Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ed Felten: Why Email Services Should Be Court-Order Resistant

Soulskill posted about a year ago | from the it's-not-a-bug-it's-a-feature dept.

Security 183

Jah-Wren Ryel sends this excerpt from Ed Felten at Freedom to Tinker: "Commentators on the Lavabit case, including the judge himself, have criticized Lavabit for designing its system in a way that resisted court-ordered access to user data. They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access? The answer is simple but subtle: There are good reasons to protect against insider attacks, and a court order is an insider attack. To see why, consider two companies, which we’ll call Lavabit and Guavabit. At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party—in this case, the government. Meanwhile, over at Guavabit, an employee, on receiving a bribe or extortion threat from a drug cartel, copies user data and gives it to an outside party—in this case, the drug cartel. From a purely technological standpoint, these two scenarios are exactly the same: an employee copies user data and gives it to an outside party. Only two things are different: the employee’s motivation, and the destination of the data after it leaves the company."

cancel ×

183 comments

Sorry! There are no comments related to the filter you selected.

Are they completely blind? (5, Insightful)

Anonymous Coward | about a year ago | (#45140315)

So a court case that was created as a knee-jerk response to Snowden is arguing that organizations shouldn't take steps to prevent leaks like Snowden .....

Re:Are they completely blind? (-1)

Anonymous Coward | about a year ago | (#45140317)

Second!!

Re:Are they completely blind? (4, Funny)

tchdab1 (164848) | about a year ago | (#45140331)

Or, put another way, the court cannot perceive how it is the same as an extortion ring.

Re:Are they completely blind? (4, Insightful)

MrKaos (858439) | about a year ago | (#45140355)

Or, put another way, the court cannot perceive how it is the same as an extortion ring.

No, the court hasn't perceived it from the perspective of a citizen issue where the motivations are to commit a criminal act, such as fraud against citizens. They are currently blind to unlawful uses of what they consider to be legitimate access rights. The court has to be educated as to why this is a bad thing (tm).

Re:Are they completely blind? (3, Insightful)

Anonymous Coward | about a year ago | (#45140477)

The courts need to be educated that if encryption is properly done it's like asking them to hand over the moon, You can order them to do it but that doesn't mean it's possible.
Since encryption is legeal some things are beyond the court's grasp. That is the lesson that must be taught.

they'll order to change the system. (1)

gl4ss (559668) | about a year ago | (#45140885)

but they'll order to silently insert a backdoor/middleman access.

this is why lava quit.

so that system better be hosting and operating somewhere else than usa, china or number of other countries...

Re:they'll order to change the system. (4, Informative)

Sun (104778) | about a year ago | (#45141217)

Technically, the sequence was a little more complicated.

They were ordered to insert a backdoor. They ignored the order. The government then asked to get the master key. At that point they consented to putting the backdoor in, but it was too late. When they were ordered to hand the master key, they quit.

Shachar

Re:they'll order to change the system. (4, Informative)

jkflying (2190798) | about a year ago | (#45141249)

Feds asked without a court-sanctioned warrant to insert a backdoor. When LavaBit didn't respond, Feds got a warrant, but this time to hand over the SSL private key. That''s when LavaBit decided that it was useless trying to fight, and quit instead.

Re:Are they completely blind? (2)

intermodal (534361) | about a year ago | (#45142129)

It's not the court so much as legislators that need to be made aware of just how this is a bad thing. They actually write laws, while courts make them up as they go.

Re:Are they completely blind? (1)

Gr8Apes (679165) | about a year ago | (#45142389)

The court needs to understand that proper encryption is similar to those little ink filled theft prevention tags to clothes, that can "only" be removed with a special device, except there exists only 1 such device per subset of tags, and that should one choose to hit the device with a hammer, you run the very real risk of destroying the item you're interested in accessing. So unless they will rule all such devices and mechanism illegal, they will need to realize that some things are beyond their ability to request without cooperation.

Re:Are they completely blind? (5, Insightful)

Anonymous Coward | about a year ago | (#45140603)

That's self-consistent and consistent with the way lawyers and judges view the world. In their view, the rules of society aren't defined by the way the world is, but by the way the legislative wants them to be. In their view, upholding the rules is not the job of engineers. It's the job of the police, and justice is the job of lawyers and judges. Lawyers and judges have no problem with telling you that you're wrong to say that 3+2 equals 5 if the law says that it's wrong. By making a system which is resistant to court orders, you're making it impossible for them to uphold the law, and even if you do so to prevent a violation of the law (an illegal leaking of information), that's still wrong, because upholding the law is their job, not yours.

Re:Are they completely blind? (2)

Dr Damage I (692789) | about a year ago | (#45140875)

Unless it's a civil liability lawsuit, in which case exactly the same thing amounts to negligence.

Re:Are they completely blind? (-1)

Anonymous Coward | about a year ago | (#45140989)

Your mindset is the one of the obedient, Catholic subject of an absolutist pope or an absolutist King or Emperor.

If the government starts to invade our rights, there is NOBDOY to fight for our rights except WE OURSELVES. As the people of France demonstrated, ultimately justice is in the hands of the people, not the "professionals". Police cannot be everywhere and they can't lock up everybody if everbody started to use GNUpg. Rather, strong cryptography would become an "established custom and god-given right" in our realm.

Given that many governments have grown into (semi-) Catholic tyrants, we simply need to establish our rights by using strong cryptography as a matter of general practice, even on the most trivial communications.

If they start to lock us up for that, ask them whether they want to share Louis XIV's fate. Look them straight in the eyes and ask them. This is going to scare the living shit out of them if it happens often enough. Thereby, we the people, exercise justice and (effectively) government.

Realistically speaking, they can't do anything against us using strong crypto and they can't do anything against us calling them SEMI-CATHOLIC TYRANTS. Make a picket and display it in front of the train station. Do something. Freedom is work, not FUCKING CONVENIENCE.

