Ok, let's keep this in perspective. The problem here is Lavabit was specifically designed to disallow lawful intercepts of individuals.
Targeting individuals is absolutely the right way to go about a lawful intercept. Sucking up all traffic like the NSA has been doing is totally overbroad and invasive.
But the whole point of the asymmetric encryption feature of Lavabit was to make it impossible for anyone but the account holder to access their email. This is obviously why Snowden used the service. Duh. And this is why the government resorted to threatening to seize the keys and trying to impersonate the service.
What actually happened is, in the court proceedings Lavabit responded to this by offering to make modifications to the service to essentially wiretap an individual account without handing over the keys. Thus confirming the problem the government faced. But by this point the government didn't trust him to act as a spy on their behalf (which frankly is not an unreasonable assumption).
To be absolutely clear, I am taking no position on the justness of the government's targeting of Snowden. Personally I think he's a hero.
But surely we can all agree there exist circumstances under which some lawful intercepts are justified: child pornographers, terrorists actively planning murders, missing persons, etc.
The problem is Lavabit was not designed to facilitate intercepts under any circumstances. That is why the keys were seized.
I disagree with the premise. I don't believe that a service should be required by law to provide the possibility for the government to intercept the activity of its users.
You can always say "but the child pornographers!" or, "but the terrorists!"... but... no, sorry. I believe that people should have the ability to engage in total privacy. The fact that the US gov't is doing this because of Snowden (a person I admire) just reinforces my belief.
So according to you, if people can still communicate secretly by meeting in person and whispering in a forest or such, then it's no impairment of their rights to destroy their ability to do the equivalent with electronics.
Kinda like Bush's "free speech zones", where protesters are kept in a little cage far from the public to whom they would like to express their opinions - as long as they're free to speak in this one little place, they're not totally silenced and there is no invasion of their rights, according to the clever lawyers.
The right of communicating confidentially with persons of one's choice, and not with others, is a robust right which is not to be reduced to a formality.
The fascist mentality is strong in the US right now, but citizens are going to work around the police state until it's reformed or overthrown, and they are on the right side of history.
Not equivalent. It's at least possible to tail someone to the forest (private house, etc.) and surveil them, with proper judicial oversight. Not so with systems designed to defeat lawful intercept.
There is no "robust right" to defeat lawful intercept. The right to privacy has always been subject to a body of law governing lawful surveillance and policework. Example: mobsters meeting in a private home can be bugged with a warrant.
I believe my statement is more broad than your clarification and so I did say that, but for the sake of the argument, yes, that is indeed what I'm asking for, and I believe that's entirely reasonable. If you have the ability to send encrypted data over any particular communication channel in such a way that no untrusted third party can ever decrypt it (let's assume that it's possible), then I think that should be entirely lawful.
I'm not saying that all communication channels are designed in such a way as to make that possible, but for those that are, I believe that's completely ok.
There is a long tradition of disallowing encrypted communication on channels that can be (are meant to be) public and snooped by the public.
See licensed Ham radio use. There's no technical restriction or necessity against (well, necessity is up for debate), but there is a legal prohibition on commercial or encrypted transmissions; I read recently that it was being discussed to change this. I guess it would have been reported on HN frontpage if this had gone through.
The argument as I understand it is that Ham bands are a shared, public resource (commons) and that their use is strongly regulated by the FCC (and presumably some international body I haven't heard of); if your communications were encrypted, you would be free to violate the rules and engage in commercial activity, which would likely make the band a lot more popular, polluted, and less available as a limited resource for amateur licensed users. It's called broadcast for a reason.
This is obviously far from the situation on the internet, but it's a fun thought experiment to imagine the global internet with similar structure of mandatory licenses for use, and without any encryption or commerce.
> What you are really asking for is: "I believe that people should have the ability to engage total privacy through any means of communication they so choose."
No. What he's really asking for is "I believe that people should have the ability to engage total privacy on the main means of communication of our age."
I agree, up to a point. Remember that lavabit had already complied with targeted access requests. He objected to the rooting of his service to enable a mass surveillance dragnet. Are you Ok with that specifically?
You called me out by saying I was suggesting that people should be allowed to have total privacy over whatever means of communication they wish.
Someone else asked why you believe that privacy should be restricted depending on the means of communication.
If that were a loaded question, then the questioner would be asking why you believe something that you haven't indicated that you actually believe. But by my reading, you do actually believe that. And I believe the questioner believed that you believe that as well. If not, I'm of the opinion that it's a simple misunderstanding, and would love it if you'd clarify your position. If you do believe in that particular restriction, however, I'd really appreciate and enjoy hearing your rationale for that position, because I don't understand it and would like to understand it better.
> But by my reading, you do actually believe that.
The problem is, my clarification and your subsequent agreement don't mesh with reality. So yes, I don't believe that people should have total privacy over whatever means of communication they wish, because I don't believe it's realistic, not necessarily because I don't believe privacy should be considered.
You actually explain it best:
> "I'm not saying that all communication channels are designed in such a way as to make that possible, but for those that are, I believe that's completely ok."
And here we have a problem. What exceptions do we allow? What's reasonable? What makes one communication method okay to not expect privacy from, and another to make it a right?
Is it the use of standard encryption methods? Is it the intent of the owner? Should it be technical capability?
So, when you say that people should be able to engage in total privacy, and I say they can do that already, my follow up is to clarify what you really mean. Clearly, I was wrong (despite you agreeing to what was said). Their are limitations on a person's rights to engage and expect total privacy.
And this might all seem pedantic, but it's really the core issue, because even you realize that not all methods qualify for a level of privacy.
Where do we draw the line, because all the discussions seem to miss that crucial mark.
So yes, when I was asked that loaded question, it's because it was assuming intent that simply didn't exist.
I've learned my lesson though. Next time, instead of trying to say only what I mean to say, I'll add a bunch of words and sentences, maybe repeat myself a few times, and state my position, despite the fact that it shouldn't matter.
Edit: In case theirs any question as to why I'm asking these things, it's because of comments like this:
One possible answer is that communicating on the internet requires the use of a physical commons, which one could reasonably argue carries either innate restrictions or restrictions legitimately imposed by the owners of said infrastructure.
That is a reasonable response. I would counter by saying that I see that as a justification for why they [government, ISP, whoever] should be allowed make demands about the use of the physical commons, but isn't a reason why they should exercise this conceded right.
For example: I, a hypothetical bar owner, have a right to ban silly hats in my bar. Why? Because I own it. However that's not a reason that I should ban silly hats. Just saying "I'm the owner, so I can." doesn't actually explain why I should.
I do also disagree that the government specifically is entitled to restrict privacy on the internet because much of the infrastructure is owned or otherwise controlled by them. The government owns nearly all roads, yet while using that infrastructure I still enjoy certain privacies. For example, if a cop pulls me over and asks me where I am going or where I have been, I have no obligation to answer him.
