Lavabit was forced to close down in August 2013, after being forced to disclose classified documents.
Sigh!
No it was not. They where forced to hand over the private server keys, which is much more significant than "disclosing some classified documents" and so Mr. Levison decided to shut it down.
It may be just a pet peevee of mine, but can't journalists do some minimal research before writing about a subject?
The article is meant for non tech people, why should the journalist go into such details? You may also consider the server's private key a "classified document", by the way.
Yep, in the german version it says "Anfang des Jahres verklagte die US-Regierung Lavabit auf Herausgabe ihrer SSL-Schlüssel und gewann den Prozess." So there they wrote about the correct technical details.
It's worth remembering that he was forced to shut it down because he designed it in a way that made it not just possible but inevitable that the DOJ would eventually get a court order for keys.
There is no transition in the investigative state machine for "data relevant to our investigation to which we are lawfully entitled exists and is available to us, BUT we will not retrieve it because doing so would be invasive to other members of the service". It's possible --- we could do some research --- that that transition exists in the state machines of no western government at all. Knowing that: if it's feasible to obtain information from a secure message service, eventually, the courts will mandate its retrieval.
As of 2014, there is a fundamental tradeoff that we know for a fact exists: you can design an encrypted mail service that is trivial for users to adopt, or you can design an encrypted mail service that meaningfully resists judicial power. You can't do both.
Yes, you can design an encryption tool that's both trivial to adopt, and resist judicial power at the same time. And this is exactly what I'm doing now:
It's an end-to-end voice encryption device using Diffie-Hellman protocol for completely-distributed key exchange, so the keys never leave the box and there's no way we can hand over any key, or traffic, to the authorities.
The user interface of JackPair is minimal; it's connected with any phone and headset through standard 3.5 mm audio jack. All you need to do is to press the button on it to set up secure line over established phone calls. It's zero configuration with no software to install, no service subscription, and it works with any phone you already have.
FYI, based on previous discussion, by "trivial to adopt" he means "you can use it in your current browser and in a new browser if you remember your password." Which is reasonable, but I totally see why you think your own solution fits your own definition of "trivial to adopt." Domains are a bit different.
I see you plan to publish the source -- do you have a way that someone can verify what is running on their device, such as using common components so they can load the code themselves, or maybe a version that runs as installed software on a desktop computer? (This wouldn't be as convenient, but it could provide safety to the ecosystem if it could detect hostile clients.)
EDIT I wonder how much computational power it would take for an attacker to do a man-in-the-middle attack that recognizes each side saying "the code is 123" and change the voice to say "the code is 456."
Got your point on "trivial to adopt". I didn't see discussions w.r.t. browser here.
It's a good idea to find ways for users to verify what's running on the device. Right now, the USB port on JackPair is only for user to re-charge battery. We can open it up for user to load the code themselves, but this will also make it vulnerable for USB hacks. Any suggestions here?
The encryption software of JackPair can be run on PC, except for the assembly optimization for our ARM cortex M3 based DSP core. It's ok to verify software this way; it'll be open sourced anyway. But I'm not convinced that average users can make sure their PC or smart phone secure enough to run JackPair as pure software solution.
For MitM human voice mimicking, in additional to computing power, it'll take a large database with perfect voice samples, and manual adjustment & training so far:
Levison d e l i b e r a t e l y chose a model that amounted to key escrow because the alternatives all involved users installing software, and thus killing user adoption. He deliberately escrowed keys to his users, providing the illusion of security in exchange for market penetration.
Nerds are great at baring their fangs when someone overtly suggests escrow keys. But they're terrible at spotting designs where key escrow is an emergent property rather than a goal.
If you trust a provider from Switzerland, be mindful that you also trust the Swiss state: Since 2002 all communication providers are forced to keep a log of all communication flowing over their pipes and hand that out to the authorities on request. Reading the law, I think this isn't just metadata (which would be bad enough) but actual data too. Also, data needs to be kept for up to 30 years.
Now granted, our authorities are way less heavy handed in their approach than the various US agencies, but still, if you don't trust the Swiss government (btw: lately not willing to stand up to US demands), you should not, by any means trust any Swiss company to handle data for you.
One should also know that the Swiss government has always been collaborating with the US agencies. We even have our own Echelon [1]. Don't trust anyone, crypt your data.
Huh, permanent full-data logging seems pretty onerous even just from a technical perspective. Does a cloud provider like Exoscale really have to keep a copy of everything that ever touches their cloud? That'd be some pretty massive data warehousing.
Don't worry. The government is working on building a warehouse to alleviate them of that burden. They'll just forward all data to the government-run data warehouse. Free of charge! ;-)
Though it appears to be booming, virtually every country these days does similar things to the NSA and the US, usually less effectively but possibly less snowdened so you can't tell; it's also possible that some countries might simply pass everything on to the US as well. Basically you are picking between varying and possibly unknown evils.
While it is true that the threat from governments and criminals is nearly universal to some extent, you are missing the fact that the US has orders of magnitude more spying capabilities than other countries. A limited budget limits capabilities in ways that don't scale linearly. Some countries are far below the threshold of implementing any of the pervasive monitoring and analysis programs the NSA has got.
