Like I've said elsewhere in the thread - what about Tarsnap?
Tarsnap is also - arguably - designed in much the same way. What do you think Colin's response ought to be if the FBI/NSA come to him saying "we think one of your users might be doing $bad_thing, so we want your private keys so we can impersonate you, decrypt anything any of your users have backed up using tarsnap, and undermine the very basis of the business you've built."
Has Colin built "a Rube Goldberg machine"? Should all of his paying customers have their privacy violated because the only way Colin has to make Tarsnap reveal one customers data would be to backdoor a software update? Is it unreasonable to charge a sum on the order of $3.5k if Colin offered to set something up to allow only a single customer's software update to be backdoored? (Christ - I'll bet the FBI ran up an order of magnitude more than $3.5k in legal costs arguing that $3.5k was "too expensive"!)
Do any of us have to consider when building our products - along with all our _real_ concerns, just how amenable our technology decisions and architectural concepts turn out to be for state surveillance purposes? Are we to be scrutinized as though modern digital privacy best practice and effective use of crypto implies we've intentionally set out to make the FBI's job more difficult than necessary? Should any of our scarce development resources be squandered trying to ensure we've got built-in ways to comply with any possible law enforcement demand?
I say no. Resoundingly no. Sure the FBI have a job to do. But that doesnt make it OK to run roughshod over innocent peoples rights and to force business owners to back down on guarantees they've made to paying customers and then throw gag orders on them to stop them telling anyone.
I think you're wrong - and I think people who think like you are part of a much greater problem.
From my reading of the court details (which might differ from yours), lavamail was not trying to make it easy for a particular user's data to be accessed. I have no problem with Lavamail, or Colin, providing access to a single user's data, if they have the ability to do that in a reasonable way.
The problem is that there seem to be two extreme worlds we could end up reaching.
1) The security forces can access all data, anywhere, anytime, freely and without limit.
2) The security forces can access no data at all, and become useless.
Both of these are a bad situation to end up in, but I would consider the second worse. Hopefully we can end up with a more sensible world, where the police can access data with a warrant and the proper authority.
While there are some current big cases, and big problems, it is important to remember there are large numbers of lower level people in the security forces, solving real crimes every day. They must not become over-powerful, or hobbled, by a few high profile cases.
I actually think (1) is the bigger deal and by a significant margin, however...
I do agree with you that there needs to be a reasonable and lawful way to tap very specific and targeted conversations, regardless of the medium. Just like bugging the mafia's phones etc. And by reasonable, I mean a real frikin' judge and with total public transparency, not some secret court and definitely not some blanket surveillance program. Accountability for any abuses is a key requirement that currently seems to be lacking.
I'm practically a conspiracy theorist these days, but I think you're being completely logical while most others aren't.
Tarsnap is also - arguably - designed in much the same way. What do you think Colin's response ought to be if the FBI/NSA come to him saying "we think one of your users might be doing $bad_thing, so we want your private keys so we can impersonate you, decrypt anything any of your users have backed up using tarsnap, and undermine the very basis of the business you've built."
Has Colin built "a Rube Goldberg machine"? Should all of his paying customers have their privacy violated because the only way Colin has to make Tarsnap reveal one customers data would be to backdoor a software update? Is it unreasonable to charge a sum on the order of $3.5k if Colin offered to set something up to allow only a single customer's software update to be backdoored? (Christ - I'll bet the FBI ran up an order of magnitude more than $3.5k in legal costs arguing that $3.5k was "too expensive"!)
Do any of us have to consider when building our products - along with all our _real_ concerns, just how amenable our technology decisions and architectural concepts turn out to be for state surveillance purposes? Are we to be scrutinized as though modern digital privacy best practice and effective use of crypto implies we've intentionally set out to make the FBI's job more difficult than necessary? Should any of our scarce development resources be squandered trying to ensure we've got built-in ways to comply with any possible law enforcement demand?
I say no. Resoundingly no. Sure the FBI have a job to do. But that doesnt make it OK to run roughshod over innocent peoples rights and to force business owners to back down on guarantees they've made to paying customers and then throw gag orders on them to stop them telling anyone.
I think you're wrong - and I think people who think like you are part of a much greater problem.