"Yes, yes, you have the right not be subjected to unreasonable search and seizure, but not if you're walking on the public sidewalk."
The key here is that the government is not like a private land owner. That's why government workers have so much leeway in criticizing their employers, and why you're allowed to protest on government land, and why schools can't have daily prayers even though they want to. The government simply isn't a private actor enforcing rules over the stuff it owns; we own the commons, and the government simply administers them according to some strict rules. Unlike a private land owner, it can't say, "if you don't like the way I do things, take your business elsewhere." Otherwise you get "You can vote for whomever you want, but since we own all these voting booths, you can only use them to vote for the incumbent."
If the government can pursue any arbitrary policy just by virtue of "owning" some infrastructure, the whole constitutional democracy thing gets circumvented.
Edit: changed "to privacy" to "not to be subjected to unreasonable search and seizure" to avoid confusion.
A hypothetical bar owner could get away with banning silly hats. We can defend that with assertions about ownership of property and the privileges that gives somebody... that isn't particularly problematic within reason. Governments though? They need to play by a different, stricter, set of rules. "Ownership of infrastructure" should not be accepted as a defense of a government banning silly hats on their sidewalks.
Governments operate in a privileged space where they are permitted to do many things that individuals and companies are not allowed to do (as a quick example, they can levying taxes against the general population). That has to come at a cost though; they aren't allowed to do things that individuals and companies are permitted to do (as a quick US-centric example, they cannot endorse and support a particular religion).
For this reason, comparisons and analogies between what governments and individuals/companies can do are very frequently worthless at best. These sort of comparisons are just unavoidably apples and oranges.
That is total bullshit. All you should really have to have in order to keep a conversation private is the intentions. Even if it's a plain text email, only myself and the recipient of the email address should have the privilege of it's contents. If you want you can agree to let the provider use an automated system to scan for keyword for ads or whatever, but no one other than the recipients and agreed upon thrid parties should have permission to read those messages and anyone else doing so should be punished by law. We need to add an amendment which augments the 1st to say this clearly.
Nobody owns the Internet. If company X stops running their part of it, it will continue to exist. You point is still valid if you consider an entity needs to govern the commons and apply restrictions where it's deemed in the interest of the greater good. I'm just not 100% that's the government.
No, it's not. He's making an assumption. He's assuming I think privacy should be restricted to select mediums, which is not the point of my comment. It would be the same thing as me asking you or him why you want to assist child rapists or people killing other people?
And yes, it might be a bit pedantic, but I'm tired of these childish games on HN.
You could have just answered "I don't think that." Or, you know, given me the exact response you just typed....
It really was not my intention to ask you a loaded question. Instead of calling my question childish, you should consider the possibility that your comment is not nearly as clear as you seem to think.
Considering he was speaking for kelnos at the time, I think your query seems reasonable and actually expands on the concept around what types of conversations should be managed by our government. Shouting "FIRE" in a theater is, and should be, against the law. It's a clear violation of trust, poses significant risk the the recipients, and is being done in a place that is clearly owned by someone. I'm cool with the police being in charge of enforcing rules that prevent this.
Assuming they are also in charge of policing the Internet effectively is another matter entirely.
> you should consider the possibility that your comment is not nearly as clear as you seem to think.
I realize that people might not be native english speakers. I make the assumption people will ask if they are unsure or not clear. You made no indication you were either. Another commenter was not clear, and so I clarified.
If you didn't find it clear, why didn't you ask for clarification on why I thought it was a loaded question? Or, what I meant by calling it a loaded question?
> It really was not my intention to ask you a loaded question.
But you did. And I explained as much, and left it at that.
I am sensing a lot of continued hostility here. I am not sure why, since we apparently do not disagree, and since I have made it clear that I did not have any malicious intent.
> I make the assumption people will ask if they are unsure or not clear.
You have misunderstood me. I did not find your comment to be unclear after reading it. However my take-away from your comment was incorrect.
Complaining about a loaded question, instead of simply and civilly correcting me ("I don't think that"), came off very strongly as a dodge. Or, as kordless describes, "conversation killer".
There is zero in my last comment. Maybe you could highlight what statement I made that was in any way hostile. I was precise, polite, and stated clearly my position. The only one being hostile is you.
> I am not sure why, since we apparently do not disagree
What makes you think that?
> instead of simply and civilly correcting me ("I don't think that")
Why do you keep making assumptions? Why do you keep trying to assert my position, despite me never saying "I don't think that." Heck, putting it in quotes is dangerous enough.
> "conversation killer"
Your continued attempts to put words in my mouth is a conversation killer, even if you don't intend to do it.
Your problem is that from the first reply, you've been trying to read more into what I said. You've been trying to categorize me. Rather than simply take the comment I said at face value, you've been trying to see some inner motive. This is clear from your loaded question, or your belief that I'm trying to dodge a question. Even now you continue to try to pin me down into a belief that I find beside the point, would have derailed the original conversation.
> I hope this clears up any lingering confusion.
I'm not confused with what I've said. And, frankly, I've stated it clearly from the first comment. That you've inferred more every step of the way is simply because you are confused.
I honestly don't think whatever I type here will matter though, as despite being factual, precise, and concise in my previous comments, people have found ways to ignore the facts, infer whatever they wanted, and consider the brevity to be something more.
It would be far easier if we read what was written, and stopped trying to imagine more.
Listen, I'm not a robot. When I read a post, I read what is literally being said, and I read between the lines; I look for subtext, and implications. I am not going to stop doing tihs. Maybe when you write those things never exist, but I don't believe that. I'm going back with my original assumption, which is that are dodging any attempt to address the subtext and implications in your posts because you want them to go unchallenged. You are making these implications, we are challenging them, and you are dodging.
> When I read a post, I read what is literally being said, and I read between the lines; I look for subtext, and implications. I am not going to stop doing tihs.
But then you need to be prepared to be called out when you are wrong.
> which is that are dodging any attempt to address the subtext and implications in your posts because you want them to go unchallenged.
Because, honestly, their is no subtext. I don't have a firm opinion either way. Any attempt to turn the conversation in any other direction is an attempt by others to push their own agenda.
Let me be clear: I haven't made up my mind.
> You are making these implications, we are challenging them, and you are dodging.
No. He's wrong. First, not only is he wrong because of the context of the comment, but he's also wrong in his conclusion.
Sorry, but your making assumptions that aren't true.
The only thing I've gotten out of this conversation is that you can't ask a simple question without your motive being drug into it, and that even if you question other aspects of side, it will be held against you, regardless of your opinions.
> "But then you need to be prepared to be called out when you are wrong."
