February 19, 2018

Archives for October 2013

A Court Order is an Insider Attack

Commentators on the Lavabit case, including the judge himself, have criticized Lavabit for designing its system in a way that resisted court-ordered access to user data. They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access?

The answer is simple but subtle: There are good reasons to protect against insider attacks, and a court order is an insider attack.
[Read more…]

Lavabit and how law enforcement access might be done in the future

The saga of Lavabit, the now-closed “secure” mail provider, is an interesting object of study. They’re in the process of appealing a court order to produce their SSL private keys, with which a government eavesdropper would then have access to the entirety of all traffic going in and out of Lavabit. You can read Lavabit’s appeal brief and a general summary of their legal situation. What jumps out is that Lavabit tried to propose an alternative: giving access exclusively to metadata from the target of the investigation. Lavabit’s proposal:

  • The government would pay $3500 for Lavabit’s development costs and operations
  • The operations would provide a variety of email headers on the subject of the investigation, notably excluding the subject line
  • This surveillance data would be sent in daily batches to the government

It appears that the government wasn’t interested in negotiating this, instead going for the whole enchilada, which then led Lavabit to pull the plug on its service. The question I want to pursue is how this whole situation could have happened in a way that would have satisfied the government’s investigative needs without its flagrant violation of the Fourth Amendment prohibition against unreasonable search and seizure. Consider whether Lavabit might have adopted Google’s legal procedures. Google clearly spells out what they’re willing to divulge with a subpoena, court order, or warrant (and nicely defines each of those terms). In Google’s process, the government brings a written search warrant, Google’s legal team reviews it, and then they provide access to the targeted account, providing notice to the affected user when they’re allowed to. Seems reasonable, right?

If all the government needed was real-time traces of specific subjects, that would seem to be a reasonable point of negotiation between them and Lavabit. For the right price, Lavabit could certainly have engineered a solution to their needs. It appears that there wasn’t any serious attempt at negotiation. The government wanted much more than this, creating the dispute. (The Guardian claims that the government also wasn’t willing to pay $3500, calling it unreasonable. It’s hard to stomach that claim, given all the other expenses involved in a major criminal investigation.)

Lavabit used SSL to protect data in transit, and some other crypto derived from the user’s password to protect data on their hard drives. But when the user logs in, the necessary key material is necessarily available to present the data to the user. While users might be able to use stronger cryptographic means to protect their data against legal warrants (e.g., using Thunderbird with the enigmail OpenPGP plugin), ultimately the lesson of Lavabit is that technology cannot alone solve a legal problem. A future Lavabit needs to have its legal processes sorted out in advance, making reasonable promises to its users and making reasonable access available to the government. Likewise, it’s time for Congress to establish some clear limits on government surveillance to prevent unreasonable search and collection practices in the future.

Government Needs to Embrace the Social Web – Principle #6 for Fostering Civic Engagement Through Digital Technologies

As Rahm Emanuel said, “You never want a serious crisis to go to waste. And what I mean by that – it’s an opportunity to do things you think you could not do before.” The Federal government shutdown has, at least temporarily, shed light on the valuable day-to-day work done by the Federal government and its employees. Now is the time for the Federal government to strengthen the connection between the public and Federal employees. The Federal government should embrace the social web as a part of its employees’ work lives.

To this point open government has generally meant that citizens have the right to access the documents and proceedings of the government to allow for effective public oversight. Open government should include people too. Putting a human face – along with professional contact information and areas of expertise – as a part of Agencies’ public facing websites will facilitate transparency. Employees should have something like a Facebook-lite or more open version of Linked-in, where everyone’s profile is visible. Certainly, there will be limitations. For example, employees with military or law enforcement responsibilities will continue to be largely anonymous. As with e-mail, Agencies will develop oversight mechanisms. Even so, the public and Federal employees should have better access to each other.
[Read more…]