670 comments

[ 3.3 ms ] story [ 282 ms ] thread
Source: https://lavabit.com/?repost=true

This is very unfortunate and sad. I hope he wins in Court. The NSA/administration are really trying to destroy the last bit of privacy in the world, and they will fight relentlessly until they do (especially if the People aren't fighting back).

um okay. If it is what we think it is, what makes you think that he will wrestle with Feds if Google, Facebook, Yahoo, Microsoft and other billion-dollars giants were not even interested pursuing the legal way?

Most likely, this is all so secret with secret courts foreseeing secret rulings that unless he has solid capital to burn on legal defense, he won't get far. He won't get far probably either if he has the money. I am sure courts would stretched it in infinity. And I am sure the owner is businessman more than a libertarian.

Sometimes a David makes a bigger impression than a Goliath.

It's been years since I've worked with Ladar. However, he's a man of great intelligence and principle. It's not unheard of for "the little guy" to take on the machine and win. I believe that Ladar will prevail in the end, and I hope he'll resume operations or come up with something even better.

I'll be donating something as soon as I finish my post.

Crap, I had just recently migrated all of my accounts to my new Lavabit address, paid for a year of service, etc.

Although I've seen some mentioned, what recommendations does HN have for a new e-mail service? Preferably something stable and also respecting of a user's privacy. Or perhaps you can only have 1 of the aforementioned attributes.

(comment deleted)
(comment deleted)
Which will work fine until countermail gets an NSL too.

Hosting your own, in your physical posession, with mercury-switch or dead-man-switch triggered thermite self-destruct is really the only option left.

(comment deleted)
And, snail mail.
Funny how the Fourth amendment still applies to the primary form of communication we don't use.
I just lost access to my primary email account.
Me too. It took a long time to update all of my account information for every website and service I use. It took me a long time to get all of my friends, colleagues, etc. notified that I had switched.

I now have a trail of being under my Lavabit account. Commits, patches, websites, services, friends all thinking I'm still under that account. Now I've got to do it once again, only a few weeks later.

Sigh. I can't blame Lavabit really. Just a situation I'd hope to avoid.

Do what I do!

I have my own domain name, currently hosting with Google Apps. If I get the motivation to move to another host like myself, I can do it without changing contact information.

Oh good, because Google will never be subject to an NSL.
At the moment, I accept the danger and resent myself for it. Moving to a custom domain is one step in the process, though.

And really, since all your email hops through relays constantly, the only truly effective anti-spy technology is message encryption, which wouldn't depend on where the messages end up.

Everyone you converse with uses gmail.
Yes, absolutely. Everyone here should do this.

Never have your identity tied to a mere provider.

Yeah, I thank my stars that I had the sense to do this almost 2 years ago. It really is much better. Another neat hack of using your custom domain is when people ask for your email address you can make one up without you appearing in their chat list. So for instance on Google Talk you're registered as iam@firstlastname.com, you could simply give them i@firstlastname.com so they can still converse with you (catch-alls ftw) yet they don't annoyingly appear on your Talk list.

And yeah, changing providers is just a matter of altering a field or two in the host records page.

That's a nightmare. However, I do feel strongly that lavabit made the only right choice. The US government is entirely to blame.
(comment deleted)
Actually, I don't think so, if he was a paying user. Everything on-disk was encrypted for paying users, and since lavabit had to shut down completely to not "be complicit in a crime against the American public", I assume that the NSL wanted them to make a change like Hushmail did in the past, to send the user's password to the server on the next login so that they can decrypt all emails.
(comment deleted)
I would assume that the NSA had already forcibly installed something that would compromise all further access to lavabit mail. Therefore the only option that doesn't reveal data is immediate shutdown.
That's not how Lavabit worked.
Did you get a refund?
I did pay in advance for few years but I wont ask for a refund, I will consider it as a donation for those legal battles.
Ok thats your choice however the company wasn't liquidated so they should refund their customers who are asking.
I'm in the exact same position. It's quite frustrating.

EDIT: I turned my frustration into a $100 donation to his legal defense. I hope that more people do the same.

Run your own server, on your own hardware?
This is why I contributed to Mailpile(http://www.mailpile.is/)'s fundraiser and hang out in their IRC channel. We need more, better, easy-to-use distributed, crypto-friendly mail software, and we need them yesterday. :/
bitmessage may be our only hope.
Bitmessage is fairly atrocious to use in practise. It's slow (by design) and extremely difficult to use properly. Moreover, I'd bet my hat that it's not secure.
I like the part where he can't tell you why he's shutting down. As if we won't engage in rampant irresponsible speculation that they have told him to decrypt and forward everything to them in real time.
what would you have him do? He's clearly under NSL, so he can't tell you what he was asked for. This is the strongest statement he can legally make (in fact, i'm sure some US lawyers would argue that it's actually beyond that).

I guess we now know how it must have felt to watch republican institutions spiral into tyranny in ancient Rome.

Yes, unfortunately; I'm a student of that period of history and it's getting pretty bad by its standards. No proscriptions yet, though ... perhaps because that doesn't work so well with a well armed populace.
Hopefully he would become a whistleblower, but with such a bleak outcome for Snowden I can sympathize with his not wanting to.
You kind of have to assume that if you're a customer.
The standard way to get the story out is via "leaks". Someone could, gasp, hack into his email, get the story, and publish it.
He's most likely under a gag order. I thought that was pretty obvious.
Aren't gag orders challengeable? I thought they were found unconstitutional.

http://securitywatch.pcmag.com/privacy/309277-judge-says-fbi...

I think they were found unconstitutional when they were forcing people to not even tell their lawyers. You can tell your lawyer now, and you can fight the gag order in Court - but in secret. Until the court tells you can tell everyone about it, you can't.
I'm curious exactly what the legal sanction is for telling the world/press.
I'd say it's more than rampant speculation. Shutting down his company was probably his only legal way of informing us.
It's unlikely they asked him to decrypt and forward everything. Someone would immediately notice the change and raise the alarms.

Much more likely they asked him to slip in a backdoor for some specific users. That's much harder to detect.

"I can't tell you the reason" is a rather blatant way of saying "National Security Letter".
At first I read your comment as "rather brilliant way" and I agreed with it more than your actual comment :)
This is a real shame. 10 years of work gone, and they have to ask for help for the legal bills.
Time to donate to the EFF. They haven't been branded as a terrorist charity yet, AFAIK...
(comment deleted)
The head of the NSA branded them as "the next terrorists".

http://www.salon.com/2013/08/06/cyberscare_ex_nsa_chief_call...

> “nihilists, anarchists, activists, Lulzsec, Anonymous, twentysomethings who haven’t talked to the opposite sex in five or six years”

Now that's a generalization if I ever heard one.

The following is a bit of a stretch, but the quoted abusive language from Hayden brings it to mind, as the movie "Eastern Promises" just came up in conversation the other day.

There is a scene in "Eastern Promises" where the protagonist, a "deep cover" police officer infiltrating the Russian / Eastern European mob in London, is compelled to have sex with an enslaved woman in order to prove that he isn't gay. (Because, up to this point, he has not shown interest in these "usual" activities.)

The quote from Hayden, after raising my ire, quickly made me think of this. So, Hayden is more or less saying that, um... "lack of demonstrated sexual prowess" is tantamount to being a misanthrope -- and worse, from the criminal justice perspective, a "criminal" (I'll refrain from using the t-word, including because it probably bumps the ranking of a post in today's data collection systems).

Of course, one might presume to take it as implied also, that if you're gay, you belong to this group.

That such a figure of authority can and does so loosely -- or perhaps purposefully -- bandy about such prejudiced language...

These are not consummate professionals. They are... apparatchiks.

>"twentysomethings who haven’t talked to the opposite sex in five or six years"

guess one of the patterns coded into their dragnet.

Note to geeks - get out and talk to girls or your file will be moved into "next terrorists" folder :)

Former head, and he was talking about the extremists who might attack Google or Microsoft, not lobbying groups like the EFF.
He's using the same logic that's used against extremists: if they're disenfranchised then they're a threat, and if we're disenfranchising them then they're a threat to us.

Why does the military have indefinite detention? It's simple: as a matter of policy they torture suspects, but since they were tortured then it stands to reason that they will become radicalized upon release, so they're held indefinitely.

Let me spell it out again in simpler terms: the military holds them because the military tortured them.

Not torturing them isn't even an considered an option despite the dollar cost of maintaining an off-shore super-maximum-security prison for hundreds of people guarded by a large military presence.

No, he's saying that there are groups on the Internet known for lashing out at companies for various politically motivated reasons, and this Snowden story is going to be one such reason.

His choice to call them terrorists isn't something I'm going to really defend, but if it makes you feel any better, he hasn't been in charge of anything for 4 years.

He may not have been in charge of anything for four years, but it would be nice to see General Alexander condemning such specious reasoning and fear-mongering.
Is it fear-mongering? Sites actually do get hacked and defaced all the time for political advocacy (e.g. LulzSec). I've long been more afraid, in general, of computer hackers than government.
> " I've long been more afraid, in general, of computer hackers than government."

Seriously?

Yes, seriously. People like to think that computer hackers have some perfect sense of morality, I have real-life experience that they don't.

The government, though occasionally surreal, has not once been a serious impediment to anything I've wanted to do, and in fact has occasionally been an exceptional aid in what I've wanted to do.

I find it amazing that anyone can still justify what the government is doing. Every line has been crossed. To the DEA, to the IRS. And, still, you are okie dokie. I am amazed.
Read what I wrote. Did I justify what the government is doing? Or did I say that relative to non-governmental threats that the government has not yet reached the top of the list?

If those like you were in charge of invention shops in the 19th century the light bulb would never have been invented. "Ugh, look, this piece of shit failed for the 20th time, this will never work, we should just give up entirely."

Luckily we have had innovators throughout history who are not afraid to see the future as it should be and to iterate, iterate, iterate and iterate some more to bring the world closer to that ideal reality.

Does the government still have work to go? Absolutely, but it can be made better, which is not something I can say for everyone.

I see. So we can have a more perfect surveillance state. And then it will be OK.
It'd be nice to see Obama pardon Snowden, too.
Pretty sure we are going to be into at least two or three presidents trying to hang Snowden from the flagpole. They will never pardon him because of their fear of the next sysadmin exposing crimes of the state.
Do you blame them for that fear? This time it's spying, next time what if it's troop deployments? What if CI names get leaked by someone who finds the CIs to be scumbags?
He's not the head of NSA. He's the former head of NSA.
Don't give ideas.

Too bad that he does not have donations page. I would gladly donate. Also - respect for the decision he made. If he kickstarts a campaign for restoring the service I will be there too.

