dslreports logo
site
spacer

spacer

spacer




how-to block ads


story category
Docs Detail Lavabit's Battle Against the Government
by Karl Bode 10:32AM Thursday Oct 03 2013
You'll recall that back in August Lavabit, the secure e-mail provider used by NSA whistleblower Edward Snowden, announced they were shutting down operations while ambiguously blaming Uncle Sam. At the time, Lavabit founder Ladar Levison stated his choice was either to be "complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit." He obviously chose the latter, but offered no hard details.

Those details are now available via freshly unsealed documents. Those documents show Lavabit engaged in a four-month fight with the government, getting hit initially with a pen register the company refused, resulting in an order to hand over the SSL keys. After months of wrangling Levinson handed over the keys -- as an 11 page printout in 4-point type:
quote:
In an interesting work-around, Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type. The government, not unreasonably, called the printout “illegible." "To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors wrote.
By August 6, Levison was threatened with fines of $5,000 per day unless he turned over a more useful electronic copy of the keys. On August 8, Lavabit closed operations. Lavabit, still under a gag order (the likes of which Google has been fighting) has since been focused on an online fundraising drive to finance an appeal to the 4th Circuit.

view:
topics flat nest 

TAZ

@qwest.net

How lazy

"To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors wrote.

Oh, no, that's a real shame, they'd have to do actual work for it.

MOWAA

join:2010-03-25
Fort Lauderdale, FL

Re: How lazy

Do we need any more reasons to nuke our own government and just start over... this is just getting to the point life on planet earth isn't worth fighting for..

Whens the next asteroid strike?
rebus9

join:2002-03-26
Tampa Bay
Reviews:
·Verizon FiOS
·Bright House
said by TAZ :

"To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors wrote.

Oh, no, that's a real shame, they'd have to do actual work for it.

Yeah, it's a real hardship for the FBI.

Two people working on it-- one with a strong magnifying glass or microscope calling out each character, and another person poking them on a keyboard-- would take about 45 minutes @ 1 character per second. 90 minutes at 1 character every 2 seconds. They could have the whole thing done before their boss gets back from lunch.

No, this was just another way for the FBI to harrass the innocent.
talz13

join:2006-03-15
Avon, OH

Lazy much?

Apparently they don't have a scanner with OCR?

delusion ftl

@comcast.net

Re: Lazy much?

11 pages of a 4 point font even for a nice scanner and top OCR would almost certainly produce errors, which would entail agents having to pour over the whole key anyways, so i'm not sure if it would save time.
openbox9
Premium
join:2004-01-26
Germany
kudos:2

Re: Lazy much?

Much better to pay three secretaries minimum wage for a day to enter the characters and then compare the three documents to identify/correct errors. Done.
toejam

join:2013-06-14
San Jose, CA

Seems like he complied with their request

Thats funny! Kind of like paying your taxes in pennies (which they probably wont accept).
nullfield
Premium
join:2007-07-17

Re: Seems like he complied with their request

They might but they don't have to do so.

»www.treasury.gov/resource-center···der.aspx

Probitas

@teksavvy.com

Pure win.

Awesome response. He complied with the order, then closed shop. Way to stick it to Da Man!

RetroMUFC
Center Forward

join:2003-02-05
Bethel, NC

Re: Pure win.

Except he eventually lost his business. He did the ethical thing and he had no choice.
--

I bleed the red of Manchester

goalieskates
Premium
join:2004-09-12
land of big

Good for Levison.

In the end, he set an example for the rest of us. Giving in to bullies never makes them go away for long.
CXM_Splicer
Looking at the bigger picture
Premium
join:2011-08-11
NYC
kudos:2

Well, good news sort of.

I tend to agree with something crookshanks said recently... and this tends to back it up. If they are demanding the SSL keys, I think it highly unlikely that they have a backdoor or exploit that let's them crack the encryption; at least not very easily.

Uncle Paul

join:2003-02-04
USA
kudos:1

Re: Well, good news sort of.

A lot of times it's not a backdoor into the encryption (except ECC), but rather a known.. undisclosed weakness in a product's implementation of the encryption. Typically that's the difference between FIPS certified and FIPS compliant.

firephoto
We the people
Premium
join:2003-03-18
Brewster, WA
said by CXM_Splicer:

I tend to agree with something crookshanks said recently... and this tends to back it up. If they are demanding the SSL keys, I think it highly unlikely that they have a backdoor or exploit that let's them crack the encryption; at least not very easily.

This is the FBI. They need to publicly put on the image of seeking information via the normal channels. They pressed the issue hard with lavabit, they knew there was something there and needed to do an actual court visible capture of that data for any possible trial. They can't just put down some print outs of emails then say they got them from an anon source or from an agency that is not allowed to have communications between US citizens.

Also by having the keys it allows them to fully explore what's there in a way that would allow replication and creation of data that they know couldn't be refuted reliably because of it's private and encrypted nature. This is why public statements, public communications, especially in real time is the most powerful tool against an oppressive government.
--
Say no to astroturfing. go to their profile, start ignoring posts and ignoring what's not true.
CXM_Splicer
Looking at the bigger picture
Premium
join:2011-08-11
NYC
kudos:2

Re: Well, good news sort of.

So you think SSL is fairly easy for them to 'break'?

firephoto
We the people
Premium
join:2003-03-18
Brewster, WA

Re: Well, good news sort of.

Variations of it? yes. They have their fingers in the methods of creating the keys which weakens everything but people can if they want make actual secure keys if they make the effort and spend the time. Where time is money, quicker methods prevail and some players in the hardware industry have solutions for faster key creation but there seems to be a hidden cost associated with those.

