Argument #1 is really the damning thing for Lavabit. The scope of the subpoena power isn't some new invention of the surveillance state. The quote from U.S. v. Calandra ("the public is entitled to every man's evidence") dates to 1742: http://supreme.justia.com/cases/federal/us/317/424/case.html.... It wasn't a new concept then either. The idea of e-mail accounts the government can't access with an appropriate court order is deeply incompatible with how Anglo-American law conceives of the powers of courts.
There's a comment by "Jessica Darko" on the linked-to blog that I think warrants addressing. There is a big difference between a "search" for the purposes of the 4th amendment and a subpoena of a third party. Say the government is investigating Bob for tax fraud. It's a "search" subject to 4th amendment protections for the government to break into Bob's house and go through his drawers. It's not a "search" for the government to subpoena his accountant for any relevant financial records. It's a "search" for the government to break into the accountant's office to get those records, but the accountant can't hold up the 4th amendment as a shield against turning over those records pursuant to a court order.
Actually I was surprised that the article doesn't see the harm in "The Subpoena Argument" which although not overly burdensome, is both abusive and oppressive. The abuse and oppression is happening to the business and to the clients of that business. Lavabit was willing to provide the records for the account in question so the issue of providing SSL keys is moot. Add to that the Feds wanted live surveillance so Lavabit offered to do some coding for a fee of 3500 and the Feds refused. All in all Lavabit was compliant with the letter of the law. The ruling against Lavabit seems to have been expected to silence the owner but it backfired against the Feds.
I'm all for going after the bad guys but sometimes law enforcement agencies don't make themselves likable, especially when they can force someone to comply with what they want.
I was hoping to see more discussion on this point.
Are there other cases where subpoenas have been issued for tools that enable the gathering of evidence? Has that sort of thing always required a warrant?
Is it moot that a warrant was eventually issued? Or was the warrant only issued punitively because Lavabit didn't comply with the subpoena without regard to the validity of the subpoena in the first place?
I think it's becoming clear the legal system imagined by nerds is not the actual legal system. It's like watching somebody at an American football game who thinks they're at a soccer match.
"You can't throw the ball like that. Hand ball! 87 just knocked 12 over. Red card, red card! This ref is an idiot; he doesn't know any of the rules!"
Intellectual technologists may simply disagree with the premise of a law, rather than fail to understand it. You can't create new technologies with a mindset that sees only how things are, not how they could be better.
I think the number of comments saying X is unconstitutional/illegal vs X should be, reflects a failure to understand, not just disagreement. If you want to argue the legal system is based on immoral principles, go for it. If you want to argue the FBI broke the law, go for it. But figure out which argument you're making and don't conflate the two. I see a lot of comments that are basically, "in my perfect legal system, the FBI can't do this, so therefore the FBI can't do this in this legal system."
Should the government be able to order you to give a blood sample so they can pop out a clone of you, which they can then use to impersonate you towards _anyone_, say, your spouse, in order to potentially perform arbitrarily broad collection whos scope they'll hide under the guise of national security?
They're not asking for evidence, they order the operator of the service to be complicit in aiding the government in impersonating the service towards all of its users.
There is no hope for us if nothing we hold to be ours is available to any government agent who demands it. A request for a single person is one thing, it only affects that one person. Once the request affects a huge number of unrelated people just to grab that one person it becomes unreasonable. It's like arresting an entire city to catch a single criminal. At some point you have to draw a line. But I wouldn't want to try that argument in front of a Federal Judge much less the Supremes. I doubt this will work.
Isn't it a technical problem with the service, rather than a legal problem, if the host can't give access to one email account without compromising all users?
The email encryption was not in play here, from what I understand the end user was the only person with the key to the email "inbox" encryption
What is in play here was the SSL Key that is used to encrypt the browser traffic between LB and the user. No differant than the SSL Cert used when you make an online purchase
It technologically impossible/impractical to have a separate SSL cert for each user, that is just not how the HTTPS protocall was designed
This is not Lavabits doing, that is the work of the Internet Engineering Task Force (IETF)
By turning over the SSL Key the FBI using the Pen Trap Device would capture in real time all data of all users and be decrypting it in real time.
Turning over a Master Key to a building would not give the FBI instant access to all apartments simultaneously, nor would they have the ability to go back in time to look at previous data, nor thousands of other problems with this analogy
People are attempting to conflate physical keys with encryption keys simply because years ago the mathematicians used the word "keys" as analog to explain things to the general public. This does not mean there is, in reality, any analogous relationship between encryption keys and physical keys
They could have instant access if they duplicate the key and raid all apartments simultaneously.
Also the legal speak above states I believe that even that the FBI clould technically access other user data, this does not somehow disallow this from happening because is not ideal. It is more a fault of Lava it than anything else.
SSL is a standard secure communication protocol of the internet, it is not lavabits design and it is impossible for Lavabit to modify while still keep interoperability.
