Nov 11, 2013
As the federal government continues to dominate every form of America’s communications, Lavabit, an encrypted email service provider that once delivered NSA leaker Edward Snowden‘s secure emails, defies a Department of Justice demand to turnover its encryption key for secure users by closing shop. As the feds latest privacy target the secure email provider shuttered operations rather than give up the encryption codes to its 400,000 subscribers, as Lavabit’s founder, Ladar Levison, made the difficult financial decision based on ethical concerns for his clients.
To watch the San Diego 6 News TV segment click here: http://www.sandiego6.com/story/lavabit-shuts-down-20131110
Lavabit first gained the government’s attention in May after the National Security Agency scandal revealed the scope of government snooping. According to court documents, the feds charge that Lavabit must turnover sensitive security codes under alleged, but unproven, violations of the Espionage Act and theft of government property.
The Texas-based company fought efforts by the government to disclose confidential information in the ensuing months of Snowden’s revelations, but by mid-summer the federal prosecutors sought to hold the company owner, Levison in contempt for not cooperating with a government investigation. The search warrant revealed that the government demanded “all information necessary to decrypt communications sent to or from the Lavabit e-mail account [redacted] including encryption keys and SSL keys.”
At a court hearing, federal prosecutor James Trump told the judge Lavabit was being less than cooperative and as a result the government wanted to find out why. “Anything done by Mr. Levison in terms of writing code or whatever, we have to trust Mr. Levison that we have gotten the information that we were entitled to get since June 28th. He’s had every opportunity to propose solutions to come up with ways to address his concerns and he simply hasn’t.”
Long story short, the government won. “The government’s clearly entitled to the information that they’re seeking, and just because you-all have set up a system that makes that difficult, that doesn’t in any way lessen the government’s right to receive that information just as they could from any telephone company or any other e-mail source that could provide it easily,” Federal Judge Claude Hilton ruled.
That court ruling put into motion a plan that Levison said he made in the presence of his attorney that he would rather than shutter his companythan sellout his clients.
“I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit,” he explained. On top of that a virtual gag order was placed on the case forcing the young entrepreneur to carefully construct his response to the media. “We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.”
Levison explained the situation the best he could; “This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
Levison is now faced with the threat of arrest and a $5,000 a day fine for not turning over Lavabit’s private keys that would effectively give the government complete control of his network.
USA Freedom Act seeks to revamp the USA Patriot Act
Privacy-driven politicians have reenergized their efforts to make changes to the intrusive Patriot Act.
Congressman Justin Amash (R-MI), who nearly orchestrated a surprise repeal of the Patriot Act’s most controversial provisions in July (it narrowly failed a 205-217 vote), has joined with bipartisan lawmakers to introduce comprehensive legislation to rein in the federal government’s overbroad surveillance of Americans.
The USA FREEDOM Act, H.R. 3361, reforms parts of the USA PATRIOT Act that Mr. Snowden’s NSA leaks claim are used to collect the metadata of Americans’ telephone and Internet activities. Amash joined Rep. Jim Sensenbrenner (R-WI), Rep. John Conyers (D-MI), Rep. Zoe Lofgren (D-CA), and more than 100 cosponsors in the House. And Senate Judiciary Committee Chairman Patrick Leahy (D-VT) introduced the companion bill in the Senate.
“The days of unfettered spying on the American people are numbered. This is the bill the public has been waiting for. We now have legislation that ceases the government’s unconstitutional surveillance. I am confident that Americans and their representatives will rally behind it,” said Amash.
The proposed legislation’s name “USA Freedom Act” was chosen for a specific reason, according to Will Adams, a spokesperson for Amash. He explained that the bill is seeking to give American’s freedom from the Patriot Act’s mass surveillance provisions.
First and foremost the Freedom Act seeks to end the government’s blanket collection of Americans’ records. Second, it increases the transparency of government surveillance. If passed by both houses of Congress and signed by the president, it would limit the use of secrecy by requiring FISA court opinions to be made available to all congressmen with summaries of the opinions for the public.
Other notable highlights modify gag orders on telecommunications companies so companies can provide customers additional information about government surveillance. Perhaps two of the most interesting provisions are the creation of a Special Advocate to argue on behalf of Americans’ privacy before the FISA court, and, a Privacy and Civil Liberties Oversight Board with subpoena powers.
Ironically the Freedom Act has the support of the Patriot Act author Rep. Jim Sensenbrenner (R-WIS). After a dozen years of mass “collection of a wide array of data on innocent Americans has led to serious questions about how government will use—or misuse—such information,” he said.
“The time is now for serious and meaningful reform. We are committed to working with lawmakers on both sides of the aisle to get this done so we can restore confidence in our intelligence community and protect the privacy rights of our citizens,” Democrat Pat Leahy and Sensenbrenner said in a joint statement.
“The legislation introduced today by Sen. Leahy and Rep. Sensenbrenner is a true reform bill that rejects the false and dangerous notion that privacy and our fundamental freedoms are incompatible with security,” said Michelle Richardson, legislative counsel at the ACLU’s Washington Legislative Office.
Currently, the USA FREEDOM Act has more than 100 cosponsors in the House and Senate as well as dozens of allies including the American Civil Liberties Union, the National Rifle Association, the Project on Government Oversight, several technology companies including Microsoft, Apple, Yahoo, Facebook, AOL, Google, LinkedIn and Mozilla.
