Lavabit Tried Giving The Feds Its SSL Key In 11 Pages Of 4-Point Type; Feds Complained That It Was Illegible
from the kudos-to-ladar dept
We already wrote about the basics of Lavabit's Ladar Levison standing up to the feds, however, the full filing has now been released, and (on top of that), Kevin Poulsen has updated his story with more details, so it's worth digging in a bit. Lavabit was hit with an initial pen register, which it refused, leading to the order to hand over the SSL keys. The new details show that Lavabit explained to the judge that giving up Lavabit's SSL keys wouldn't just let the feds spy on Snowden, but all of Lavabit's customers, and for obvious reasons, the company had a huge problem with that:“The privacy of … Lavabit’s users are at stake,” Lavabit attorney Jesse Binnall told Hilton. “We’re not simply speaking of the target of this investigation. We’re talking about over 400,000 individuals and entities that are users of Lavabit who use this service because they believe their communications are secure. By handing over the keys, the encryption keys in this case, they necessarily become less secure.”And it becomes clear that Levison then was actually willing to abide by the initial pen register, to basically figure out a way to just tap Snowden, but at this point the government was no longer willing to stop there. The government pushed for getting the SSL key, basically promising not to abuse it:
“We can assure the court that the way that this would operate, while the metadata stream would be captured by a device, the device does not download, does not store, no one looks at it,” [Prosecutor James] Trump said. “It filters everything, and at the back end of the filter, we get what we’re required to get under the order.”The judge then made a ruling that should cast a massive chill over anyone setting up private communications services:
“So there’s no agents looking through the 400,000 other bits of information, customers, whatever,” Trump added. “No one looks at that, no one stores it, no one has access to it.”
“All right,” said [Judge Claude] Hilton. “Well, I think that’s reasonable.”
[The government's] clearly entitled to the information that they're seeking and just because you-all have set up a system that makes that difficult, that doesn't in any way lessen the government's right to receive that information just as they could from any telephone company or any other e-mail source that could provide it easily."Yikes. So, even if you set up a secure communication system, this judge says that you have to let the feds wiretap it.
Somewhat amusingly, Lavabit tried to comply "by turning over the private SSL keys as an 11 page printout in 4-point type." The feds complained that "the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data." Poor, poor FBI. The judge has no problem putting a massive burden on Lavabit, but asking the FBI to actually do some data entry is too onerous? Yup. Apparently. The court then ordered Levison to provide a more useful electronic copy, which then resulted in the $5,000/day fine for failing to live up to that, and then the closure of the site.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, ed snowden, fbi, feds, ladar levison, ssl
Companies: lavabit
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
>SSL keys
>keys
>s
More than one bub.
[ link to this | view in chronology ]
Re: Re:
must be a trrrrrist
[ link to this | view in chronology ]
Re:
even 12-point text (regular size) is just over a page long.
i think he did it that way to make it more cumbersome. that is, it's *conceivable* that they could scan a single-page document with a hi-res scanner, blow it up, and then try their luck at deciphering the characters. he probably spread it out over many pages and they weren't numbered, so you don't know which character comes next. plus, it's just a bit more ass-holey. that's my guess.
[ link to this | view in chronology ]
Here's your problem
[ link to this | view in chronology ]
Re: Here's your problem
[ link to this | view in chronology ]
Re: Re: Here's your problem
[ link to this | view in chronology ]
Re: Re: Re: Here's your problem
[ link to this | view in chronology ]
Re: Re: Re: Re: Here's your problem
[ link to this | view in chronology ]
Re: Re: Re: Here's your problem
[ link to this | view in chronology ]
Re: Re: Re: Here's your problem
[ link to this | view in chronology ]
Re: Re: Here's your problem
[ link to this | view in chronology ]
Re: Re: Re: Here's your problem
[ link to this | view in chronology ]
Re: Re: Re: Here's your problem
[ link to this | view in chronology ]
Re: Here's your problem
[ link to this | view in chronology ]
Re: Re: Here's your problem
Altogether now: NSA! NSA! NSA!
[ link to this | view in chronology ]
Re: Here's your problem
Not saying it's "right" to have absolute monarc-I mean slav- err I mean national socialism. Just that it's been established for over a century in the USA that the constitution as much protects the government as it does the citizens, in this republic. Go and openly make threats against that judge just because you disagree and see what happens. You'll be arrested as quickly as you can say "intimidating government official". The fact that the government itself made the decision to give themselves more power is like a kid in a candy store saying they can have more... It's their job and perogative/self-interest to do so. In the long term, you're trading stability, safety, and security for power, though.
Caveat: (USA) Southerner with individualist leanings
[ link to this | view in chronology ]
Talk about deja vu...