I really don't think that I am not. You had me convinced that I was wrong for a while there.
I think your latest reply to kelnos, while completely misunderstanding his point, actually confirms my suspicion about what you actually think. I'll let kelnos and you hash this out though; I'm out.
The primary problem I see with your comments is a slew of blaming statements. You started this whole thing by SPEAKING FOR SOMEONE ELSE, and it's continued through to this morning with comments like "Any attempt to turn the conversation in any other direction is an attempt by others to push their own agenda." Blaming statements like this shows you are trying to simulate why others MIGHT be intending - instead of just listening to what they are SAYING they intended.
I know you are frustrated about not being heard here, but I don't think it's anyone's fault but your own. It's a choice my friend. A choice.
Assuming that you don't oppose privacy categorically, do you disagree that "people should have the ability to engage total privacy through any means of communication they so choose." If so, why?
Agreed. I believe requiring a service provider to turn over their private SSL key, exposing their entire user base to privacy breaches, to be an unreasonable search.
And that's not even really my point. I object on a higher level. If the government goes to a service and says, "I have a warrant to wiretap this user", and the service says, "sorry, we don't have the ability to give you access to a particular user's activity", then I believe the Feds should have two options:
1. Ask if there is a way for the service to be modified to make it possible, and if so, pay for the modifications. And the service provider must be allowed to advertise that they are now subject to law enforcement wiretaps (let's say one of their previous marketing points might have been that they are immune to such things). I'm debating also suggesting that the service provider should be allowed to refuse that request, regardless of payment, but I'm not quite sure how I feel about that.
2. Walk away and find another means of gathering evidence.
To take #1 a step further, if the service actually enables perfect secrecy, and there actually is no way that it could be modified to meet the Feds' request, I think that's fine too, and a service like that should be completely lawful.
> Agreed. I believe requiring a service provider to turn over their private SSL key, exposing their entire user base to privacy breaches, to be an unreasonable search.
Requiring someone to turn something over is a seizure, not a search; if it is the only way to effect an otherwise-reasonable search, its probably also a reasonable seizure. If the recipient of the seizure order has deliberately engineered it to be the only way to effect potential searches of more limited scope, and it has broader impacts, there's really no one to blame but the recipient of the order.
> let's say one of their previous marketing points might have been that they are immune to such things
As, if such an order is legally possible, this advertising was false, I'm not sure why it should be allowed to provide them with a benefit.
I don't for a minute agree that law enforcement's operational problems trump every other right citizens have.
I find it _astounding_ that people are supporting the idea of forcing Levinson to back down on the guarantee of privacy he'd made to his _other_, not under any probable cause level of suspicion, 400,000 fully-entitled-to-the-privacy-they've-chosen-to-pay-for customers. Violating the privacy of four hundred THOUSAND unrelated-to-the-investigation users? Users who had an expectation of privacy, who were buying a service from a company marketing themselves on providing privacy. Then attempting to coerce that company's founder into not only failing to provide the service his customers were paying him for - but also denying him the right to let them know.
All because _one_ customer has monumentally embarrassed a particularly powerful government department.
from the New Yorker piece my impression was that, for the FBI, the easiest way was to have the SSL keys, and the Judge didn't understand the implications so granted the request.
Initially, the FBI was willing to let Levison modify the site so that just the target would have his stuff intercepted . But Levison wanted to charge the gov't $3500 for the work, also asked for external audits to make sure the FBI wouldn't goof off with the info. The FBI stopped trusting him, and for them it was just easier to have the keys.
It'd no-doubt be "easier" for the FBI to "do their job" if they had copies of everybodies house keys and office keys and safe-deposit-box keys too – so they could have a quick snoop whenever they got curious about whether you were doing anything wrong.
But we don't let them force builders/landlords/lockmakers to hand everybodies private physical house keys over, just because somebody somewhere is doing $bad_thing inside a house.
The FBI didn't trust him – boo hoo – they need to find another way to get their job done then.
(Does anybody _really_ think this was about "trusting" Levinson? Or that it was instead about trying to strong-arm Levinson/Lavabit into illegally and immorally participating in the NSA's ubiquitous surveillance program, almost certainly something they've gotten so used to having work for them that they've forgotten that occasionally they'll bump into someone prepared to throw their business away instead of compromising about "doing the _right_ thing"?)
They've got the warrant; it was a reasonable warrant, in a standard form, that he could reasonably have anticipated. The FBI have the right to execute it. (If you're arguing that this particular warrant shouldn't have been issued then that's a separate issue). It's Levinson's fault and his problem, not the government's, that Levinson specifically designed his site such that he couldn't execute this kind of ordinary, reasonable warrant without failing to provide the service his customers were paying him for.
The problem here is that Levison set up a Rube Goldberg machine. If the (in my opinion reasonable) law says you have to be able to provide access to anyone's data when you are given a warrant, you can't get out of that requirement by making your technology require you give everyone else's data, or kill a kitten, or any other requirement.
Edit: Changed 'levinson', UK report about the media, to 'levison', owner of lavabit.
Like I've said elsewhere in the thread - what about Tarsnap?
Tarsnap is also - arguably - designed in much the same way. What do you think Colin's response ought to be if the FBI/NSA come to him saying "we think one of your users might be doing $bad_thing, so we want your private keys so we can impersonate you, decrypt anything any of your users have backed up using tarsnap, and undermine the very basis of the business you've built."
Has Colin built "a Rube Goldberg machine"? Should all of his paying customers have their privacy violated because the only way Colin has to make Tarsnap reveal one customers data would be to backdoor a software update? Is it unreasonable to charge a sum on the order of $3.5k if Colin offered to set something up to allow only a single customer's software update to be backdoored? (Christ - I'll bet the FBI ran up an order of magnitude more than $3.5k in legal costs arguing that $3.5k was "too expensive"!)
Do any of us have to consider when building our products - along with all our _real_ concerns, just how amenable our technology decisions and architectural concepts turn out to be for state surveillance purposes? Are we to be scrutinized as though modern digital privacy best practice and effective use of crypto implies we've intentionally set out to make the FBI's job more difficult than necessary? Should any of our scarce development resources be squandered trying to ensure we've got built-in ways to comply with any possible law enforcement demand?
I say no. Resoundingly no. Sure the FBI have a job to do. But that doesnt make it OK to run roughshod over innocent peoples rights and to force business owners to back down on guarantees they've made to paying customers and then throw gag orders on them to stop them telling anyone.
I think you're wrong - and I think people who think like you are part of a much greater problem.
From my reading of the court details (which might differ from yours), lavamail was not trying to make it easy for a particular user's data to be accessed. I have no problem with Lavamail, or Colin, providing access to a single user's data, if they have the ability to do that in a reasonable way.
