Lavabit Defied FBI Demands to Turn Over Crypto Keys, Documents Show

If you want to support the Lavabit defense fund, you can do so here<p><a href="https://rally.org/lavabit" rel="nofollow">https:&#x2F;&#x2F;rally.org&#x2F;lavabit</a><p>EDIT: Since I posted the link 30 minutes ago, there is roughly $1200 more in fund and I&#x27;m guessing that it&#x27;s mostly from HN. So keep it up.

&quot;The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.&quot; <a href="http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution" rel="nofollow">http:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Fourth_Amendment_to_the_United_...</a><p>&quot;particularly describing the place to be searched, and the persons or things to be seized&quot;<p>Clearly this is a violation of the 4th Amendment as such a key would give them the ability to conduct unfettered and &quot;unparticular&quot; searches. A more targeted, and constitutionally legal, approach would have been to order lavabit to use, but not disclose, the private key to decrypt specific emails from specific people. Given that the police know the public key, they could verify that lavabit had supplied correct decryptions.

At first I was more on the Lavabit side on this. But it is looking more like they started the whole thing when they defied the initial court order to provide connection info for that one specific user that was the target of an FBI investigation. When served with a warrant, you can&#x27;t just tell them to fuck off and expect the matter to be over. They will simply go harder... and not go home. I&#x27;m concerned that our outrage over &quot;mass surveillance being used for fishing expeditions&quot; has clouded our judgment when it comes to &quot;law enforcement legitimately gathering evidence for an active case against one specific person.&quot; Once they have a person of interest, their job is to continue to find evidence to bolster their case. That evidence will take different forms and come from different sources. I have no problems with companies complying with search warrants and court orders by providing evidence regarding illegal activity of a particular suspect. This is different than providing back doors for law enforcement to go <i>looking</i> for suspects.<p>A commenter on that story makes a good point: Forget for a moment that the user they were looking for was Snowden. If the FBI had been looking for info for a case against a serial killer or a child porn ring, would we still hold Lavabit as heroes for not following the court order?

&gt; [The] government’s clearly entitled to the information that they’re seeking, and just because you-all have set up a system that makes that difficult, that doesn’t in any way lessen the government’s right to receive that information just as they could from any telephone company or any other e-mail source that could provide it easily<p>I find the sense of entitlement the FBI had quite disturbing. Perhaps it is technically true, but they clearly had an attitude not just that they were legally authorized to access such information, but that nobody should be allowed to stop them having it, and any personal cost involved or moral objection is not part of the equation. For me the two do not connect that way - I am entitled to buy a house but nobody is required to help me do it, and if I don&#x27;t have the money, I&#x27;m screwed. It doesn&#x27;t allow me to murder the guy down the street so that I can take his money to buy the house I want.<p>The question is, is the FBI allowed to recruit any civilian to do anything they think is necessary to get at some information they are authorised to acquire? Can they go to your grandmother and tell her to prostitute herself if that will help them? At what point does technical ability to accomplish something render you at the mercy of the state to do whatever they tell you? It is one thing to demand someone actively stop obstructing something. But to demand they actively assist goes a step further. The notion of conscientious objection has been accepted and even honoured and respected, even in times of war.<p>I don&#x27;t know where this line is. But I know I&#x27;m very uncomfortable with the attitude that law enforcement showed in this case.

Awesome decision. It&#x27;s easy to say it was the right call from the sidelines but it&#x27;s also easy to underestimate the personal cost that must have been involved with walking away from his company, especially with the gag orders making it impossible to discuss his reasons.

Theresa Buchanan is the same judge who ordered Twitter to turn over info on WikiLeaks <a href="http://www.salon.com/2011/01/08/twitter_2" rel="nofollow">http:&#x2F;&#x2F;www.salon.com&#x2F;2011&#x2F;01&#x2F;08&#x2F;twitter_2</a>

&gt; In a work-around, Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type. The government called the printout “illegible” and the court ordered Levison to provide a more useful electronic copy.<p><i>How</i> illegible? I&#x27;m really curious about this part.

Lavabit are freaking heroes.

Everybody note that the SSL key demand came only after Lavabit declined to turn over information on one user. I can understand the logic of this from the feds&#x27; perspective; they tried to do it the &quot;right&quot; way but Lavabit refused to cooperate so then the feds starting trying progressively more aggressive approaches to get the data.