Do you mean Lavabit? There's a donation link at the end of the post.
There is a link at the bottom of the email to a PayPal page for donations to a Legal Defense Fund.

I do wonder if PayPal was a good choice for this, or just a choice of convenience. I have trouble trusting PayPal given how many horror stories about accounts being suspended, funds seized (or returned to the senders), and phantom account locks for fraud investigations.

(comment deleted)
(comment deleted)
The line "A favorable decision would allow me resurrect Lavabit as an American company." seems to suggest that he may be working to create lavabit outside the borders of "Mordor". Can he reopen it as a foreign business?
From 2011:

> Lavabit processes 70 gigabytes of data per day, is made up of 26 servers, hosts 260,000 email addresses, and processes 600,000 emails a day. That’s a lot of email.

http://www.dbasoul.com/2011/1008.html

Update: According to their stats page, they had 410k email accounts hosted before shutdown https://twitter.com/georgemaschke/status/365553445538775040

(comment deleted)
70 GB / 600K emails = 122KB per email. That's a large average even with headers. To put things in perspective, Costco's massive marketing email sent to me this morning is 138K including headers.

So the question is, what were people sending though Lavabit that averaged 122K and would have attracted attention? Therein probably lies the reason for all of this.

A lot of outliers are screwing with that average. Think emails with powerpoint/keynote attachments, rich pdfs, photos, etc.
The 70GB probably includes attachments, so quite a bit of that number could just be certain users sending large attachments on a regular basis.
If Lavabit allowed large attachments, I'd say photos.

122KB is the average. The majority of emails were probably 1-2KB. Then newsletters, around 50KB. Lastly, emails with attached photos, ~5MB.

Probably follows a simple Pareto distribution: 20% of emails comprised 80% of the total storage required.

Average, not median. A thousand 50KB email are easily offset by a few 30MB email with max size attachments. 122KB average isn't unusual.
It is possibly 600k non-spam emails per day? With the 70GB including all data w/ spam. Because with ~300k accounts 600k emails per day is only 2 per account which isn't much taking spam into account.
Most of the companies I receive email from these days have 122Kb of crap attached to the bottom by their outgoing MTA. You know: awards, disclaimers, twitter icons, facebook icons.

Makes me want to fuck off back to plain text.

For the unfamiliar: Lavabit was a webmail service, that (claimed to) encrypt emails in such a way that they literally did not have access to the content stored on their own servers. The linked email would lend some credence to those claims. It was originally designed in contrast to gmail scanning your email for targeted advertising, but my imperfect memory says that their system should also have been resilient to "we have a warrant, hand over the data."
Well, he may not have been able to hand over the old data, but he may have been asked to include an exploit for all mail going forward. That could have been as simple as the authorities inserting some middleware.
Perhaps such a request is why they have shut down?
That's reasonable. And while you can get already in trouble for not having stored user data in the past, you cannot really refuse to store user data from now on. Ergo probably this surprise shutdown now … :(
This actually did happen with hushmail. It's hosted in Canada, but the US leaned on them hard enough that they ended up backdooring the client to let the feds snoop on the targeted user.
That is not quite what happened. As the link below says, it was not an exploit. Users were warned that using pure IMAP access and/or webmail, which was a convenience feature and continues to be with them, would require your private key. It was recommended you do not do that, and use the provided Java applet or mobile app. The person in question in those criminal proceedings used one of those convenience functions, if memory serves.

Not that defend Hushmail. I do not, fuck 'em for that. There are plenty of services like Lavabit that avoid that problem, but that requires intelligent users/criminals/what-have-you.

"It was recommended you do not do that, and use the provided Java applet"

Which is equally insecure, as the company could easily insert a back door the next time you load the applet. Hushmail was and is snake oil.

For sure, but can I fault idiots for inability to read the documentation and caveats? Maybe, but not really lest most on this site could not "do computers" professionally.

Unfortunately, the trust problem you mention is pervasive. It was a signed applet IIRC, but we both requires you trust the original and modified applets from the developer. I am wishing someone released an auto-encrypting PGP service and client, open-sourced on purpose.

We all know only four people would read the source of that, and two of those would verify the dev key given with the release. :-)

Well, it looks like we got ourselves a reader.

http://www.youtube.com/watch?v=BwkdGr9JYmE

Unfortunately, I cannot find a clip of this from the movie Ronin. One of my favorites with Robert DeNiro as a criminal or spy, and not even his own gang of crooks are trusting of him. Among my many favorite quotes (I am reviewing all of them and laughing; the movie is a goldmine [0]):

Spence: You think too hard. Sam (DeNiro): Nobody ever told me that before.

[0] http://www.imdb.com/title/tt0122690/quotes

The correct way to do a signed applet or signed extension is to give the signing key to a third party who has responsibility for auditing it, or at least being "out of the subpoena chain" so when bad stuff happens, they suddenly stop signing new versions.

I kind of wish there were a (well armed) organization which did this for other projects.

I think Hushmail are pretty up front about being no protection if the person who wants access has a court order. I would not go so far as to say 'snake oil'.

From wikipedia: "The issue originally revolved around the use of the non-Java version of the Hush system. It performed the encrypt and decrypt steps on Hush's servers and then used SSL to transmit the data to the user. The data is available as cleartext during this small window; additionally the passphrase can be captured at this point. This facilitates the decryption of all stored messages and future messages using this passphrase."

"Hushmail has stated that the Java version is also vulnerable in that they may be compelled to deliver a compromised java applet to a user.[5][7]"

In [7] "Brian" working for hushmail responds to a wired journalist agreeing that the applet was an attack vector and Brian even points to a schneier.com article stating the same[2]. He did weasel around a bit about "viewing applet/HTML source" which he admits is no use for determining the validity of the applet as it is compiled.

[1] https://en.wikipedia.org/wiki/Hushmail#Compromises_to_email_...

[2] https://www.schneier.com/essay-191.html

[5] http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.htm...

[7] http://web.archive.org/web/20071019225245/http://blog.wired....

"I think Hushmail are pretty up front about being no protection if the person who wants access has a court order"

It is not just about having a court order. The court order is not some kind of secret key that decrypts messages, it is just a way to compel Hushmail to decrypt those messages. Pointing a gun at a sysadmin would work just as well. Paying a sysadmin would also work. Getting a spy to work for Hushmail would also work.

Let's say you are trying to protect the names of activists in China. There is no reason to think that the Chinese government could not find a sympathetic Chinese immigrant / national with an IT background who is willing to pass on some messages every so often. You can imagine other scenarios -- maybe you have highly valuable business secrets, maybe you are running a political campaign, etc.

Snake oil is the right term for Hushmail, because that is what they deliver. The only term that is more polite than snake oil is "key escrow," but why should we be polite here?

In my eyes a backdoor is a subcategory of exploit. But the term used doesn't matter. The point is that they altered the software used by their clients to not only encrypt emails with the key, but to forward copies to be given to the government.

The warning they gave out was to point out lower security, it does not absolve them of the obligation to try to keep their severs secure.

The feds wanted to install a prism device on his network, not sure if he shut everything down to prevent that from happening or if there are other factors at play.

The guy who runs the service is one of my best friends. He's the kind of guy who would burn the server farm to the ground before he did something that violated the terms dictated in his privacy policy.

If true, you probably shouldn't put these details here (especially mentioning that he's one of your best friends).

I was curious to know, of course, but I'm afraid that this could somehow be used against him later.

And this reads as if someone was trying to force him to install means to spy on his users, and it wouldn't be surprising if the aim was to spy on Snowden directly (if he really used this service).
It may be simpler than that. Even if Snowden has walked away from this service, the publicity may have attracted a lot of people the authorities find interesting, including legitimate (whatever that means) persons of interest.
The political backlash attached to slapping an NSL on "Snowden's email provider" would have looked obvious to a 5-year-old, and any real player worth its salt would have run from Lavabit as soon as it hit the news.

No, this has nothing to do with common criminals and everything to do with Snowden.

NSL's come with a gag order. There wouldn't have been any backlash as no one would have known about it.

He shut it down because that was the only way to legally prevent the government from spying on his users.

Good point. While controversial, this is exactly why, too. (Fed's don't want to tip their hand).
Somebody running a service like Lavabit woild be a very motivated individual, civil disobedience was a real risk.
More likely he was compelled to turn over emails relating to the case, and he doesn't want to have to be forced to do that again, so he's shutting down the service.
Possible, but unlikely given the nature of the service. It sounded like he wouldn't have been able to do that.
What I find interesting is that the lavabit homepage says that the owner has been fighting this for 6 weeks, but the reporter that released Snowden's email address did it July 13th.

The Government has been trying to get into Lavabit longer than that.

Although, perhaps they already knew that Snowden was using Lavabit and started the process immediately after his flight to HK.

That's exactly what happened. He can't afford to continue fighting the feds in court, so he's shutting everything down. His lawyer is expensive and he will go bankrupt if he stays the course.

If anyone can recommend someone who can provide counsel pro-bono let me know and I'll forward the message along.

It wouldn't be resilient to interception of mail going to and coming from lavabit however, since email is essentially a plaintext public protocol.
...which is why you encrypt the contents before you send it, yes?
Considering that most other people don't use email encryption, no.
This is why the speculation that even with encrypted emails, to and from address is in the clear and that could be valuable info to government. So we're back to meta data in plain text both in transit and storage.
What? I don't think this is true at all. Plaintext data, email or not, can be protected with robust encryption. Your end security is the main consideration, but that has nothing to do with the protocol or content, really.
The difficulty is that most recipients of your message will not be willing to use whatever crypto technology you've chosen. PGP is probably the most popular email encryption system, but good luck finding people who use it. I work in the software industry, and I don't regularly correspond with a single person whom I know to use PGP.
It'll be interesting to see whether companies start to shift to using encrypted email over the next few decades - it's not that hard to set up if you know the counterparty will be using encryption of the same kind, and if it's not a service bought in from an external company you can fairly sure it is secure.

Companies could at least insist that intra-company email is encrypted, which would be a huge amount of their normal communications, and then extend that outside their boundaries with partners who also accept (say) S/MIME.

At present I sign my mails but like you have no clients who use encryption.

Key exchange is still a huge issue. Sure, you can post a public key online, but I have no guarantee it is actually your key. How do I do business with somebody new?

The core problem with widespread crypto use today is not encryption, it's trusted key exchange.

Put the fingerprint in your business cards? In fact, maybe we finally found a reasonable use for QR codes.
That's a cool idea. I'm totally gonna do that :)
Fingerprint in hex at the bottom of the business card is something I've done for the past 15 years -- pretty much the only reason I even bother with business cards these days.
This is a really interesting problem that needs to be solved. We need some sort of P2P secure protocol to exchange keys between people. Bypassing all sorts of stuff and connecting directly and sharing over an encrypted channel. This sounds really tough the way the internet works right now but I think solutions will come up now that there is a real need for them.
Exchange/Outlook already does intra- and extra-company encryption.
This comment implies you actually trust Microsoft's crypto implementation.
Nope, only that companies trust Microsoft's crypto implementation.