The problem is that there seem to be two extreme worlds we could end up reaching.
1) The security forces can access all data, anywhere, anytime, freely and without limit.
2) The security forces can access no data at all, and become useless.
Both of these are a bad situation to end up in, but I would consider the second worse. Hopefully we can end up with a more sensible world, where the police can access data with a warrant and the proper authority.
While there are some current big cases, and big problems, it is important to remember there are large numbers of lower level people in the security forces, solving real crimes every day. They must not become over-powerful, or hobbled, by a few high profile cases.
I actually think (1) is the bigger deal and by a significant margin, however...
I do agree with you that there needs to be a reasonable and lawful way to tap very specific and targeted conversations, regardless of the medium. Just like bugging the mafia's phones etc. And by reasonable, I mean a real frikin' judge and with total public transparency, not some secret court and definitely not some blanket surveillance program. Accountability for any abuses is a key requirement that currently seems to be lacking.
I'm practically a conspiracy theorist these days, but I think you're being completely logical while most others aren't.
I have jumped in to this thread, so forgive me if I have missed something, but do not understand the reference to 'Levinson'.
I am from the UK, claim no expertise in the field, but the following might help.
'Levinson' is the name of a report on the media (a very long topic in itself), which has no bearing on giving up data.
The law which covers that,I believe, is known by its abbreviation as RIPPA and,amongst other things, sets out the powers that the UK government have to ask for data from companies. In particular, I understand that it makes it an offence to refuse to provide the key to encrypted material.
"Ladar Levison" is the name of the founder/operator of Lavabit. (The misspelled "Levinson" version of his surname in various bits of this thread may well be my fault. Apologies.)
If circumstances are such that monitoring one customer means all customers have to be potentially monitored then that, in practice, is the way things are. After all the TSA operate on exactly the same principle.
It may not, in some airy-fairy, hippy, juvenile world view, be "OK", but again, it is the way things are.
Law enforcement has a variety of ways with which it can gather evidence. Ignoring the internet and tech world entirely, there are plenty of criminals who are clever enough to cover their tracks sufficiently so there is no way that evidence can be brought against them.
I don't see why the law should require that all services should be built with wiretap points. If a user of a service wishes to ensure perfect secrecy, and a service allows that use case (ideally by never seeing the user's cleartext or keys), I see no reason why the law should be allowed to interfere and require that the service be changed to disallow that.
Sure, that might make law enforcement's job harder in that case, but too bad. Catching a few extra criminals here and there is not a good reason to weaken the possibility of privacy for the rest of us.
For the sake of arguments, let's just assume Windows is perfectly secure. Then if child pornographers or ponzi scammers use direct, encrypted links instead of emails to exchange information, what will the FBI do? Is it reasonable for it to hack into the computer of a suspect to gather evidence? Is it reasonable for it to force Microsoft to implement a hole in their OS so that they can do that? Is it Microsoft's fault for implementing their OS in such a way that it's difficult for the FBI to (lawfully) intercept its users?
Maybe we all blamed Microsoft unjustly, maybe they were forced by law to create all those holes, and maybe they were forced by law to not disclose the fact that they were forced by law to create all those holes.
His argument is clearly that people have a right to privacy. It says so in his next sentence.
The 'no, sorry' is him discarding the emotional plea that often justifies invading a person's privacy in the first place ("please, won't somebody think of the children!").
I say it's an incomplete argument because there is no mention of how we should go about prosecuting child pornographers and terrorists, rescuing missing persons when phone/email records are our only clue, and so on. There's just "no, sorry", the right to privacy trumps these things under all possible circumstances.
The question remains.. why?
Why is a world with ideally zero ability to prosecute child porn (to pick one) a world we should want to live in? Laws don't mean much without the ability to enforce them, so are you advocating living in a lawless world? Police powers can be abused, but does that literally mean we should end all police, at least as it pertains to crimes involving communication such as plotting murder, child porn, etc.?
Do you believe that we should all give up our right to privacy just in case it allows us to save a few people here and there?
I know that makes me sound like a dick at first glance, but do you really believe that if you answer "yes" to the question above, we are guaranteed that this system will never be abused?
I think the answer to that has already been provided in light of recent events.
No, we all should not give up our right to privacy. There should be lawful means to investigate crimes with proper judicial oversight.
For example, today, and for much of the history of democratic society, the police have the power to search your person under certain circumstances. I hope you would agree that you still enjoy a "right to privacy" in our society.
"Right to privacy" has always encompassed a body of law governing privacy. It has never been an absolute.
By comparison, the same is true for "free speech". We should not give up our right to free speech. Nor should we all start shouting fire in crowded theaters.
Of course there are no guarantees that abuse is impossible. That's what the fight for free speech and privacy is about: proper and just oversight by the citizenry -- not the abolition of lawful society.
No, we all should not give up our right to privacy. There should be lawful means to investigate crimes with proper judicial oversight.
Sure. And I'm arguing that a judge that would sign a court order instructing Lavabit to turn over its private SSL key is displaying ridiculously improper, poor judicial oversight.
My comment was actually a bit more meta and high-level than that, though. My fear is that an "untappable service" might at some point become illegal. For example, if I were to put up a communications service that allows someone to send encrypted, plausibly-deniable messages, and I don't and cannot have the ability to decrypt them, the government would try to make that sort of thing illegal.
You act as if it's a binary thing. It's not all or no privacy. It's always been some privacy , and you have more or less depending on circumstances.
Nothing is guaranteed to be abused, but when checks and balances works, things get harder.
Try not to forget that before the FISA Court there was no court and the president did what he wanted in that domain. Things are getting better (even if at a glacial pace).
We should prosecute crimes the way we always have: presumed innocence until proven otherwise with evidence.
A right to be able to communicate privately doesn't make Plain Old Telephone calls not be easily traced, or make the police useless.
How about this example, to clarify the issue:
However pedophiles (or terrorists) get their content, be it a darknet site or the sneakernet, under the 5th amendment a person can refuse to give a password to decrypt harddrives with potential illegal content that could incriminate them in a crime.
Following your logic, should we not rescind the 5th amendment, so that people have to prove they don't have exploitative images of children?
> presumed innocence until proven otherwise with evidence.
That's exactly the problem. Lawful surveillance is one of the most fundamental means of gathering evidence. If you take away that, then in a lot of cases you take away the ability to prove guilt.
You offer no support for the claim that police would be useful in a world where all telecommunications are impenetrably encrypted with no means for lawful intercept. If "Plain Old Telephone calls" are the only interceptable means of communication by police, then you might as well rename them the "Plain Old Police", since they would be largely ineffective.
I have not argued for rescinding any rights whatsoever. It is you, I would argue, who is arguing for rescinding the police, which are an essential part of a lawful society.
