In 2013, Lavabit -- famous for being the privacy-oriented email service chosen by Edward Snowden to make contact with journalists while he was contracting for the NSA -- shut down under mysterious, abrupt circumstances, leaving 410,000 users wondering what had just happened to their email addresses. Read the rest
Ladar Levison shut down his secure email service Lavabit in 2013, when the Feds served a warrant and gag-order on him, seeking to get him to backdoor his service to let them snoop on someone. Everyone since then has known that the target of the order was Edward Snowden, but Levison faced jail time if he ever admitted it out loud, under the terms of the gag-order. Read the rest
Moving into the house we just bought, I found to my delight a mysterious locked safe at the back of a closet. I've asked a few people how to get into it, and the consensus is either to use powerful microphones to listen in on the tumblers (apparently stethoscopes don't really cut it) or to see if the hinges are weakened by time and can be removed by force without damaging the door or the mechanisms.
Before I get cracking, though, what do you think? I asked the previous owners for the code, but they don't know. They just assumed it was empty. It's a Yale safe.
I know that it's probably full of air, but you never know.
Read the rest
Ladar Levison -- persecuted founder of the now-shuttered private mail service Lavabit, as used by Edward Snowden -- has made great progress on his Darkmail project, a joint initiative with Phil "PGP" Zimmerman's also shut-down Silent Circle private email service. Read the rest
One year ago
Lavabit founder has stopped using email: "If you knew what I know, you might not use it either": Levison’s lawyer, Jesse Binnall, who is based in Northern Virginia — the court district where Levison needed representation — added that it’s “ridiculous” that Levison has to so carefully parse what he says about the government inquiry. “In America, we’re not supposed to have to worry about watching our words like this when we’re talking to the press,” Binnall said.
Five years ago
Stephenson's Orth-speak Hugo acceptance speech: Here's the Orth text of Neal Stephenson's acceptance speech for the Hugo Award for Anathem, snapped at the pre-award reception before we both discovered that our books had been beaten by Gaiman's kick-ass Graveyard Book.
Ten years ago
D&D book reader on ferry hassled by security morons: Thanks to the RNC, there are mandatory bag searches happening on the NJ-NY Ferry. This fellow first got hassled with a re-search for carrying The Player's Guide to Faerun a D&D book, and then the next day, security tried to confiscate his copy of Exalted: The Abyssals as 'inappropriate.'
Read the rest
Writing in the Guardian, Lavabit founder Ladar Levison recounts the events that led to his decision to shutter his company in August 2013. Lavabit provided secure, private email for over 400,000 people, including Edward Snowden, and the legal process by which the FBI sought to spy on its users is a terrifying mix of Orwell -- wanting to snoop on all 400,000 -- and Kafka -- not allowing Levison legal representation and prohibiting him from discussing the issue with anyone who might help him navigate the appropriate law.
Levison discloses more than I've yet seen about the nature of the feds' demands, but more important are the disclosures about the legal shenanigans he was subjected to. In fact, his description of the legal process is a kind of bas relief of the kind of legal services that those of us fighting the excesses of the global war on terror might need: a list of attorneys who are qualified to represent future Lavabits, warrant canaries for the services we rely upon; and, of course, substantive reform to the judicial processes laid out in the Patriot Act. Read the rest
The Australian attorney general has mooted a proposal to require service providers to compromise their cryptographic security in order to assist in wiretaps. The proposal is given passing mention in a senate submission from the AG's office, where it is referenced as "intelligibility orders" that would allow "law enforcement, anti-corruption and national security agencies" to secure orders under which providers like Google, Facebook and Yahoo would have to escrow their cryptographic keys with the state in order to facilitate mass surveillance.
Edward Snowden referenced this possibility in his SXSW remarks, pointing out that any communications that are decrypted by service providers are vulnerable to government surveillance, because governments can order providers to reveal their keys. This is why Snowden recommended the use of "end-to-end" security, where only the parties in the discussion -- and not the software vendor -- have the ability to spy on users.
