There are two huge differences that make court orders completely different from inside attacks:
1. Court orders can be freely targeted.
It's incredibly hard and costly to make a system resistant to inside attacks from everyone. Not just costly from a technical implementation perspective, but from a business operations perspective. For example, software engineers might occasionally want to look at some user data in order to diagnose a bug. Not having access to the data would make their lives much harder. Certain analytics might not be able to be generated which leaves the business flying blind.
Instead, an acceptable tradeoff is that access is restricted and managed to mitigate risk. For example, access is only granted when necessary and sensitive operations might require two separate people to sign off. This makes it significantly more difficult for a malicious actor to bribe the right people but makes it no more difficult for law enforcement. Law enforcement can legally compel bypasses around all the safeguards.
2. Court Orders don't care about being detected.
Instead of making it technically impossible, it's often far more effective to deter inside attacks through robust detection. Audit logs, clear policies and dire consequences are usually enough to shift the calculus of inside attacks into "not being worth it". Such a calculus does not apply to court orders because they don't care about being detected, because they're not doing anything "wrong".
On the surface, court orders and inside attacks might seem very similar technically viewed from an overall business perspective, they are vastly different and the comparison between the two is unhelpful.
Bah. 1. Law enforcement cannot compel a number to reveal its prime factors, or people beyond its jurisdiction to reveal secrets. 2. The court order that started all this did care about being detected: It demanded access such that Lavabit could not learn whose mail was being read.
1. Court orders can be freely targeted.
It's incredibly hard and costly to make a system resistant to inside attacks from everyone. Not just costly from a technical implementation perspective, but from a business operations perspective. For example, software engineers might occasionally want to look at some user data in order to diagnose a bug. Not having access to the data would make their lives much harder. Certain analytics might not be able to be generated which leaves the business flying blind.
Instead, an acceptable tradeoff is that access is restricted and managed to mitigate risk. For example, access is only granted when necessary and sensitive operations might require two separate people to sign off. This makes it significantly more difficult for a malicious actor to bribe the right people but makes it no more difficult for law enforcement. Law enforcement can legally compel bypasses around all the safeguards.
2. Court Orders don't care about being detected.
Instead of making it technically impossible, it's often far more effective to deter inside attacks through robust detection. Audit logs, clear policies and dire consequences are usually enough to shift the calculus of inside attacks into "not being worth it". Such a calculus does not apply to court orders because they don't care about being detected, because they're not doing anything "wrong".
On the surface, court orders and inside attacks might seem very similar technically viewed from an overall business perspective, they are vastly different and the comparison between the two is unhelpful.