Ask HN: What to watch out for when building a service like Lavabit?
From what I understand, Lavabit ran into problems because they wanted to fight some fight with the US government. In the service that I'm planning to build, I will just give up whatever information a legal entity wants when they ask for it in a legal way. The idea is, if your emails are all encrypted, you should have no problem with me giving people encrypted copies.
The above doesn't sound very smart, so I figure others should have thought of it already, so I must be missing out on something. What should I be afraid of?
PS: I don't want to be exposed yet, so wanted to use a throwaway account, but a new account would need to wait a while (I'm not sure how long) before it can submit. Guessing that there is nothing bad in just discussing this, I'm going ahead and submit it under my real account.
3 comments
[ 3.9 ms ] story [ 15.3 ms ] threadLavabit owner said, that he cannot do that and if they want he can grant access to the specific users that they require. They wanted more, took this to court and guess what .. they won.
He was under court order not to disclose anything and was fined 1000 usd per day until he provide the keys.
Eventually he did, but he gave them 11 printed pages of 4size words of the key.
Anyway ... that is the story.
You problem will be that you need to create something secure. If you comply with something like this, then it is not secure. Someone is listening to all of your users. So, if you fall under US juristiction or i would assume EU, a simple warrant might suffice for you to grant them all access betraying your users. Have in mind that you being in another country and having your servers based in US does not really save you. Best option hide in an african country and create your servers there. Good luck !
Is it unreasonable not to give up a key that I don't have?