sets up the new version so he can't disclose anything even if he wanted to.

There was no grave danger in Snowden's case.

There damn sure was, and still is Grave Danger, concerning the data Snowden released.

No, I am not confusing anything.

As in "I have a RIGHT to my interpretation" which means it sure as hell isn't irrelevant, despite how much you agree with it. That I share the Judge's interpretation is comforting.

Sheeesh, at least I give a guy room for his opinions.

They may be entitled to Snowden's data, but they asked for something that would provide them everyone's data. When they ask for phone records of the suspect they don't receive the records of every single one customer and pinky promise to only read some.

No, they asked for all Snowdens data and the encryption keys to decrypt it. The fact that this would in turn expose all Lavabit's other users was a result of how Lavabit structured it's security and encryption services. Lavabit tried to deny the FBI the key claiming that the key could be misused but that was a security concern of Lavabit's creation, not the Governments.

The fact is, Levinson's attempt to engineer a more secure system for it's customers, without considering the Government's rights to data under the law, actually created a less secure solution. You can believe this is all government over reach if you want to, but it will not change the real world one bit.

We all must file our taxes in accordance with Federal Law. If I try and store my tax data in a manner that prevents access to that data, and then I claim that I can't give the data to the IRS because the IRS could abuse other people, that isn't going to fly very damn far is it? No, because it will not absolve me of my legal requirements and obligations under the law.
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
They same could be said for Apple and their encryption.

The same WAS said of Apple and their encryption and as I said earlier, the issue was never settled because the FBI found an alternative way into the phone so they no longer required Apple's assistance.

I know some people want to claim that this was a victory but without an actual court decision there was no win.

I know some think it was a win, or that it means the FBI was going to loose and backed off to save face, or whatever it is they thought. But without a court ruling it's just unfinished business. I tell you what I think will be telling and that is what Apple does in the future. If Apples thinks they were going to lose, they will likely try and find a way not to have to fight this fight again. And if Apple thinks they were going to win, they may make no changes to their systems if they feel their position is strong enough. I doubt this is going to be the last time the issue goes before the courts.
 

Meeho

Supreme [H]ardness
Joined
Aug 16, 2010
Messages
5,697
Well, it took guts to put up a fight and I commend them for doing it. Again, IMO, a court win for the FBI wouldn't make it right, just legally binding. Just like forcing you to give up your password to a personal file is BS.

It seems to me you're advocating for no possibility of privacy at all.
 
Last edited:

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
Well, it took guts to put up a fight and I commend them for doing it. Again, IMO, a court win for the FBI wouldn't make it right, just legally binding. Just like forcing you to give up your password to a personal file is BS.

It seems to me you're advocating for no possibility of privacy at all.


Not at all. People often misunderstand me when they read my comments;

They assume that, just because I disagree with how a reporter writes his stories, that I am pro or anti whatever the topic is. Sometimes I am, but frequently I am just trying to point out that the story is one sided. I have a huge bone that I chew on when it comes to the media these days. I think they are terribly irresponsible in their reporting. But it gets me into arguments about minute details with people, when often I agree with them on the whole. Forest for the trees effect.

For instance, I do believe that there is a need for the government to make demands of businesses for legal or intelligence purposes when the government has established it's position properly.

Take the Lavabit case here, the FBI wanted to set up what was essentially a wire tap of Snowden's email.

Now I want to make sure one thing is really clear here. Anyone who has a Top Secret Security Clearance with the US Government has pretty much signed away his rights to privacy in regards to anything that might relate to his work. And if that person catches a plane to Hong Kong and the News has this guy being reported as having stolen Classified information ...... that individual no longer has any rights to privacy. He signed that away when he signed his NDAs and agreements for employment.

When anyone drives their car onto a Military Installation you agree to allow the Military to search your vehicle and your person any time they want while you are on that base. It's just the way it is. These days, they can ask for my medical records, bank records, monitor my "Public" social media activity, like this post, all they want. If I become the subject of an investigation, they can get the private social media content as well, so even PMs between any of you and myself become fair game. Some people may recall that I have likened myself to a "Digital Typhoid Mary", because if they are looking at me, they are looking at you and everyone else who engages me in conversation. The same is true of all of the Cleared Government workforce so everyone who talks with them are potentially exposing themselves to scrutiny, and it doesn't matter that you know they have a Clearance or not.

I have seen some people on this site make comments that very seriously look criminal. There are some people here that either do not understand or do not care that freedom of speech doesn't mean that you are free to say whatever you want.

Think back over the last two years and issues surrounding Snowden just like the Lavabit story.

Now, read this short page and then apply it to Lavabit under the idea that Ed Snowden returns to the US and is convicted of Treason. Just play the "What if" game.

https://www.law.cornell.edu/uscode/text/18/2382

And I know I have seen someone post on this forum comments that fit this one;

https://www.law.cornell.edu/uscode/text/18/2385

We all know not everyone that commits a crime gets charged with one.

