Levison ran a for-profit service that made security claims to its users that the system couldn't possibly back up. Other people, like Moxie Marlinspike, the OpenPGP team, and the OTR developers build systems that can provide meaningful security for their users. Perhaps they don't end up in the news because their services actually work; regrettably, this means they may never become "heroes" the way Levison did.
I have great respect for your writing, but as I am not in the security field I often have difficulty understanding some of the points you make in threads like these. When you say Levison's system made claims it couldn't possibly backup, do you mean that from a technical perspective, or from a legal perspective? I assume you mean from a legal perspective; as his service was a central point at which all messages traveled, he had access to both the encrypted content as well as the decryption keys which the government could then obtain access to via legal means. The advantage afforded by personal systems like PGP keys is obvious in that no third party is involved, but at the same time, PGP or anything else doesn't do any better from a legal perspective - the government can coerce you to give up your encryption keys just the same, no?
edit: I think you explained this in your reply at https://news.ycombinator.com/item?id=7775232. but still, if the idea is, "you can't claim that system X protects you, because the government can compel that system to give up its keys", that would appear to apply to any encryption system. OpenPGP can't make the claim, "now you can send any message with absolutely zero chance of the government ever reading them!", one subpoena (edit again: search warrant) for your laptop and your passphrase (or a covertly installed snooping device) is all it takes.
> from a technical perspective, or from a legal perspective
Is there a difference? A system like Lavabit is meant to provide technical defences to legal threats. It has to be; that's the entire point. It's not like Levison was providing (or claiming to provide) any defences from any non-legal threats. What Levison needed to do was design a system which did not technically allow him to comply with the subpoenas he received.
And at least for American's, your counter about "can't the government just grab your laptop" is incorrect; you have a privacy interest in your laptop that you do not have in a 3rd party servers. You have stronger 4th Amendment protections, plus a 5th Amendment right not to incriminate yourself. (This last point gets confused; the government does have a right to compel you to give up your keys only if they already know what's being protected. If they know that you have a child porn on your laptop from other means, you must let them access the child porn on your laptop. If they have no idea what's on it, they cannot compel you to let them access it.)
>the government can coerce you to give up your encryption keys just the same, no?
No they can't. In general, such an act would be a breach of the Fifth Amendment protection against self-incrimination. You cannot claim similar protections for information that would get another person in trouble though. This is why Levison was risking a contempt charge by refusing to turn over evidence about someone else.
I just want to point out that, with respect to Fifth Am. protection for passwords and keys, there are at least two District Court decisions suggesting that giving up keys is non-testimonial, and one Circuit decision suggesting it is, so there may be a split on this issue sometime in the future that will end up at the Supreme Court.
Giving up keys about information otherwise already known to be on the computer is what's declared non-testimonial though.
It would be like refusing to open a safe even though the cops have a video recording of every point in time from you putting a bloody knife in the safe to the present time; making you open the safe isn't what proves your association with the knife as the police already have that on video.
How the courts interpret that kind of theory for computing will certainly be intriguing though.
|Giving up keys about information otherwise already known to be on the computer is what's declared non-testimonial though.
That was true of In Re Boucher and to a similar extent US v Kirschner, but in US v. Fricosu, the agents had not seen the contents of the computer, as the defendant claimed she couldn't remember the password. Obviously PC still has to exist that the thing to be found will be found on the computer, but in Fiscosu it was.
I believe you are correct and the grandparent is not. The fifth protects you from being coerced into saying "I did the crime", but not from cooperating with court orders. By you uttering your passphrase, you are not incriminating itself (a wise guy in the crowd will as "What if my password is 'IDidIt!'?" In that case, as I understand it, the jury would be told to disregard the actual phrasing of the passphrase and look only at what the passphrase (really the decryption key) unlock.
In other words, yes this is exactly like refusing to open a safe. The only difference is that with a safe, if you no longer have the key, the law enforcement agencies can attempt other methods of opening the safe. If you lose your encryption key, nobody can prove that you actually lost it and are not just trying to hide it. In this case, it seems the judge will simply say that you are in contempt of court and will lock you up until your memory improves (as in indefinitely).
Like I said somewhere else, some courts have agreed with this analysis, and others differed. Obviously each case is fact intensive, but I imagine we'll have many more discussions as more cases come forward, a circuit split emerges, and it is eventually considered by the Supreme Court.
OK, do you mean, I can be compelled to give up all my equipment via search warrant, but they have no legal means of making me tell them what my passphrase is? that would be an important distinction. Though at the same time, the government can just as well have covertly installed a keylogger on my system. Which may be illegal but it seems to be happening regardless.