The flaw in your reasoning is that while individuals are protected from self-incrimination, no such right extends to third parties. Nor should it. The 5th amendment does make it harder for police to prosecute people, but with the power to compel other people to testify, to have service providers turn over records and surveil with proper judicial oversight, and so forth, it has been judged over the centuries to be a fair balance of powers.
To block all police power to surveil under any circumstances would substantially cripple their ability to gather evidence.
And so the question remains: If you feel lawful intercept of communications is never justified, how would one go about gathering evidence of a largely communications-based crime such as child pornography or plotting a murder?
Yes, in this case, it was the Lavabit service. But tools to allow for private communication already exist, and in those cases, the 5th amendment protects the parties involved, with no service provider able to provide the police useful data. The more the government abuses its surveillance abilities with massive collections, the more pressure will exist for criminal enterprises to turn their attention to the likes of Freenet, that are inherently difficult to surveil, even when working with the physical ISPs.
So, you ask, how do police investigations compensate when the criminals they're after increasingly use anonymous, private, secure, distribute means of communication?
Aside from the standard drug detection at borders or traffic stops, money tracking, physical surveillance, informants, undercover work, district attorneys giving deals to catch bigger bad guys, or other, you know, physical police work that doesn't include being told who, when and where the deal is going to take place, I'm not sure how Police will be able to function.
Why is a world with ideally zero ability to prosecute child porn (to pick one) a world we should want to live in?
Closing one potential avenue for gathering evidence is a far cry from removing law enforcement's ability to prosecute child porn offenders (or any other crime, for that matter).
Look, I'm not saying that law enforcement shouldn't have legal tools at their disposal to gather information. They should. They do. But if someone is using strong encryption and has plausible deniability, then they win. That's just how it is. If they're going through a third-party service that can isolate that one user, then sure, great, by all means, get at that data via legal means. But if getting at that data means exposing all users of that service to breaches of privacy, then hell no. That's entirely unreasonable.
And if criminals are indeed clever enough to cover their tracks well enough to eliminate the possibility of law enforcement gathering evidence on them... well, that sucks, but that's life. That happened before the internet, and will continue to happen in spite of it.
If you want to stop child porn, maybe you should go after the source instead of the consumers? Even if you did stop the spread of the digital pornography you still have all the molesters and other physical abusers out there. Maybe we should expend resources on actual cops patrolling neighborhoods and keeping pedophiles in jail instead of releasing them and confining them into "safe" zones. That is if you really want to protect kids, and not hunt down perverts on the internet.
Yes, what about the children? If you care about the children, it's not the internet you should be worried about:
A few years back, the NSPCC (a UK child protection charity) released a study that claims that 75% of all child abuse, including sexual abuse, is carried out by a male adult related to or known to the family. The most likely abusers are the dad, brothers and uncles, followed closely by other male relatives and friends of the family. Random strangers come far down the list.
> Why is a world with ideally zero ability to prosecute child porn (to pick one)
Why do you think there would be zero ability to prosecute child porn? Given the above, it would seem that the best investment in prosecuting child porn would be in addressing the problem at source: Better monitoring of children's health and wellbeing to increase detection and prevention of abuse in the first place, rather than trawling through peoples communication.
Of course that won't happen, because parents will all believe that their spouses and relatives and friends could not possibly be abusers, and of course most of them will be right, even though reality is that they pose by far the greatest risk to your child. Random strangers are just even less likely to harm their children.
Before we sacrifice privacy even further, we should at the very least have the facts as to what effects altering the privacy balance could actually have. Is there any evidence that more aggressively pursuing child pornographers online makes much difference to actual harm as opposed to moral outrage?
Even so, even if we allow 100% privacy in communication, people get caught for child porn possession all the time without having law enforcement violate their privacy first: Spouses report pictures from their PC; people stupidly hand their PC in for repair and it pops up; people get caught actually abusing children etc. In which case their sources are often revealed. In which case the police can do actual police work, and set up stings or visit any sites that person has obtained child porn from, and get those sites taken down, and follow the leads to payment processors etc.
In fact, a number of large child porn sting operations were conducted in exactly that way: Unravel sites where the site itself was blatantly illegal, and then track down users/customers.
I don't know if the person earlier in this thread wants to be absolutist about the privacy, but for my part this is one area where I draw the line: If there is a legitimate case against one party to a communication, then I don't see a problem with having the police go through the logs of such a site, or the e-mails of anyone implicated and tracking down any regular users or customers of such a site - I don't see a good privacy argument against that.
But note how different that is from accepting interception of communication using a site that has entire legitimate uses, and where there is no evidence of wrongdoing in the case of most of the users prior to the government request to intercepting everything.
Even when there's no malicious intent, the chance of serious errors skyrockets when you start allowing these kind of tactics where criminal investigations becomes playing the numers too. Check Operation Ore, for example, where a long range of errors conspired to make what started out as a database of card transactions, some of which were to child porn sites, ended up being treated pretty much as evidence of purchase of child porn. Problem was tens of thousands of the cards appearing in the database were stolen, and a large number of the transactions were for legal sites; the resulting operation caused several wrongful convictions, and far more ruined lives and children taken out of their homes for the wrong reasons. The operation also has resulted in dozens of suicides (though it is unclear how many of the suicides were innocent people, if that matters to you).
It underscores that even if were are 100% ok with police invading our privacy if they make no mistakes, the importance of considering the potential damage of false positives must also be taken into account: If the crime being looked for is rare enough, it is perfectly possible allowing "dragnet" type surveillance to clamp down on the crime will cause more damage through investigative errors than it will prevent. This is another important reason to be careful about giving up on privacy.
If that is the case, why stop at child pornography. Physical child abuse like beatings present a far greater threat in terms of children impacted, but we aren't discussing the wholesale monitoring of every adult with a child, are we? Are the children that are victims of physical abuse not deserving of the same attention we give to those that are victims of sexual abuse?
There are alternatives that mitigate the problem without centralized government involvement and dragnet surveillance. Opting for a law enforcement-based government solution from day one pretty much eliminates all creative thinking on how the damages from child pornography can be reduced to acceptable levels.
I emphasize acceptable levels, because the correction of all ills and dangers carries with it diminishing returns. If you want to completely eradicate something, it's going to cost you an order of magnitude more to eliminate the last 20% of the problem than the first 80%. Costs here a both financial and freedom-wise. The in both time and freedoms for services (telecoms, etc.) and places (homes, offices, etc.) is good enough for probably 80% of the benefit. Beyond that the cost is just too high for too little benefit.
You can also get 80% of the benefit by just identifying the small subset of children that present the highest at risk group and providing special services for the monitoring and social support for that group. No need to drag in the rest of society.