Re:Are they completely blind? (0)

Anonymous Coward | about a year ago | (#45141145)

Your anger clouds your judgment. Before you make further comments about my mindset, take a deep breath and read what I actually wrote.

Re:Are they completely blind? (2)

foniksonik (573572) | about a year ago | (#45141721)

adjective
adjective: catholic;adjective: Catholic
1.
(esp. of a person's tastes) including a wide variety of things; all-embracing.
synonyms: universal, diverse, diversified, wide, broad, broad-based, eclectic, liberal, latitudinarian; More
antonyms: narrow

That word doesn't mean what you think it means.

Re:Are they completely blind? (1)

TheJediGeek (903350) | about a year ago | (#45142403)

It was Louis XVI that was beheaded, not Louis XIV. Louis XIV died of gangrene at age 77.

Good model (4, Insightful)

gweihir (88907) | about a year ago | (#45140341)

This model describes the problem pretty well. Of course it can be extended: What if the judge or (given an over-broad wiretap order) the police is in league with the attacker, freely or by coercion? That is not unheard of either.

Re:Good model (4, Insightful)

Jane Q. Public (1010737) | about a year ago | (#45140367)

Besides: the court has another, arguably "more American" avenue: it can order the defendant to turn over the information. (If, that is, it doesn't violate his 5th Amendment rights.)

I never did buy this concept that just because you have a business deal with someone, the court could order THEM to turn over personal papers related to you. Seems to me, the same standard of getting a warrant should apply. Otherwise, the whole purpose of warrants is being subverted.

Let the courts criticize. There's not a damned thing they can do. They have no legal authority to order people to make their websites police-friendly.

Re:Good model (2, Insightful)

bruce_the_loon (856617) | about a year ago | (#45140427)

Um, a warrant is a court order. The investigators explain to the judges what they suspect, why they suspect it and what and where they need to look to get more evidence. The judge then issues the warrant. Legality of the source of the evidence used to obtain the warrant can be challenged in the future case and will affect the chain of admissibility.

Warrants don't just apply to the defendant directly, and are issued on a one-sided basis to prevent destruction of evidence by the defendant.

Re:Good model (1)

brainboyz (114458) | about a year ago | (#45140475)

You missed the court case news earlier this week.

Re:Good model (5, Insightful)

Anonymous Coward | about a year ago | (#45140499)

But, as the story yesterday showed, only the company the warrant is issued against can challenge it, not the person they want to collect information about.

So they may well violate your 5th amendmend rights, but the only ones who can do anything about it, is a company whose primary purpose is to minimize cost and maximize shareholder value. Not to protect your rights.

So, adding 2 and 2 together, you don't have any rights.

Re:Good model (0)

Anonymous Coward | about a year ago | (#45140605)

But i was told "This is the land of the FREE." I guess they were talking about the government being free to do what ever they wanted.

Re:Good model (2)

khallow (566160) | about a year ago | (#45140871)

So they may well violate your 5th amendmend rights

I don't see it since the primary aspect of the Fifth Amendment is constraints on forcing self-incrimination. Evidence provided by other parties just doesn't qualify, even if it originally came from you, unless it requires you to register evidence of a crime (say a federal law requiring Facebook users to register with Facebook any illegal drug trades they conduct via Facebook). Maybe you're speaking of the Fourth Amendment which is about constraints on searches and seizures?

Re:Good model (2)

Jane Q. Public (1010737) | about a year ago | (#45140895)

I don't see it since the primary aspect of the Fifth Amendment is constraints on forcing self-incrimination. Evidence provided by other parties just doesn't qualify, even if it originally came from you, unless it requires you to register evidence of a crime (say a federal law requiring Facebook users to register with Facebook any illegal drug trades they conduct via Facebook). Maybe you're speaking of the Fourth Amendment which is about constraints on searches and seizures?

But I think you're both missing the point I was making. If I have a private business deal with someone else, and it requires a probable-cause warrant to get information about it from ME, why should it take any lower standard of evidence to get it from someone else? Where is the justification for that?

Completely aside from the 5th Amendment, it appears to me to be a rather blatant attempt to get around the "probable cause" requirement.

Re:Good model (1)

Registered Coward v2 (447531) | about a year ago | (#45141199)

But I think you're both missing the point I was making. If I have a private business deal with someone else, and it requires a probable-cause warrant to get information about it from ME, why should it take any lower standard of evidence to get it from someone else? Where is the justification for that?

Completely aside from the 5th Amendment, it appears to me to be a rather blatant attempt to get around the "probable cause" requirement.

There really isn't a lower standard that says you don't need a warrant to force disclosure. The prosecution can ask you to turn over information, if you refuse, they get a warrant. Voluntarily giving information doesn't require a warrant, no matter who does the giving. Now, we can question what is a minimal standard for "probable cause" and does the fact you used a particular email service constitute probable cause that you may have sent incriminating emails and thus warrant a judge issuing a warrant; but that is different argument.

Re:Good model (1)

Eskarel (565631) | about a year ago | (#45141911)

They can always ask, Lavabit refused, so they came back with a warrant.

The problem in reality is that society has an interest in ensuring that criminals are caught and prosecuted. It also has an interest in ensuring that impacts to privacy are minimized. It's a fairly difficult balance to strike at the best of times, but encryption, as it stands anyway, is kind of an all or nothing deal.

It's patently absurd to give the federal government the keys to the kingdom, but it's also patently absurd to say that criminals should get away with it because they used encryption. I don't have an answer, but "nuh uh I used encryption" sure as hell ain't it.

Re:Good model (1)

ATMAvatar (648864) | about a year ago | (#45142455)

There is a market solution to the above scenario. Stop doing business with companies who do not go to bat for their customers.

Re:Good model (4, Informative)

Jane Q. Public (1010737) | about a year ago | (#45140867)

"Um, a warrant is a court order. The investigators explain to the judges what they suspect, why they suspect it and what and where they need to look to get more evidence. The judge then issues the warrant. "

You are nitpicking, and not even doing it well.