What the article does not mention is, that in Germany every email provider with more than 10.000 customers is by law (TKÜV) required to install technical equipment, that enables authorities to access all stored telecommunication data of a person put under surveillance. The access happens automatic and does not require further interaction with staff of the email provider.
It is even worse, as the same law extends to internet providers as well. Some people argue that this effectively is a government controlled man-in-the-middle infrastructure.
The problem with Lavabit was not primarily the jurisdiction in which it operated.
The primary problem is an architecture where keys are held on third party servers and cryptographic code is secured only with an https connection.
We need to design our services to be robust and transparent in hostile jurisdictions rather than resting on the relatively weak privacy assurances of nation states.
Exactly. Protect user privacy with zero-knowledge architecture, not with geography. The article was discussing the merits of German and Swiss privacy laws - which compared to the US' are better for our service.
Eh. Relying on simple geography in an age where everything is connected seems beyond daft.
I've been trying to navigate away from a reliance on US-based services, but at the same time I'd much prefer to move over to a service that didn't have any data to hand over rather than trust Switzerland, Germany or any other country not to just suck that data up themselves.
27 comments
[ 3.3 ms ] story [ 70.6 ms ] threadNo it was not. They where forced to hand over the private server keys, which is much more significant than "disclosing some classified documents" and so Mr. Levison decided to shut it down.
It may be just a pet peevee of mine, but can't journalists do some minimal research before writing about a subject?
You're correct; the original is rather accurate.
Chalk it up to sloppy translation :)
There is no transition in the investigative state machine for "data relevant to our investigation to which we are lawfully entitled exists and is available to us, BUT we will not retrieve it because doing so would be invasive to other members of the service". It's possible --- we could do some research --- that that transition exists in the state machines of no western government at all. Knowing that: if it's feasible to obtain information from a secure message service, eventually, the courts will mandate its retrieval.
As of 2014, there is a fundamental tradeoff that we know for a fact exists: you can design an encrypted mail service that is trivial for users to adopt, or you can design an encrypted mail service that meaningfully resists judicial power. You can't do both.
https://www.kickstarter.com/projects/620001568/jackpair-safe...
It's an end-to-end voice encryption device using Diffie-Hellman protocol for completely-distributed key exchange, so the keys never leave the box and there's no way we can hand over any key, or traffic, to the authorities.
The user interface of JackPair is minimal; it's connected with any phone and headset through standard 3.5 mm audio jack. All you need to do is to press the button on it to set up secure line over established phone calls. It's zero configuration with no software to install, no service subscription, and it works with any phone you already have.
I see you plan to publish the source -- do you have a way that someone can verify what is running on their device, such as using common components so they can load the code themselves, or maybe a version that runs as installed software on a desktop computer? (This wouldn't be as convenient, but it could provide safety to the ecosystem if it could detect hostile clients.)
EDIT I wonder how much computational power it would take for an attacker to do a man-in-the-middle attack that recognizes each side saying "the code is 123" and change the voice to say "the code is 456."
It's a good idea to find ways for users to verify what's running on the device. Right now, the USB port on JackPair is only for user to re-charge battery. We can open it up for user to load the code themselves, but this will also make it vulnerable for USB hacks. Any suggestions here?
The encryption software of JackPair can be run on PC, except for the assembly optimization for our ARM cortex M3 based DSP core. It's ok to verify software this way; it'll be open sourced anyway. But I'm not convinced that average users can make sure their PC or smart phone secure enough to run JackPair as pure software solution.
For MitM human voice mimicking, in additional to computing power, it'll take a large database with perfect voice samples, and manual adjustment & training so far:
http://dsp.stackexchange.com/questions/7833/how-to-mimic-cop...
BTW, the Pairing Code in JackPair is 10 digits long, the 3-digit code you see in the GIF animation is for illustration purpose.
Nerds are great at baring their fangs when someone overtly suggests escrow keys. But they're terrible at spotting designs where key escrow is an emergent property rather than a goal.
Now granted, our authorities are way less heavy handed in their approach than the various US agencies, but still, if you don't trust the Swiss government (btw: lately not willing to stand up to US demands), you should not, by any means trust any Swiss company to handle data for you.
If you read german, here's the law: http://www.ejpd.admin.ch/content/dam/data/sicherheit/gesetzg...
http://en.wikipedia.org/wiki/Onyx_(interception_system)
NSA Backdoors in Crypto AG Ciphering Machines https://www.schneier.com/blog/archives/2008/01/nsa_backdoors...
They don't need to implement their own, they can just subscribe to the Monitoring as a Service program the NSA offers...
It is even worse, as the same law extends to internet providers as well. Some people argue that this effectively is a government controlled man-in-the-middle infrastructure.
The primary problem is an architecture where keys are held on third party servers and cryptographic code is secured only with an https connection.
We need to design our services to be robust and transparent in hostile jurisdictions rather than resting on the relatively weak privacy assurances of nation states.
I've been trying to navigate away from a reliance on US-based services, but at the same time I'd much prefer to move over to a service that didn't have any data to hand over rather than trust Switzerland, Germany or any other country not to just suck that data up themselves.