Still, on the one hand I see people post here about how bad it has gotten freedom wise in America and yet I don't see these people being charged with crimes. All I am really saying is that if it were really as bad as some people claim, we wouldn't be having these conversations here.
 

Meeho

Supreme [H]ardness
Joined
Aug 16, 2010
Messages
5,697
For instance, I do believe that there is a need for the government to make demands of businesses for legal or intelligence purposes when the government has established it's position properly.

Take the Lavabit case here, the FBI wanted to set up what was essentially a wire tap of Snowden's email.

Now I want to make sure one thing is really clear here. Anyone who has a Top Secret Security Clearance with the US Government has pretty much signed away his rights to privacy in regards to anything that might relate to his work. And if that person catches a plane to Hong Kong and the News has this guy being reported as having stolen Classified information ...... that individual no longer has any rights to privacy. He signed that away when he signed his NDAs and agreements for employment.

When anyone drives their car onto a Military Installation you agree to allow the Military to search your vehicle and your person any time they want while you are on that base. It's just the way it is. These days, they can ask for my medical records, bank records, monitor my "Public" social media activity, like this post, all they want. If I become the subject of an investigation, they can get the private social media content as well, so even PMs between any of you and myself become fair game. Some people may recall that I have likened myself to a "Digital Typhoid Mary", because if they are looking at me, they are looking at you and everyone else who engages me in conversation. The same is true of all of the Cleared Government workforce so everyone who talks with them are potentially exposing themselves to scrutiny, and it doesn't matter that you know they have a Clearance or not.
Yes, data of the person of interest, but not data from 400.000 unrelated people, no matter how the used service is set up.



Now, read this short page and then apply it to Lavabit under the idea that Ed Snowden returns to the US and is convicted of Treason. Just play the "What if" game.

https://www.law.cornell.edu/uscode/text/18/2382
It doesn't apply to Lavabit. It mentiones reporting knowledge of treason being commited

And I know I have seen someone post on this forum comments that fit this one;

https://www.law.cornell.edu/uscode/text/18/2385

We all know not everyone that commits a crime gets charged with one.

Still, on the one hand I see people post here about how bad it has gotten freedom wise in America and yet I don't see these people being charged with crimes. All I am really saying is that if it were really as bad as some people claim, we wouldn't be having these conversations here.
I see far worse on Twitter daily than I've ever seen on this forum. Hell, there were people on the streets advocating for these things in front of the police.
 

MrCaffeineX

[H]ard|Gawd
Joined
Aug 22, 2011
Messages
1,587
Although I agree that it's stupid to claim that only criminals use these services. I also wonder about your statement.

I mean, LavaBit didn't get shut down. LavaBit closed their doors and shut themselves down in a deliberate attempt to oppose the court order. It was LavaBit's decision, so please don't forget that.

What is unclear to me is what "crowd" you are talking about? A "crowd" putting pressure on this company or a "crowd" of [H] people, perhaps you mean, like me?

While we have disagreed in the past over similar issues, I was not speaking of a particular subgroup of [H] users, but rather the subgroup of people in general that hold the opinion that those that are doing nothing wrong have nothing to hide and therefore do not oppose efforts on the part of the government to surveil them.

I remember the history of the case and it is an exercise in semantics to say that the government did not shut them down. While in a technical sense it is correct that LavaBit was shuttered internally, it was a legal filing on the part of the government that led to the shutdown. Had the government not pursued legal action to force LavaBit to hand over their encryption keys and/or decrypt specific e-mails, which the founder was unwilling to do because it defeated the purpose of the service that he had set up in the first place, then it is probable that the company would not have ceased operation in its prior form.

The way I see it, the government had two legal options and a third option that they pursued, but should not have. They could have attempted to decrypt the files the hard way, and they might have, but also recognized the futility of this given how long it would take. As an alternative, they could have attempted to get the information from Snowden, and they might have done this as well, but did not succeed. The third option is the point of debate for me and that is whether or not the government should have the legal authority to require that private keys be handed over.

My understanding of encryption technologies is not that advanced and I do not consider myself to be an expert on the subject matter. As I see it though, by granting the government the power to take possession of private keys, it gives them the capability to decrypt more than just the intended files. I view this in a similar way to how I view the Apple phone unlocking case. In my opinion, the government should not have the authority to require companies to hand over the keys to the underlying security mechanism in cases like these.

I'm not expecting you to agree with me and the beauty of living in the US is that we can have this debate in public without having to agree with each other.
 

TheSoldier

Limp Gawd
Joined
Dec 9, 2011
Messages
175
That is quite a jump you made there. Besides, they didn't want access to just Snowden's data, they wanted access to all of it.

I have looked at that case from multiple different angles. He was a staunch supporter of the United States. If he did what Manning did which was irreparable harm, then yes I would agree with the decision to charge him with espionage. However, I believe Snowden did the right thing in this instance. There was no whistleblower protection, he had to do what he did to get the information out and not get killed in the process.
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
Yes, data of the person of interest, but not data from 400.000 unrelated people, no matter how the used service is set up.
.[/QUOTE

Meeho, look, why do you keep this up? It's a pointless argument. You can not deny a legal request because they "might" or "could" misuse it.