While a warrant is technically a kind of court order, there are other kinds as well. What is commonly referred to as a "court order", a "search warrant", and a "subpoena". They are ALL court orders, but they differ in the standards of evidence that is required for each.

What is commonly called a "court order" has a very low evidence threshold, or even none at all. You are "ordered" by the court to appear on a certain date. You are "ordered" by the court to pay reparations to someone you defrauded. Etc.

A subpoena also has fairly low standard of evidence. You can be subpoenaed by courts for a number of reasons, and there are a great many situations in which a subpoena has no force or can be quashed.

In order to issue a warrant, on the other hand, the court must be shown probable cause. This is a higher standard than either of the other examples above.

However, a defendant's 5th Amendment rights override both warrants and subpoenas. No court in the nation has the authority to violate the 5th Amendment, for any reason.

Re:Good model (-1)

Anonymous Coward | about a year ago | (#45141081)

However, a defendant's 5th Amendment rights override both warrants and subpoenas. No court in the nation has the authority to violate the 5th Amendment, for any reason.

And you're missing the bit about destruction of evidence as well.

I find that when people go the the Constitution to explain how a law works to me, they're about as correct as those that argue 1+1=2 so there's a problem with those quantum electrodynamics calculations.

Knowing fundamentals is good. Things tend to be a bit more complicated after that.

(And sometimes even the Constitution is unclear, such as the debate about the debt ceiling and whether the 14th amendment applies to it.)

Re:Good model (3, Insightful)

Anonymous Coward | about a year ago | (#45140649)

The Feds have justified warrentless wiretapping on the basis that an -mail is like a post card, that everyone can read. The courts have ruled that an e-mail stored on a server unencrypted in like a postcard, and thus is not entitled to consitutional privicay protections. A system set up to avoid leaving an unencrypted copy on the mail server requires no further justification than preserverving constitutional rights to privacy that exist in oridnary snail mail.

Re:Good model (0)

Anonymous Coward | about a year ago | (#45142049)

Sounds like a good way to think about it.

When one sends snail mail, one can choose to use a sealed envelope or post card.
The accessability to others is different, but there is no concept that the mailer did something bad by choosing the envelope.

A sophisticated person in the middle might be able to open the envelope.
The sender fearing this, might choose a more sophisticated envelope.
I don't see why this implies that the mailer or maker of the envelope is doing something bad.

Now we have a new sort of mail and folks with demonstrated reason to fear folks in the middle.
In response to market demand, Lavabit made a better envelope.
There is no question that there are legimate uses for this service.
This seems a sufficient argument the Lavabit did nothing wrong in making a better envelope.
Labavit shouldn't have to arrange their affairs to make life easier for the search.

On the other hand, telephone companies are required to arrange thier afairs to make intercept easier.
(See CALEA.) This requires the phone company to provide access to whatever contents they have.
If their customers choose to talk in code, an intercepter is out of luck because the phone company has nothing to do with the code.

The difference with Lavabit is that they provided both the communication and facilitated the coding service.
It seems the legal flaw in this scheme is that they are holding keys useful for sorting out the coding.
In order for the end customer's mail clients to access these coded envelopes, they must generate session keys.
    This depends on trusting some common intermediary, but allows the ends to communicate without having a previously safely distributed key pair.

If the clients choose instead to trust an assortment of different intermediaries beholding to different jurisdictions, the legal story might be different.
    This amounts to a more sophisticated scheme protecting the inside of the envelope.

It seems a simpler scheme might be for Lavabit to have no master key, and instead generate random session keys and send them to each client using the client's public/privatekey pair.
The outside of the envelope would be visable in Lavabit's servers for a short time, but otherwise, only visable at the ends.

There should be nothing wrong with the end customers choosing to arrange thier communications to place the intercepter out of luck.
It's expected that a business arrange their financial affairs to minimize their taxes.
This includes choosing which juristiction to do business in.
Seems like choosing your trust authorities in a similar manner should be fair.
      And unfortunately necessary.

It seems likely that smart bad guys already are way ahead of all this.
It's too bad the good guys need resort to such measures to get the same security that the bad guys likely already enjoy.

As a practical matter, it seems unlikely anybody can put the coding genie back in the bottle.

Re:Good model (0)

Anonymous Coward | about a year ago | (#45141749)

Actually, the court can order it but that doesn't mean the defendant will do it and that is the crux of the problem.

The same standards do apply for warrants to third parties.

And, you are wrong, the court does have the legal authority to order people to make their websites police-friendly, it all revolves around the law and actions taken by the police.

You seem to be pretty ignorant of the law. Perhaps you should wait until you are out of junior high school before making comments, "Jane".

Re:Good model (3, Informative)

pla (258480) | about a year ago | (#45142471)

They have no legal authority to order people to make their websites police-friendly.

You sure about that? [wikipedia.org]

In fairness, CALEA requires backdoors from telecom firms, not independent website operators - Yet. But it already crossed that exact line, of requiring non-governmental entities to actively undermine their own best interests solely for the possible future convenience of the government.


/ Hand me my fiddle.

Re:Good model (1)

Anonymous Coward | about a year ago | (#45140495)

What if the judge is actually an alien or a dinosaur.. gasp, what if they've traveled through time and are actually nazi spies? WHAT IF THE JUDGE IS BIN LADEN? holy fuck, why will no one think of the honorable judge laden and protect against potential attacks by him?!

Arguing to circumvent an entire aspect of a legal system because of one-off's that more or less are only going to happen in theory as a justification for your own biased belief structure is pretty dense.

Re:Good model (0)

Anonymous Coward | about a year ago | (#45140617)

Fuck you and your legal system.

Re:Good model (1)

AlphaWoIf_HK (3042365) | about a year ago | (#45140773)

It makes perfect sense to me. Taking into account the possibility of corruption or abuse is what any intelligent person should do, and since freedom is more important than safety, it absolutely makes sense to try to make it much more difficult for even the government to get access to people's information.