The "intelligibility order" is the same kind of order that led to the shutdown of Lavabit, the secure email provider used by Snowden, whose creator shut the service down rather than compromising his users' security. Read the rest
In an excellent Torrentfreak feature, representatives from several prominent privacy-oriented VPN provider explain whether, and to what extent, their services are safe from NSA spying. They cover the state of crypto, the structure of their companies, and the jurisdictional and legal questions they've resolved since the news broke that Lavabit shut down because it was ordered to redesign its service to make snooping possible. Read the rest
Cryptoseal has shut down Cryptoseal Privacy, a VPN product advertised as a privacy tool, citing the action against Lavabit, the privacy-oriented email provider used by Edward Snowden. Court documents released in the wake of Lavabit's shut-down showed that the US government believes that it has the power to order service providers to redesign their systems to make it possible to spy on users. Cryptoseal had been operating under the assumption that since it had no way of spying on its users, it was immune to wiretap orders, and the revelation that they may be forced to break their system's security was enough to put them off altogether. Like Lavabit, Cryptoseal was unwilling to advertise a service that was immune from snooping if they might someday be forced to secretly redesign their systems to make snooping possible. Read the rest
With admirable clarity and brevity, Princeton's Ed Felten explains why Lavabit's owner was right to design his email service to be resistant to court orders. The whole piece is good and important, but here's the takeaway: "At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party—in this case, the government. Meanwhile, over at Guavabit, an employee, on receiving a bribe or extortion threat from a drug cartel, copies user data and gives it to an outside party—in this case, the drug cartel.
From a purely technological standpoint, these two scenarios are exactly the same."
As Felten goes on to point out, insider attacks are brutal -- just look at what happened to the NSA when insider Edward Snowden decided to go after it. Read the rest
Kevin Poulsen, Wired News: "Secure email provider Lavabit just filed the opening brief in its appeal of a court order demanding it turn over the private SSL keys that protected all web traffic to the site." Read the rest
There's an excellent tick-tock of the Lavabit saga in the New Yorker, by Michael Phillips and Matt Buchanan. Lavabit founder Ladar Levison says he believes even if he hadn’t hosted an email account for Edward Snowden, "Lavabit would eventually have found itself in the position that it’s in now because it 'constitutes a gap' in the government’s intelligence." And that should worry all of us. Read: How Lavabit Melted Down : The New Yorker. Read the rest
Popehat's Ken White (a former federal prosecutor) uses the arrest of alleged Silk Road founder Ross "Dread Pirate Roberts" Ulbricht to explain how the criminal justice system works, including the difference between a grand jury indictment and a criminal charge, and how to understand sentencing guidelines and "maximum possible sentences." It's a great way to use current events to deepen your understanding of important, complicated systems.
If you enjoy that, you should also check out Ed Felten's post that contrasts the Silk Road story with the shut down of Lavabit to explore how crypto does -- and doesn't -- change the criminal justice system. Read the rest
Ever since Lavabit, the privacy-oriented email provider used by whistleblower Edward Snowden, shut down abruptly in August, we've been wondering what, exactly, the Feds had demanded of founder Ladar Levison. As he wrote in his cryptic note, he felt that he was facing an order that would make him "complicit in crimes against the American people" but he was legally unable to say more.
But now, thanks to unsealed records, we're able to get some insight into what the NSA and the Feds demanded of Lavabit (and, presumably, of other companies that have not shut down): first they asked him to decrypt the communications of one of their customers (almost certainly Edward Snowden). When they were told that this wasn't technically possible, they demanded that the system be modified to make it possible, and when Lavabit balked, they got a court order requiring that Lavabit turn over its SSL keys, compromising all of the company's users' communications. Funnily enough, Levison "complied" with this court-order by turning over the keys as 11 pages of 4-point type, but the court didn't go for that. Read the rest