�So there�s no agents looking through the 400,000 other bits of information, customers, whatever,� Trump added. �No one looks at that(1), no one stores it(2), no one has access to it(3).�
'No see, just because we could go over all the data, looking for interesting bits of information on people who had nothing to do with our investigation, of course we'd never do something like that, as we've only got authorization to monitor one account, and doing otherwise would be wrong.'
Hmm, now where have I heard that kind of argument before?
(1) Until we get around to it.
(2) Honest, we pinky-swear we'd never store data after saying we wouldn't.
(3) Well, except anyone with access to a computer and enough clearance, or any other agency that would love to get their hands on the data stream as well...
[ link to this | view in chronology ]
Re: Talk about deja vu...
It is obviously that someone looks at the data to at the very least make sure it is collecting the right stuff, that person is the next Snowden portal.
[ link to this | view in chronology ]
Re: Talk about deja vu...
[ link to this | view in chronology ]
Quote:
Retroshare
Maybe someone should contact Groklaw and ask them to do a search for SERVERLESS mail clients, which will allow them to restart Groklaw with more privacy guarantees.
Reddit also is on top of it, following all the developments.
http://www.reddit.com/r/retroshare/
Other options:
ePOST SERVERLESS EMAIL SYSTEM
GNUNet
Bittorrent Chat
FlowingMail
Lavabit founder could contact one of those projects or all of them to see how he could build an email service on top of those anonymous secure platforms in a business like environment, using his servers to just speed up the process instead of handling the encryption and delivery and performing non critical services for clients wink, wink :)
Remember the Napster!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Which is a damn shame, as I found it one of the most useful and informative sites on the entire worldwide web.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
That would be sad, I miss Groklaw.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Government
[ link to this | view in chronology ]
Re: Government
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
"The new 162-page set of documents shows that Lavabit was first served with a �pen register� and "trap and trace device" order, which would require the handover of one of its user�s login details. As Lavabit encrypts those details, that wouldn't have done much good for the government's case. Indeed, Levison told the court in a July 16 hearing that he had "always agreed to the installation of the pen register devices," as they would have yielded almost zero useful data."
� http://arstechnica.com/tech-policy/2013/10/lavabit-defied-order-for-snowdens-login-info-then-govt-as ked-for-sites-ssl-key/
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Judge is right
In other words, US have laws which explicitly allow wiretapping. Nothing extraordinary about it. Remember, this government official gave sword testimony, and judge have no reason to think he's lying. If this official says "we're not looking", what do you thing judge will do, say: "nah, don't believe you"?
That's not how (any) functional government works.
[ link to this | view in chronology ]
Re: Judge is right
[ link to this | view in chronology ]
Re: Judge is right
Liars, people who lie to congress also give sworn testimonies, isn't that glorious.
Is unfortunate that we need to have an entire bureaucracy which its whole purpose is to lie and deceive to conceal its working, but there it is paid and bought with public funds, now you are saying that we should trust professional liars?
[ link to this | view in chronology ]
Re: Re: Judge is right
[ link to this | view in chronology ]
Re: Re: Re: Judge is right
Has this ever appeared on NCIS?
[ link to this | view in chronology ]
Re: Re: Re: Re: Judge is right
[ link to this | view in chronology ]
Re: Re: Re: Re: Judge is right
You know, that book they put their hand on right before they start lying...
[ link to this | view in chronology ]
Re: Judge is right
Moreover, the government has no rights - it has privileges.
[ link to this | view in chronology ]
Re: Judge is right
The government can, through a warrant that specifically targets certain data, force you to hand over that data unencrypted. However, the keys themselves along with the entire data stream is no longer "particularly describing the place to be searched, and the ... things to be siezed."
Basically, the government can demand:
Decryption of sessions carried out with certain target IPs within a certain date range and the seizure of email bearing certain addresses as headers from among that data. Just as they cannot demand a key to your house or the combination of your safe, they also cannot demand SSL keys. They are, however, free to demand that you unlock these things with a properly targeted warranty.
The government will complain that it can't compile the necessary information and thus can't prosecute dangerous criminals. Oh well, the system has never been balanced under the idea of maximal enforcement. American ideals place the rights and protection of innocents above enforcing crimes, except those rights specifically reserved to government and enumerated in the constitution as allowed.
[ link to this | view in chronology ]
typo correction
Should be:
They are, however, free to demand that you unlock these things with a properly targeted warrant.
[ link to this | view in chronology ]
Re: Judge is right
[ link to this | view in chronology ]
Re: Judge is right
As I understand it, there are laws that compel telephone companies to provide a means to easily wiretap telephone calls, but no equivalent law for email.