Re:Good model (1)

Yaur (1069446) | about a year ago | (#45140977)

One missing piece: Auditing. At the organisation that I'm writing software for (which handles fairly sensitive data) no one, not the NSA, not a drug cartel has the ability to access data without leaving a trace.

Re:Good model (0)

Anonymous Coward | about a year ago | (#45141421)

One missing piece: Auditing. At the organisation that I'm writing software for (which handles fairly sensitive data) no one, not the NSA, not a drug cartel has the ability to access data without leaving a trace.

Really? How did you convince management to committee to buying more storage every year to hold the unshrinkable audit log files?

Re:Good model (1)

Sarten-X (1102295) | about a year ago | (#45141665)

As a point of reference, at a financial company I worked at, the audit logs for several decades of account data came in at just about 1 GB. That particular system only logged changes to clients' accounts, but still... audit logs can be pretty small, and storage is cheap.

Re:Good model (2)

cornjones (33009) | about a year ago | (#45142275)

We do the same, everything is audited and the data is held since the beginning of the system. We manage the size of backups w/ RO sections that are only synced once, etc. keeping things on disk is pretty cheap.. consider it a cost of doing business.

Extending the model (3, Interesting)

davecb (6526) | about a year ago | (#45142201)

Imagine that one wishes to prevent subversion by drug cartels but honour (or appeal) court orders. This is the problem that public libraries have dealt with since their creation. Someone always wants to know what person X has been reading, in hopes of using it against them....

Library software is normally written to preserve privacy, and discard the record that "X has book Y" when the book is returned. It can be written this way because several of the countries where it is sold require privacy as part of their legal system. Purchasers in other countries get privacy as a side-effect.

Countries prohibiting privacy would require a special version for a quite limited market, and the library software companies aren't motivated to deal with them: just doing an internationalization/localization to get into a small market is hard enough!

When an individual library is served with a court order, they can honour it by doing a lookup once a day and writing X's new books down on a piece of paper. As this doesn't scale, and is also a credible cost, the willingness of courts to order it is reduced, and the damage to privacy is limited.

Applying this to email, one wishes to keep routing data only until a message is delivered to the next host and we get a "250 OK" from SMTP. If a court wishes to collect that metadata, they can station an officer with a laptop at the ISP and gobble up the packets routed to/from him. This is onerous, and in Canada at least requires a "wiretap warrant", which the courts restrict more than ordinary search warrants.

The person wishing to provide this kind of information to a drug cartel has the same hard task, and is also more likely to be detected by the ISP.

To oversimplify, we're keeping far too much information about email: an author or vendor should take notice of the privacy laws of their preferred markets and discard debugging/diagnostic information at the end of a successful delivery. If they wish to cover themselves against customer complaints, they might send delivery notices that the customer can read or filter out at their convenience.

--dave

Re:Good model (1)

Bite The Pillow (3087109) | about a year ago | (#45142323)

Not really. The accepted way to track live data is installing a device that copies relevant data, which was requested of lavabit. A rogue employee would have a hard time sneaking that in, making it much easier for legitimate eavesdropping. That negates the whole argument for live capture.
For static capture, encryption per person has always been more attractive than using sitewide keys, but leaving the user in charge of the keys is the only option for security minded users.
Lavabit objected to the live capture because it would expose everyone, which exceeded the bounds of the order, and a judge complained that the service was poorly engineered if it could not accommodate. This appears to argue that it is poorly designed if it can accommodate.
I would have to argue that allowing law enforcement legally requested access to isolated data in a way that is not overly broad is not unreasonable.
Designing it to be difficult to tap without raising red flags is not impossible.
The only question then is whether the preparation for warrant access degrades service for the normal user, Luke Skype and facetime recently. If so, sorry but we have a business to tun.

I love the comparison (2)

OhANameWhatName (2688401) | about a year ago | (#45140365)

Only two things are different: the employee’s motivation, and the destination of the data after it leaves the company

The government won't generally kill you, just lock you up. The cartels won't generally lock you up, they just kill you. Not much difference really.

Re:I love the comparison (2)

viperidaenz (2515578) | about a year ago | (#45140375)

Yeah, I'd like to appeal my murder...

Re:I love the comparison (5, Informative)

Anonymous Coward | about a year ago | (#45140501)

Yeah, I'd like to appeal my murder...

Yeah, lots of others would like to appeal theirs' too.

http://en.wikipedia.org/wiki/Wrongful_execution#United_States [wikipedia.org]

Cameron Todd Willingham was executed February, 2004, for murdering his three young children by arson at the family home in Corsicana, Texas. Nationally known fire investigator Gerald Hurst reviewed the case documents, including the trial transcriptions and an hour-long videotape of the aftermath of the fire scene and said in December 2004 that "There's nothing to suggest to any reasonable arson investigator that this was an arson fire. It was just a fire."[12] In 2010, the Innocence Project filed a lawsuit against the State of Texas, seeking a judgment of "official oppression".[13]

Statistics likely understate the actual problem of wrongful convictions because once an execution has occurred there is often insufficient motivation and finance to keep a case open, and it becomes unlikely at that point that the miscarriage of justice will ever be exposed. In the case of Joseph Roger O'Dell III, executed in Virginia in 1997 for a rape and murder, a prosecuting attorney argued in court in 1998 that if posthumous DNA results exonerated O'Dell, "it would be shouted from the rooftops that ... Virginia executed an innocent man." The state prevailed, and the evidence was destroyed.[14]

Johnny Garrett of Texas was executed February, 1992, for allegedly raping and murdering a nun. In March, 2004, cold-case DNA testing identified Leoncio Rueda as the rapist and murderer of another elderly victim killed four months prior.[15] Immediately following the nun's murder, prosecutors and police were certain the two cases were committed by the same assailant.[16] In both cases, black curly head hairs were found on the victims, linked to Rueda. Previously unidentified fingerprints in the nun's room were matched to Rueda. The flawed case is explored in a 2008 documentary The Last Word.