First, child pornography itself isn't really the problem, but the problem we focus on because its visible and elicits emotions. We focus on the end product, but the root problem is how child pornography is made. Child porn doesn't only exist in electronic form. Getting convictions of users of child porn isn't going to protect any children. We know undeniably that a market exists. Going after the buy-side is never going to have a meaningful impact, because there are a lot more buyers than creators and the amount of effort to bag a few consumers here and there is a drop in the bucket and will never be sufficient to reduce demand enough that there isn't incentive for the supply side to keep producing it. If you make it harder, then the price just go up. Profits don't change.
Personally, I would like us make the consumption of child pornography legal but keep it illegal to manufacture or distribute child pornography. By keeping the buy side legal, you gain enormous amounts of visibility into the market dynamics that don't exist, when you force both sides to go underground making observation difficult enough that the privacy of many innocent people needs to be compromised to make policing even marginally effective. Furthermore, it would still be considered taboo and a sickness and we'd encourage purveyors of child porn to seek psychiatric care, where we would counsel them on their addiction and show them the damages caused by their consumption. To get access to free psychiatric care, we can solicit cooperation from the buy side in discovering who is operating on the sell side. This removes a lot of trust in that market, because instead of both sides being driven to trust one another for fear from prosecution of the same law enforcement entity, the sell side will end up with a healthy mistrust of their customers.
The fastest way to destroy a market is to destroy trust in that market. TBH, I'm surprised we don't really spend any attention on how you effectively undermine markets like we spend time on how to foster liquidity in markets and making them more efficient.
> His argument is clearly that people have a right to privacy.
Except there is no right to engage in total privacy. There is a right against unreasonable search and seizure. But that's hardly a right of total privacy.
Maybe his argument is that he thinks people should have a right to total privacy?
> Except there is no right to engage in total privacy.
There is, in practice, an absolute right to privacy. If you combine strong encryption with plausible deniability, you can reliably secure information from law enforcement. There is nothing anyone can do to access it against your will. You can always make the plausible claim the information does not exist and/or is inaccessible to you.
Does asking for a site's private SSL key sound like a reasonable search? I realize "reasonable" is entirely subjective, which is why I don't put much faith in out justice system.
You sound astounded that someone on the receiving side of legal action is trying not to cooperate. Next you'll be stating that him hiring a lawyer is proof of non-cooperation and evidence of guilt.
If you got to do overbroad things every time a defendant was "non-cooperative" it would apply to every single court case.
See my comment here[1]. While I'm not normally a government apologist, from the unsealed court documents, it appears that they did everything by the book here. The original order was for metadata related to a single, specific named account. There were several follow up orders and court proceedings before the request was broadened to turn over the SSL keys.
I'd claim that not producing evidence in response to a lawful subpoena and court order is proof that he's guilty of contempt of court[2].
[2] There are lawful ways to resist such an orders - you file a motion to oppose in the case. While I don't have access to PACER to confirm that no such motion was filed, the judge's orders have no mention of such a motion in the established facts.
dlgeek explains the entire situation better than I. However, I wanted to apologize for poor wording. It wasn't that he wasn't trying to cooperate. Rather, than it seemed like he was trying to be unreasonably uncooperative to what was a reasonable and lawful order (starting with the information/traffic of a single individual). The distinction is important, I think.
Putting aside the vague term reasonable for a moment, we should really examine that the fourth amendment states "... and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
I think we need to analyze "persons" or "things" in an electronic light... could things be roughly analogous to "a mailbox" and could persons be "a person's electronic mail account"?
You can't just state on your warrant "I want all of the things!", you must stipulate that "I want Ben's mail account and logs of all his activity on your service." If there is no way of extracting that information without compromising everyone else's privacy, does the law state "in cases like this, the constitution should be violated to satisfy the terms of the warrant"? or does the law state "the terms of this warrant cannot be enforced without breaching the constitutional rights of at least one other party and thus is illegal"?
It's my guess (and I'd like to emphasise the word guess as I really have no idea), that any reasonable judge (that wasn't on the payroll of the NSA or FISA court) would deem this is an illegal search warrant because it's in violation of every other Lavabit user's fourth amendment rights.
Anyway, that's all by-the-by. The judge who is attempting to enforce this ridiculous debacle (and I use the word ridiculous in the sense of hilarity because every new development is a source of mirth) clearly doesn't give a shit about anyone's fourth amendment rights, and he's pissed at Levison's continued contempt of court so he's stamping his feet like a spoiled little four year old who's just been told he's not getting Dunkin' Donuts for dinner, while getting a schooled by an internet Hero... with a capital H.
That's perfectly valid, since those examples were first trotted out prior to that with no argument. If it's so obvious why we should treat those as special cases, it should be trivial to explain why.
> That's perfectly valid, since those examples were first trotted out prior to that with no argument.
Except the burden lies with those wanting to add a right to privacy to the list of rights we have. The right to privacy simply doesn't exist. There is a right against unreasonable search and seizure. But that's hardly a right of total privacy.
> If it's so obvious why we should treat those as special cases, it should be trivial to explain why.
I think it's perfectly reasonable to ask you why you want to change the laws and protections we have now, and I think it's perfectly reasonable for you to be required to stand up to the questions being asked.
You've posted at least a dozen responses in this thread and it is plain you have no idea what you are talking about in almost every one of them. Are you unfamiliar with the 14th Amendment?
the Due Process Clause is also the foundation of a constitutional right to privacy. The Court first ruled that privacy was protected by the Constitution in Griswold v. Connecticut (1965)
I guess we could forgive you for not being aware of the 14th Amendment - it's not cited much. But it was the basis of Roe v Wade, arguably the most famous Supreme Court case ever:
Decided simultaneously with a companion case, Doe v. Bolton, the Court ruled 7–2 that a right to privacy under the due process clause of the 14th Amendment extended to a woman's decision to have an abortion
Sticking with Wikipedia - they have a whole article on the Right to Privacy. As related to the United States:
The U.S. Supreme Court has found that the Constitution implicitly grants a right to privacy against governmental intrusion.
It is unbelievable that someone like you will post a dozen responses to people filled with such unbelievably false statements. It is no wonder people are downvoting you.
You're right, but that doesn't make me wrong. Only that we are saying 2 different things. I didn't mean to imply that you have no expectation of privacy, only that privacy as a whole does not exist. For example, in public, I cannot reasonably suggest that my right to privacy trumps your ability to overhear my conversation.
After all, while you elected to quote one sentence, in context, it's clear that I'm making a distinction between a total right to privacy and limits to intrusions into privacy.
"The right to privacy simply doesn't exist. There is a right against unreasonable search and seizure. But that's hardly a right of total privacy"
So, basically what I'm saying is that their is no simple right to privacy. Actually, the text you quote provides a link that explains it better than I obviously did.
