Snowden's Favorite Email Service Returns, With 'Trustful,' 'Cautious,' And 'Paranoid' Modes
Furnished content.
A little more than three years after it shut down to avoid complying with federal prosecutors' demands for its encryption key, Lavabit is returning to life. The secure email system, whose most famous user was Edward Snowden, fought the US government in court over demands to produce the key that would unlock access not only Snowden's emails, but those of every user. Not only did it shut down, but it also memorably delivered a 4-point middle finger to the feds in the middle of the legal battle.With its users' privacy secured -- along with its legacy (Snowden-approved, man-sticking-it-to-itiveness) -- the Lavabit team gave the code to the public and started working on a newer, more secure email platform. As Kim Zetter reports for The Intercept, Lavabit's successor is now live.[Ladar Levinson is] relaunching Lavabit with a new architecture that fixes the SSL problem and includes other privacy-enhancing features as well, such as one that obscures the metadata on emails to prevent government agencies like the NSA and FBI from being able to find out with whom Lavabit users communicate. He’s also announcing plans to roll out end-to-end encryption later this year, which would give users an even more secure way to send email. The "SSL problem" was the weak link the government sought -- the key that would unlock all users' accounts, rather than just the one targeted. With this eliminated, Lavabit's new basic option should be far more resistant to government demands than its earlier version.With the new architecture, Lavabit will no longer be able to hand over its SSL key, because the key is now stored in a hardware security module — a tamper-resistant device that provides a secure enclave for storing keys and performing sensitive functions, like encryption and decryption. Lavabit generates a long passphrase blindly so the company doesn’t know what it is; Lavabit then inserts the key into the device and destroys the passphrase. But if vanilla Lavabit still feels a bit compromisable, there are a couple new tiers of increasing darkness available to users, known as "Cautious" and "Paranoid." (The vanilla tier is "Trustful," which places the security duties completely in Lavabit's hands.) "Cautious" offers end-to-end encryption, with the encryption key being stored in users' devices, but while still using Lavabit's server to transfer the key from device to device. (This will also allow users to recover keys if needed.)"Paranoid" goes even further.Some people who want more security — like activists, journalists, and whistleblowers — might balk at having their key stored on a third-party server. That’s where Paranoid mode comes in. The key for doing end-to-end encryption remains on the user’s device and never goes to Lavabit’s server. But to use another device, the user has to manually move the key to it. And there’s no way to recover the key if the user loses it or deletes it. In all three cases, it will be difficult-to-impossible for governments to demand access to users' communications. Additionally, Lavabit's service will deliberately mangle metadata, making it mostly useless to surveillance agencies engaging in passive collection, as well as to government agencies seeking to obtain these so-called "third party records." This is utilized in all three tiers and is based on Tor's origin/destination obfuscation tactics. The most that can be gleaned from the metadata is the domain sending or receiving the email -- but not both on any single record.Unsurprisingly, Lavabit had little to say on its "responsiveness" to government demands for users' communications, letting the end products speak for themselves. If the internet perceives censorship as damage and routes around it, communications platforms are more frequently coming to the conclusion that government surveillance is just more wreckage to avoided.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 24-Jan-2017
path: /Policy | permalink | edit (requires password)
Arrested Flag Burner Sues Arresting Officers
Furnished content.
Last summer, we brought to you the story of how Bryton Mellott, a young man in Urbana, IL, was arrested for posting a picture of himself burning the American flag on his social media accounts. The story was strange on a variety of levels. First, the law utilized to arrest him, one of many flag-burning prohibitions that exist in laws at the state level, had been declared unconstitutional decades prior to it having ever been enacted. Burning the flag has been codified as a form of protected free speech, no matter how stomach-turning any individual might find it. It was for that reason that the local State's Attorney's office requested that the police let Mellott go and didn't even attempt to bring any kind of charges against him, because they couldn't. The police report also noted that Mellott had been taken in for disorderly conduct, referencing the backlash his actions caused, which is insane. Blaming a victim of threats for receiving those threats as a reaction to protected speech ought to be beneath the common citizen, nevermind those we actually entrust to enforce the law.But perhaps the strangest part of the story, previously un-noted by us in our original post, the impetus for Mellott's arrest was one officer's apparent desperate search to find something for which to arrest him.Mellott’s post was widely shared and had received 200 comments by the following morning. But just 12 hours after his post, Urbana police officers arrested him at his job at Wal-Mart after Mellott’s supervisor called and reported threats made by unknown people against Mellott and the store. Officer Jeremy Hale researched the Illinois flag-desecration statute, found it was still on the books, and decided of his own accord to enforce it. Policing in this country isn't traditionally done in this way. Complaints to a local law enforcement office aren't generally then used to scour the books for some potentially applicable law. For this reason, Mallott is suing the three arresting officers for violating his civil rights.Mellott filed a civil-rights lawsuit late Wednesday in Urbana federal court, claiming the three arresting officers knew or should have known that flag burning has been a protected means of political protest for almost 30 years. He says they violated his civil rights by arresting him. Mellott seeks compensatory damages and a court order that the Illinois flag-desecration statute is unconstitutional. He is represented by Rebecca Glenberg with the Roger Baldwin Foundation of the American Civil Liberties Union.“Open dissent is the highest form of American patriotism,” Mellott said in a statement. “And it was a frightening display of irony that on the Fourth of July, I should be taken from my workplace to sit in a county jail for exercising this liberty.” It's difficult to see how this lawsuit isn't a winner. The Illinois state law is, on its face, flatly unconstitutional. That it was enacted decades after this question was decided says everything about the Illinois legislature and the rise of nationalism nationally and nothing about whether or not it might be remotely legal or enforceable. For Mellott to have been arrested and held for hours in a zealous attempt to punish protected speech, and on Independence Day no less, is about as blatant example of an infringement on the First Amendment of which I can think.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 24-Jan-2017
path: /Policy | permalink | edit (requires password)
|
|