Jesse Tafero was convicted of murder and executed via electric chair May, 1990, in the state of Florida for the murders of two Florida Highway Patrol officers. The conviction of a codefendant was overturned in 1992 after a recreation of the crime scene indicated a third person had committed the murders.[17]

Carlos DeLuna was executed in Texas in December 1989. Subsequent investigations cast strong doubt upon DeLuna's guilt for the murder of which he had been convicted.[18][19]

Thomas and Meeks Griffin were executed in 1915 for the murder of a man involved in an interracial affair two years previously but were pardoned 94 years after execution. It is thought that they were arrested and charged because they were not wealthy enough to hire competent legal counsel and get an acquittal.[20]

Chipita Rodriguez was hanged in San Patricio County, Texas in 1863 for murdering a horse trader, and 122 years later, the Texas Legislature passed a resolution exonerating her.

The list of wrongly jailed for life is too long to list.

Re:I love the comparison (1)

shentino (1139071) | about a year ago | (#45141159)

Wow.

The fact that the state would be embarrassed was actually used as evidence to keep things hush hush?

Not too far from getting hanged for insulting the king.

I have a much better idea:

Anyone knowingly provoking a false execution is guilty of murder. Gives an incentive to people not to botch a capital case, and as a face saving measure the state can shift the blame off of itself and retain its dignity.

Re:I love the comparison (1)

Sun (104778) | about a year ago | (#45141743)

The law already has this (IANAL). If you fudge evidence to support your case, and then ask and recveive the death penalty, you are already committing murder.

The probelm isn't so much that a prosecutor would be breaking the law, as the fact that prosecutors are completely and utterly immune to any misconduct perfromed while performing their duty. It is all but impossible to even sue the DA office for damages, even if you prove your case.

Shachar

Re:I love the comparison (0)

Anonymous Coward | about a year ago | (#45140435)

The government won't generally kill you, just lock you up.
Maybe that was the case in the past, but why do you think the govt has bought hundreds of millions of rounds of ammo over the past year?

Re:I love the comparison (0)

viperidaenz (2515578) | about a year ago | (#45140519)

Because it needs over 300 million bullets to shoot all its citizens?

Re:I love the comparison (0)

Anonymous Coward | about a year ago | (#45140695)

The government won't generally kill you

In the U.S., they can. They do it quite often even.

Re:I love the comparison (1)

gweihir (88907) | about a year ago | (#45141295)

You must be unaware of what the US administration is currently doing with drones...

Re:I love the comparison (1)

Sarten-X (1102295) | about a year ago | (#45141681)

...the same thing they've always done with raiding parties, spies, bombers, and strike fighters, but now they're doing it more accurately and with no risk to the pilots?

NSA - same difference (0)

Anonymous Coward | about a year ago | (#45140415)

A backdoor (like the ones the NSA makes manufacturers put in) does not care whether the person using it is in law enforcement solving a case or is a criminal looking for opportunities.

Life, Liberty, or Property? (4, Insightful)

10101001 10101001 (732688) | about a year ago | (#45140429)

Commentators on the Lavabit case, including the judge himself, have criticized Lavabit for designing its system in a way that resisted court-ordered access to user data.

What next? Complaining about hidden compartment in desks?

They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access?

Oh, I don't know...because of "life, liberty, and the pursuit of happiness"? I don't know about you, Mr. Judge, but I personally don't want a court, court-ordered or not, snooping on my life--such inherently is a big way to disrupt my happiness. But, even if we forgo the DoI and move to the CotUS, it's "life, liberty, and property". Well, whether you view it as the user's property or Lavabit's property, they sure as fuck can do what they want with it. What part of any of that should be to make the court's job easier? Why would they seek to bend over backwards for any court?

Of course, the big one is liberty. The biggest liberty of all is exploring the possibilities of math and the universe. And that heavily flows into attempts to make functionally unbreakable encryption resistant to even the US government. And is also flows from the point of just being a general asshole, which God Bless the United States of America, is very much recognized as a Creator given right. Clearly the judge is exercising it when he shows contempt for other people daring to live their lives in ways he doesn't like.

Honestly, though, I do not try to be too much of an asshole. And I do recognize that there does need to be a means for courts and court-orders to function. The problem the judge seems to realize--and honestly why the NSA keeps getting the go ahead--is that criminals are most inclined to use those sorts of tools to hide their activities. The good response should be the obvious: most criminals don't go through the bother because they don't think they'll be caught and the rest are almost always found before the court-order (after all, you have to have evidence to get that far) or the court-order is a very inappropriate fishing expedition. All a court-order is there for is to solidify a case, not to make one. And so the very notion that there's something wrong with efforts to make their case inherently harder to prove is, well, fine by me. It almost always just means the prosecutor and the police have to work a bit harder to prove their case, if they care enough to go through the effort. The real limit of justice then is not the strength of encryption or the willingness of first or third parties to comply with handing over incrimination evidence. It has almost everything to do with running a decent investigation in the first place.

PS - *sigh* The NSA part was probably unnecessary, but it reeks of the same stupidity and with the same sorts of results. Trying to find a needle in a haystack is easier because at least then you know you're looking for a needle. And if, by analogy, you know you're looking for a specific terrorist plot in a general time frame with certain people, you're already 90% of your way towards having a prosecutable case and a pathway to find accomplices.

Re:Life, Liberty, or Property? (0)

Anonymous Coward | about a year ago | (#45141809)

I don't know why your comment was rated insightful. It is pretty idiotic. You actually shoot yourself in the foot by referencing "life, liberty, and the pursuit of happiness" when this is all about what is a compromise between privacy and the rights of the police and court to investigate crimes.
 
 

Honestly, though, I do not try to be too much of an asshole.

One can't tell that from your quote. You are pretty much a massive asshole who is seriously lacking in critical thinking skills.
 
Please get raped and then set on fire and die slowly in excruciating agony.

Re:Life, Liberty, or Property? (1)

LurkNoMore (2681167) | about a year ago | (#45142177)

What next? Complaining about hidden compartment in desks?

