Exciting progress towards surveillance-resistant email

Ladar Levison -- persecuted founder of the now-shuttered private mail service Lavabit, as used by Edward Snowden -- has made great progress on his Darkmail project, a joint initiative with Phil "PGP" Zimmerman's also shut-down Silent Circle private email service. Read the rest

Blogging History: Lavabit founder stops using email; Neal Stephenson's Orth Hugo speech; NY-NJ ferry cop harasses man for reading D&D book

One year ago Lavabit founder has stopped using email: "If you knew what I know, you might not use it either": Levison’s lawyer, Jesse Binnall, who is based in Northern Virginia — the court district where Levison needed representation — added that it’s “ridiculous” that Levison has to so carefully parse what he says about the government inquiry. “In America, we’re not supposed to have to worry about watching our words like this when we’re talking to the press,” Binnall said.

Five years ago Stephenson's Orth-speak Hugo acceptance speech: Here's the Orth text of Neal Stephenson's acceptance speech for the Hugo Award for Anathem, snapped at the pre-award reception before we both discovered that our books had been beaten by Gaiman's kick-ass Graveyard Book.

Ten years ago D&D book reader on ferry hassled by security morons: Thanks to the RNC, there are mandatory bag searches happening on the NJ-NY Ferry. This fellow first got hassled with a re-search for carrying The Player's Guide to Faerun a D&D book, and then the next day, security tried to confiscate his copy of Exalted: The Abyssals as 'inappropriate.' Read the rest

Kafka, meet Orwell: Lavabit's founder explains why he shut down his company

Writing in the Guardian, Lavabit founder Ladar Levison recounts the events that led to his decision to shutter his company in August 2013. Lavabit provided secure, private email for over 400,000 people, including Edward Snowden, and the legal process by which the FBI sought to spy on its users is a terrifying mix of Orwell -- wanting to snoop on all 400,000 -- and Kafka -- not allowing Levison legal representation and prohibiting him from discussing the issue with anyone who might help him navigate the appropriate law.

Levison discloses more than I've yet seen about the nature of the feds' demands, but more important are the disclosures about the legal shenanigans he was subjected to. In fact, his description of the legal process is a kind of bas relief of the kind of legal services that those of us fighting the excesses of the global war on terror might need: a list of attorneys who are qualified to represent future Lavabits, warrant canaries for the services we rely upon; and, of course, substantive reform to the judicial processes laid out in the Patriot Act. Read the rest

Australian attorney general wants the power to launch man-in-the-middle attacks on secure Internet connections

The Australian attorney general has mooted a proposal to require service providers to compromise their cryptographic security in order to assist in wiretaps. The proposal is given passing mention in a senate submission from the AG's office, where it is referenced as "intelligibility orders" that would allow "law enforcement, anti-corruption and national security agencies" to secure orders under which providers like Google, Facebook and Yahoo would have to escrow their cryptographic keys with the state in order to facilitate mass surveillance.

Edward Snowden referenced this possibility in his SXSW remarks, pointing out that any communications that are decrypted by service providers are vulnerable to government surveillance, because governments can order providers to reveal their keys. This is why Snowden recommended the use of "end-to-end" security, where only the parties in the discussion -- and not the software vendor -- have the ability to spy on users.

The "intelligibility order" is the same kind of order that led to the shutdown of Lavabit, the secure email provider used by Snowden, whose creator shut the service down rather than compromising his users' security. Read the rest

How NSA-proof is your VPN?

In an excellent Torrentfreak feature, representatives from several prominent privacy-oriented VPN provider explain whether, and to what extent, their services are safe from NSA spying. They cover the state of crypto, the structure of their companies, and the jurisdictional and legal questions they've resolved since the news broke that Lavabit shut down because it was ordered to redesign its service to make snooping possible. Read the rest

VPN company shuts down after Lavabit case demonstrates threat of state-ordered, secret self-sabotage

Cryptoseal has shut down Cryptoseal Privacy, a VPN product advertised as a privacy tool, citing the action against Lavabit, the privacy-oriented email provider used by Edward Snowden. Court documents released in the wake of Lavabit's shut-down showed that the US government believes that it has the power to order service providers to redesign their systems to make it possible to spy on users. Cryptoseal had been operating under the assumption that since it had no way of spying on its users, it was immune to wiretap orders, and the revelation that they may be forced to break their system's security was enough to put them off altogether. Like Lavabit, Cryptoseal was unwilling to advertise a service that was immune from snooping if they might someday be forced to secretly redesign their systems to make snooping possible. Read the rest

Why email services should be court-order resistant

With admirable clarity and brevity, Princeton's Ed Felten explains why Lavabit's owner was right to design his email service to be resistant to court orders. The whole piece is good and important, but here's the takeaway: "At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party—in this case, the government. Meanwhile, over at Guavabit, an employee, on receiving a bribe or extortion threat from a drug cartel, copies user data and gives it to an outside party—in this case, the drug cartel. From a purely technological standpoint, these two scenarios are exactly the same."

As Felten goes on to point out, insider attacks are brutal -- just look at what happened to the NSA when insider Edward Snowden decided to go after it. Read the rest

Lavabit files opening brief in important online privacy case

Kevin Poulsen, Wired News: "Secure email provider Lavabit just filed the opening brief in its appeal of a court order demanding it turn over the private SSL keys that protected all web traffic to the site." Read the rest

'How Lavabit Melted Down'

There's an excellent tick-tock of the Lavabit saga in the New Yorker, by Michael Phillips and Matt Buchanan. Lavabit founder Ladar Levison says he believes even if he hadn’t hosted an email account for Edward Snowden, "Lavabit would eventually have found itself in the position that it’s in now because it 'constitutes a gap' in the government’s intelligence." And that should worry all of us. Read: How Lavabit Melted Down : The New Yorker. Read the rest

Silk Road prosecution: how does the US criminal justice system actually work?

