The practice of shutting down a service in anticipation of the government showing up and issuing a warrant (whether search- or pen-register, or whatever) shows not merely a lack of guts, but also an incredible lack of imagination. For example, I previously pointed out that there is no longer any real basis for keeping records on the metadata involved in in setting up a telephone call: In 1979, when that Supreme Court case on pen registers was issued,
http://en.wikipedia.org/wiki/Smith_v._Maryland , telephone companies 'had to' keep metadata records in order to bill phone calls, including the number called and the time of the call. Today, with 'unlimited' phone service (at least within the US; in some cases around the world)
there is no reason that a phone company 'has to' keep those records, and certainly not all of them.
Why not x-out the last 3-4-7 digits of the 'called number', since it is not necessary to keep it in order to bill the customer?? (When was the last time most of us received a telephone bill listing the calls we made? If we need to know what number(s) we called, they do not need to include all 3+7 numbers, do they?) Why not omit the duration of the phone call? The justification for these meta-data warrants presumes that the government is subpoenaeing 'business records': So, no longer keep those 'business records'! If the government claims these companies 'must' keep these records, then they are no longer 'business records' within the meaning of Smith v. Maryland: They are purely 'government-compliance records'. Or, encrypt them and only give the decrypt
key to the customer, ONCE: In the very unlikely chance that the phone co needs the records (which will never happen, of course), depend on the customer to regurgitate those keys: They will likely have 'lost'/shredded/burned/pulped those keys, right?
Jim Bell
Syllabus from Smith v. Maryland:
"(b) Petitioner in all probability entertained no actual expectation of
privacy in the phone numbers he dialed, and even if he did, his
expectation was not "legitimate." First, it is doubtful that telephone
users in general have any expectation of privacy regarding the numbers
they dial, since they typically know that they must convey phone numbers
to the telephone company and that the company has facilities for
recording this information and does in fact record it for various
legitimate business purposes. And petitioner did not demonstrate an
expectation of privacy merely by using his home phone rather than some
other phone, since his conduct, although perhaps calculated to keep the
contents of his conversation private, was not calculated to preserve the
privacy of the number he dialed. Second, even if petitioner did harbor
some subjective expectation of privacy, this expectation was not one
that society is prepared to recognize as "reasonable." When petitioner
voluntarily conveyed numerical information to the phone company and
"exposed" that information to its equipment in the normal course of
business, he assumed the risk that the company would reveal the
information
[442
U.S. 735, 736]
to the police, cf. United States v. Miller,
425
U.S. 435
. Pp. 741-746"
My (Bell's) comments follow:
A phone company which announces that it WILL NOT record phone metadata gets around this decision, by allowing in its customers the 'reasonable expection of privacy' in their as-dialed phone numbers; or at least it allows the customer to argue that unlike in Smith v. Maryland, he did indeed have an 'actual expectation of privacy' unlike in 1979. Today's customer knows, contrary to any customer in 1979, that his phone company no longer has any 'legitimate business purposes' in keeping phone metadata recorded. Further, 'society' is prepared to to recognize as
'reasonable' any business practice that a phone company may conceivably announce that it will follow, even if it thwarts the desires of government. Unlike in 1979, when there was only one 'phone company' (in a given geographic area), and that phone company was beholden to the government rather than any individual customer, now phone companies have a legitimate motivation to compete on the issue of metadata privacy.
=============================
From: grarpamp <grarpamp@gmail.com>
To: cypherpunks@cpunks.org
Sent: Monday, October 21, 2013 5:19 PM
Subject: CryptoSeal shutters, ala: LavaBit