I was thinking that the court can just order all paper to be made un-burnable. Because what's to stop me from writing a juicy secret on a piece of paper, handing it to you and when you're done reading it, you burn it? Sounds like either candles should be outlawed or loose leaf paper should be made out of asbestos and kevlar.

You mean only one thing is different. (4, Insightful)

mosb1000 (710161) | about a year ago | (#45140467)

Only two things are different: the employee’s motivation, and the destination of the data after it leaves the company.

Actually, the employee's motivation is likely the same as well. And the destination seems to getting more similar every day.

I'm not sure Ed Felton knows what is up (4, Informative)

YesIAmAScript (886271) | about a year ago | (#45140481)

As to his comment about turning over the master key, it would have made no difference if they had protections on their master key. They didn't turn over their master key anyway. They did shut down, and they would have had to shut down either way. Because if they didn't shut down and had their key secure (say in an RSA box), the government would have just compelled to give them access to their key to sign stuff or to present as a credential. In other words to impersonate them.

The only way to avoid all this was to just shut down so there could be no mistake. If that key is used again, you know it's the NSA doing it, not Lavabit.

I would love to hear how Ed Felten thinks a private key can be both kept inaccessible and used tens of thousands of times a day to secure SSL connections.

Even if you keep it in a box, if the box will gleefully operate on the key thousands or millions of times a day, then you can just virtualize the key to a remote location (like say NSA HQ) by forwarding any requests to use the key to the box across the net. No need to even have the key at all in that case.

Re:I'm not sure Ed Felton knows what is up (0)

Anonymous Coward | about a year ago | (#45140851)

You use multi party computation to put the components of the key in jurisdictions which will not cooperate with each other (servers in the Congo, Sweden, China and the US should do it). You are after all using it to secure something that doesn't need to be done in near real time. Email is asynchronous in nature and the delay is perfectly reasonable if you want that sort of security.

Re:I'm not sure Ed Felton knows what is up (2)

Jah-Wren Ryel (80510) | about a year ago | (#45141059)

As to his comment about turning over the master key, it would have made no difference if they had protections on their master key

If they had designed the system to not have a master key, such that each user had their own keypair and each user had sole possession of their specific decryption key then they would have been immune to the insiders - cartels or DoJ.

Bottomline... (2, Insightful)

duke_cheetah2003 (862933) | about a year ago | (#45140505)

If you don't want someone else to see it, stop putting it on the internet.

Internet was NEVER EVER a means of private communication.. we've tried to make it that way for what, 20 years now? It's not going to happen. Keep your personal tidbits off the net if you don't want others finding them.

Try using the tried and true encryption method. A piece of paper inside an envelope, with a stamp and an address. It's slower, but it's a lot more private than you'll EVER GET on the internet, now or in the future.

Re:Bottomline... (1)

ttucker (2884057) | about a year ago | (#45140587)

Try using the tried and true encryption method. A piece of paper inside an envelope, with a stamp and an address. It's slower, but it's a lot more private than you'll EVER GET on the internet, now or in the future.

Said no cryptographer ever. Sending your communique in plain text is never encryption. You might argue it is stenography... but the mail, pretty fucking obvious. Each piece of mail is scanned, metadata is kept, pieces of interest are opened. That is not the least of your problem either. Do you think wifi is insecure? What about the mailbox? Mail theft is a real problem. If someone wants specific information about you, the cheezy lock on your mailbox is not going to do shit.

Re:Bottomline... (0)

duke_cheetah2003 (862933) | about a year ago | (#45140873)

In our culture of laziness you think the NSA is gunna bother steaming and opening letters in this day and age? Puhleeze. I'm laughing.

But yes, the use of the word encryption was improper, so I'll give you that. But I think my point was made even if I used the wrong word.

Re:Bottomline... (1)

myowntrueself (607117) | about a year ago | (#45142025)

In our culture of laziness you think the NSA is gunna bother steaming and opening letters in this day and age? Puhleeze. I'm laughing.

But yes, the use of the word encryption was improper, so I'll give you that. But I think my point was made even if I used the wrong word.

I heard that the Stasi had factories filled with machinery specifically designed to open and reseal letters IN BULK.

Re:Bottomline... (0)

Anonymous Coward | about a year ago | (#45140913)

You Betcha the MIC/SIC has developed a machine which can X-Ray enveloped letters and get the entire written content in a matter of seconds. Then it is OCRed and forwarded to NSA for further perusal. Go to the GP if you want to know how this kind of apparatus works - they call it "tomography".

You can nicely pipeline or parallelize the whole thing. Optimize the X-ray sensors, optimize the sensor or letter roation platform and you can push down the entire process to the sub-second scale.

If you know modern electronics, modern physics, modern software, this is definitely in the realm of the possible. Billions can be made with this sort of thing. So it's done.

Will they use it on everybody ? Only if it is cheap enough. Which is a matter of time.

Re:Bottomline... (0)

Anonymous Coward | about a year ago | (#45141509)

Then for sensitive communications via mail, encrypt the content, sign it, and provide a printed hash of the encrypted content to ensure the OCR has scanned it correctly.

Re:Bottomline... (0)

Anonymous Coward | about a year ago | (#45140949)

Internet was NEVER EVER a means of private communication..

It was also NEVER EVER meant anyone other than the endpoint to look at the payload.
Just because it wasn't meant for one thing doesn't mean it was meant for the opposite either.

Considering the origin of the Internet I suspect that the reason the payload isn't encrypted by default is because no-one thought that it would be used to connect computers over a network where the middle-points and the endpoints didn't belong to the same organization.

Re:Bottomline... (3, Insightful)

oodaloop (1229816) | about a year ago | (#45141303)

Try using the tried and true encryption method. A piece of paper inside an envelope, with a stamp and an address.

That has got to be one of the dumbest comments I've ever heard on the internet. Wow. Just, wow.

The real subtle reason. (5, Insightful)

ttucker (2884057) | about a year ago | (#45140539)

They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access?