But as it happens, yes, I trust our crypto developers. They're much better at it than most of HN.

I don't. I've seen the source (via shared source) and there is a big fucking hole where the CSPs should be.

And the rest of the code is pretty shitty in places.

(comment deleted)
This is somewhat true. RFC3207[1] describes opportunistic TLS encryption for SMTP communications. Our postfix deployment uses this and a fair amount of our email is sent over TLS-encrypted SMTP.

Of course, an MITM attack could hide the STARTTLS option and there are questions around the strength of the CA cert infrastructure, but SMTP is not just plaintext.

[1] https://tools.ietf.org/html/rfc3207

The problem is that you don't sent to the destination SMTP server. You send to your SMTP server. That goes at least one hop via SMTP and eventually ends up on the destination's domain server.

So even if I setup and host my own SMTP server, and even if I verify the TLS certs on my side, I have no way to verify that I'll get (1) A TLS connection (2) with an authenticated cert all the way to the ultimate destination.

It's beyond my control to ensure that I'm secured when emailing to an arbitrary domain with arbitrary configuration.

It's quite likely however that Lavabit, being a service that focusses on privacy, delivers enough emails directly to the target server over a secure protocol to cause problems for the NSA in this investigation.
The problem is that all of the people you correspond with use gmail, which participates in PRISM. No amount of transport encryption or storage encryption on your own end will stop Google from sharing that data with US authorities.
"Participates" is the wrong characterisation, they are under the jurisdiction of FISA orders, if the NSA wants to call that PRISM, it's their business. Also worth mentioning is that providers in non-US countries are subject to their respective country's surveillance efforts, so either way it's a red herring argument.
"Participates" is a perfectly acceptable word for silently complying with a law. Especially for an international company that could have changed jurisdiction of the relevant servers.
"Participates" is not at all an acceptable word for actions taken under duress, and for an international company, changing jurisdiction of the relevant servers would have made no difference whatsoever. As long as your flesh-and-blood body is located in the US, or in a country that chooses to enforce US law in such matters (or will ever be so located in the future, even for a stopover on an international flight), your servers could be on the moon for all it matters; you still have to obey the government.
There are different levels of duress. Nobody pointed a gun at Google. They could have refused if they truly wanted to.

Can the US serve a warrant to a server in Europe run by Europeans? I was assuming the answer was no, in which case you don't need violate any laws or worry about repercussions.

Well anything that hits an MTA or MDA and sits in a queue somewhere on rust is liable to be snagged. That's usually every host between you and the destination MUA.

The whole protocol and mail delivery system is fucking hopeless.

As an ex-ISP mail architect and ex-operations guy, I hope the whole existing email protocol suite and architecture dies in a fire.

The problem is that, left to market forces, we would end up with an email solution that looks like (or is) Facebook.
I'd rather we stopped talking electronically than ended up with Facebook.
Have you seen RetroShare? I like it quite a bit & have used it with a few friends so far. It claims security... but I don't know enough to be certain.
Your username combined with your claimed former work experience is utterly hilarious--thank you for the levity in this dark time.
The name came after many years of filling in paperwork :)
Hushmail is a similar service. There's been some speculation that authorities could compel the owners to perform a sort of internal phishing scam to get the passwords.
It's not speculation:

http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/

> a federal prosecution of alleged steroid dealers reveals the Canadian company turned over 12 CDs worth of e-mails from three Hushmail accounts, following a court order obtained through a mutual assistance treaty between the U.S. and Canada.

It seems like the most secure way to send a message these days might be snail mail. While I know the feds to open it from time to time in specific cases, they definitely don't open all.
no, they don't open the mail, but they scan all the addresses as part of their routing process. We should assume that all postal "metadata" is stored forever.
As a veteran of the USPS software industry, I wouldn't worry too much.
hilarious!! since we on the subject, are there any veterans of NSA software industry who can share some insight?
I assume they would be under some sort of NDA.
There is a lot to be said for Snail Mail in that regard. There are far more privacy guarantees (i.e. clearly defined requirements for warrants, and stricter terms) relative to electronic forms of communications.
They take a photo of the front and back of every piece of mail that is sent. Your content is safe, but they still get the metadata.
Couldn't you just leave off the return address? In this case there's not much metadata to collect except for the recipient address.
You can also fake the "from" address in an e-mail, and send it from somewhere in the world via vpn
I did a fun experiment once. I wrote the actual recipient address in the return address place, and put a non existant address in the front. I also didn't stamp it. It did arrive to the recipient 2 weeks later, with a "return to sender" banner.
Working in the mailing business and dealing with the USPS carriers; they are not dummies (the usual people warning here) and if someone gets curious on why so many pieces arrive at a certain address w/o postage, I would expect that address to get flagged for a special looksee.
Edit: I was a PM on Exchange and Exchange Hosted Encryption for some time, so it looks like Lavabit tried to fight the government on whether they are required to release private keys. I've seen one other customer try to fight, and it was not pretty either. The US government in these cases are serious.

Takeaway for fellow hackers: If you are building a system that stores user-generated data, prepare for the eventuality that someone other than the user will demand to see it.

In general, the prevailing theory is that all companies are required to release private keys or passwords needed to unlock evidence. As a consequence of Lavabit fighting, they likely got slapped with some pretty harsh contempt of court rulings, including a demand to record all private keys needed for decryption going forward. The worst case (that I can talk about) I saw involved requiring a specific employee be demoted due to improper care of a company's systems.

What's sad is that because Lavabit was such a small service provider, they never had the previous rounds of government threats and must have been caught off guard. As I've said in past posts (before Snowden), it is common knowledge among large-scale service providers that the local government can always come in to take a look. Doesn't matter if you are in the US, EU, or China, you have to comply. I've seen the US DOJ threaten pretty harshly a customer who simply asked about 'options' of how to comply.

Past post with explanation: https://news.ycombinator.com/item?id=5754641

P.S. Right or wrong is a separate conversation...

The worst case (that I can talk about) I saw involved requiring a specific employee be demoted due to improper care of a company's systems.

Would you expand on this? Are you saying that a court was meddling directly with an individual company's hierarchy?

(Forgive a 5-year-old memory of one of many cases -- I probably have the numbers wrong) It went something like this: The director of engineering approved a log retention plan that kept access logs for 7 days or something. They wanted to reduce costs and issues with log files were the top reasons for getting called to support the service. The government needed to demonstrate that someone had accessed the service 14 days ago, and the government could not understand why the 'minimum' of 30-day access logs were not present. I think something else was missing, too. There was a back-and-forth, and since the company couldn't produce the logs as requested the government got a contempt of court with the understanding that the director would be demoted to an IC and not be anywhere near the production service. I think the company lawyers agreed to the conditions to make a worse outcome go away.

If it's not clear, there were strong personalities involved. One way to tell the story is the director went out of his way to poke a bear and got mauled. Another way to tell the story is that a bear went walking down main street looking for trouble ("How do we know you didn't change the retention policy to protect the individual?"). In both cases the guy lost his hand and the bear is still loose.

Software/technology is quickly becoming a place full of dangerous legal landmines.
so no matter how good encryption gets, government will simply ratchet up the penalties; financial and/or prison time; to keep pace.

we simply can be guilty hiding the nothing we have to hide

Don't be so bleak. If you're going to do something that will get the attention of any government, here's a simple rule to follow. Don't use 3rd parties. And if you must, do it in a way that can never be traced back to you in the "real world". It isn't hard and it isn't even illegal.

http://www.amazon.com/How-Be-Invisible-Protect-Children/dp/1...

(comment deleted)
Step 1: Don't buy a book called "How to be Invisible" from Amazon.
Is there a legal precedent for minimum time that logs must be kept, say for an email service or messaging service? I'm talking about US policy, if that makes it more clear.
Generally speaking unless you are specifically required to keep records for a regulatory purpose (i.e. tax), you don't have to keep logs at all. Lavabit used to keep logs for a limited time (I think a week?).

More concerning are key disclosure laws [1] and their crazy penalties that seem to be creeping in all over the world.

[1] https://en.wikipedia.org/wiki/Key_disclosure_law

No, but you must follow your own policy.

You also need to take reasonable measures to preserve relevant data when you have reasonable cause to suspect that litigation or an investigation will begin.

Not having a policy can hurt you. If you have no deletion/retention policy, and happen to destroy data for some random reason when a litigation begins, you or your company may be in trouble.

Note: IANAL, and different industries or data categories have specific legal requirements or best practices for retaining things.

It was likely agreed on (possibly via contract) to meet the compliance policy of the government agency. So I could see breach of contract. I don't know about legal precedent for logs per se, but there is precedent for retention of other files. For instance HIPAA involves some well known regulations around keeping and destroying medical data.
ziplip shut down in 2005 citing an inability to maintain user privacy in light of new legislation. Their servers were in Ireland, I think.
(comment deleted)
Could you name some examples from Europe? Cases when police physically takes servers are common. But I never heard of case where police would require encryption keys for 'maybe we will needed it'.
Also, what prevents the guy from setting up that service in a European country (Switzerland is not subject to EU laws)?

I don't see why his 10 years of work would be lost.

He might not want to relocate.

It's risky to relocate the servers in another country. You will have to obey the other country's laws, but the US gov will still claim jurisdiction if the staff and/or owner is in the US. The US will even claim jurisdiction as soon as you use a ".com" domain [1]

Of course the hosting nation will also claim jurisdiction. So relocating your servers to one country while staying in another will expose you to two national laws as well as any international agreements between these nations.

[1] Richard O’Dwyer, a UK citizen who ran a UK-based web site, was facing extradition to the U.S. because he used a .com domain. - http://www.theguardian.com/law/2011/jun/17/student-file-shar...

He could still just sell it to someone in another country. Neither the service nor his 10 years of work would be lost.
Depending on how bad the government wants the data, that's essentially just charging a high premium to get all the data instead of a specific user's data.

If the purchasing party is less scrupulous, you've thwarted nothing. In extreme cases (or for smaller companies), the purchaser could even be a government front.

I'm pretty sure there are known entities offshore you could sell to who are unlikely to be government fronts. Imagine selling to someone Wikileaks affiliated...
> P.S. Right or wrong is a separate conversation...

No it's not. This is wrong, plain and simple. Wrong is wrong, and black is black.

I think the worst they can realistically do is 1) threaten contempt if you can comply but don't and 2) threaten to disrupt your business operations by seizing servers. There are gag orders on certain legal requests, but you don't have to talk about it to not comply (if you can't comply).

