Commentators on the Lavabit case, including the judge himself, have criticized Lavabit for designing its system in a way that resisted court-ordered access to user data. They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access? The answer is simple but subtle: There are […]
Lavabit and how law enforcement access might be done in the future
October 14, 2013 by
The saga of Lavabit, the now-closed “secure” mail provider, is an interesting object of study. They’re in the process of appealing a court order to produce their SSL private keys, with which a government eavesdropper would then have access to the entirety of all traffic going in and out of Lavabit. You can read Lavabit’s […]
Silk Road, Lavabit, and the Limits of Crypto
October 3, 2013 by
Yesterday we saw two stories that illustrate the limits of cryptography as a shield against government. In San Francisco, police arrested a man alleged to be Dread Pirate Roberts (DPR), the operator of online drug market Silk Road. And in Alexandria, Virginia, a court unsealed documents revealing the tussle between the government and secure email […]
Senate Judiciary Testimony: FISA Oversight
October 2, 2013 by
I testified today at a Senate Judiciary committee hearing on Oversight of the Foreign Intelligence Surveillance Act. Here is the written testimony I submitted.
The Debian OpenSSL Bug: Backdoor or Security Accident?
September 20, 2013 by
On Monday, Ed wrote about Software Transparency, the idea that software is more resistant to intentional backdoors (and unintentional security vulnerabilities) if the process used to create it is transparent. Elements of software transparency include the availability of source code and the ability to read or contribute to a project’s issue tracker or internal developer […]
