April 20, 2014

avatar

Silk Road, Lavabit, and the Limits of Crypto

Yesterday we saw two stories that illustrate the limits of cryptography as a shield against government. In San Francisco, police arrested a man alleged to be Dread Pirate Roberts (DPR), the operator of online drug market Silk Road. And in Alexandria, Virginia, a court unsealed documents revealing the tussle between the government and secure email provider Lavabit.

Silk Road was essentially the eBay of illegal drugs. Silk Road was operated as a Tor hidden service, meaning that it was very difficult to determine where the servers were located; and payments were handled via Bitcoin, which also provides some degree of anonymity. DPR bragged that Silk Road eliminated the violent turf wars that are endemic in face-to-face drug markets, because the technology made it practically impossible for one seller to track down another. It was all arms-length, protected by crypto.

But things didn’t work out so neatly for DPR. According to the criminal complaint, he twice contracted for the killing of Silk Road participants, one a participant who was blackmailing him and the other an employee who had cheated him. Fortunately neither killing was carried out, although DPR apparently paid for both, having been tricked into believing that they had been carried out.

Crypto also failed to protect DPR from being tracked down, probably because of failures in his operational security, such as using accounts linkable to his real name to promote Silk Road early in its development. Reading the documents, one senses that some significant details of are still being withheld.

Is this a failure of crypto? Yes and no. While it’s true that Silk Road is now shut down and the alleged DPR is in custody, it’s also true that Silk Road stayed up for a long time and processed hundreds of millions of dollars worth of transactions, and that DPR eluded identification for a long time. The lesson is that crypto can make it much harder for investigators to unravel an operation—but not impossible.

The other story concerns Lavabit, a secure email provider used by Edward Snowden, among many others. Lavabit relied on crypto to protect its users’ emails.

On August 8, 2013, owner Ladar Levison shut down Lavabit, saying that staying in business would have forced Lavabit to choose between defying the law and betraying its users. Further details were part of a sealed court proceeding.

Yesterday the court unsealed the documents, so we now have a better idea of what happened. The court ordered Lavabit to turn over metadata (to, from, size, date/time information) on all of the email of an unspecified account (presumably Snowden’s). Lavabit had refused, and prosecutors responded by asking the court to order Lavabit to disclose Lavabit’s primary private key—which would give the government the ability to spy on every single Lavabit user. The court granted this request. After some gamesmanship—which got Lavabit fined for contempt of court—Lavabit shut itself down, making the private key disclosure moot.

The court clearly felt that Lavabit had not taken its previous orders seriously enough—and judges tend to get aggressive with parties who they feel are defying the court’s authority. If it were only Lavabit’s own security that was at stake, this would look like a case of a judge getting fed up with Lavabit, and Lavabit paying the consequences.

But here it was the interests of Lavabit’s users that were impacted by the court’s order. And those users could not make an argument against the order because the case was secret. One suspects that the privacy interests of 400,000 users were undermined because the judge was mad at Lavabit.

In making his order, the judge said this:

[The] government’s clearly entitled to the information that they’re seeking, and just because you-all have set up a system that makes that difficult, that doesn’t in any way lessen the government’s right to receive that information just as they could from any telephone company or any other e-mail source that could provide it easily”.

I was surprised that a court would go so far as to order Lavabit to turn over the security crown jewels. Turning over this information would have put Lavabit in a position of essentially lying to its users about security. While it’s true that Lavabit might have headed this off by being more cooperative earlier, when only the Snowden account was at issue, this chain of events only serves to undermine users’ trust in U.S.-based technology providers. Lavabit shut down rather than lie to its users, but that’s more than most providers would have done.

Comments

  1. Jim says:

    Just FYI of a typo:

    “one senses that some significant details of are still being withheld.”

    • Anonymous says:

      DPR’s identity was uncovered using traditional investigative techniques. It had nothing to do with Crypto.

  2. PJ says:

    “that doesn’t in any way lessen the government’s right to receive that information…”

    Strange that a judge would talk in terms of a government’s “rights”. Governments do not have rights; they have power. I suppose it would sound a bit crude to say in effect that government will beat you up until you submit, which is maybe why such a euphemism was used.

    The moral of the story seems to be, if you are any kind of internet provider, the first thing you should do upon government contact is devise a way to destroy all your key material. If it is destroyed, they can’t get it… although they still can throw you in a cage for fun. The second moral of the story is that internet providers of any service in the US should live outside the US.

    Anyway people will learn from this event and adjust, as they usually do.

  3. Harry Johnston says:

    The NY times story says that Lavabit agreed to give access to Snowden’s account but the Government insisted on being given the master keys instead, so that they could see Snowden’s activity in real-time.

    http://www.nytimes.com/2013/10/03/us/snowdens-e-mail-provider-discusses-pressure-from-fbi-to-disclose-data.html?pagewanted=1&_r=0&hp

  4. paul says:

    Rubber-hose cryptanalysis.

  5. Nicholas Weaver says:

    It really is an open question “HOW” the FBI identified the silk road server which was imaged by in-country law enforcement. Its clear that a lot of the evidence linking Mr Ulbricht to (the then current) DPR in the NY complaint was based on forensic evaluation of the captured server (e.g. the StackOverflow account, the VPN account), and all the crimes listed and charged are directly based on contents of the captured server. And there is a lot of detail about what was found on the Silk Road servers, including accounting information, communication logs, etc in the NY complaint.

    Thus my suspicion is “hack the server”: get a warrant to “Install a CIPAV on the server identified at …”, hack it, and have it phone home to the FBI.

    Nicolas Christin suspects flipped-insider (the “Employee” in the MD indictment), although I disagree.

    In either case, this has to come out in court: there are going to be a LOT of drug busts based on this, and at least one defense attorney, looking at mandatory minimums, is going to not tolerate magic evidence like the identification of the Silk Road server.