Even establishment Democrat Senator Dianne Feinstein, chairperson of the Senate Intel Committee, recognized changes are needed.
“The threats we face — from terrorism, proliferation and cyber attack, among others — are real, and they will continue,” Feinstein clarified. “Intelligence is necessary to protect our national and economic security, as well as to stop attacks against our friends and allies around the world.”
While the bill’s fate remains uncertain, several privacy groups and some lawmakers remain skeptical.
Senator Mark Udall, (D-CO) said last month that he opposed Feinstein’s measure, claiming it doesn’t do enough to contain the government’s ability to spy on everyday Americans.
“The NSA’s ongoing, invasive surveillance of Americans’ private information does not respect our constitutional values and needs fundamental reform – not incidental changes.” Udall said.
The Impending Legal Issues
A statement from Electronic Frontier Foundation really clarifies what is at stake for America’s privacy moving forward.
“Federal law enforcement officers compromised the backbone of the Internet and violated the Fourth Amendment when they demanded private encryption keys from the email provider Lavabit, the Electronic Frontier Foundation (EFF) argues in a brief submitted Thursday afternoon to the US Court of Appeals for the Fourth Circuit. In the amicus brief, EFF asks the panel to overturn a contempt-of-court finding against Lavabit and its owner Ladar Levison for resisting a government subpoena and search warrant that would have put the private communications and data of Lavabit’s 400,000 customers at risk of exposure to the government.
For nearly two decades, secure Internet communication has relied on HTTPS, a encryption system in which there are two keys: A public key that anyone can use to encrypt communications to a service provider, and a private key that only the service provider can use to decrypt the messages.
In July, the Department of Justice demanded Lavabit’s private key—first with a subpoena, then with a search warrant. Although the government was investigating a single user, having access to the private key means the government would have the power to read all of Lavabit’s customers’ communications. The target of the investigation has not been named, but journalists have noted that the requests came shortly after reports that NSA whistleblower Edward Snowden used a Lavabit email account to communicate.
“Obtaining a warrant for a service’s private key is no different than obtaining a warrant to search all the houses in a city to find the papers of one suspect,” EFF Senior Staff Attorney Jennifer Lynch said. “This case represents an unprecedented use of subpoena power, with the government claiming it can compel a disclosure that would, in one fell swoop, expose the communications of every single one of Lavabit’s users to government scrutiny.”
EFF’s concerns reach beyond this individual case, since the integrity of HTTPS is employed almost universally over the Internet, including in commercial, medical and financial transactions.
“When a private key has been discovered or disclosed to another party, all users’ past and future communications are compromised,” EFF Staff Technologist Dan Auerbach said. “If this was Facebook’s private key, having it would mean unfettered access to the personal information of 20 percent of the earth’s population. A private key not only protects communications on a given service; it also protects passwords, credit card information and a user’s search engine query terms.”
Initially, Levison resisted the government request. In response, a district court found Lavabit in contempt of court and levied a $5,000-per-day fine until the company complied. After Levison was forced to turn over Lavabit’s key, the certificate authority GoDaddy revoked the key per standard protocol, rendering the secure site effectively unavailable to users.
Since Lavabit’s business model is founded in protecting privacy, Levison shut down the service when it no longer could guarantee security to its customers.
“The government’s request to Lavabit not only disrupts the security model on which the Internet depends, but also violates our Constitutional protections against unreasonable searches and seizures,” EFF Staff Attorney Hanni Fakhoury said. “By effectively destroying Lavabit’s legitimate business model when it complied with the subpoena, the action was unreasonably burdensome and violated the Fourth Amendment.”
A New “Dark Mail” Alliance Takes Root
According to PC World, “Metadata is one of the big weak points of secure email communications, since you cannot hide it from a third-party observing Internet traffic—a fact highlighted this summer when leaks about the National Security Agency’s surveillance activities started coming to light. The core Dark Mail ideal is that even if law enforcement forced a service provider to hand over its users’ communications, all the company could hand over would be unintelligible junk. Like other encryption schemes, only the recipient with the proper decryption keys would be able to read the message.”
Looking ahead, Levison and fellow encrypted email firm Silent Circle are working together to create an open-source protocol. “The Dark Mail protocol would encourage software providers to build Dark Mail capabilities into email clients, and that in turn will make using encrypted communication as seamless as using Gmail or Outlook.com is now. Current efforts to encrypt the body of email messages requires at least a modicum of technical knowledge and a willingness to troubleshoot potential set-up problems,” according to PC World.
Silent Circle President Philip Zimmermann told RT they have a great deal of interest from potential customers.
This new alliance has given way to Silent Circle and Lavabit building and encrypting the new Dark Mail Alliance. The founders’ would like to create a new open-source tool that provides “end-to-end encryption capabilities” for any email service. The dynamic duo anticipates the new service to come online in 2014.
Finally, American’s stand at the proverbial fork in the road, one leads to an expansion of the police state in an effort to “protect” the masses and the other ratifies American commitment to liberty and limitations on government. At this point it could go either way.
Email Kimberly: Kimberly.firstname.lastname@example.org
Link to story on San Diego 6 News: http://www.sandiego6.com/story/Kimberly_Dvorak-20130915
Past breaking news story: http://www.examiner.com/article/did-cia-and-state-department-run-illegal-arms-trafficking-benghazi-1
© Copyright 2013 Kimberly Dvorak All Rights Reserved.