As long as you can't comply, I don't think there's an uncounterable risk in the US, since we don't have any key disclosure requirements (the exception being CALEA, which only applies to the PSTN; I'd skip CALEA for an interconnected VOIP system and fight them in the courts/media, personally). Presumably they could put other weird pressure on you like threatening to investigate your nanny's immigration status or whatever, but enh.

I still maintain that if you do things properly, you can operate safely in the US while resisting pressure from USG. You can't literally wipe your ass with an NSL in front of the agents, but if you don't have it, and can't get it, they're at worst a DoS. Forcing a provider to implement a huge new logging infrastructure would be an interesting 14A issue, and one could have a system where even that wouldn't recover customer keys.

IANAL of course.

The data may have been protected, but the senders and recipients probably were not. Similarly to SSL, it encrypts the traffic, but does not hide which websites you use.

I bet that data are still valuable to the government.

I have been thinking of starting a business in the privacy space. This has shown me that that all customer data needs to be periodically obliterated in safe way and that a kill switch or nuke button is needed as well to destroy everything on a moment's notice.

Where and how to host is a major concern. Cloud, etc., is obviously out of the question.

Apparently a business where some guy is moving paper mail icognito from one point to the ther could be a possible business. I guess lawyers may want this, especially lawyers working to defend issues related to abuse of privacy breach or executive actions. Of course it will be hard to advertise such business.

If you'll be trying to keep this secrect by creating small cells of people not knowing each other and smart mailboxes preventing people exchanging t identify each other, you'll become suspect of supporting spying activity.

So you better work for the minimal number of clients and charge a lot to remain sustainble.

My understanding is that as long as keep the info concentrated in one spot (i.e. Paper mail) it is easy to grab it. If you dilute and spread the info using shared secret and hide it smartly in images or random text, this info would be much harder to catch but could use conventionnal transport means.

Extending this idea further, turn the mail network into one big world wide hologram. The information would then be spreaded, available from everywhere, very hard to censor, and private since you need some specific reference signal to extract the info. It's like shared secret.

Note however that the need to catch evil people using such communication system for evil means is needed. Just considering our own privacy regardless of what can go wrong with such system is in my opinion selfish. We will always need method to protect against abuses.

Reminds me of the plot in the game Mirror's Edge, where couriers would physically deliver data instead of electronically, since there is no way to be sure that it isn't being intercepted. Such a thing might already be in practice already.
So... there would be market for a secure email service that ran on a ship/vessel that was permanently in the middle of international waters?

(might have to have multiple vessel's for redundancy purposes)

So guarantee you will be regarded as a "terrorist" and then put yourself somewhere in the middle of international waters?

At least when the ship disappeared off the face of the earth it would be easy to figure out what happened.

Pretty sad world we live in that this is entirely realistic.
(comment deleted)
I suppose, but looking at it another way: for the first time in human history we can imagine a world where this wouldn't be the case. We are closer to that world than we've ever been, even if right now the west is moving away from it again.
IANAAL, but I'm guessing the U.S. would just pressure your flag state to revoke your license. Then they'll arrest you for piracy or something. Or even better issue a letter of marque and reprisal so private citizens can hunt you down and take your stuff.
Why bring in privateers? They'd complicate it, and mean reneging on public commitments. Just label the boat as terrorist and send the Navy or Coast Guard.
By "better" I just meant it would be "cooler", in the sense of invoking old, rarely used provisions of the Constitution. But you're right, Navy/Coast Guard would be much more effective.
People have thought about this, and Sealand actually hosted a very secure datacenter.

The problem is that you have to connect up to the Internet somewhere, and they can always get you there. Either tapping and listening in on sessions, or just plain disconnecting you.

"encrypt emails in such a way that they literally did not have access to the content stored on their own servers"

how is that possible? I'm curious to know as to how they achieved that technically. I mean if the user is reading an email in their browser, then it would've had to have been created on the server first.

It's just how encryption works; you don't store the plain passwords or keys the users submit to decrypt their stuff, thus you have no way to access it.
It all happens on the client side. Servers only store the encrypted emails and have no idea what the contents or the keys are.
right, but incoming and outgoing emails from lavabit servers won't necessarily be encrypted, unless the other party is using GPG or whatever - it's just the way they're stored.
The same server(s) also control the JavaScript code run by the client/browser. They could serve special code (to any one the government wanted to spy on) that returned their password to the server.
That's exactly why LavaBit shut down, looks like they were forced to do that.
it sounds like they were asked to modify their system to retain data
If I could afford it I would donate, big time, to them.
I watched Casablanca the other night.

SPOILERS

I thought about how the Gestapo had Lazlow in their midst, at the same TABLE as them, and yet didn't do anything immediately other than deny him further travel. Of course, it's a movie, but it was an interesting thought. Nowadays, if Snowden were known to be hiding in a foreigner's Moroccan cafe, we'ds drone half the building.

Also, I noticed the pride and the wonder that America inspired in the workers and patrons of Rick's. It was a symbol of freedom and opportunity. I wonder how many people see it that way now.

It's only the people with the least amount of power, the least pull with authorities, who get droned.
Old European elites shared a common culture that went beyond borders, at times perversely so (e.g. the whole Geneva Convention mindset where war is all a big game in need of more gentlemanly rules). They respected each other more than they did their fellow countrymen from lower classes. It's the same today: you'd never see a Saudi billionaire droned, even if we knew he'd been "the real Osama" all along.

Snowden is a little fish and as such he's being treated, as an example to his uppity peers. His friends are little fish, and as such are being burnt down without a second thought.

Iterated prisoner's dilemma isn't exactly a 'perverse' way of looking at war. Taking the high road helps you more than it hurts you. And remember that a country taken with minimal casualties is going to be much less rebellious.

Killing is not the goal of war.

I just signed up three days ago, and was exchanging mail with one of their reps about opening a couple more accounts with them. I went to log in last night and noticed that the service was down, which I thought was a little odd (since everything was down at once). I'm going to have to read this again later when I get a chance but for now, wow. I respect their decision but I'll bet the timing sure was bad for a lot of people (especially those coming to Lavabit specifically to escape what's going on here).
I'm in the process of moving any Saas offerings I use off USA-affiliated companies, but it's actually more difficult than I first thought. I believe there might even be a very profitable market in simply duplicating the functionality of Saas offerings at a higher price with security/privacy guarantees in Germany/HK/etc. Might be the next hot business to be in? You'd be surprised as to the number of people seeking alternatives at this point.

EDIT: Relevant XKCD for people calling for technical solutions to the problem: http://xkcd.com/538/

I'd love to believe that the authorities in Germany are not also tapping lines like France or the UK. Do we have any proof that is the case? I agree this has made me think twice about hosting in the us, but also about crossing national boundaries full stop without encrypting traffic.
The difference is that the authorities in Germany don't have the legal framework to force someone to do this and threaten them to stay silent.
Ostensibly the US doesn't have that framework either, the Constitution would seem to preclude it (I realize we are talking about a myriad of offenses at this point so it may get hazy). But as you can see, shit gets ignored. Secret government agencies in Germany could ignore laws there just as easily as the NSA does in the US.
There are no countries where you are allowed to go public on surveillance measures applied to your customers, user etc. – at least not before the surveillance has been completed. And while traditional surveillance measures have an end, today's +/- total surveillance is continous.
At some point, maybe the citizens of the world will understand that laws don't apply to the people who make them. They never have, and they never will.
If you're German, would you prefer to be surveilled by the German government or by both the US and German governments?

If you're in the US it seems kinda pointless to try to move to overseas hosting; the NSA will probably just focus on the client side.

Under data sharing agreements, if the NSA takes an interest, your data will probably go to them without questions or oversight. Drone bases (Ramstein) and listening stations (Dagger Complex) are located in Germany, and Germany was one of the most targeted locations in the boundless informant set of slides. It's probably illegal, and hopefully will be challenged in court, but it does apparently go on on a massive scale, with or without our consent.

http://www.spiegel.de/international/world/bild-908609-515222...

Accountability and culture. German intelligence services are "weaker" in the sense that they (seemlingly) still are under the control of the legislative body (secret contracts with the Western Allies sadly nonwithstanding). They are also regarded with deep distrust by large parts of the populace and by a significant segment of the legislature.

It is quite possbible that, come September, some of the government parties might lose a few percentage points due to the citizens being annoyed about the erosion of the rule of law. We'll see.

>Accountability and culture

The culture that brought us the SS and the Stasi.

  The culture that brought us the SS and the Stasi.
Really? Really? With an account that is as old as yours you cannot avoid posting a comment like this? Do you consider that mature? Useful? Reasonable?

I don't. You just disqualified yourself from any meaningful discussion, ever.

My wife treated people with mental issues for some time and I have the utmost respect for people that can handle this stuff.

You, instead, are without protection. You post stuff like this and shout out to the world that you have no clue, that you have no idea what your are talking about, what the topic of this thread is and .. just show that HN really should provide a feature to ignore other people.

Please - go away. You didn't contribute and you're a sad, sad idiot.

Bad memories of those periods are a non-trivial part of why they are surveillance adverse today.
No, it's the reverse. The nazi era and the Stasi have resulted in a modern Germany that is fiercely oppositional to anything that leads in this direction.

There are very strong open source, transparency and anti surveillance movements in Germany. Stasi is the entire reason WHY we have strong privacy laws here.

As Goebbels pointed out, all it takes is the right kind of threat, either real or manufactured ("Think of the children!"), and those "transparency movements" you speak of will fade out more rapidly than the grandparent post.
That doesn't work as well if the culture has been inocculated.

How does one do that?

Well, I don't know if this is still done today, but when I was in 7th or 8th grade, they (school) drove us, by the busload, to visit a concentration camp.

We were shown the lampshades and wallets made of human skin. The place to stand where inmates would be executed during what they thought were medical examinations. And so on and so on.

It is quite possible that the next "Western" genocide will happen somewhere in Europe. But as somebody who has grown up here, I can assure you it won't be in Germany.

I just wish that history was thaught like this everywhere.

I have to agree. I spent two days in Berlin this week and went to the Holocaust memorial, etc. I was impressed with the way these things are talked about with such openness - to make sure that this stuff never happens again. Also, I've traveled to several european countries and found Germans to be quite open minded regarding race, religion, etc. since I think the past has a lot to do with that. Happy that the german education system and culture appears to have a strong culture of 'learning from mistakes'. Clearly that isn't the case for the US with Vietnam, Afghanistan and now Iraq.
To be fair there are still lots of racist and intolerant people here. And nazis, though the antifa usually kick their asses.

But the tolerant and open minded strain is pretty dominant. Germany is 9% foreigners. Frankfurt is like 30%

This may be the most ignorant comment I've ever -- and I mean ever -- read on a web discussion board. And I frequent many discussion boards.

