The practice of shutting down a service in anticipation of the government showing up and issuing a warrant (whether search- or pen-register, or whatever) shows not merely a lack of guts, but also an incredible lack of imagination. For example, I previously pointed out that there is no longer any real basis for keeping records on the metadata involved in in setting up a telephone call: In 1979, when that Supreme Court case on pen registers was issued, http://en.wikipedia.org/wiki/Smith_v._Maryland , telephone companies 'had to' keep metadata records in order to bill phone calls, including the number called and the time of the call. Today, with 'unlimited' phone service (at least within the US; in some cases around the world) there is no reason that a phone company 'has to' keep those records, and certainly not all of them. Why not x-out the last 3-4-7 digits of the 'called number', since it is not necessary to keep it in order to bill the customer?? (When was the last time most of us received a telephone bill listing the calls we made? If we need to know what number(s) we called, they do not need to include all 3+7 numbers, do they?) Why not omit the duration of the phone call? The justification for these meta-data warrants presumes that the government is subpoenaeing 'business records': So, no longer keep those 'business records'! If the government claims these companies 'must' keep these records, then they are no longer 'business records' within the meaning of Smith v. Maryland: They are purely 'government-compliance records'. Or, encrypt them and only give the decrypt key to the customer, ONCE: In the very unlikely chance that the phone co needs the records (which will never happen, of course), depend on the customer to regurgitate those keys: They will likely have 'lost'/shredded/burned/pulped those keys, right? Jim Bell Syllabus from Smith v. Maryland: "(b) Petitioner in all probability entertained no actual expectation of privacy in the phone numbers he dialed, and even if he did, his expectation was not "legitimate." First, it is doubtful that telephone users in general have any expectation of privacy regarding the numbers they dial, since they typically know that they must convey phone numbers to the telephone company and that the company has facilities for recording this information and does in fact record it for various legitimate business purposes. And petitioner did not demonstrate an expectation of privacy merely by using his home phone rather than some other phone, since his conduct, although perhaps calculated to keep the contents of his conversation private, was not calculated to preserve the privacy of the number he dialed. Second, even if petitioner did harbor some subjective expectation of privacy, this expectation was not one that society is prepared to recognize as "reasonable." When petitioner voluntarily conveyed numerical information to the phone company and "exposed" that information to its equipment in the normal course of business, he assumed the risk that the company would reveal the information [442 U.S. 735, 736] to the police, cf. United States v. Miller, 425 U.S. 435 . Pp. 741-746" My (Bell's) comments follow: A phone company which announces that it WILL NOT record phone metadata gets around this decision, by allowing in its customers the 'reasonable expection of privacy' in their as-dialed phone numbers; or at least it allows the customer to argue that unlike in Smith v. Maryland, he did indeed have an 'actual expectation of privacy' unlike in 1979. Today's customer knows, contrary to any customer in 1979, that his phone company no longer has any 'legitimate business purposes' in keeping phone metadata recorded. Further, 'society' is prepared to to recognize as 'reasonable' any business practice that a phone company may conceivably announce that it will follow, even if it thwarts the desires of government. Unlike in 1979, when there was only one 'phone company' (in a given geographic area), and that phone company was beholden to the government rather than any individual customer, now phone companies have a legitimate motivation to compete on the issue of metadata privacy. ============================= From: grarpamp <grarpamp@gmail.com> To: cypherpunks@cpunks.org Sent: Monday, October 21, 2013 5:19 PM Subject: CryptoSeal shutters, ala: LavaBit Voluntary shutdown beforehand... https://privacy.cryptoseal.com/ http://cryptoseal.com/team/ https://news.ycombinator.com/item?id=6585649 http://arstechnica.com/information-technology/2013/10/cryptoseal-vpn-shuts-d... http://it.slashdot.org/story/13/10/21/2157225/cryptoseal-shuts-down-consumer...