The real answer question is, in what fucking world is it appropriate for courts to say what a private company programs?!? If the encryption is not illegal (it shouldn't be either way, but encryption is still legal in the US) the judiciary has no business saying whether it should be used or not.

Re:The real subtle reason. (1)

gnasher719 (869701) | about a year ago | (#45140673)

The real answer question is, in what fucking world is it appropriate for courts to say what a private company programs?!? If the encryption is not illegal (it shouldn't be either way, but encryption is still legal in the US) the judiciary has no business saying whether it should be used or not.

The court _can_ tell a private company to give information about a customer, or hand over information or things that belong to the customer and are in possession of the company. A company that rents out physical storage can be ordered to hand over the items that a suspected criminal has stored, and if they don't have a key they may have to unlock the storage with physical force which may damage the company's property. So you should ask what happens if they rent out safes, and have no expertise at all how to open the safes. I suppose they can send the unopened safe to the court, or let police experts on their premises to try to open the safe. In either case, the action is damaging to the company but they have to allow it.

Now the court cannot tell the company how they write their software or what software they use. They _can_ tell the company that they want some customer's data. So the company says "we have the data, but it's in a safe". So the court says "in that case, open the safe".

The company should have created a safe that is impossible to open, or not kept any data of that customer at all. Now if I send an unencrypted email to a Lavabit customer who is under suspicion, then it is obviously that Lavabit _can_ store that email in unencrypted form and _can_ be ordered to keep a copy outside the safe. For already stored data, they'd have to create a design where a "masterkey" doesn't give access to anything.

Re:The real subtle reason. (3, Interesting)

shentino (1139071) | about a year ago | (#45141173)

Even if you make something impossible, you still have to convince the court that it's impossible in order to avoid being locked up for 13 years on a contempt charge.

Which means the court can use the mere threat of a perpetual contempt sentence to coerce you to make things easier for them ahead of time...just in case.

Re:The real subtle reason. (0)

Anonymous Coward | about a year ago | (#45141909)

And, once the court is convinced that it is impossible, the court can order that it be made possible and if it can not be made possible order that the company shut down the service.

Better comparitions (0)

Anonymous Coward | about a year ago | (#45140589)

Do your Goverment open your *physical* letter (paper) before giving them to you?
Do your Goverment order to your postal service (USPS, Correos, La Poste, etc.) to keep a copy of each letter (paper) before giving them to you?

~ Franz

In the near future (1)

Anonymous Coward | about a year ago | (#45140623)

For some strange reason all our undercover agents keep turning up dead, it's like no one has any privacy....

we should just rewrite batman, superman and all the other masked marvel cartoons so that the superheroes are known as who they really are, they can kill Lois in the first episode and eliminate a dreary plot line.

the fuck? (1, Informative)

Joining Yet Again (2992179) | about a year ago | (#45140755)

From a technological standpoint, shooting someone who is about to rape your daughter is the same as shooting someone because you want to drive the car they're in: the bullet punctures the skin and causes internal damage, temporarily (or permanently) disabling the person being shot. Therefore ban all guns.

Re:the fuck? (1)

AlphaWoIf_HK (3042365) | about a year ago | (#45140789)

I think the way they put it was pretty silly, but the point is that if it is possible for the government to demand the raw data and get it, it's possible for an 'evil' attacker to get that data as well. You can't even assume the government isn't evil.

Re:the fuck? (0)

Anonymous Coward | about a year ago | (#45140825)

They habe PROVEN to be EVIL, because they demanded Lavabit do turn over the keys to the entire castle, not just a few cases of "probable cause" suspects. USG, including the judiciary, want total access to information about each and every person. That in my mind is the definition of evil.

Re:the fuck? (1)

AlphaWoIf_HK (3042365) | about a year ago | (#45140843)

Exactly. No government throughout history has let the chance to abuse their powers slip by, so there's really no reason to trust them at all. The US government has abused its powers numerous times already, so that's even less of a reason to trust them.

Re:the fuck? (1)

Joining Yet Again (2992179) | about a year ago | (#45140849)

*No human

FTFY.

Re:the fuck? (1)

Anonymous Coward | about a year ago | (#45140869)

From a technological standpoint, shooting someone who is about to rape your daughter is the same as shooting someone because you want to drive the car they're in: the bullet punctures the skin and causes internal damage, temporarily (or permanently) disabling the person being shot. Therefore ban all guns.

I'll just leave this here.

http://i.imgur.com/nSD3ofw.gif [imgur.com]

Re:the fuck? (1)

BlueStrat (756137) | about a year ago | (#45140969)

From a technological standpoint, shooting someone who is about to rape your daughter is the same as shooting someone because you want to drive the car they're in: the bullet punctures the skin and causes internal damage, temporarily (or permanently) disabling the person being shot. Therefore ban all guns.

Seriously, did you even think this through at all before posting?

It's more like forcing people to use only easily-defeat-able locks and/or send the government a copy of the keys to all locks because criminals sometimes use locks and the government may need easy and quick access to prevent/halt a crime or execute a search or arrest warrant in a timely manner.

Secret government-mandated backdoors and unreported zero-days don't care who exploits them, either.

Maybe the daughter in your example would not have been raped if the rapist had not been able to quickly defeat the LE/court-friendly weak door locks mandated on her house before rescue could arrive.

Strat

Re:the fuck? (1)

Joining Yet Again (2992179) | about a year ago | (#45141385)

So, you agree that it is absurd to proscribe a particular action simply because "from a purely technological standpoint" that action can come with good or evil intentions and/or results. IOW, you have as much problem with my absurd consequence as I do.

Yet you say, "Seriously, did you even think this through at all before posting?" Maybe your sarcasm detector is broken.

Re:the fuck? (0)

Anonymous Coward | about a year ago | (#45141595)

From a technological standpoint, shooting someone who is about to rape your daughter is the same as shooting someone because you want to drive the car they're in: the bullet punctures the skin and causes internal damage, temporarily (or permanently) disabling the person being shot. Therefore ban all guns.