Like half a dozen people have tried to argue that, because the order was lawful and Levison had complied with previous lawful orders, he has no moral justification for refusing this one.<p>Let&#x27;s not beat around the bush. You&#x27;re willfully missing the point. The lawfulness of the order is not at issue; the target of the order is. I would happily obey a lawful order to turn in a fugitive rapist hiding in my basement; I would not willingly obey a lawful order from the same authority to turn over an escaped slave, even if I lived in a slave-holding nation.<p>If you don&#x27;t think that Snowden should have broken the law to inform the public of massive, unsupervised, hidden government surveillance and lies about same, that&#x27;s fine. But say so, don&#x27;t go making disingenuous sidewise arguments and thinking you&#x27;re sly. Yes, Levison disobeyed a lawful order. Laws should be obeyed because they are just, not because they are laws.

This act will be remembered as a &quot;legend&quot;.And Lavabit is THE HERO.Standing behind its customers, almost killing itelf.You are my hero !

I&#x27;m not taking sides against Lavabit here, but it&#x27;s worth considering the situation here without the Snowden context.<p>A search warrant was signed by a court for federal agents to retrieve&#x2F;collect evidence for a specific target. How is what the FBI (and prosecutors) demanded different than a normal wiretap?<p>edit: If the FBI&#x27;s order could not be completed in a way that would NOT compromise ALL users, then of course Lavabit should have resisted. My question is based on the assumed validity of this statement in the OP:<p>&gt; <i>The July 16 order came after Texas-based Lavabit refused to circumvent its own security systems to comply with earlier orders intended to trace the Internet IP address of a particular Lavabit user.</i>

I wish Paulson explained where he got this information. Did Lavabit just leak NSL data?

My favorite part: The SSL certificate was delivered as an 11 page paper in 4pt font. This is so genius.

This is pure evil.

I guess Lavabit figured that giving access to the data of one user in the requested way could compromise other users&#x27; privacy&#x2F;security so that would be equal to warrantless wiretapping. Otherwise, what was the problem with following that?

There is no way this is not a &quot;general warrant&quot;. If it&#x27;s not overturned in appeal, the US is no longer an acceptable place to host anything or conduct any business operations for anyone (except the USG or regulated entities).<p>I&#x27;m hopeful it will be overturned at the 4th Circuit, rather than waiting for SCOTUS. There are <i>so many</i> ways to challenge it. The only way we&#x27;d be fucked would be if Ladar didn&#x27;t have the money to appeal, but it&#x27;s a super tempting case for anyone at EFF&#x2F;ACLU&#x2F;etc. Funding the appeal to the max would also be in the self interest of any cloud business in the USA.

Is there a bug in HN right now? Why is this story which was posted 4h ago ranked #7 with 436 upvotes, when U.S. Opposes Tech Companies... is ranked #6 with 169 upvotes while it was posted 8h ago and the Google acquisition of Flutter ranked #3, also posted 4h ago, whereas it only has 96 upvotes.<p>Did the HN ranking algorithm change or did I miss something?<p>Here the screenshot <a href="http://imgur.com/7Yh9XB2" rel="nofollow">http:&#x2F;&#x2F;imgur.com&#x2F;7Yh9XB2</a>

What&#x27;s the source of this info? Does anyone know?

Balls of steel. What a hero.

Does this mean SSL is secure?

I commend him him for shutting down Lavabit instead of giving in. It was one of those epic moments where one chooses to take a principled stance on something no matter what the cost.<p>(Reminds me of a Howard Roark moment to be honest)

A service that used a separate subdomain and SSL certificate per user could have avoided such a situation. Though this is an unreasonable burden for a service provider to bear for operating in the US.

The good news here is that Lavabit only started to suffer when the feds came calling for Snowden. Another email provider &quot;Mavabit&quot; could provide a quality encrypted email service for a while as well, as long as we have a supply of trustworthy operators.

Am I the only one busting a gut that he printed out the SSL key over 11 pages in 4pt font for them to re-key? Hahahaha that&#x27;s fucking hilarious... though the kind of OCR software the FBI has access to would no doubt have made short work of this.

I wonder why didn&#x27;t the FBI just use some OCR tool to scan the key?

The title made me think that they managed to get what they wanted.