Forgot your password?
typodupeerror
Encryption Privacy The Courts Your Rights Online

ACLU: Lavabit Was 'Fatally Undermined' By Demands For Encryption Keys 230

Posted by Soulskill
from the understatement-of-the-century dept.
An anonymous reader writes "When encrypted email provider Lavabit shut down in August, it was because U.S. authorities demanded the company release encryption keys to get access to certain accounts. Lavabit's founder, Ladar Levison, is facing contempt of court charges for his refusal to acquiesce to their demands. But now the ACLU has filed a 'friend of the court' brief (PDF) in support of Levison, saying that the government's demand 'fatally undermined' the secure email service. 'Lavabit's business was predicated on offering a secure email service, and no company could possible tell its clients that it offers a secure service if its keys have been handed over to the government.' The ACLU added, 'The district court's contempt holding should be reversed, because the underlying orders requiring Lavabit to disclose its private keys imposed an unreasonable burden on the company. Although innocent third parties have a duty to assist law enforcement agents in their investigations, they also have a right not to be compelled "to render assistance without limitation regardless of the burden involved."' Lavabit is also defending itself by claiming a violation of the 4th amendment has occurred."
This discussion has been archived. No new comments can be posted.

ACLU: Lavabit Was 'Fatally Undermined' By Demands For Encryption Keys

Comments Filter:
  • by fustakrakich (1673220) on Saturday October 26, 2013 @05:47PM (#45247453) Journal

    Fuck that! I have no such obligation

    • by Shavano (2541114)

      You do when they have a warrant.

      • by msauve (701917) on Saturday October 26, 2013 @06:07PM (#45247577)
        You don't when that warrant is ethically and Constitutionally wrong, doubly so when it infringes on the rights of innocent others. Just because the Emperor says he's wearing clothes, doesn't make it so.

        Sure, they'll get pissed and come at you - but that doesn't change the fact that it's the right thing to do.
        • by perpenso (1613749) on Sunday October 27, 2013 @12:21AM (#45249305)

          You don't when that warrant is ethically and Constitutionally wrong ...

          You are mistaken, there is nothing in the Constitution that says you can pick and choose which warrants issued by a valid court you will obey.

          What you are thinking of is called "civil disobedience", and civil disobedience often has a cost. Precisely the sort of thing we are seeing with respect to the contempt charge in this case. Civil disobedience is not an end run around the law nor a get out of trouble free card. What it is is a way to preserve your personal sense of ethics and a way to draw attention to and raise public awareness of an unjust law with the goal of amending or repealing the unjust law.

      • by truedfx (802492)
        Do you? Or is it simply in your best interests to do so, since they would otherwise be allowed to use force to get what they need?
        • by Shavano (2541114)

          Is there a difference between what you can legally be compelled to do and your duty?

          • by Jane Q. Public (1010737) on Saturday October 26, 2013 @06:31PM (#45247719)

            "Is there a difference between what you can legally be compelled to do and your duty?"

            Yes, definitely.

            In the same way that "treason" is betrayal of your people and your country, as opposed to failure to obey your government. This is the fundamental failure made by the German people which allowed the Nazis to come to and maintain power.

            You have a duty to be honorable and ethical. You have an obligation to do what is legal. They are not the same things.

            • Well said Jane, I'd mod you up if you were not already at +5 (note user id :). This is the same reason politicians are regarded as "public servants" in Oz/UK. Their job is to serve the public, and although they have serious problems focusing on that, the other way around is basically the definition of "oppression".
          • "Is there a difference between what you can legally be compelled to do and your duty?"

            In fact, not only are they not the same things, it is not unusual (especially in recent years) for them to be in conflict.

          • by BlueStrat (756137)

            Is there a difference between what you can legally be compelled to do and your duty?

            I think the important question is;

            Is there a difference between what you can illegally be compelled to do despite the illegality, because authorities have decided they don't effectively have any Constitutional limits to their power, and your duty?

            The US is increasingly becoming a typical tin-pot authoritarian hellhole. Only with more food and wealth...for the moment. That, too, will disappear in the very near future, as well as any pretenses that people have any rights or any say at all in their governmen

      • by epyT-R (613989) on Saturday October 26, 2013 @06:15PM (#45247621)

        The due process involved in getting a valid warrant has been stripped of most of its teeth.. Cops can now get warrants over the phone in a matter of minutes. This should not be, but that's how it is now. As a result, a warrant is no longer a guarantee that law enforcement has done any legwork before hassling anyone. Effectively, we are now all guilty until proven innocent.