[ link to this | view in chronology ]
Re: Re: Judge is right
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
'This includes ob'
should be deleted
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
SSL keys are business records. Business records are not all that protected and can be requested without much more than a Subpoena and I'm not that clear if they need that much. Business records tend to get turned over by business without much of a fuss- Just like phone, bank, credit card transaction records...
The really scary thing here is that the NSA seemed to expect them to be turned over. Does that mean other services (Google, Yahoo!, Verizon....) have been honoring these requests? The evidence indicates that the NSA may be storing data going into and out of sites so they don't need to bother with the companies beyond getting a key to read the mail later.
[ link to this | view in chronology ]
Re: Re:
Keys, of any kind, are not records. Further, the word "papers" in the fourth amendment has always included mail and thus naturally extends to email, thus requiring warrants and not subpoenas in at least this instance.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
FWIW A physical key can be represented by a short series of numbers for the depth of the cuts on the key and the blank number. You can get a new car key cut from records easily enough. You could do it with a house key but that record is less likely to be kept.
I'm not agreeing with the logic but this is what is being used.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
I think the logic by which it's considered a "business record" is deeply flawed.
[ link to this | view in chronology ]
Re: Re: Re:
They have been discussing these sorts of privacy problems all week on NPR:All things considered. http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-a mendment-protect-us
[ link to this | view in chronology ]
Re: Re:
Whose bright idea was it to make that classification?
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Where is a scanner w/ OCR when you need one?
[ link to this | view in chronology ]
Re: Where is a scanner w/ OCR when you need one?
[ link to this | view in chronology ]
Re: Where is a scanner w/ OCR when you need one?
[ link to this | view in chronology ]
Re: Re: Where is a scanner w/ OCR when you need one?
[ link to this | view in chronology ]
All of the above companies are known to have provides all US government and many foreign government alphabet soop agencies with backdoors to any and all information.
We have also heard that most of the major back bone teleco companies are also providing equal access.
Translate the one and only major economic bright spot in the world economy has been and is governments' establishment in world wide spy networks on private citizens.
[ link to this | view in chronology ]
Re:
That is not a bright spot, but a parasitic growth, the private citizen pays for all of this spying.
Note any cost and taxes levied on companies get passed up the chain of customers until it arrives at the private citizen.
[ link to this | view in chronology ]
give it to them
[ link to this | view in chronology ]
Re: give it to them
[ link to this | view in chronology ]
Re: give it to them
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Counter argument?
Because there is only one key to the vault where all records are stored, it is difficult to perform this without compromising everything and you have severe misgivings about this in the first place, but if push comes to shove, you are willing to work with them to make that happen.
However, the argument is made that that is not good enough. You must provide access to every record, *including all future records*, and do it in such a way that it is completely unverifiable whether one record, a few records, or all records have been copied, stored, viewed, or shared with other organizations. Would you be satisfied with that ruling or with an unaccountable and unenforceable statement from one person that none of this will ever happen, despite all evidence to the contrary?
1. Would you be willing to trust that organization to this degree?
2. Would your order to "seal" a record have any real meaning at that point?
3. Could the people that come into your court trust any promises of discretion that you made or would you be effectively lying to them?
As a judge, we presume truth matters to you. Yet you are about to force a private company to not only compromise their entire business model, which is founded on trust, but then to lie about it to their customers through silence or denial.
You must decide whether you will cynically and unquestioningly enforce laws that are moving us farther and farther from "the great experiment" in freedom and representative government that are the foundation of this nation, or whether you will push back against this precipitous descent toward a police state founded on lies and lack of government accountability. As part of the judicial branch of government, this is not only your privilege, it is your sworn duty.
[ link to this | view in chronology ]
Re: Counter argument?
Clerics: We put the doctored in doctrine!
[ link to this | view in chronology ]
Then why demand access for it in the first place?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
No it's not. When is it reasonable to say "I need access to item C and only C, so give me items A-Z."?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Govt "right" vs. Govt propensity
If a nation expects to be ignorant and free, in a state of civilization, it expects what never was and never will be. The functionaries of every government have propensities to command at will the liberty & property of their constituents. There is no safe deposit for these but with the people themselves; nor can they be safe with them without information.Where the press is free and every man able to read, all is safe.
Because the government holds your items, whatever they may be, has always meant that those items are not safe nor secure.
[ link to this | view in chronology ]
Re: Re: Govt "right" vs. Govt propensity
What Jefferson is missing there is that every man must not just be able to read, but must actively exercise that skill. The ability is meaningless otherwise.