Current German culture is equivalent to German culture under the Third Reich? Really?

Is current American culture equivalent to early-through-mid 19th century American culture? Should we discount everything the USA does because you once kept/traded/abused black people as property? Then continued to legislate such thinking via Jim Crow well into the 20th century?

Now that I look, I notice your post history is littered with anti-German racism rooted in complete historical ignorance. I'm wondering what your angle is.

Encrypting is a given - obviously you'd want to only be using Saas services in Germany etc that are fully encrypted. The problem in using USA services is that even if everything is fully encrypted, the USA can and will send goons around to take your data. Encryption is simply useless when dealing with a company in the USA who is forced to hand over the keys and whose data-centers can be legally entered and modified by thugs. Once someone has physical access to the server, the game is over.

Germany is a better bet. While they are no doubt tapping lines, Germany and the EU have made no moves to actually perform hostile interventions into data-centers or private servers. This means that encryption is still a very viable security measure for protecting your data in the EU. The EU simply has a far better track record with privacy related issues.

It's not about perfect security, it's about getting the best security you can hope for - and that means moving away from anything USA hosted.

EU is a very generic term here. There is very little consistency across member states on this topic; UK laws, for example, are probably worse than US ones in most cases. I'm not 100% sure, but I believe Italian ones aren't much better atm.

The short-term answer is to encrypt everything users have to store, and don't handle their keys, but it's a stop-gap: the only real answer is political and that's where things have to be fixed for good.

Then the most obvious answer to me seems to use technology to affect the political landscape.

How that actually manifests itself, depends on how desperate people become to retain some sovereignty over their livelihoods… which begs the question, where are we now and who could provide the resources/environment to foster the type of change that is needed?

Where exactly are these keys going to be stored?

Users can not and will not securely manage key material.

The EU has minimum standards for surveillance and most EU member states are clearly American vassals. Even France proved to a vasall in forcing the Bolivian president's aircraft to make an unplanned stopover in Vienna … and even the neutral countries are full in favor of surveillance – Switzerland for example is just revising its surveillance laws and many other legal areas, for example copyright, see an increased level of surveilance too.
I thought France disavowed that involvement? Wasn't it just Austria bloviating, or was it hasty ass-covering by France?
Don't choose Germany. We may have strict privacy laws here, but we also have the BND cooperating with the NSA, tapping directly into the main internet nodes (Frankfurt). And don't forget that part of the method of the NSA is to use a mule inside the target company, which would be very easy in Germany given its status of being a wannabe ally of the USA and the longstanding sympathy of the german public for the USA.

And Germany has also laws which force every mail provider to install an access point to the German authorities and intelligence agencies. I am not sure if also a generic saas platform would have to do it, but it is quite possible.

Better pick Switzerland or Island.

"And Germany has also laws which force every mail provider to install an access point to the German authorities and intelligence agencies. I am not sure if also a generic saas platform would have to do it, but it is quite possible."

Thanks for the heads up - as I said in the OP, it really is a difficult task. Those kind of laws are exactly what need to be avoided when choosing a country to host in. I don't believe that this kind of thing can be carried out in absolute silence though, so if a country is actively modifying and silencing hosts it's fairly likely that word of it will leak somewhere.

If I get a chance, I might try to put together a red/orange/green overview of known laws and practices in different countries that would affect hosting services there. Unless someone is already working on that and needs a hand?

If you do that, could you send me a mail? I'd be interested.
Please do this! This would actually be very useful..
Please do. If there's anything I can do to help, reply to this comment as I don't have any contact info on my profile.
I was surprised to see Canada green on that map.

We have a great privacy commissioner ( http://www.priv.gc.ca/index_e.asp ) but the office holds no power so far as I can see, and the Canadian government has a pretty solid track record of being obsequiously cooperative with u.s. interests

Canada is green simply because nobody familiar with Canada's security politics and policies has chimed in yet and there does not seem to be any evidence of foul play that is visible from an outsider's perspective.

Cooperative with U.S. interests is generally assumed by almost any country - this map is more about the (hopeful) safety of your servers in data centers in different countries.

I think you can pretty much colour the Echelon Five Eyes countries (USA, Canada, UK, Australia, New Zealand) red right off the bat. If they don't have totally intrusive surveillance legislation yet they will have soon - New Zealand is currently trying to implement it.
It took me a while to understand that you probably mean Iceland.
I did - Island is german name. Happens from time to time that I mix languages.
Line tapping is pretty much a given. Looks like the BND has the possibility to do so. But this is still not officially confirmed. However a german blogger (fefe) had some examples for overly detailled dementi from german companies. E.g. no foreign intelligence service can read your traffic...

But in regards to cryptography and chances for legally fighting against such orders it could be better. At least on paper. The most likely outcome if lavabit would be hosted in germany would be a police raid that would take all servers for investigation with them. This happenend e.g. for poeple running Tor exit nodes.

Somebody call the Samwer brothers!
> I'm in the process of moving any Saas offerings I use off USA-affiliated companies, but it's actually more difficult than I first thought.

You should try finding a SSL cert retailer that's outside of the US. The only ones I could find that would actually sell me certs without a phone call charged at least $200 for a basic certificate. https://swisssign.com/en were the most sensible looking ones I could find.

(comment deleted)
(comment deleted)
This part doesn't matter. Where your cert comes from is irrelevant.
It has implications for certificate pinning (like that used in Chrome) if you can only pin to CAs that operate in a single regulatory domain.
Indeed, I hadn't considered that.

Though, if you are pinning in an app and not just in-browser, you can bundle your internal CA cert in the binary and sidestep the whole mess.

This is what I advise my customers that have security-sensitive stuff do. The PKI can no longer be trusted.

"No longer"? It could never be trusted, and many of us said so when it was first introduced. It's just taken a while for everyone else to realise that we were right.
from what I know you never give your private key away, they just sign your public one. so that would be irrelevant.
There's StartCom (StartSSL) from Israel. Have you tried them? They even offer free SSL certs, by the way.
They are from Israel, a good friend of the US, and for free. What part of that does not scream 'run for the hills' exactly?
Lulzily, a browser trusted CA can actually fuck a customer of that CA slightly less than a non-customer, since you'd at least be vaguely aware of multiple certs issued for the same site from the same CA with different keys (maybe). No one would know if Iran were using a pet CA to go after specific users going to sites which normally used a cert from another CA.
Moving services off USA-based companies is like using two bicycle locks instead of one. A determined government is still going to get your data, they just need to spend a bit more time.

Focus instead on encryption.

It is just as bad or worse. You have to move the data in/out of the country. It definitely isn't protected when it leaves the country. The only advantage I see is that it punishes US businesses for failing to protest.
I don't blame the companies; they're about as much a victim of USgov as we are IMHO. That being said, if all the online-storage/cloud-server/email-providers/social-whatever companies in US start going out of business because nobody trusts them I strongly suspect something will have to change. It's just too bad we have to do a "scorched earth"[1] to bring about change.

1. http://en.wikipedia.org/wiki/Scorched_earth

> I don't blame the companies; they're as much a victim of USgov as we are IMHO.

While it's true that they are victims, they are in a far better place to demand change or to defend themselves. Money buys the ears of lawyers that the average person couldn't even afford to speak to.

(comment deleted)
This is where I disagree. I do blame companies like Google for not fighting this more. At the very least they make users aware that these laws exist, even if they cannot detail specifics related to their surveillance involvement.
You can't convincingly make that argument since you don't know what lawyers have been doing behind the closed doors of secret court rooms nor do you have knowledge of their relevant lobbying, you're just assuming things. No to forget that Google was the first to publish a transparency report in which it publishes the number of NSLs, so there is that - it's not correct to use "Google" as a shorthand for "US tech companies".
See this comment : https://news.ycombinator.com/item?id=6182179

Fighting the USgov isn't a decision to take lightly regardless of how much money & resources you have. I cannot condemn a company that backs down from that battle. It could hurt an employee(s) significantly, or the whole company. While I agree they have the most resources to fight it, they're not immune to harm from USgov.

Do you remember google asking for your telephone number? They knew what they were doing.
You say that as an American obviously. It makes a lot of sense for everyone else.
Dual US/Polish citizen here. Just wanted to say that in many cases abroad (i.e. Poland) the case isn't about the laws protecting your privacy but rather about the Government having no means (technical, resources, know-how, etc) to enforce ridicolous things like reading and storing email contents of all the people. Even with court order just to read stuff in your inbox, I would imagine that the Polish police would have big time difficulties doing anything. These are guys making 700usd a month and the Government doesn't have money and/or the need/desire to hire folks who could execute these things. And I can just imagine that in places like Ukraine the law may say whatever but what happens is this what the highest bidder asked for ;-) Remember, not the whole world works the way the first world or the USA does.

Unless of course, what you referred to is that most of the traffic goes via the US soil anyway. But then again, why to stay in the US? Move whole business and yourself abroad :-)) Ironically, I found much, much, much more freedom in post communistic Poland than - oh irony! - Land of the Free.

I second to that. If you want security (at least on a servers/ISP level) choose some 3rd world country which government (preferably not very fond of USA) does not have technical means on surveillance. I live in a small EU country and government’s IT forces are just laughable, so I can just imagine that in less civilised countries it should be close to non-existent. Combined with strong encryption to protect data in broad Internet it should do, at least for a while..
The problem is that most 3rd world countries will just come knocking on your doors and take everything away, if the US goverment requests it.

After all, those countries wouldn't be 3rd world countries, if they had the power to resist US threats/requests. Or they are part of the "axis of evil" (or whatever the current propaganda term is), in which case the internet connection to that country could either be cut off, or be heavily censored, if it isn't already happening.

I would imagine that for example in Ukraine US may request stuff, but then the low level chief of the Police in the town where you reside would give you a hint in exchange for money. That's how it rolls there. What US is going to do about that? Bribe the Ukrainian police to bring you to their Embassy? ;-)
That's a good point but don't assume that the CIA/US-govt is above bribing or even threatening/blackmailing agencies in foreign countries. They do this all the time!
But they still need proper, court issued warrant. At least there would be no invisible laws or secret agencies involved.
I understand what you mean but I think the term '3rd world country' could be a bit discouraging to some of our American friends who might not have a clear picture about realities in our part of the world.

For example I also live in a small EU country. By no means this is a 3rd world country - we have pretty strong IT industry (e.g. some globally successful antivirus companies etc.) and the country is certainly developed enough to host companies providing SAAS. Yet we have certain advantages against the US:

1. our government is way weaker than the US government - their resources are obviously not even close and they would not be able to do what US government does even if they wanted to. But we are still an EU state and we can use EU as a shield when Americans come knocking.