        • Re: (Score:2, Redundant)

          "The due process involved in getting a valid warrant has been stripped of most of its teeth.. Cops can now get warrants over the phone in a matter of minutes. "

          I don't know where you live, but that sure as hell is NOT the case here. A warrant has to be typed up, and literally signed by a judge, in his/her own handwriting. No rubber stamp allowed. If cops around here try to enter a home without a SIGNED warrant, they are likely to get shot dead.

          • by Xicor (2738029)
            the problem isnt that the warrants arent signed, the problem is that they are signed by a make-believe judge in a make-believe court. the government claims this court exists, but we have no actual proof that any real judging goes on in this "court"
            • by Jane Q. Public (1010737) on Saturday October 26, 2013 @06:53PM (#45247843)
              No, even the FISA court issues signed warrants and court orders. It's just that the subjects of the searches are also issued a gag order, which prevents them from talking about it.

              An unsigned warrant, or no warrant, will still get people shot.

              "Warrantless searches" by the NSA, etc. are not home-invasion-type searches.

              In the case of a "secret" search by the government, the government still has to present the presiding judge with its warrant(s), probable cause, and evidence. It's just that it does so in secret.

              So don't misunderstand me: I'm not saying these things are legal or justified. But even as unconstitutional as they've gotten, they still do have rules and procedures. No "fictitious" judges or courts allowed.
              • by shentino (1139071)

                Even FISA itself admits it's pretty much rubber stamping everything.

                • by Jane Q. Public (1010737) on Saturday October 26, 2013 @08:47PM (#45248401)
                  I meant a literal rubber stamp. Sometimes court clerks have been known to, on order from a judge, use a REAL rubber stamp of the judge's signature on paperwork.

                  There was a case here a long time ago (actually more than one case IIRC), in which warrants were served that were literally rubber stamped. Turned out the police had made a deal to stamp signatures on illegal warrants. The state Supreme Court ruled that a warrant must be signed in the judge's "own hand". In other words... no rubber stamp allowed.
              • by Xicor (2738029)
                what evidence is there to suggest that there is actual probable cause and evidence given to the judge of the secret courts? thats right, there is NONE. for all we know, they are just stamping a yes on every request without any evidence whatsoever. you cant have checks and balances on a system that resides outside the bounds of visibility.
                • "what evidence is there to suggest that there is actual probable cause and evidence given to the judge of the secret courts? thats right, there is NONE. for all we know, they are just stamping a yes on every request without any evidence whatsoever. you cant have checks and balances on a system that resides outside the bounds of visibility."

                  No, that's not true. Don't misunderstand me: I'm not defending the practice. But we need to understand how it actually works.

                  *IF* an American citizen is TRIED for a crime, it still takes place in the public courts. And it has happened on a number of occasions. When that happens, if the government has "secret" evidence, it is supplied to the trial judge (who may be under orders of secrecy regarding it, but the judge still does get to see the evidence).

                  So a "regular" judge DOES still get to see any evid

          • by mcgrew (92797) *

            If cops around here try to enter a home without a SIGNED warrant, they are likely to get shot dead.

            More likely, you'll be the one who is shot dead. And nobody will get in any trouble for killing you. Ever heard of a No-knock warrant? [wikipedia.org]

            • "Ever heard of a No-knock warrant?"

              Yes, of course. But they are the exception, not the rule. They require special circumstances (if, of course, the legal system is operating properly).

              Some states, like Indiana, have laws that specifically say it is LEGAL to resist an unlawful search or detention. The Indiana police really went apeshit when that law was passed. To read their rabid rants on the webpages, you'd get the impression that every grandmother and small child was inherently a cop-killer, and the only thing that prevented them were r

          • by epyT-R (613989)

            Yes, but when law enforcement, esp the feds, throws around the 'terror' card, secret courts that rubberstamp warrants and due process suddenly not applying (esp to 'it-happened-on-the-internet' communications) become the norm. A citizen shooting a cop burns for a long time, illegal search notwithstanding. It shouldn't be this way, but that's how it is now.

            The secret court issue is the big problem. They exist solely to issue warrants under conditions the 'normal' courts otherwise wouldn't. Many times, th

      • by icebike (68054) on Saturday October 26, 2013 @06:36PM (#45247743)

        You do when they have a warrant.

