wired computer threat
Paper instructions:
140 WORDS ON ”WHAT WILL BE A GOOD MORAL THING TO DO WITH THE UTILITARIAN APPROACH”
ARTICLE:

“My fear is that they won’t address the substantive argument about whether the government can get these keys,” Lavabit founder Ladar Levison told WIRED after the hearing.

The case began in June, when Texas-based Lavabit was served with a “pen register” order requiring it to give the government a live feed of the email activity on a particular account. The feed would include metadata like the “from” and “to” lines on every message, and the IP addresses used to access the mailbox.

Because pen register orders provide only metadata, they can be obtained without probable cause that the target has committed a crime. But in this case the court filings suggest strongly that the target was indicted NSA-leaker Edward Snowden, Lavabit’s most famous user.

Levison resisted the order on the grounds that he couldn’t comply without reprogramming the elaborate encryption system he’d built to protect his users’ privacy. He eventually relented and offered to gather up the email metadata and transmit it to the government after 60 days. Later he offered to engineer a faster solution. But by then, weeks had passed, and the FBI was determined to get what it wanted directly and in real time.

So in July it served Levison with a search warrant striking at the Achilles heel of his system: the private SSL key that would allow the FBI to decrypt traffic to and from the site, and collect Snowden’s metadata directly. The government promised it wouldn’t use the key to spy on Lavabit’s other 400,000 users, which the key would technically enable them to do.

The FBI attached a Carnivore-like monitoring system at Lavabit’s upstream provider in anticipation of getting the key, but Levison continued to resist, and even flew from Texas to Virginia to unsuccessfully challenge the order before U.S. District Judge Claude Hilton.

Levison turned over the keys as a nearly illegible computer printout in 4-point type. In early August, Hilton – who once served on the top-secret FISA court – ordered Levison again to provide them in the industry-standard electronic format, and began fining him $5,000 a day for noncompliance. After two days, Levison complied, but then immediately shuttered Lavabit altogether. Levison is appealing the contempt order.

The SSL key is a small file of inestimable importance for the integrity of a website and the privacy of its users. In the wrong hands, it would allow malefactors to impersonate a website, or, more relevantly in this case, permit snoops to eavesdrop on traffic to and from the site. Levison says he was concerned that once the government had his SSL key, it would obtain more secret warrants to spy on his users, and he would have no opportunity to review or potentially challenge those warrants.

“The problem I had is that the government’s interpretation of what’s legal and what isn’t is currently at its apex, in terms of authority and scope,” Levison says. “My concern is that they could get a warrant – maybe a classified warrant – that I wouldn’t even have knowledge of, much less the opportunity to object to … My responsibility was to ensure that everybody else’s privacy was protected.”

That was Levison’s thinking even before Snowden’s revelations showed us how pervasive and ambitious the NSA’s internet monitoring has become.

The judges in last week’s 4th Circuit hearing, though, weren’t interested in hearing about encryption keys. At one point, Judge Paul Niemeyer apologetically interrupted Levison’s attorney as soon as raised the subject, and made it clear that he accepted the government’s position that the FBI was only going to use the key to spy on the user targeted by the pen register order.

“The encryption key comes in only after your client is refusing to give them the unencrypted data,” Niemeyer said. “They don’t want the key as an object. They want this data with respect to a target that they’re investigating. And it seems to me that that’s all this case is about and its been blown out of proportion by all these contentions that the government is seeking keys to access others people’s data and so forth.”

“There was never an order to provide keys until later on, when [Levison] resisted,” Niemeyer added later in the hearing. “Even then, the government was authorized to use the key only with respect to a particular target.”

On that last point, Judge Niemeyer is mistaken. Neither the July 16 search warrant nor the August 5 order imposing sanctions placed any restrictions on what the government could do with the key. Without such a protective order, there are no barriers to the FBI handing the key over to the NSA, says a former senior Justice Department attorney, speaking to WIRED on condition of anonymity.

“You sometimes see limitations, or what’s referred to as minimization procedures: The government can only use this for the following purpose. There’s nothing like that here,” says the former official. “I’d say this is a very broad order. Nothing in it would prevent the government from sharing that key with intelligence services.”

 

 

 
The FBI’s relationship with the NSA is close – the FBI receives 1,000 tips a year from the NSA’s bulk telephone metadata collection; the bureau’s Data Intercept Technology Unit in Quantico, Virginia channels PRISM data to NSA headquarters in Ft. Meade from Silicon Valley. Presumably the two agencies are even closer on the matter that brought the FBI to Lavabit.

By shutting down Lavabit, Levison obviously thwarted prospective surveillance efforts. But we know – again, thanks to Snowden – that the agency sometimes collects encrypted data that it can’t crack, in the hope of getting the key later.

“We know from the minimization rules that are out that if they collect encrypted information they’re allowed to keep it indefinitely,” says Jennifer Granick, Director of Civil Liberties at the Stanford Center for Internet and Society. “That’s exactly why the Lavabit case is so important.”

If NSA did collect Lavabit traffic, users who checked their email using Safari or Internet Explorer are theoretically compromised now. That’s because Lavabit failed to preference the full suite of encryption algorithms that provide “perfect forward secrecy,” which generates a temporary key for every session, making both passive eavesdropping and retrospective cryptanalysis unlikely. Firefox and Chrome users should not be similarly vulnerable.

If it wasn’t collecting Lavabit traffic already, it’s safe to assume the NSA began doing so when Snowden revealed himself as the NSA leaker in early June.

The NSA could not legally target U.S. citizens or legal residents without first getting a specific warrant from the Foreign Intelligence Surveillance Court. But non-U.S. Lavabit users would be fair game.

Levison flew back to Texas on Friday to await the 4th Circuit’s ruling and continue work on his new initiative: a surveillance-resistant email infrastructure called Dark Mail. He notes that one possible – even likely – outcome of the case is that the appeals court rules against him on a technicality. Some of his lawyer’s arguments weren’t clearly raised below in front of Judge Hilton. The court could find that those arguments are forfeit now, and leave the substantive issues undecided.

Pragmatically, that could be the best outcome, given the panel’s hostility to the encryption question and its faith in the government’s honesty. But Levison would prefer to lose on the substantive issue and continue the fight all the way to the Supreme Court. If the 4th Circuit doesn’t decide one way or the other, other U.S. internet companies won’t know where they stand when the government comes for their keys. The cloud of distrust that’s gathered over U.S. companies in the contrail of the NSA revelations will grow even darker.

“It’ll leave this issue completely in limbo, with no end in sight,” Levison says. “So how is the industry going to handle that? They’ll have to wait years for somebody else to come along who’s willing to stand up and say, ‘no,’ and take the government back to court.”

ORDER THIS ESSAY HERE NOW AND GET A DISCOUNT !!!