2. it is a post-communist country and people still remember the experience of living in totalitarian/authoritarian country. Opposition against any sign of 'bad old times coming back' seem to be much stronger than the opposition of common American people against recent freedom-stripping. For example there was a proposal that our internet providers should be required to block un-licensed online gambling. The public backslash against 'censorship' was so big that the plan had to be abandoned in few days and the politician who proposed it had to apologize. Many things that are now normal in US or UK and some other western countries would not be possible here.

3. we are still an 'American ally' but the US are not nearly as popular with common people as they used to be here and anti-Americanism seem to be growing. Many politicians exploit that and see opposing to American requests as an easy way to score political points (we have seen this for example when US government wanted to build a part of their missile defence system here).

Hah, good point. I bet most of Americans (no offence here) imagine that "3rd world" means "people still live in caves and hunts wild animals for food". However, a very good counter example is Skype which went worldwide even though started in a small, 3rd world country known as Estonia.
Although I really hope that nobody would label Estonia (or any other EU country) as '3rd world' country now.
Yes, however, all of the mobile internet providers are censored with the infamous Wikipedia-blocking UK internet filter, and it can't be turned off.
This is only because our mobile market is so small that we only have 3 providers and they are all subsidiaries of global companies (O2, T-Mobile and Vodafone) with headquarters under different jurisdictions. This is not enforced by our government and if anyone wanted to circumvent this filter (which would be easy - VPN would do) AFAIK it would not be illegal here.
Are you czech by any chance ? I think it's a great place and completely understand why your people would be against government surveillance. The days of asking random people for IDs just to make sure they aren't spies still aren't forgotten there.
Yep. And thanks. And to be honest, I think that asking random people for IDs was the smallest thing. People from always-free countries do not realize how much authoritarian regimes damage society. It's not just that some people became victims of the regime. Maybe the worst thing (at least in my opinion) is that society in an authoritarian regime is set in such ways that the system rewards dishonesty and cowardice and the most unscrupulous people get to the top... and stay there even after the regime falls.
Some countries have a problem with bribery and corruption. Routing sensitive data through those countries risks that data being exposed by anyone in the chain who is willing to take a bribe.

I am much more worried by corrupt workers in my ISP or telephony provider than I am about my government.

That's an issue with plain text data. However, nowadays absolutely no sensitive data should be transferred/stored unencrypted. The problem is, that it seems like eavesdropping is not enough for some certain governments and now they require physical access / backdoors to companies' servers in order to bypass encryption and/or other security means. What I, and few others have suggested is to move services away from such countries so their governments would have harder times to obtain physical access.
> The problem is, that it seems like eavesdropping is not enough for some certain governments and now they require physical access / backdoors to companies' servers in order to bypass encryption and/or other security means. What I, and few others have suggested is to move services away from such countries so their governments would have harder times to obtain physical access.

Many governments are much worse than the US; they not only snoop on data but they imprison or kill people as a result of the things they find.

I'd be interested to hear about countries who will i) stand up against the US & ii) not be at large risk of corrupt employees.

(http://www.freedomhouse.org/report/freedom-net/2012/egypt) etc.

The goal is not necessarily security (I have nothing to hide (I still do hide as much as possible))-- the goal is political change. That's the only real way out of this mess. By not using US companies, you incentivize those to lobby for better laws.
Much of the data traveling over the internet passes through NAPs controlled and owned by the USA.
Did you respond to the right comment? He said the goal was not security, it was political change.
Political change on it's own won't work. They will still keep the infrastructure in case they need to spy on someone(with a court order). But if they have the infrastructure , conceptually it's just a press of button again to full blown illegal surveillance.
there has been infrastructure to read snail mail contents for 200 years. Doesn't matter, the US Gov isn't routinely reading snail mail because of politics. I think he's right, make it a political issues. Actually, more: make it political issue, encryption issue, hosting issue, social issue (denied nsa contracting recently based on Snowden), I mean total war - make their life as difficult as possible using all means possible. As long as it's legal of course.
Mass reading of snail-mail has traditionally been a question of manpower. You don't just flip the switch on that without anybody noticing.
Doesn't really matter. To read a regular mail you just need so much more in legal terms compared to reading somebody's email that it's just not worth contemplating no matter what. It's not like with emails where after 6 months they automatically are open to the Government sniffing. Because of the political reasons it's not even worth contemplating -- look -- you need regular court order, not some BS whatever rubber-stamp.
There's not even the time factor. Western countries at least might theoretically not spy on their own citizens but the exchange data with partners intelligence services. And the US is by far not the only country that mandates surveillance cooperation for providers etc.

Encryption is OK but doesn't solve the problem. There's always metadata and whom can your trust with your encryption? You have to assume that hardware and software you use has backdoors. Mobile phones for example has even official backdoors, your SIM card can be remotely changed and so on …

> Western countries at least might theoretically not spy on their own citizens but the exchange data with partners intelligence services.

Hoping that this is true, moving to services from one’s home country would make some sense. Of course, this is more easily possible for people from larger countries than, say, Luxembourg.

It would be really unfortunate if people started getting polarized into encryption / social / legal camps. All these things are necessary.
Customers and law may demand that the data is stored in the EU. For businesses with demands hosting in the US is simply not an option.

This was a concern earlier but my guess is that this will only increase in the near future.

I had the impression that government does not need to decrypt anything. They just request it from a company, and the company has to comply.
I will take mine government over yours. I can atleast try to deal with mine.
Not quite. Storing ciphertext and keys in legal jurisdictions (like the US) that can be forced to turn over both is a bad idea.

Also, practical key management is still an unsolved problem. The web of trust never took off and the PKI is fucked. Encryption is only as useful as the keys being used to encrypt.

No, do both.

Focus on encryption, to keep ahead and protect the data.

Move out of the US, because it sucks, is far from 'the land of the free' anymore and needs to learn that its place in the digital world is not at the top, but more around the center. Between lots of other states that fail and fail again, in terms of surveillance..

Yep, as an added bonus you stop financing the US war and terror machine.
I saw a frustrating article the other day on a mainstream news site that was saying that the economic damage to the US for the Snoden leaks was in the tens of billions of dollars because of all the non US business that will be leaving US based cloud providers.

That's infuriating. It's the same as having an insecure system and then charging a hacker millions of dollars in restitution to re-architect the system to do it right.

Those firms wouldn't have to leave the US cloud providers if they had assurances that the US wasn't spying on them for no good reason.

Infuriating? It's awesome (if you extend it out further). Pocketbook damage is the only thing that governments and mega-corps understand.
Considering what just happened to LavaBit, your advice doesn't make any sense.

If they were outside of US-and-friends jurisdiction, they wouldn't be shut down and there wouldn't be a gag order.

Encryption is useless when the government knocks on their door and says give us a backdoor to your system.

If enough people leave US based companies for foreign companies it will put pressure on the government. I have a feeling this pressure is already underway.

The problem with encryption in this case when it comes to US companies is that the US can compel US companies to install custom backdoors while pretending they are still secure and not notify their customers that this happened.
How about a local cloud? I understand that this may seem pointless, as you're owning and paying for all the hardware, but it would really help in deployment, scaling and maintenance just like a "classic" cloud service can.
That sounds great. What if there were an email client that included an email server? If families left one desktop on 24/7 they could all use it as an email server. An open source email client could also include built in PGP or OTR encryption. Anyone know if it's feasible from a deliverability standpoint? Domain registration and DKIM signing may be tricky for the average user. As well as dealing with blacklisting, of course. But if it became prevalent maybe all of these difficulties could be overcome by instituting a new, truly decentralized infrastructure. Key exchange would still be an issue but could be achieved using a mobile app with QR code scanning.
It's not just going to be hosting providers that are affected by this. It's going to lawyers, software engineers, sys admins, writers and graphic designers who are going to lose work/business from SAAS companies. Software is one of the few areas where the US economy is growing somewhat sustainably (as opposed to banking/gambling/housing speculation/medical expenses for elderly). The NSA and all those NSA contractors are taking money out of our hands and destroying our professions. We should be fighting this tooth and nail.

- Politically, we should punish anything associated with the NSA.

- Socially, we should shun everyone from this date forward who works directly with or as a contractor for anything associated with NSA/FBI/CIA/DEA/DIA. We should not hire any programmer who, from this date point forward, has worked in those capacities. They are destroying our profession and businesses.

- On the engineering front, we should be designing technologies for evading the NSA et al, and spread those technologies. We need to do everything possible to make them easy to use and make them widespread.

- Any person or company who stands up to these organizations should be lionized and we should try to patronize their businesses or employee them. Especially if the suffer consequences like jail and torture.

- Facebook, Google, especially Palantir are known collaborators and we should treat them as such

The nails are already in the coffin for US internet behemoths. Any non-NSA cooperating country has strong interests in keeping their search engines, social networks, and cloud software internal to their country.

Google, Microsoft, and Facebook basically have had billions of dollars shaved off of their future market capitalization -- though I have not seen anyone say this yet.

For everyone abroad who is technically adept and talented, the vaults of wealth have been unlocked for you; just copy the successful offerings of American companies. Don't worry about software patents or trademarks unless your country is complicit, you'll have the autonomy of a oligarch (said with some sarcasm.)

There is one solution here: open source, distributed software. If you want to build a company to promote real security this is your only option.

Agreed. The nails are in for the current system, but that is not The System, just one of many potential ones.

If you are non-US citizen and your customers request a product similar to US product please do exactly as AJ007 says. It will help you, the world, and the US long term. I say this as US citizen and SW dev. Please take our jobs and customers! We don't deserve those customers if we can't protect them and their data.

However, you should only build it if customers are requesting SAAS (or other offerings). Be very careful about blindly copying US business b/c many are successful simply b/c they are almost "Apparatchik" entities, supplying and protected by the US Gov. For example, if you copy Palantir or even Google/Facebook you may not succeed b/c you won't have customers in the same way the US does. But overall, this is a great opportunity for devs from Switzerland (and the like) to get some new customers.

Caveat: If you are planning to follow the above advice, and you think your country will not enforce the wishes of the US government on such matters, check that assumption carefully before you bet your fortune and your life on it.
Thus the caveat I added in the original comment: unless your country is complicit.
Simply not true. There aren't enough people who care. Maybe 1% care. Everyone is going to keep using windows, facebook, and google. There are no nails in any coffin for any of these companies.
It is a major national security issue to any country to have foreign countries spying on them. The only controversy in the US is that the NSA is spying on American citizens in America. Any and all communication by foreigners at home and abroad is fair game. There is a reason why Google & Facebook are not market leaders in either China & Russia -- vkontakte, baidu, yandex, etc.

