CryptoSeal shutters, ala: LavaBit

Jim Bell jamesdbell8 at yahoo.com
Mon Oct 21 19:49:21 PDT 2013 

    The practice of shutting down a service in anticipation of the government showing up and issuing a warrant (whether search- or pen-register, or whatever) shows not merely a lack of guts, but also an incredible lack of imagination.  For example, I previously pointed out that there is no longer any real basis for keeping records on the metadata involved in in setting up a telephone call:  In 1979, when that Supreme Court case on pen registers was issued,  http://en.wikipedia.org/wiki/Smith_v._Maryland    , telephone companies 'had to' keep metadata records in order to bill phone calls, including the number called and the time of the call.  Today, with 'unlimited' phone service (at least within the US; in some cases around the world) there is no reason that a phone company 'has to' keep those records, and certainly not all of them.  
    Why not x-out the last 3-4-7 digits of the 'called number', since it is not necessary to keep it in order to bill the customer??  (When was the last time most of us received a telephone bill listing the calls we made?  If we need to know what number(s) we called, they do not need to include all 3+7 numbers, do they?)   Why not omit the duration of the phone call?  The justification for these meta-data warrants presumes that the government is subpoenaeing 'business records':  So, no longer keep those 'business records'!  If the government claims these companies 'must' keep these records, then they are no longer 'business records' within the meaning of Smith v. Maryland:  They are purely 'government-compliance records'.  Or, encrypt them and only give the decrypt key to the customer, ONCE:  In the very unlikely chance that the phone co needs the records (which will never happen, of course), depend on the customer to regurgitate those
 keys:  They will likely have 'lost'/shredded/burned/pulped those keys, right?  
    Jim Bell


Syllabus from Smith v. Maryland:

"(b) Petitioner in all probability entertained no actual expectation of 
privacy in the phone numbers he dialed, and even if he did, his 
expectation was not "legitimate." First, it is doubtful that telephone 
users in general have any expectation of privacy regarding the numbers 
they dial, since they typically know that they must convey phone numbers to the telephone company and that the company has facilities for 
recording this information and does in fact record it for various 
legitimate business purposes. And petitioner did not demonstrate an 
expectation of privacy merely by using his home phone rather than some 
other phone, since his conduct, although perhaps calculated to keep the 
contents of his conversation private, was not calculated to preserve the privacy of the number he dialed. Second, even if petitioner did harbor 
some subjective expectation of privacy, this expectation was not one 
that society is prepared to recognize as "reasonable." When petitioner 
voluntarily conveyed numerical information to the phone company and 
"exposed" that information to its equipment in the normal course of 
business, he assumed the risk that the company would reveal the 
information [442 
U.S. 735, 736]    to the police, cf. United States v. Miller, 425 
U.S. 435 . Pp. 741-746" 

My (Bell's) comments follow:
   A phone company which announces that it WILL NOT record phone metadata gets around this decision, by allowing in its customers the 'reasonable expection of privacy' in their as-dialed phone numbers;  or at least it allows the customer to argue that unlike in Smith v. Maryland, he did indeed have an 'actual expectation of privacy' unlike in 1979.  Today's customer knows, contrary to any customer in 1979, that his phone company no longer has any 'legitimate business purposes' in keeping phone metadata recorded.  Further, 'society' is prepared to to recognize as 'reasonable' any business practice that a phone company may conceivably announce that it will follow, even if it thwarts the desires of government.  Unlike in 1979, when there was only one 'phone company' (in a given geographic area), and that phone company was beholden to the government rather than any individual customer, now phone companies have a legitimate motivation to compete on the
 issue of metadata privacy.

=============================

From: grarpamp <grarpamp at gmail.com>
To: cypherpunks at cpunks.org 
Sent: Monday, October 21, 2013 5:19 PM
Subject: CryptoSeal shutters, ala: LavaBit
 

Voluntary shutdown beforehand...

https://privacy.cryptoseal.com/
http://cryptoseal.com/team/
https://news.ycombinator.com/item?id=6585649
http://arstechnica.com/information-technology/2013/10/cryptoseal-vpn-shuts-down-rather-than-risk-nsa-demands-for-crypto-keys/
http://it.slashdot.org/story/13/10/21/2157225/cryptoseal-shuts-down-consumer-vpn-service-to-avoid-fighting-nsa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 7489 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20131021/df64747c/attachment-0001.txt>

More information about the cypherpunks mailing list