[ link to this | view in chronology ]
Re: Re: Re: Govt "right" vs. Govt propensity
[ link to this | view in chronology ]
OCR does exist and is quite feasible, so there's a period of a few days? where Lavabit was vulnerable, and not shuttered. This makes me wonder about a plausible deniability effort by Levison, only dealing with the issue when that became infeasible. And only closing when there were financial penalties?
It's still admirable, but that fighting image takes a bit of a knock I think.
[ link to this | view in chronology ]
Re:
Unless you know of some magical new OCR technology then OCR is NOT feasible for this type of job. For it to work with 4pt text the OCR software would be very inaccurate. Modern OCR software uses predictive technologies such as dictionary checking, grammar checking, near-neighbor analysis etc in order to get good results. It expects text within certain size constraints in certain fonts and of a certain quality. A SSL key printed at 4pt might get 30-40% accuracy at best. Then you would have to compare each and every character by hand - that means looking at two separate images to make sure the OCR is correct.
Much quicker to have it blown up and have a typist copy it by hand. A good typist could get 98% or above accuracy at a fair speed - and they would not need to look at two separate images.
Disclaimer: I work on the development of a document management system with OCR capabilities and have studied many OCR technologies as part of my work.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
My main point was about the narrative and period of vulnerability really.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Decentralization is the only answer
It is much better when the only entities who can give access to the information are the sender and the recipient. The incentives align in this case: the only ones who can access the information are also the ones who are interested in protecting it.
Increasing the use of encryption (HTTPS everywhere) is an important first step, but the goal should be to avoid depending on trusted third-parties in the first place.
[ link to this | view in chronology ]
Re: Decentralization is the only answer
[ link to this | view in chronology ]
HSM
Most people do not use a HSM (Hardware Security Module) with SSL/TLS. Without a HSM, you can be forced to provide the key, like happened with Lavabit.
With a HSM, it is next to impossible. The key never leaves the HSM. And the HSM is designed to erase the key if any attempt is made to tamper with it; usually, the key is kept in RAM, and the HSM has a built-in battery. Cut the battery power, lower the temperature (to increase the RAM retention), drill into the case, all these are actions which a high-quality HSM will detect and erase the key.
They would have to either change the key (detectable with the Certificate Patrol browser extension), plug the HSM into their interceptor (which would become a man-in-the-middle attack), or compromise the server. In any of these situations, they still could not decrypt older traffic, even without forward secrecy.
[ link to this | view in chronology ]
Re: HSM
First, they're expensive. A good HSM easily can run into the hundred thousand dollar range. Second, you can only have one server terminating all SSL connections. Since the HSM wont let anyone get the key, then the server with the HSM must be able to handle everyone. Then there's the downtime that occurs if the server or HSM ever breaks. They'd need to get a whole new Cert issued.
The big reason why companies don't use Hardware Security Modules to store their SSL keys is the way that HSMs work. In order to make sure the keys never leave the HSM, the HSM itself decrypts all the data. Something that just isn't feasible when dealing with multiple SSL connections.
[ link to this | view in chronology ]
Re: Re: HSM
It would need sufficient randomness.
It would need tamper resistance.
It would need to be reviewed for exploits.
It would need reliability (might have to use redundant HSM's).
It would need to be less than current HSM's (including TCO).
It would need massive storage and processing power.
It would need overtly-silent tamper evidence.
This would obviously be a very intensive project with lots of security pitfalls. :/
[ link to this | view in chronology ]
Re: HSM
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Valid submission - font size and spacing
A request for sanctions for the lawyer should have 'solved' the font issue.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
I mean, even the Harry Potter scan-a-thon was able to reproduce an electronic copy for 795 pages within 24 hours with relatively small errors.
Now you lazy ass really done it. Instead of putting on a little bit of elbow grease, you get nothing for being lazy.
Life Lessons. :P
[ link to this | view in chronology ]
Re:
That print out qualifies for a 10 out of 10 for for complying without giving them what they wanted.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Sounds reasonable
That sounds reasonable to me. The government does need the right to wire tap potential criminals and threats to the US. What's not reasonable is them doing so without a warrant. That's where the checks and balances are. That's what's wrong with what the NSA is doing.
If law enforcement can show probably cause, they should be allowed to wiretap a "target".
What's scary about this case is that the Judge just let them wiretap 400k people for which they don't have warrants for.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The proper response...
[ link to this | view in chronology ]
Why are we even honoring the premise, let alone the argument
A pity that our liberties are being taken away piecemeal by judges and prosecutors paid for with our own taxes. Who stands for our liberty if the folks we pay taxes to are all on the other side of this constitutional debate ??
[ link to this | view in chronology ]
Judge is absolutely wrong and exceeded his/her mandate
[ link to this | view in chronology ]