"Although the word "privacy" is actually never used in the text of the United States Constitution,[20] there are Constitutional limits to the government's intrusion into individuals' right to privacy."
These limits protect aspects of privacy, not privacy itself. And that's an important distinction, especially in this context. If you explicitly had a right to privacy, one could argue that search warrants could never be legal, as your rights to privacy were being violated.
I 100% realize how my statements in that manner could be misinterpreted, and I don't fault you for challenging me on that.
> It is unbelievable that someone like you will post a dozen responses to people filled with such unbelievably false statements.
If that's the case, why wouldn't you assume you were misinterpreting what I said?
As for people down voting me, don't be too harsh on them for misunderstanding me on this context. As I said, it's reasonable that they could think that. Luckily, you made it clear you couldn't believe I would post something so obviously false, and looked for clarification rather than just assuming. =)
If they are to be brought into a conversation not specifically about them as examples, yes.
Whether it's wiretapping or execution, when referencing those crimes you're making a personal evaluation of the actions without referencing any criteria for for how you judged them. To do so is to play to people's emotions about the crimes you referenced rather than the actual item for discussion, which is when wiretapping is justified, and specifically for what crime.
I view it as equally manipulative to state "we can all agree that murder is bad and wiretapping should be justified in some cases" as to say "we can all agree that changing traffic lanes without signalling does not justify wiretapping" when the actual question has nothing to do with either crime.
This is just a case of Godwin's law writ small, so it's harder to spot.
(An alternative argument is that for any extended powers of the state, we should have statistics to back them up. If wiretapping is ineffective for a crime or it's benefit is outweighed by it's downsides, maybe that should be taken into consideration. In the end, I'm basically I'm for questioning generally unquestioned positions.)
I would like to contribute the point to back this up that the question isn't really e.g. "is it OK to wiretap murderers?" Actually, it's "is it OK to wiretap suspected murderers?" And the second one is a vastly greater burden. It means we need to trust the guys who decide who to suspect. This is far from a solved problem, of course, as most people agree that some justice system is necessary, and it's a hard line to draw, but the point is, one must be extremely wary of granting broad powers over arbitrary people without requiring an amount of evidence proportionate to the damage exercising those powers will do to them.
In short, if you just say "who cares about suspected murders, probably most of them are murderers", you are leaving a lot of discretion over your life and the life of those in society around you into the hands of those whose power it is to enforce the law. And while they might be the best people for the job, ultimately they are just people too.
> But surely we can all agree there exist circumstances under which some lawful intercepts are justified: child pornographers, terrorists actively planning murders, missing persons, etc. The problem is Lavabit was not designed to facilitate intercepts under any circumstances.
That's not true, though. Levison could and did help the government with intercepts before, and offered to provide the same service again; this time, the government was not satisfied with the offer (from the New Yorker, emphasis mine):
"The documents, and Levison’s comments to us, suggest that although he is a skeptic, he was willing to work with the government: he offered to write intercept code himself to capture their target’s metadata, and acknowledged that the government might have a right to the person’s information. He was willing to turn that information over, as he did in a case involving child pornography; Lavabit’s archived site in fact explicitly states that one of the reasons its most secure services are available to paying customers only is so that if an account “is used for illegal purposes that money trail can be used to track down the account owner.” But the government refused Levison’s offer. It wanted the keys to everything, so he gave it nothing."
Well, it actually is true that the asymmetric encryption feature of the premium Lavabit service is designed to make intercepts impossible. Only the account holder can decrypt it.
Handing over account payment information in response to lawful requests is quite a different matter from defeating asymmetric encryption. Account info is unencrypted records that Lavabit has access to in accordance with their TOS. They can turn those over, in accordance to their TOS.
Faking out their own service to defeat their own encryption, which they specifically advertised as being only decryptable by the account holder and not Lavabit, is a whole different ballgame.
I noted exactly what you stated, that Lavabit offered to help the government implement something like that -- only after being threatened with the "nuclear option" of key seizure.
You've got to concede that there's room for some doubt as to whether Lavabit could be trusted to comply with something as extraordinary as that. It would be trusting them to reneg on a specific promise made to all customers about the security of their service, namely that it is impossible for Lavabit to snoop on encrypted communications.
Everybody in this entire debate is just talking past each other.
On the pro-government side, the position is something like "We have such a thing as a lawful search warrant, and if you get one you have to comply."
Meanwhile on the crypto-anarchist side, the position is something like "We can design a crypto-system that is indifferent to your lawful warrants."
But these are really two different arguments, that proceed as follows: the anarchists say "Because X is possible, therefore it should be legal", meanwhile the pro-governmentals say "Because X is required by law, therefore people should do it." But neither of these necessarily follow.
"The problem here is Lavabit was specifically designed to disallow lawful intercepts of individuals."
You say that as though that's the only possible explanation for why the service was designed the way it is.
Tarsnap is also - arguably - designed in much the same way. What do you think Colin's response ought to be if the FBI/NSA come to him saying "we think one of your users might be doing $bad_thing, so we want your private keys so we can impersonate you, decrypt anything any of your users have backed up using tarsnap, and undermine the very basis of the business you've built." (note: this is a bit more difficult to execute - they'd need to have some good reason to update the tarsnap software on all end user's machines, since Colin doesn't have the private key my backups are encrypted with…)
You say "it's designed to disallow law enforcement certain abilities", I say "it's designed with best-practice modern digital privacy techniques, and is _entirely_ legal, legitimate, and a perfectly good premise to base a business on - and which the government _doesn't_ have the right to claim is 'unlawful', the same as building doorlocks without government skeleton keys, or banksafes without hidden vulnerabilities that the FBI or NSA know about, is also not 'unlawful'".
If you want to make privacy illegal - take it to the polls and ask the public if they agree. Until then - designing, deploying, and using well engineered systems to protect your privacy is every citizen's right should they choose to use it. Sure " … some lawful intercepts are justified", but that _doesn't_ imply all systems must be designed in a way that lawful intercepts are possible, and it doesn't give the government the right to coerce people not suspected of illegal acts into destroying their businesses and livelihoods just because they " … didn't trust him to act as a spy on their behalf". That's just _so_ wrong. So _very_ wrong.
"The problem here is Lavabit was specifically designed to disallow lawful intercepts of individuals."
This is not True.
Lavabit made it clear in their TOS that they had no interest in concealing illegality, they complied fully and willingly with all warrants targeting individual users.
Their premise was to protect your privacy from untargetted blanket surveillance.
I think the issue some people seem to be missing in this discussion is that the technology is morally neutral.
A system designed to protect the privacy of its users' data even if its operator is subjected to coercion does not care whether the coercion comes in the form of a court order, a bribe, a threat to reveal a secret or a man holding a gun to the operator's head.
