None of this is shocking: If you run a commercial communications service, it's your responsibility to comply with legitimate wiretap warrants. As the judge said, setting up your system in such as way as to make tailored compliance extremely difficult or impossible doesn't release you from that requirement.
Exactly. The NSA is allowed to listen in when traffic is unencrypted because there is inherently no expectation of privacy in unencrypted traffic. The FBI has probable cause to receive all keys to everyone's encrypted traffic because you're obviously hiding something criminal.
The question I'd love to ask the heads of these various agencies. In what circumstance does the 4th amendment apply? Seems like we always ask 'is this current procedure justified' with some inevitable pretext found.
Yeah no prob. I'm particularly interested in Lavabit's story, because I'm looking to get off of Gmail and get some degree of privacy. But with how this is going, it looks like I'm going to have to wait for a non-USA company to start a similar service (I'm broke and in the USA, so I'm not in a position to start one myself).
I think the US government is engaging in a massive overreach, and I think that other countries have an opportunity to develop sane data protection laws. Normally, when you want data on one person, you get a warrant for data on that person. The US government, however, has decided that the rational move is to demand indiscriminate access to the records and communications of over 400,000 Lavabit customers.
I skimmed these pages as well, and it seems obvious now that you can no longer trust a legal system to protect your privacy. We (hackers) need to combat this with a technical system.
I would also note that it seems incredibly clear that Ladar Levison knew what was at stake: for himself, for Snowden, for his company, and for his users. His decision to shutter his doors was his last option to protect their 4th amendment rights and I'm absolutely amazed he made the right call here.
It is shocking when FBI uses the secret order for one user to demand the installation of the device which has access to everything of every user, especially when your whole business is to provide secure communication unless the user is specifically targeted.
But I understand that you wouldn't worry if your users have no privacy expectations. Your business wouldn't be affected.
They explicitly state in the court proceedings that if it were possible to give a key which only decrypted the data of the unnamed party, then they would accept that instead of the master private key. Unfortunately such a key did not exist because of the design of Lavabit's software.
But that is not what the FBI was doing. They were not seeking a "legitimate wiretap" -- they wanted full access to everything. This certainly releases you from the requirement as this is illegal activity by the LEO.
None of this is shocking: If you run a commercial communications service, it's your responsibility to comply with legitimate wiretap warrants. As the judge said, setting up your system in such as way as to make tailored compliance extremely difficult or impossible doesn't release you from that requirement.