More like, "Therefore ban body armor". Because it can be used to protect rapists from police bullets.

German Government Here To Help You (0)

Anonymous Coward | about a year ago | (#45140787)

Use GNUpg. It has been seeded by the German Ministry of Business. It's Free Open Source. It's better than the Opaque Crypto (seach for for "gstool Jan Schejbal") from the German Chancellor Ministry (Chi/BSI), exactly because we can inspect GNUpg.

Or, just use the openssl command line. Not really more complicated than GNUpg.

So, if we properly use government, they can in exceptional cases indeed help us.

I don't get his argument at all (0)

Anonymous Coward | about a year ago | (#45140795)

(and yes, I have RTFA)

What's he's saying is that software engineers should design systems so that the acts of democratically elected -> appointed law enforcement officials acting in the judifically approved furtherance of their duties should be impossible because those same mechanisms could also be used by unauthorized parties?

should we also design roads that police cars can't drive on because criminals might drive on them too?

i understand the huge skepticism when it comes to 'goernment reading my emails' concerns. a lot of that is very much warranted and should be looked at deeply and perhaps disallowed as a matter of law. however, i find his arguments, in as much as i probably don't understand them really wanting and actually ethically dubious.

Re:I don't get his argument at all (1)

AlphaWoIf_HK (3042365) | about a year ago | (#45140853)

should we also design roads that police cars can't drive on because criminals might drive on them too?

Who are you protecting in that case? In this case, you're actually trying to protect people and their data.

Re:I don't get his argument at all (0)

Anonymous Coward | about a year ago | (#45140859)

Why don't you move back under your rock ? The government, including judiciary, demanded whole-sale access to ALL Lavabit accounts, because one guy (Snowden) used Lavabit. You are a nasty $hill trying to whitewash their evil act.

Re:I don't get his argument at all (1)

HJED (1304957) | about a year ago | (#45141497)

should we also design roads that police cars can't drive on because criminals might drive on them too?

So we should leave our doors unlocked encase the police need to go into our houses as well?

Re:I don't get his argument at all (1)

Sarten-X (1102295) | about a year ago | (#45141759)

If the police need to get through a locked door, they can get a court order to do so. Then yes, you have to open the door for them.

If court orders are legitimate (3, Insightful)

Charliemopps (1157495) | about a year ago | (#45140833)

"If court orders are legitimate..." -- see there Mr Judge, you've answered your own question.

Re: If court orders are legitimate (1)

BlueStrat (756137) | about a year ago | (#45141075)

"If court orders are legitimate..." -- see there Mr Judge, you've answered your own question.

[sarc]
But...but...if a (secret) judge in a (secret) court (secretly) orders it under (secret) rulings/precedents, it *must* be legitimate by definition!

The government consulted with itself and assured itself that it was.

Secretly, of course.
[/sarc]

Strat

Re: If court orders are legitimate (-1)

Anonymous Coward | about a year ago | (#45141237)

Like Louis IVX ("l'eata c'est moi"). The sad truth is that the Anglosaxon world has become as Catholic as it gets. And this is not "anger" on my side - the whole idea of a single guy having "absolute" authority is a key catholic idea.

If they do all of this in secret, there will be one guy in charge - like POTUS or DIRNSA.

The pope and bin Laden - destroyers of the Anglosaxon world's most cherished cultural ideals.

If you NSA guys and your Marine protectors don't tread very carefully, you will be seen as the enemy of our (not just Anglosaxon, but Germanic) freedoms and you will take the piss for it. Ultimately, more than piss. Worship the Romans, worship perversion, worship all the cloak-and-dagger shite - it all won't help you. Our forests have more power than your castles of perversion !

Re: If court orders are legitimate (0)

Anonymous Coward | about a year ago | (#45141391)

"If court orders are legitimate..." -- see there Mr Judge, you've answered your own question.

Ah, you Sir seem to have found my Razor! Regards, Occam

Chaos insues (0)

Anonymous Coward | about a year ago | (#45141621)

I like to email chunks of Lorem Ipsum to Islamic charities. It drives the decrypters crazy.

We're talking about governments (1)

lseltzer (311306) | about a year ago | (#45141725)

Governments are supposed to have the ability to compel disclosure of confidential information, subject to legal protections. If you don't like the Snowden example, consider a less controversial criminal example, like a kidnapping in process. The point is that the 4th amendment allows for reasonable searches and seizures. Claiming that all searches and seizures are attacks is to deny the legitimacy of even uncontroversial law enforcement. Incidentally, even Lavabit complied with other government requests for data [docketalarm.com] .

This is email! (0)

Anonymous Coward | about a year ago | (#45142085)

What's really so ridiculous is that we're having this conversation about email providers. Two-decade-old tech makes it to that subverting the provider only gets the attacker traffic-analysis, still not content. It's so easy to encrypt email. Let's get our shit together, people. Install gpg today and get your public key out there.

If people were less than 20 years out of date on their tech, then lavabit would be irrelevant.

Nuclear Launch Codes (0)

Anonymous Coward | about a year ago | (#45142301)

The post presumes that if data can be extracted from the system it can be done so by a single person and without the knowledge of anyone else within the company. Couldnt a design involving more than one person having to "turn their key" account for a rogue employee scenario

Tyranny (0)

Anonymous Coward | about a year ago | (#45142405)

How about the right to keep and bear arms. Cyberweapons are part of that. People and organization must have the ability to protect against a tyranny. Especially since there are constant abuses of power now.

No idea about security (2)

AJH16 (940784) | about a year ago | (#45142499)

As much as I may not like invasions of privacy, the fact is that this summary provides a bullshit excuse for the need of making court order resistant services. This kind of issue has been addressed numerous times in the past and is actually quite easy. You just have to have a system that breaks the files up through multiple keys required to unlock it. It's called separation of duties and has been done in any good security system for decades (centuries?) This way, a legitimate order can be processed because everyone is on board with a legal order, but an illegal action, such as a bribe can not happen without having to get numerous people on-board with the action.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>