        Well that is the issue being contested here, so you can't say for certain that a warrant is sufficient.

        The government may get a warrant for the contents of one safe-deposit box, but they don't have
        the right to a warrant for the combination to the bank's vault.

        The idea that one person must surrender all of his possessions so that law enforcement can capture another person
        is what is at issue here.

        • by mcgrew (92797) *

          Hammer, meet the nail's head. Where are the moderators? +5 insightful.

        • by tlhIngan (30335)

          The government may get a warrant for the contents of one safe-deposit box, but they don't have
          the right to a warrant for the combination to the bank's vault.

          They did. They got a warrant for a pen register on Snowden's account.

          Lavabit then tried to comply, but they gave back an encrypted log file. The government then requested keys for the logs. But thanks tot he way Lavabit works, doing such a request would be the equivalent of releasing the entire keys to Lavabit.

          So they replied they couldn't do that.

          The n

      • Blatantly wrong (Score:5, Interesting)

        by Okian Warrior (537106) on Saturday October 26, 2013 @07:01PM (#45247887) Homepage Journal

        In the case of Lavabit, the government demanded, and was given, a warrant for the HTTPS private key to monitor the online actions of a couple of defendants. This would allow the FBI to monitor not only the specific defendants, but all Lavabit customers.

        And I want to be totally clear about this: The government asked to install a pen trap device *and* have the private keys which would have allowed it to monitor all Lavabit customers.

        (Unlike phone companies, E-mail providers are under no legal obligation to make surveillance easy, or even possible, by the government.)

        Third parties have a duty to assist law enforcement, but that duty does not extend "regardless of the burden involved". The ACLU argument is that giving over the private keys would have completely destroyed the Lavabit business, which was an unreasonable burden to take in assisting law enforcement.

        You do when they have a warrant.

        Just saying "You do when they have a warrant" is no longer sufficient. There's ample evidence that judicial oversight has been compromised by the FISA court et al., and this is a particularly strong case of government overreach.

        You can't take warrants at face value any more.

  • I'm confused about what the article is saying. Here's an excerpt:

    Lavabit gave up the encryption keys after the government obtained court orders – including a grand jury subpoena and a stored communications act –and an authorised search warrant. The court denied Lavabit's motion to quash the warrants, and when the company failed to do so by the stipulated deadline, the court held Lavabit in contempt.

    "The district court's contempt holding should be reversed, because the underlying orders requiring Lavabit to disclose its private keys imposed an unreasonable burden on the company. Although innocent third parties have a duty to assist law enforcement agents in their investigations, they also have a right not to be compelled "to render assistance without limitation regardless of the burden involved", ACLU said in its brief.

    The first sentence seems to say that Lavabit would give up the encryption keys of specific users in response to a warrant. But, then the next few sentences seem to say that Lavabit fought the warrants and then ended up in "contempt of court" and argues that giving up the encryption keys "imposed an unreasonable burden on the company". (Presumably, giving up the encryption details of any particular client, even in response to a warrant could

    • The entire story is given by this in-depth interview with Ladar himself. http://twit.tv/show/triangulation/125 [twit.tv] I highly recommend this if you are interested. He also explains that he was personally cited in the warrants, so even if Lavabit gos away, Ladar himself is still liable to give up the info.
  • by FuzzNugget (2840687) on Saturday October 26, 2013 @09:31PM (#45248611)
    As I recall, each paying Lavabit customers' email storage was encrypted using a key of the respective customers' choosing. Lavabit did not have these keys and could not, themselves, read customers' email, even if they wanted to.

    So, I'm to believe that you can be charged with contempt for not providing something that you don't have?
    • So, I'm to believe that you can be charged with contempt for not providing something that you don't have?

      No. They wanted Lavabit's SSL keys.

    • How did the mail get into Lavabit's servers in the first place? Did Lavabit costumers send their public keys to all their correspondence partners and ask them to encrypt before sending?

  • by slashmydots (2189826) on Sunday October 27, 2013 @02:59AM (#45249739)
    They have more publicity than they could ever pay for in marketing and they're playing the victim. Hmmm what should they do. IT'S OBVIOUS! Relaunch with a user self-signed system or some sort of peer to peer thing where they don't hold the keys. They just relay the encrypted gibberish and some client software makes a randomized key. That's so idiotically simple, they could throw it together in a heartbeat.

Badges? We don't need no stinking badges.

Working...