You do not seem understand the underlying problem, as many people are misinformed as to which key the government was requesting., They WERE NOT asking for the key of the private inbox data, they were asking for the GoDaddy Signed SSL key that encrypts the web browser session from the Lavabit User to the Lavabit server, not the user level key for the encrypted mail box stored on LB servers
This is the same protocol that HN uses for this very site, Amazon, Gmail, and thousands of other sites use every day to secure communications between public servers and the users of those servers
> SSL is a standard secure communication protocol of the internet, it is not Lavabits design and it is impossible for Lavabit to modify while still keep interoperability.
Correct. If Lavabit wanted to be 100% immune from these type of subpoenas, then they would have designed the system to never have been accessible this way. I'm guessing (just like Hushmail) that having a proper end-to-end type encryption, like forcing the users to use some sort of PGP on their end would reduce uptake, thus preventing them from having a viable business model, so they compromised in this way.
Just because SSL is a standard etc is irrelevant. The government is going to use its subpoena power to get to the information they have reasonable suspicion is being sheltered by Lavabit. If the least intrusive method unfortunately exposes everyones data, well that really is what they call "tough luck."
Further on the "tough luck" point, that is not how our legal system is suppose to work, the government infact does not get access to any information even if they have a reasonable suspicion it is being "sheltered", there are all kinds of limits that are suppose to exist, and the "tough luck" part is suppose to be the burden of the GOVERNMENT not the people,
US Constitution, Federalist Papers, 100's of years of case law, the very concept of innocent until proven guilty, all that supports the notation that the burdens are placed upon the GOVERNMENT not the people.
THe laws allowing for Pen Trap's are very clear that the pen trap must not cause undue hardship on the business in question, and there are simliar limits on all of the powers of government
The idea that the government has, or should have, unlimited power to destroy businesses and individuals in the pursuit of "justice" is not only ridiculous but very dangerous
Could you perhaps cite one case in the hundreds of years of case law that supports the argument that privacy concerns override the right of the courts to every man's evidence?
You really do not understand what is going on here.
Hushmail would have the exact same problem, Hushmail is not all that different from Lavabit.
When you load a message from your hushmail encrypted inbox it is DECRYPTED on the server side using the password you provided at login, then the HTML representing the email contained in your inbox it is then ENCRYPTED by the web server using SSL and Signed Certificate that is recognized by a web browser, in Hushmails case that CA is thawte, in LB case the CA was GoDaddy and sent to you.
ALL HUSHMAIL USERS share the same SSL Encryption from the Hushmail server to their Browser, this is how the web works. There is no changing at least not by a single company.
The only way around that would be to not use HTTP, or web browsers. But then you could create an entire new messaging system like BitMessage, but LavaBit was attempting to give people private EMAIL, not create a new messaging protocol
This has no bearing again whatsoever on what the government can subpoena. Just because it "sucks" that you've designed your system that if the feds need access to one account you've configured it such that one must grant access to everyones account when you have to comply is par for the course.
You could say that the blame for Lavabit being shuttered is actually due to the technical design of the site and the compromises made for connivence. You should blame the site creator for that, not the USG for exploiting it.
I do not believe the USG has the right to the SSL keys, period
But it is clear you believe that the USG should have unlimited power with free reign to do whatever it wants.
Then do you believe that power extends to forcing a business or indivual to commit fraud? Lavabit had an agreement with both its customers and its business partner GoDaddy to NOT reveal the SSL Keys to a 3rd party, the second it was forced to do so, it had an obligation to disclose those keys were compromised, failure to do so is fraud.
Do you believe the USG should or does have the power to force people to commit said fraud
> It technologically impossible/impractical to have a separate SSL cert for each user, that is just not how the HTTPS protocall was designed
Not impossible; each paying user[0] could be granted their own subdomain based on username and then an SSL cert issued specific to that domain.
What really stands out from reading the unsealed documents is that there was no separation of data and control within Lavabit; Mr Levison argues at one point that handing-over the SSL certs will also expose his administrative commands. Well, tough. Control and data should never flow in the same channel, particularly when handling data for which you have already received and processed warrants in the past.
[0] there were only 10,000 users paying for the high-security service. The other 400,000 were on the standard offering, without at-rest encryption.
Excellent analysis. It's refreshing to see someone dive into the legal issues instead of spewing personal opinions about what the parties should - or should not - have done. I hope that those who critique the author's post will take the same amount of care in researching the law.
If you s/anti-government/anti-government surveillance/ then I think the article would be considerably improved. Was Lavabit explicitly anti-government?
I think the primary concern is protecting the other folks who are not the target. Handing over keys allows for the government agency the opportunity to violate other users 4th amendment rights.
I'm not sure it makes much of a legal difference, although maybe it might be a more accurate description of Lavabit's viewpoint. But as the article points out, a business model or ideology isn't a basis to challenge court orders or subpoena power...regardless of what it might be.