> [the US government] have no legal means of making me tell them what my passphrase is?
Exactly. There was a lot of back and forth about legislation in the UK that basically considered it contempt of court (or worse: impeding an investigation) to not provide encryption keys/pass phrases. Problem was, the government didn't have to prove that you actually had (access to) the keys in question -- effectively being caught with a usb key filled with random data could get you a year in prison...
If you think about it it's entirely unreasonable to demand encryption keys (to say nothing of how you would prove/disprove that the right keys have been provided, specially with stuff like hidden encryption partitions available...).
At any rate the (technical) problem with lavabit was that lavabit could technically sabotage their product in such a was as to gain/give access to user data -- a secure system would not.
The viability of both private (data) and private meta-data messaging have been debated a few times, but basically it's currently hard to beat regular email+gpg+mixmaster routing.
And as long as we don't have secure "web" crypto, the situation won't change.
The first sentence only follows from the second if you also assume that the government cannot do anything that you or someone perceives to be a violation of the Constitution.
"When you say Levison's system made claims it couldn't possibly backup, do you mean that from a technical perspective, or from a legal perspective?"
Both. I can't speak for tptacek but can explain his comment. Lavabit may not have known about the legal possibilities, but the technical design was such that Lavabit could expose users' communications.
The technical shortcoming was that the system used the password input by the user as a key for the encryption. I may have some details mixed up, but basically they could capture the password in plaintext and unlock the user's comms with it. They made a practice and promise of not doing so, but one of the government demands was to intercept it.
Levinson's system did work because it had a fail-safe which was to self-destruct when faced with certain legal threats. And as a bonus it acted as a canary letting the whole world know about the government's secret activity. I think it was very well designed. I would trust my private communication with him again.
You know, I've read easily a dozen articles on Levison, and I realised just now that to this very day, I've never read his warrant canary, nor did I know that it was his warrant canary that first broke the warrant request to the public.
You don't happen to have a link to either of those, do you?
"Other people... build systems that can provide meaningful security for their users."
Do all of the implementations, particularly on mobile, actually provide such security? If a court is willing to order TLS keys to be turned over in order to enable the government to access information, why couldn't they order the developer to release a backdoored version through the relevant App Store or other update mechanism? If the author refuses to comply, then they will demand the codesigning keys so they can backdoor it themselves.
To quote your critique of another's security proposal:
"Then the only difference between hushmail and your model is exactly what the FBI will get a subpoena to have you type into your server to subvert your users. The models are equivalently insecure."
As 'rayiner points out repeatedly, there is plenty of precedent for people being forced to turn over information in their possession to comply with government investigations going back centuries.
This is much different than requiring that arbitrary third-parties to be compelled to take arbitrary action to assist in a government investigation. Where they are required, it is a power granted by statute with limited scope. (Phone companies are required to assist in wiretaps via things like Communications Assistance for Law Enforcement Act; I forget that was in effect before that. And they get to bill the government for it.)
Lavabit didn't actually have the information in a format that was readable. In order to get it, they needed to change the way their system operated to decrypt the information the next time a particular user logged in. If one can force a person to modify the source code running on his servers, why can't one force a person to modify a binary distributed to clients?
From reading the arguments in this case, it's not clear to me that the judges would have been impressed by that distinction. Their focus was on whether Lavabit had the technical capability to provide the information the government demanded. In both cases, the answer is yes. We won't know the actual answer until this has been litigated. If it has and I've missed it, I'd love to see the case in question.
If Levison said "I don't know how to get that information and I don't even have it" then the DOJ might have bought it and it might have been over.
But once he established that he owned the information, then it was either get it out himself, or let the DOJ go through and get the information themselves.
That works until the government analysts look at the system and see that you could get the information and then a court finds that you perjured yourself as "beyond reasonable doubt" you did know how to get the information. Then you're looking at the same position you had before just from the inside of a prison instead.
To be sure, Levinson should have gotten competent legal counsel long before this all started. (He knew he was going to have this fight eventually, but he had to scramble for a lawyer when this specific request came in.)
And that counsel would have advised him exactly what he could have and should have revealed, and how to comply with previous requests. His complying with prior orders surely weakened any attempt to say "but I can't get that information!"
>>Perhaps they don't end up in the news because their services actually work
Or because they willingly comply with every government request, unbeknownst to their users, which is not really news-worthy (unlike Levison standing his ground for principles in which he believes).