What, do you think there are guarantees in life?

If the government did misuse the keys then anyone they took advantage of can use it as a defense.

The next time you get a speeding ticket I want you to try convincing the Judge that you shouldn't have to pay the ticket because the city might do something illegal with the money.

No where did the FBI say, they were going to collect all Lavabit's customer's data and use the key to decrypt it. That was an excuse Levinson used to avoid giving up the key, it didn't work with the Judge and it doesn't work with me.
 

Meeho

Supreme [H]ardness
Joined
Aug 16, 2010
Messages
5,697
It is not a pointless argument. It is the equivalent of wire tapping the whole city because you're interested in one guy's conversation. I find your trust in the government and its institutions to not misuse gained power and data naive.

In the end it didn't work for the FBI either as their greediness and overreach got them a nice cup of nothing.
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
It is not a pointless argument. It is the equivalent of wire tapping the whole city because you're interested in one guy's conversation. I find your trust in the government and its institutions to not misuse gained power and data naive.

In the end it didn't work for the FBI either as their greediness and overreach got them a nice cup of nothing.

OMG, stop insisting that this is what the government asked for cause it is not.

You are factually incorrect.

And it still is completely immaterial. This i why Levinson lost his case, because he failed to accept that he, as a businessman, has a legal responsibility to do certain things. That as a communications business, one of those things, is that upon a legal demand he must be able to produce certain records and data.

Now he tried to argue against it, to claim a higher purpose, and to dodge it every way he could. He lost. He was wrong, and you are wrong.

You can''t accept it oh well.
 

Meeho

Supreme [H]ardness
Joined
Aug 16, 2010
Messages
5,697
"In July 2013 the federal government obtained a search warrant demanding that Lavabit give away the private SSL keys to its service affecting all Lavabit users."

So, yes, effectively that is exactly what they've asked for.

You still can't grasp the concept that a legal win doesn't make something automatically a right thing.

And in the end, they got a Pyrrhic victory with nothing to show, instead of data that they wanted and Lavabit was willing to provide. They can wave their court papers all they want, but in the end only wipe their greedy asses with them. I call that a win.
 

Retronym

[H]F Junkie
Joined
Mar 5, 2007
Messages
13,608
Their bitcoin widget doesn't seem to work.

"An error occurred while creating the source"
 
D

Deleted member 133315

Guest
Tutanota is for when I communicate with the russian fsb, protonmail is when i contact the cia, lavabit was for my isis emails but i now use gmail for them.
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
"In July 2013 the federal government obtained a search warrant demanding that Lavabit give away the private SSL keys to its service affecting all Lavabit users."

So, yes, effectively that is exactly what they've asked for.

You still can't grasp the concept that a legal win doesn't make something automatically a right thing.

And in the end, they got a Pyrrhic victory with nothing to show, instead of data that they wanted and Lavabit was willing to provide. They can wave their court papers all they want, but in the end only wipe their greedy asses with them. I call that a win.

How about you balance your claim of what the government asked for with something more accurate;
https://www.wired.com/2013/09/lavabit-snowden-pen-register/

The FBI asked for meta data on an email account belonging to a single individual. That is what the court order demanded.

Do you see a warrant anywhere asking permission from a Judge to collect all Lavabit data? The keys don't decrypt non-existent data?

And as for something being legal and not right. Was it right for Levinson to structure his business security in a manner that he was unable to comply with Federal Law without risking all of his customer's privacy?

Where is your right and wrong now?

Don't you think Levinson had a responsibility to his customers to provide secure services and conduct business in a manner. Frequently the industry calls these "Best Practices". Usually they become Best Practices for a reason. Levinson deviated from acceptable best practices and marketed his "secure" services to people specifically claiming a more secure solution and yet when faced with a normal court order for data, Levinson could only say "Shit Judge, I can't, not without giving you all my customer's stuff".

The Judge said "Tuff, it's your fault, cough it up"

I know it's easy to look at this from a "David vs Goliath" point of view. It's easy to see Levinson as a righteous man standing up to the tyrants. But there are reasons Levinson was in this position to begin with and it's mostly because he did things wrong. You can have good reasons and still wind up fucking up.

What is it they say about "good intentions" ?
 
Last edited:

Meeho

Supreme [H]ardness
Joined
Aug 16, 2010
Messages
5,697
How about you balance your claim of what the government asked for with something more accurate;
https://www.wired.com/2013/09/lavabit-snowden-pen-register/

The FBI asked for meta data on an email account belonging to a single individual. That is what the court order demanded.

Do you see a warrant anywhere asking permission from a Judge to collect all Lavabit data? The keys don't decrypt non-existent data?
I think the word "effectively" balanced it nicely.

And as for something being legal and not right. Was it right for Levinson to structure his business security in a manner that he was unable to comply with Federal Law without risking all of his customer's privacy?
No, it wasn't.
 
Top