Popehat's Ken White (a former federal prosecutor) uses the arrest of alleged Silk Road founder Ross "Dread Pirate Roberts" Ulbricht to explain how the criminal justice system works, including the difference between a grand jury indictment and a criminal charge, and how to understand sentencing guidelines and "maximum possible sentences." It's a great way to use current events to deepen your understanding of important, complicated systems.

If you enjoy that, you should also check out Ed Felten's post that contrasts the Silk Road story with the shut down of Lavabit to explore how crypto does -- and doesn't -- change the criminal justice system. Read the rest

Unsealed Lavabit docs show that Feds demanded SSL keys

Lavabit founder Ladar Levison speaking at the 2013 Liberty Political Action Conference (LPAC) in Chantilly, Virginia. Photo: Gage Skidmore.

Edward Snowden. Photo: The Guardian/Reuters.

Ever since Lavabit, the privacy-oriented email provider used by whistleblower Edward Snowden, shut down abruptly in August, we've been wondering what, exactly, the Feds had demanded of founder Ladar Levison. As he wrote in his cryptic note, he felt that he was facing an order that would make him "complicit in crimes against the American people" but he was legally unable to say more.

But now, thanks to unsealed records, we're able to get some insight into what the NSA and the Feds demanded of Lavabit (and, presumably, of other companies that have not shut down): first they asked him to decrypt the communications of one of their customers (almost certainly Edward Snowden). When they were told that this wasn't technically possible, they demanded that the system be modified to make it possible, and when Lavabit balked, they got a court order requiring that Lavabit turn over its SSL keys, compromising all of the company's users' communications. Funnily enough, Levison "complied" with this court-order by turning over the keys as 11 pages of 4-point type, but the court didn't go for that. Read the rest

Fundraising campaign for Lavabit/Ladar Levison's legal expenses

Dave Cirilli of says, "Lavabit founder Ladar Levison recently launched an online fundraising campaign on to help pay for legal expenses during his his Fourth Circuit Court of Appeals fight. He's already received over 24K in donations in the last 24 hours. Ladar is also using his page to update supporters on his latest legal developments and Lavabit news." Read the rest

Lavabit's attorneys want court to unseal case files

"Attorneys for an encrypted email service provider that suddenly shut down last month amid murmurings of potential government inference have asked a federal appeals court to unseal portions of their case that are currently being kept confidential." More at RT USA. Read the rest

Schneier on NSA intimidation, and the expanding surveillance state

Internet security expert Bruce Schneier writes about Lavabit founder Ladar Levison's "extreme moral act in the face of government pressure," in closing the security-focused email service rather than complying with a US government order to share user data. "It's what happened next that is the most chilling. The government threatened him with arrest, arguing that shutting down this e-mail service was a violation of the order." Read the rest

How, technically, might the US have snooped on Lavabit?

Ars Technica interviews Ladar Levison, founder of the recently-shuttered secure-er email service. They focus on the logistics and architecture of fed snooping. Levison: "I don't know if I'm off my rocker, but 10 years ago, I think it would have been unheard of for the government to demand source code or to make a change to your source code or to demand your SSL key. What I've learned recently makes me think that's not as crazy an assumption as I thought." Read the rest

Groklaw shuts down over fears of email snooping

Groklaw, an award-winning campaigning website that played a pivotal role in the SCO case (a proxy war in which Microsoft tried to kill GNU/Linux) and others, is shutting down, over the revelation of widespread, deep email surveillance. In an open letter, Pamela Jones, the site's owner, cites the open letter posted by Lavabit founder Ladar Levison when he shut down rather than cooperating in surveillance of his users. Specifically, he said that he'd stopped using email, and if we knew what he knew, we'd stop too.

Jones says that she can't run the site without email, and implies that the knowledge that she'd be putting her sources, collaborators and users in jeopardy of surveillance crossed a line for her. She compares the knowledge that her email is being intercepted by the surveillance apparatus to being robbed when she first moved to NYC, "how deeply disturbing it is to know that someone, some stranger, has gone through and touched all your underwear, looked at all your photographs of your family."

She cites the testimony of Primo Levi, an Auschwitz survivor, who said, "solitude in a Camp is more precious and rare than bread," and recommends the services of Kolab, a Swiss mail-provider, for those looking for a haven from snooping. Read the rest

Lavabit's owner threatened with arrest for shutting down rather than spying on customers

NBC reports that senior US Attorney James Trump sent Lavabit founder Ladar Levison and his lawyer a veiled arrest threat when Levison shut down his private email service (used by NSA leaker Edward Snowden) rather than comply with a secret order to spy on his customers. Nothing more can be said definitively, because the order to Levison came with a gag order prohibiting Levison from discussing it. Everyone is pretty sure that Levison was served with a National Security Letter.

This gives additional context to the decision of Lavabit competitor Silent Circle to pre-emptively shut down its own private email service as well, in advance of any sort of court order. If a secret court can issue a secret order requiring you to spy on your customers, and if shutting down the service will land you in jail, then simply not operating the kind of service that spooks find snoopworthy is the only option. Read the rest

Next page