Likewise, this is also very bad news if you are a Chinese or Russian internet company and expect to become a dominant player in the US consumer web/digital/mobile market place.

The safeguards for foreigners are much less than those for US citizens. For example, the NSA doesn't need to go through FISA court to spy on non-citizens. So if you store your data on a non-US server, you're probably just making it easier for them to get to it, not harder.

Not to mention, most countries will pretty much cooperate with the US when it comes to intelligence. The only ones that might not are countries like Russia or China that have their own military-industrial complexes, which are just as eager to get at your data and a lot less scrupulous about using it.

I guess the obvious question to this post is:

What are you doing on your own checklist? Those are some pretty extremist notions.

If part of your hiring criteria was to exclude anyone who had worked for a contractor or directly for a government organization, I doubt many people would want to work for you. Not because they had violated your criteria, either.

Generally, I won't be hiring them, in hiring interviews I'd recommend against them for ethical reasons, and I'll avoid doing work for them if possible.

I'm referring to a very small percentage of the government and contract workers who are involved in security and surveillance. I'm not talking about VA or even the regular marines/navy/police.

I won't be doing this explicitly.

Whether people would want to to work in a place that explicitly will not work with former NSA contractors depends on the area. In SF, Boston, NYC, Portland, maybe LA it would probably help you hire good workers. Obviously, in DC or Houston it would be more controversial and hurt the company. Remember these organizations/contractors are destroying our jobs, especially in silicon valley.

Seems like it would make sense for users to demand that any US based service includes a warrant canary, just like rsync.net's implementation. A global canary + separate canaries for individual accounts would also make sense.

https://en.wikipedia.org/wiki/Warrant_canary

http://rsync.net/resources/notices/canary.txt

I don't think canaries are effective. You can't get around a court order just by mental gymnastics, they'll hold you in contempt. I'd be happy to be proven wrong, but I suspect that they'd simply order you to keep updating the canary.
I'm also unsure of their proven effectiveness, but how could they hold you in contempt for _not_ taking an action?
I don't think it would be any different from holding you in contempt for doing something. The court notices that your inaction caused you to contravene a court order, and the court then holds you in contempt.
I have the same question. It's very odd for a court to compel positive action.
An order to appear is a positive action where you can be punished for not doing something.
I'm sure they would argue that you weren't supposed to reveal that you were under an NSL, and that your inaction did reveal it, so you violated the terms. As the grandparent says, it probably just a cute legal trick that wouldn't impress a judge.
If it gets to the point that a judge is not impressed, at least the public has been warned.
The "judge is not impressed" means they would probably view it as the same as just warning the public directly, with equivalent penalties.

And thus the canary is legally useless--if you're going to have the penalties of violating a national security order, might as well just do it in a straightforward manner.

At this point, it is speculation that the judge would not be impressed. If anyone decided to test the theory, the public would be informed regardless.
I agree, but your analysis is missing something: the canary-threatener may be secretly, without a public ruling, within the refresh interval, be convinced that if he doesn't keep updating (falsely) the canary, he'll go to jail. In other words, the precommitment to stop producing the canary signal isn't fully credible (though it seems much more likely to get the message out than a promise to actively say if something happens).
The technical solution to that social problem (yeah, we know how well those work) is to set the refresh interval to be less than the time required to process a motion contesting the government's order to update the canary.
(comment deleted)
Maybe, but expecting a false oath makes a mockery of the entire testimonial system.
Canaries always stunk of that juvenile "technically correct" stuff many tech people seem to grow out of later than others.

If the judge says "don't paint your wall red" that means "or anything close by any means".

It doesn't matter you tried to hack your way out with an automatic vermillion paint flinger setup before the order. You still are supposed to "make the wall not get painted red".

The government can compel you to paint a wall green. They can't compel you to say you liked it. They especially can't compel you to break the law (assuming you set up some kind of situation where it's fraud/perjury/whatever to lie).

And look at how email retention works.

>They especially can't compel you to break the law (assuming you set up some kind of situation where it's fraud/perjury/whatever to lie).

They can most certainly hold you in contempt because you got your self in that mess.

>look at how email retention works.

Document retention policies are allowed because otherwise the civil court system would be prohibitively expensive (lawyers have to read all your email once you get sued basically). Once you get a court order that says to, you have to stop destroying email, etc, disabling your automated destruction systems.

The only reason to have canaries is to violate the terms of gag orders. Judges aren't sympathetic to that.

Hold you in contempt for something you did years before the case was filed or the investigation even started? God, that's even worse than contempt of court for failing to say passwords under the fifth amendment.

I'm pretty sure I have some truecrypt containers I've forgotten the passwords to, sure hope I never get arrested!

I think automatically breaking a gag order by a complicated mechanism is pretty contemptuous of someone trying to not get that information out?

I am not saying they're not worthy of that contempt, merely that they don't care if they are, just if you're showing contempt for the process and violating the order

It's contemptuous of the court if I set up the mechanism because I was going to get such a gag letter.

But to say that a canary I set up a decade ago is contemptuous of a court filing made a month ago is ridiculous.

>But to say that a canary I set up a decade ago is contemptuous of a court filing made a month ago is ridiculous.

No it's not: You show contempt for the idea they could demand you silently turn over information. It's seething out of your posts here on HN even.

I don't think it's right they can do this, but I do think it's quite clearly preemptively raising a middle finger to the whole thing; it is "I cross my fingers behind my back so my swears don't count" type of stuff that judges don't accept and toss you in jail for.

You don't get to outthink and out maneuver this crap: You have to beat it in the system.

Right, it shows extreme past contempt for the very idea that it could be possible, but this is in no way contempt toward the specific judge, nor must there still be contempt at this point.
Laws and ethics are rarely synonymous though.
Usually contempt of court is used for not taking an action. Examples would be in situations where the court was attempting to compel journalists to reveal their sources, and contempt of congress during the House Unamerican Activities era for not revealing information they wanted.
This would imply that the court can order you to lie to your customers. I think this is not the case.

If there is any precedence for any US court requiring public citizen to lie I definitely want to know about it.

If the courts are acting like they have this power then it will greatly change my perception of how the courts, NSA, and congress are currently acting.

They have in the past - there are definitely situations where you are required to lie, for example, when working on classified materials or covert operations.
Slightly different, that is an operative agreeing to be an operative with up front knowledge of what it entails. So the person lying has agreed to lie before being given the information or a mission. If you know a case where a person has been prosecuted for not lying rather then breaking an agreement I would still be interested.

I am not sure what I think about your scenario off the top of my head but I do consider it different.

You could choose to take a job where you are required to lie, but no-one can force you to take such a job.
The Military Selective Service Act disagrees with you.
You couldn't be conscripted in private and compelled to lie.
There was a HN discussion about this two months ago [1]. The general consensus seemed to be that a court would not take the same kind of philosophical and logical approach that most HN types use, and would classify a failure to update the canary as effectively a communication that a NSL has been received. Since the courts only care about the facts that communication is occurring and that the court prohibited it, contempt of court would be the most likely result.

TL;DR: Judges don't philosophise about specific methods for circumventing their intentions.

[1] https://news.ycombinator.com/item?id=5871541

I am going to read the thread now do you know if any court cases were mentioned that set precedence for requiring someone to lie to their customers?

I am definitely interested in any court cases that set a precedence for ordering/mandating/require lying.

After reading the thread the conclusion seemed to be that courts can not order you to lie, but may try to hold you in contempt of court for failing to update your canary.

If all actions but the one the government wants are ment with punishment then it is functionally equivalent to ordering/mandating/requiring a specific action.

If there is precedence for punishing all but the course of action desired by the government I would be interested. If there is legal precedence for ordering/mandating/requiring an action being different form punishing all but the desired action I would also be interested in knowing.

Well, there is one last piece, and that is the geographically disparate canaries that we maintain.

The question is not "can a US court compel XYZ US citizen to lie", it is "can a US court compel XYZ swiss citizen to lie".

So you should take note, of course, if our warrant canary ceases to update. You should also take note if the US one updates but the swiss (or Hong Kong) one does not ...

This is made easier as a local warrant canary is available to all account holders in their /tmp dir ...

ssh username@rsync.net tail -200 /tmp/canary.txt

Cheers!

This presumes that the host has an actual warrant filed against them. I assume that if the feds want data from a service which is ultimately hosted on Amazon they'll just go straight to Amazon.
The canary trick is roughly on par with "I was NOT served a letter on July 20, 2013, which did NOT say the following..."

To be honest, I'm even a little nervous that something as innocuous as "I wish I could tell you more about the circumstances leading to the decision" could be seen as communicating the presence of an NSL indirectly, and lead to contempt of court.

There's an easy canary in this cases.

I don't know how FBI/NSA notifications are received in the US. But you can communicate to your uses any FBI/NSA/LE notification before reading the content. Of course, the notification should be posted to a medium where you don't have further control over, so there's no way for you to remove the notification.

So he pretty much does say why he's shutting down, the US gov. has demanded access and he said no. Kudos for standing up for his users, and he does raise an interesting point at the end:

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.

The worst thing about this situation is that other governments like the UK, France and Germany are equally guilty.

For history on lavabit, see the cache, this page is now gone:

http://webcache.googleusercontent.com/search?sclient=tablet-...

> Kudos for standing up for his users,

Where did you get this one from? I think its a bit of a stretch to say he is "standing up to his users". I would rather say he is standing up against the GOV, and that's nice for a change, but we have no idea what has happened with all the emails residing on their servers.

Knowing just a bit that I know how the us gov operates, I am pretty sure he was given two options at exact the same time: either you accept our black box, OR you will not. If you not, then you are not allowed to delete or alter any messages on your servers. Given the business lavabit was in, I am sure Feds will punish him to the extends of the law (or more) if he decides to "stand up to his users" and delete content of their mailboxes.

Hello, I didn't say stand up to, but for (i.e. on behalf of) . The most he can do is stand up to the government, for his users, in court, deleting servers would not be a wise move, and I wouldn't expect it of him, would you? Just standing up and saying no in a climate like this takes some courage, for which I admire him.
by the time he is done wish courts defending their users, Feds will be given chances to copy all users data over and over again about 250 times. So it doesn't matter whether he loses or wins. Not a bit.
Well, I can't agree with that. I do believe the only way to fight this sort of overreach is in the courts, and in the court of public opinion. Publicly standing up to bullying like this is the only way to provoke larger discussions, and ultimately to stop such actions in the future. In addition he doesn't have permission to just unilaterally wipe all his users' data, even if he wanted to.

It was too late for his users' data the moment representatives of the government walked through the door of their data centre/offices, but their rights he can stand up for, which is what he has done.