I believe it is very telling that a pro-privacy company, a company that has integrity and wants to honor the commitments it has made to their customers, is now a "anti-government" company...
I see a lot of comments about how "good" this analysis is, to me it seems very weak, and only "good" if you believe the government should be allowed to violate the 4th amendment, should be allowed to obtain any information from anyone at any time, and should be allowed to get SSL Keys from service providers, without disclosing this to the Certificate Authorities and violation of all security agreements with said CA's.
If you're very much a "pro" government person then I can see how this "analysis" would meet with your approval. To me it looks like pro-government biased drivel
I think you are missing the point. The analysis just says that you can't get an exception from the subpoena power by just claiming "but the whole point of my business is providing protection from it!".
A legal analysis like this is not too concerned with the specifics of a case because otherwise you couldn't have broad judicial principles at play.
That is to say, even if you think the government request was outrageous, Kerr's analysis simply says that yes, there's a long history of the right of the 'people' (here represented by the grand jury) to ask for information even if in the process the dignity or business of the person/institution the government is requesting the information from is damaged.
Lavabit needs to make a good case within those legal boundaries (which Kerr says is difficult) or try to change those boundaries.
My impression, as someone who is not a lawyer, is that much of what gets posted to the volokh conspiracy is "pro-process."
I think it is entirely reasonable to analyze the situation from the perspective of the law, but it seems like underlying their analysis is that the law is more than just a tool, that it is itself not subject to question. I can understand that from a functional perspective. Challenging the law itself, especially long established law (even if it is being applied to new situations) is a very hard task. But too often (at least for my taste) the writers there seem to bleed that over into the law having some sort of unstated moral stature beyond its utilitarian nature.
Volokh is not a philosophy site for people to opine about morality. It's a site about law, courts, and lawsuits. These things are all about process. Even when applied to new situations, the job of courts is to implement solutions consisting with existing law and legal norms, not to stray from the law to implement what they see as the more "moral" outcome.
Volokh is not a philosophy site for people to opine about morality.
Exactly my criticism. There is an underlying current of morality at that site and it seems to be firmly anchored in process. They need to exercise editorial control to eliminate that moralizing, just because it is subtle doesn't mean it is compatible with a site that aims for an analysis of process rather than a cheer-leading of the current process.
> It's a site about law, courts, and lawsuits. These things are all about process.
Reading Orin Kerr is akin to reading someone critique the actions of the principals in a waterboarding without critiquing the rightness or wrongness of waterboarding itself.
There's a creepy overtone to that kind of commentary.
This comment perfectly encapsulates everything that is horrible about legal discussions on HN: they are anti-intellectual, in the sense that they penalize knowledge or understanding insofar as such understanding complicates some poorly-stated valence issue (most often "the government should honor everybody's right to privacy"). It's not that the angry HN commenter has a carefully-considered (or even specific) complaint about Orin Kerr†. Rather, the angry HN commenter is angry that anyone has taken the time to understand the legal issue at all, instead of simply joining them in baying at the moon.
You should be embarrassed to argue this way. You should want to first understand the issues that are at play, and then figure out how your principles engage with those issues. You obviously shouldn't be trying to dismiss dense sources of information that you clearly didn't already have access to by making allusions to torture. But you do anyways, as do many on HN, adding no value, no original insights, no new information, not even a meaningful criticism of someone else's insight or information --- just, "new information that doesn't fit my worldview: BAD".
I've been here long enough to know that you're getting upvoted for comments like these, hopping from thread to thread shouting down anyone who fails to scoop out their eyeballs, pick up the accursed panflute or vile drum, and dance idiotically around the formless confusion of whatever issue you think you're advocating for. Just know, the same people upvoting you for poisoning threads are also the ones upvoting the incomprehensible douchebags who snark about "getting their side project acquired next time they get a job offer". You're two sides of the same debased coin.
† You can, once in a blue moon, find a carefully considered criticism of Orin Kerr on HN, but they've uniformly come from people on HN with law degrees and are thus obviously suspicious.
Levinson deserves more support than the paltry $90K (https://rally.org/lavabit) he's raised so far for his legal defense war chest. I hope he can continue to fight this as he goes up the court of appeals ladder.
The SSL key is only for the transport correct? My assumption is that the data in storage would still be encrypted by the customer's private keys. The USG could then obtain the private keys of the customer by watching the decrypted SSL traffic, and is also why the gag order would be very important to the case.
I think this is a pretty big misunderstanding by the author of the article.
There's a comment by "Jessica Darko" on the linked-to blog that I think warrants addressing. There is a big difference between a "search" for the purposes of the 4th amendment and a subpoena of a third party. Say the government is investigating Bob for tax fraud. It's a "search" subject to 4th amendment protections for the government to break into Bob's house and go through his drawers. It's not a "search" for the government to subpoena his accountant for any relevant financial records. It's a "search" for the government to break into the accountant's office to get those records, but the accountant can't hold up the 4th amendment as a shield against turning over those records pursuant to a court order.