A system designed to be secure against coercion of its operator necessarily resists lawful intercepts just as it resists blackmail. Designing a system in such a way does not imply that the designer wishes to promote illegal behavior nor hinder the ability of the police to investigate it.
I can't see any part of that article that supports your claim. On the contrary, the article appears to claim that one of the reasons he was resisting so strongly was that handing over the keys would allow full access, though the reporting isn't very clear when it comes to already stored e-mails.
From the article:
' On July 25th, Lavabit petitioned to cancel the subpoena and warrant, arguing that if the “government gains access to Lavabit’s Master Key, it will have unlimited access to not only [the account], but all of the communications and data stored in each of Lavabit’s 400,000 e-mail accounts.” Lavabit also asked the court to unseal its records and permit Levison to speak. '
My source is (was) the lavabit ToS. I was a paying customer of Lavabit and familiar with their ToS.
He made it pretty clear that if you wanted to use his service to hide illegal activity you were SOL.
The TOS seems to be long gone. But wikipedia summarises his stance on legit warrants as opposed to "hand over your SSL private key": http://en.wikipedia.org/wiki/Lavabit
The premise is incorrect. Lavabit had provided data for lawful intercepts in the past. The government continued to press for unfettered access to all of Lavabit's data which then forced the shutdown.
Lavabit offered to develop a more involved solution for the government in order to prevent unfettered access to all of their customer's data. The court's assertion that the government could trust Lavabit because Lavabit didn't trust the government is both childish and assinine.
I totally disagree. People have the right to have private and secure conversations and we shouldn't have to give up that privacy to ensure that the government can spy on our conversations in order to catch bad guys.
abalone : "The problem here is Lavabit was specifically designed to disallow lawful intercepts of individuals ... And this is why the government resorted to threatening to seize the keys and trying to impersonate the service."
Some of us reject your implication that the government is always entitled to the comms, regardless of harms imposed on innocent parties. Forcibly seizing the means of impersonating someone online, while preventing that person from revealing the fact, is a step too far. It is an injustice against the person impersonated, and wrongly deprives him of reputational integrity, and wrongly deprives others of the value of the service for which they contracted in good faith.
Statements like yours attempt to depict the combination of seizing private keys + gag orders as a minor invasion, acceptable in certain cases. In fact it amounts to removal of the basic human right of communicating privately - and as brian_cloutier points out, removes the whole basis of trust online. If the policy is allowed to continue, it removes the ability of cryptography to give an assurance of the identity of any entity online.
It is better for a few criminals to go free, if necessary, to preserve more important values (and the government can probably find evidence by other means in most of those cases anyway, and if not, too bad).
PGP is designed to disallow lawful intercepts. Should the government be allowed to prevent strong cryptography software on my own computer?
If not, then why should they be allowed to do the same on a hosted service?
If so, then is it also ok for oppressive governments in other countries to backdoor cryptography, so they can throw dissidents in prison? Or should dissidents have tools to protect themselves? If they should, then why shouldn't people in this supposedly-free country have the same tools?
> The problem here is Lavabit was specifically designed to disallow lawful intercepts of individuals.
The problem is that computer-mediated communication systems are not able to distinguish between lawful intercepts and unlawful intercepts and thus their security against unlawful intercept is premised on being able to guard against all types of interception, lawful or otherwise.
Isn't any software with a goal of eliminating security holes essentially "specifically designed to disallow lawful intercepts of individuals"? Should all software providers be forced by law to implement backdoors so that the FBI can intercept its communications, just in case Snowden uses the software?
> But by this point the government didn't trust him to act as a spy on their behalf (which frankly is not an unreasonable assumption).
I don't understand this conclusion. He cooperated with legal investigations before, he just needed time and resources to implement what they were asking for.
The only thing to do in that situation is to compromise one of the communicating parties. If the communicating parties have arranged a safeword to signal they have been compromised, even that technique is useless.
In the case of Snowden and Greenwald, that wasn't going to happen.
It is possible to make storage and communication immune to surveillance. So I ask: should that be illegal?
That is not impervious: compromise an endpoint. It takes work, but in the course of a serious investigation it can get done. At the limit, Van Eck or similar analog-hole analogues.
Anyway, my position is "no, that should not be illegal", though I am not entirely confident in that.
Did you mean UNLAWFUL intercepts of individuals?
There are no lawful intercepts between two private parties.
Do you get to hear everything about a deal between two big corporations other than the stuff released in the press?
Go to a retail store and ask for information about an employer. They don't give out any information (unless there is a probable cause of course).
The only time government can intervene is when a 3rd party is hurt by someone. In this case it's their own fault for snooping around and reading everyone's private conversations and some of there were used for stalking hot girls! and now they're acting like kids trying to force lavabit by threatening the owner.
Yes, I agree that there are circumstances... But now without case by case decision from a court or whatever the actualy legal system requires.
Citizens should be able to protect their privacy and it can be overridden only in those special circumstances and approved by a judge (or whatever the given state requires).
> But surely we can all agree there exist circumstances under which some lawful intercepts are justified: child pornographers, terrorists actively planning murders, missing persons, etc.
Oh come on, don't be so naive.
> child pornographers
As defined by which country? Is that 16 years old, or 18? Maybe even 21. Just because something is illegal where you are, does not make it illegal in my country/culture.
> terrorists actively planning murders
And now we know the US Govt actively murders it's own citizens without trial, surely we'd have to count them as terrorists, wouldn't we? (let alone what they do it non-citizens)
> missing persons
How long does someone have to be "missing" for that to justify the government having unlimited power? Surely they should just kick down everyone's door until they find what they want [1]
For every example you come up with, it's trivial to point out that it's an extremely slippery slope.
Targeting individuals is absolutely the right way to go about a lawful intercept. Sucking up all traffic like the NSA has been doing is totally overbroad and invasive.
But the whole point of the asymmetric encryption feature of Lavabit was to make it impossible for anyone but the account holder to access their email. This is obviously why Snowden used the service. Duh. And this is why the government resorted to threatening to seize the keys and trying to impersonate the service.
What actually happened is, in the court proceedings Lavabit responded to this by offering to make modifications to the service to essentially wiretap an individual account without handing over the keys. Thus confirming the problem the government faced. But by this point the government didn't trust him to act as a spy on their behalf (which frankly is not an unreasonable assumption).
To be absolutely clear, I am taking no position on the justness of the government's targeting of Snowden. Personally I think he's a hero.
But surely we can all agree there exist circumstances under which some lawful intercepts are justified: child pornographers, terrorists actively planning murders, missing persons, etc.
The problem is Lavabit was not designed to facilitate intercepts under any circumstances. That is why the keys were seized.
Source: http://www.newyorker.com/online/blogs/elements/2013/10/how-l...