Yep. Now I naturally have to e-mail all my friends and work contacts (from my throwaway Gmail address), not to mention the person I know who opened a personal Lavabit account on my recommendation, announcing to all that my e-mail address is changing - and such a message wouldn't be complete without mentioning the reason why, venting a little of my shock and disappointment, and perhaps dropping in a little potted history of the recent developments in government net snooping leading up to this with newspaper article links. Messages that I wouldn't have otherwise sent without this justification, for fear of boring my dear friends, having assumed that any of them who are likely to care about this stuff, will already have read about it themselves without me telling them.

Despite the annoyance of not being able to use my e-mail the past couple of days, and the possibility that the US Gov may have some copies of my e-mail (which I imagine will be perfectly useless to them) I am immensely gratified at the stand Lavabit's owner appears to have taken, and having chosen them in the first place due to these values which I am in broad alignment with, I feel it confirms that it was a good choice, despite the fact that I now have to find another provider. I am sorry for the guy that he's effectively had his business - perhaps his livelihood - pulled out from under him, and I will be donating to his defense fund out of sympathy, though I am not an American.

I thought it was encrypted. If they are, they can copy user data as much as they want, they will get nothing. However if it was still running, they could ask him to intercept password, network traffic, etc...
How long until PayPal suspends their legal defense fund?

On a serious note, if you want to donate to their defense fund, consider doing so anonymously. Pay cash for an Amex or Visa gift card, and use that to make your donation.

This is a really great way to get their PayPal account frozen for sure. Abnormally high rates of Visa gift cards will absolutely trip all the fraud alarms.
I don't know where you live, but here in the Netherlands even for these disposable credit cards you need to present a valid passport/id.
If only there was some way to securely transfer money across the internet, psuedo-anonymously, without involving PayPal or banks. Almost like transferring coins via bits?

Maybe someday someone will invent such a system. We can dream.

Can you imagine how strange it would be if such a system already existed, and we failed to use it? But that could never happen.

Takeaway:

> "This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States."

It's kind of fitting. The nation that spawned the internet is the nation that's killing the internet biz on its own turf.

I wonder if there is some historical regularity here. After all, my own country, "Das Land der Dichter und Denker" turned on its "Dichter und Denker" when it was at (or close to) the apex of intellectual achievement.
Yes, there is a strong parallel between pre-Nazi Germany and current USA. Of course, Americans will not literally follow Nazi ideology.

What we see in America is an increasing merger between industry and government. Finance is the most regulated sector; hence "too big to fail" and all the exploits pulled by big banks. Telecom is almost completely government controlled (through the graning of regulatory monopolies). The government spies on everyone all the time now. This is the fulfillment of Progressivism: regular people are ignorant, but we can fix all social ills through government control. It is also, literally, the fascist model. I sound like an immature teenager for saying that, but I mean it in the full, intellectual sense.

tl;dr the American Progressive movement occurred in parallel, but to a must greater extent, in Weimar Germany. American Neo-conservativism is Progressivism in a right-wing flavor. The modern USA is Weimar Germany all over again.

As the USA's societal ills continue to accelerate (because we're taking anti-corrective action instead of corrective action at every step), the USA will increasingly resemble a command-and-control system like Nazi Germany.

> we're taking anti-corrective action instead of corrective action at every step

That's not true. The Congress almost defunded the NSA recently. It was a far closer thing than anyone in the establishment suspects. In the end, we are a country that values it's privacy, values small government, and we'll assert that sooner or later. It may be later. But hey, it took a long time for us to figure out slavery, women's rights, civil rights, gay rights, and drug rights. But in the end we did the right thing, and we'll do the right thing on this.

Patience.

Maybe there will be a turnaround, but given that the education system has long been (and continues to be) controlled by Progressives, it doesn't seem that likely to me.

But yes, the USA is the only nation founded on the principles of individual freedom, and many people remember that, so there is a chance.

Education is controlled by corporate interest and always will be. In fact the education system was founded by wealthy industrialists so they could churn out great factory workers. To learn more about this read Seth Godin's Linchpin. It's not profitable to have a smart populous.

George Carlin sums it up here: http://www.youtube.com/watch?v=AMqJvhmD5Yg

I don't believe there's any evidence at all for what you're claiming regarding "corporate interests." In fact, I think it's obvious that it's wrong.

As far as I know, Otto von Bismarck started modern education so that he could indoctrinate the German youth, but I'm less certain on the details of that.

"Finance is the most regulated sector; hence "too big to fail" and all the exploits pulled by big banks."

The problem with finance is that we didn't have the right regulations in place because big banks lobbied to get them taken off the books. Canada's financial industry is heavily regulated and they haven't had a banking crisis in 150 years.

http://www.youtube.com/watch?v=a21n_VzHI_o

"American Progressive movement occurred in parallel, but to a must greater extent, in Weimar Germany. American Neo-conservativism is Progressivism in a right-wing flavor. The modern USA is Weimar Germany all over again."

This just reeks of ignorance. Progressivism and fascism are on the opposite sides of the political spectrum. In fact, fascists tried to overthrow widely celebrated progressive Franklin Roosevelt.

http://en.wikipedia.org/wiki/Business_Plot

Just because progressives think that we shouldn't have laissez-faire capitalism, doesn't mean they support a surveillance state.

> The problem with finance is that we didn't have the right regulations in place because big banks lobbied to get them taken off the books

But they have lobbied to keep all kinds of regulations that they benefit from. A half-regulated industry is likely to be worse than either a fully public or fully private one (especially if we take American insurance/healthcare as an example).

A good example is Fannie Mae/Freddie Mac, which were implicitly guaranteeing financially irresponsible mortgages, and various home ownership encouragement policies pushed by the US federal government for decades.

> Progressivism and fascism are on the opposite sides of the political spectrum

They're both fundamentally moved by the idea that we need big government to get to some kind of "better" society, which is anathema to freedom and individual rights. They just disagree about the specifics of that "better" society.

Technically, you're right to call me out, because I shouldn't call the entire thing "Progressive," as that's just a a part of it. The whole intellectual trend actually comes from the anti-Englightenment German philosophers who taught that individuals are unimportant, and only society and duty matter.

Sounds like any country willing to guarantee a snoop free environment could have a lot of servers hosted there. I'm thinking the Caymen islands of data. Set up a shell company and a shell server in the Caymens to protect your money and your customers.
This is sort of what Sealand data haven was supposed to be.
Don't forget a physical shell to keep the U.S. marines at bay.
Are there any countries, anywhere, where a person can store data outside the reach of the US government's illegal overreach?

Any countries friendly to the US are right out. They can tap the lines, but there are ways around that.

I just want to be able to park data where some twit with a piece of paper that says "NSA" on it can't get it retrieved or deleted. Any suggestions?

But you have to get the data there. It most certainly isn't protected in transit.
Anything that I really care about will be. And if this is just bulk data, there's tar -czf | gpg -e | ssh
Okay well, no legal protection.
Ooooh, somebody is mad, here, have another.
This is a non constructive comment and deserves every down-vote it's going to receive.
Eastern Europe/Russia/HK with a .su or .ch domain. Of course encrypt it.

The alphabet gangs are really getting out of hand.

China, Russia, or North Korea, pretty sure. You have your pick of which governmental spy agency gets to snoop through your data!
Well, that's it. I am now going to move everything onto my own infrastructure. I signed up for lavabit a while back, and I like them as a secondary email service; and now they just shut down!
If Congress has passed laws abridging the freedom of speech, then those laws are illegitimate. Unfortunately, it feels as if speaking favorably of the Constitution is enough to get put on a watch list anymore.
Congress can legally pass laws abridging freedom of speech, and has always been able to do so. For example, if someone were to talk up and threaten my life, that is not legally protected speech. Nor is blackmail, for that matter, nor the famous adage of shouting "fire!" in a crowded theater.

For that matter, Congress can legally restrict speech in certain national security issues, and has, again, done so for a very long time. The Supreme Court has (in my opinion, correctly) understood that restricting people handling classified documentation from repeating that information is, without extraordinary circumstances (more on that in a second), completely legal, for example.

The trick here is the sheer breadth of the NSLs. I completely agree that they're unconstitutional, and I sincerely hope they are struck down in court. But I hope that I've just highlighted why this isn't a slam-dunk situation for those on the receiving end of an NSL. Add in that, at least so far, any disputes with NSLs have to be taken up with the FISA court, and even wins against NSLs don't actually count as binding precedent, because FISA itself does not create binding precedent.

Congress can, in certain circumstances, make laws restricting freedom of speech. This isn't one of those instances. But suing our way to that conclusion will take time, money, and personal risk for the petitioner.

>the famous adage of shouting "fire!" in a crowded theater

http://www.theatlantic.com/national/archive/2012/11/its-time...

> In 1969, the Supreme Court's decision in Brandenburg v. Ohio effectively overturned Schenck and any authority the case still carried. There, the Court held that inflammatory speech--and even speech advocating violence by members of the Ku Klux Klan--is protected under the First Amendment, unless the speech "is directed to inciting or producing imminent lawless action and is likely to incite or produce such action" (emphasis mine).

They should open source the whole thing. We can bring it to Germany. I believe we are legally allowed to tell the NSA to GFYS.

Any people who have businesses in the US need to take a serious look at the risk now posed by their own government on the success of their business.

One rogue customer and business could go down the toilet, or you'll be forced to bend your morals to suit a rogue secret fiefdom.

So.... what should we use now?
Is MEGA (https://mega.co.nz/) an acceptable company? What's the HN consensus on this? Kim Dotcom does appear a bit sketchy.
(comment deleted)
god, no. that weasel ran bbs systems for the whole purpose of ratting out warez users to the authorities, making money through it as he coorporated with a lawyer. he actively spied on the users. https://de.wikipedia.org/wiki/Kim_Schmitz#Werdegang

never ever trust that piece of ....

At the rate things are going, smoke signals encrypted with a one-time pad.
I'd recommend https://MyKolab.com It is 100% Open Source and hosted in Switzerland where the world's strongest privacy laws exist.
Can we get a list going of non-US alternatives of popular apps most of us use?

Let's start with Dropbox. What's the alternative?

> Let's start with Dropbox. What's the alternative?

Seafile maybe?

I'd suggest Owncloud for that, on a server running in your own home. Encrypted file system (LUKS), the works.

Pretty much identical to Dropbox and just as stable, IMHO.

Pricewise? You can buy an HP Microserver for about $300 that's capable of 12TB of storage on the top end (more if you get fancy with external arrays), whack it into a APC UPS for another $50, and just run it off your home internet connection. Hang a free domain hame at afraid.org off of it, and run a script on the box to keep the hostname pointed at your dynamic IP if your ISP won't give you a static one on reasonable terms.

afraid.org looks nice - thanks for sharing :)
Spideroak is the dropbox alternative
What's wrong with rsync or Coda or Intermezzo?