Trust is earned.
--
Say no to astroturfing. go to their profile, start ignoring posts and ignoring what's not true.
travisdh1

join:2007-10-20
Wooster, OH

Going Galt

Gotta love it.

tlylework

@steadfastdns.net

Intersting

I always find it interesting how people will use the line if you got nothing to hide then it should be no big deal, but I find it curious how the government hides nearly everything in classified or Top Secret documents.

Interesting isn't it? Shouldn't the same logic apply to our gubment?
openbox9
Premium
join:2004-01-26
Germany
kudos:2

Re: Intersting

The government doesn't say it doesn't have things to hide. They admit they're hiding things.

wepaidforit

@qwest.net

Isn't there an intern that can type?

So the US government can build 5 billion dollar data centers to house our "intercepted" data- but they refuse to type in 2500 characters in an SSL key? Seriously, this is absolute garbage - the government surely has thousands of lackeys that make 100k plus a year and live in the suburbs of DC in 800k shacks.

I am happy that he gave them the key in printed format -- he complied with their wishes to hand over private keys, but they refused to transcribe the key into usable format(did you want the info or not?). I am also happy he brought up the fact they he complied to monitor just the user in questions email, but not the entire systems email -- I have said this so many times, as why does every american have to be treated like a terrorist, when we only have to target the "real" terrorists. I can't imagine how much money we would save as a country of tax payers, if we only targeted the "real" terrorists, and not every single american. The way our US Government is operating today, is of a tyrant or bully - we didn't get to vote on a Patriot Act, we didn't get to vote on this Healthcare Act -- we supposedly have Reps and Senators that are supposed to voice our opinion to the federal government. Where were your senators and reps when we had these bills shoved down our throat? Where are they when these bills turn into monsters and are still rammed down the peoples throats to accept?

At this point in my life, I have lost complete faith in the system that was developed for this country, and how it has eroded into a system that goes against our Bill of Rights and Constitutional right to allow politicians and corporations to do as they please. Of course, the silver lining is that these actions are going to lead to eventual reactions by the people.
sonicmerlin

join:2009-05-24
Cleveland, OH
kudos:1

Re: Isn't there an intern that can type?

The healthcare act was passed by a supermajority... Wth are you talking about?
scooper

join:2000-07-11
Youngsville, NC
kudos:2

Re: Isn't there an intern that can type?

Yes - passed by a supermajority that didn't read what they were passing and are now trying to shutdown the government to kill it. If it was THAT fricking important - they should have took their time to go through it properly, instead of this "shutdown the government" crap

Twaddle

@charter.com

Letter of the Law-Two can play this

Kudos to this man for his sacrifice. Just because its inconvenient to process 11 pages of 4 point font does not make it illegible. If that were the case I could say that the govt correspondence with me is illegible because I have issues with reading their 8 point font. It seems its only illegible if it impacts "the man" I wonder what the demand letter said specifically as to the makeup of the document. If it just said to provide an electronic copy then he fulfilled it. Another reason to clean house of the chancres that have invade the govt.
CXM_Splicer
Looking at the bigger picture
Premium
join:2011-08-11
NYC
kudos:2

Re: Letter of the Law-Two can play this

When they complained about it being illegible, he should have sent them another copy in 750 point... one character per page. If they were out of order it was probably the FBI that did it

steve1515
Premium
join:2000-08-07
Peabody, MA

Privacy

I may not have anything to hide, but I don't live a public lifestyle. What I do is nobody's business unless I want to tell someone. I value my privacy. The government needs to stay out of our lives.

steve1515
Premium
join:2000-08-07
Peabody, MA

Government Screws the People

This is really a good example of how the government has caused people to lose their jobs. I applaud Lavabit for sticking to their values.
openbox9
Premium
join:2004-01-26
Germany
kudos:2

Re: Government Screws the People

said by steve1515:

This is really a good example of how the government has caused people to lose their jobs.

How so?

steve1515
Premium
join:2000-08-07
Peabody, MA

Re: Government Screws the People


said by openbox9:

How so?

Lavabit closed down.
openbox9
Premium
join:2004-01-26
Germany
kudos:2

Re: Government Screws the People

By its own choice.

steve1515
Premium
join:2000-08-07
Peabody, MA

Re: Government Screws the People

said by openbox9:

By its own choice.

The point I was trying to make is that they were basically forced to go against their core values. The government shouldn't do this to people. We are supposed to be free. That's that makes (or used to make) this country great.
openbox9
Premium
join:2004-01-26
Germany
kudos:2

Re: Government Screws the People

I'm ok with your point, until you add job loss to the mix.

cableties
Premium
join:2005-01-27

Should have used a Xerox...

... if you recall that bug that added incorrect numbers on the scan...

»abcnews.go.com/Technology/xerox-···19895331


--
Splat
nutcr0cker

join:2003-04-02
Chandler, AZ
kudos:2

I feel so much safe now

I feel so much safe that all my emails are being read and all my conversations being monitored. I have nothing to hide. Be patriotic reject the freedom
CXM_Splicer
Looking at the bigger picture
Premium
join:2011-08-11
NYC
kudos:2

Re: I feel so much safe now

I like that!!

'Be a TRUE Patriot... Throw Away your Freedom!!'

I want the bumper-sticker.
scooper

join:2000-07-11
Youngsville, NC
kudos:2

deleted

deleted

batterup
I Can Not Tell A Lie.
Premium
join:2003-02-06
Netcong, NJ

Lavabit, the secure e-mail provider used by NSA whistleblowe

I had a nerd shack account. See I know things.
Vote Boss in 16.