CryptoSeal shutters, ala: LavaBit

Jim Bell jamesdbell8 at yahoo.com
Mon Oct 21 20:54:11 PDT 2013 

On Mon, Oct 21, 2013 at 9:49 PM, Jim Bell <jamesdbell8 at yahoo.com> wrote:

>>     The practice of shutting down a service in anticipation of the
>> government showing up and issuing a warrant (whether search- or
>> pen-register, or whatever) shows not merely a lack of guts, but also an
>> incredible lack of imagination.  For example, I previously pointed out that
>> there is no longer any real basis for keeping records on the metadata
>> involved in in setting up a telephone call:

>So how do you propose that a provider perform SSL without keeping
>their private cert? And how should they respond when a court *orders*
>them to allow law enforcement or other agencies to install sniffers on
>their network? That's essentially what Lavabit faced.

They should respond by saying, "You, Federal Judge, do not have the legal authority to order me/the company to ASSIST in the task, at most you can require me to ALLOW it; Further, you do not have the authority to order me/the company to not speak of the existence of the warrant:  See the First Amendment to the US Constitution".  Traditionally, there were two kinds of warrants:  'Search' (allow authorities to perform a search) and 'arrest' (find a person and stop him and take him into custody).  No secrecy was necessary with either 'search' nor 'arrest warrants'. 
  'Wiretap' and 'pen-register' warrants came into being when phone companies were closely regulated by the government, and they didn't have a sufficient motivation to defend the rights of their company and/or customers. They also did not have the motivation to challenge any order of secrecy they would have been under:  The government has an enormous burden to try to justify any violation of a person's/company's First Amendment right.  The mere fact that it would be very useful to keep the victim of a warrant unaware of a wiretap/pen-register warrant doesn't rise to the level of justification to violate the freedom of speech of the person or company on which the warrant is served.  The only reason we don't automatically assume that such rights do not exist in such cases is that for too long, phone companies were negligent in defending the rights of their customers.  This led courts to conclude that they had the power to require phone companies to
 keep silent:  The issue simply was never litigated.
  In both of these cases, the companies were not motivated to defend their rights to inform the victims of these warrants of the existence of that violation of their privacy.  I argue that now and in the future, all such companies should react as if they are in no way required to comply with any 'warrant' except that is specifically allowed in law. "Is there a law which requires a company to disclose a private SSL certification"?  No?!?  Then, "We challenge this with a lawsuit:  We have already served the intended victim of the warrant.  Here is the copy for the court".   They can initiate what's referred to as an 'interlocutory appeal', which would take weeks or months, and they can serve it on the victim of the warrant, making him part of the case and making the warrant rather useless.  In other words, if they wanted to fight it, they could do so quite easily.  Set it up so that a foreign lawyer, one outside the jurisdiction of the judge,
 informs the victim.  Play hardball, and moreover, make sure that the government knows you're going to play hardball,and that the information WILL get into the hands of the person to be tapped, in an unproveable fashion.  In court, force the government to argue that the victim of the warrant cannot be brought into the case as a necessary party.

>Also: it's easy to accuse someone of lacking guts or imagination, but
>I don't think any of these folks are shutting down services and even
>businesses without serious consideration of the costs involved -
>financial and otherwise.

The problem is that while they are aware of the costs to themselves, they arent' paying sufficient attention to the costs to the people to whom the warrant is directed.
Also, you didn't address my point about phone companies deliberately avoiding keeping phone metadata, to ensure that it cannot be subpoenaed.  It is that kind of 'imagination' that everybody needs to start using.
             Jim Bell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5404 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20131021/4f3b42e2/attachment-0001.txt>

More information about the cypherpunks mailing list