This comment, a mixture of ignorance (about how things like GnuPG and OTR work) and malice (in its willingness to cast aspersions on strangers solely to preserve a preferred narrative) says more about its author than about Internet privacy.
How would they do this, assuming they wanted to? If they built their tools correctly, nobody knows how to comply with such a request.
Or are you suggesting that they maintain a secret list of unknown vulnerabilities in their own code, just so they can help people spy on their own users?
Consider this a response to both your comment and tptacek's (rather rude) comment.
>>How would they do this, assuming they wanted to? If they built their tools correctly
If they built their tools correctly. I think that's a big assumption. We know for a fact that the NSA has infiltrated and/or influenced various organizations to knowingly implement vulnerabilities in commonly used protocols so that systems that use those protocols can be exploited later. This was all over the news. Some experts even speculate that this may be how the Heartbleed bug originated. Considering the fact that OpenSSL has been around for a long time and no one discovered the vulnerability until very recently seriously brings to question how much faith can be placed in systems like GnuPG and OTR.
Again, consider who you are up against: the NSA has the capability to tap underwater cables, intercept shipments of routers to plant bugs on them, to force airplanes of foreign presidents to land on allied territory so they can be searched for a fugitive, and who knows what else. And that is the "who knows what else" part that should worry you. We are against an enemy of unknown power and influence, and it is silly to expect technology -- any technology -- to provide sufficient protection. Suggesting that "[GnuPG and OTR] don't end up in the news because they work" is asinine.
The NSA can tap all the cables they want, intercept all the router shipments they want, detour every plane they want; that won't make the discrete log problem any easier for them to solve.
Thomas, you're still stuck in the technical mindset. This is not a technical issue. Forget about the discrete log problem. The NSA can frisk you away tonight to Gitmo and torture you until you spill all your secrets.
Before you say I'm being dramatic, consider the fact that this is a government that extra-judiciously assassinates its own citizens and then shamelessly defends it. If you think your shiny protocols are secure, you may want to rethink your entire perspective. At the end of the day, humans can be compromised, which makes all systems designed and developed by humans inherently risky regardless of implementation detail or operation. Any time the NSA really wants to gain a piece of information, the discrete log problem is at best a short delay. A minor inconvenience. A drop in the bucket in terms of the resources needed to go around it, since solving it is not necessary if the system is poorly implemented or has other, undocumented vulnerabilities.
edit: downvotes are expected. This is a techie forum and techies don't like it when someone points out that technology can't solve every problem.
> edit: downvotes are expected. This is a techie forum and techies don't like it when someone points out that technology can't solve every problem.
If your original comment had made the point that we don't know what we don't know with respect to the NSA's capabilities, rather than impugning people like Moxie Marlinspike, you probably would have fared better.
I just pointed out that the commenter probably got downvotes as much for the post further up as for the one in with the complaint about them. How is that ad hominiem? I didn't attack the poster, I just made an observation the likely reasons for the reception of the other post. Seriously, is there even one word that I wrote that attacks the poster rather than what he or she wrote?
Moxie Marlinspike is well-liked around here, at least as far as I can see. That's enough reason for people to downvote someone who says, "Or because they willingly comply with every government request, unbeknownst to their users, which is not really news-worthy (unlike Levison standing his ground for principles in which he believes)." with nothing to back it up. Perhaps the poster just wanted to mention it as a theoretical possibility, but it comes across as an allegation, at least to me.
As for your question about trusting Marlinspike more than Lamo, I'm assuming that you mean Lamo before it was revealed that he had informed on Manning. I.e., Lamo seemed like a good guy and look what he did. I'm not sure how to respond as I don't know any of them personally. Others here could do better. I never said you should trust Marlinspike, I said people here don't like to see him attacked out of the blue, or that is what I meant, anyway.
Seriously, is there even one word that I wrote that attacks the poster rather than what he or she wrote?
To clarify what I was getting at, ad hominem doesn't necessarily imply that someone is being attacked or insulted. It just means that the argument, whether pro or con, should be considered without reference to a particular person. Marlinspike's involvement with a particular security software product or service has no bearing on whether I should assume it's uncompromised by the government.
Even so, I wasn't considering or discussing enraged_camel's character or person. I merely pointed why people might have downvoted. "Your other comment was off-putting" is not an ad hominem in the context of the reasons for community disapproval.
Circlejerk is high on you. To be fair you do not seem to be a retard otherwise I would have called you so, but talking about cowardice on a (largely) anonymous forum you are indicating you might be one. Carry on.
