Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged Lavabit

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Redaction error reveals FBI did target Lavabit to spy on Edward Snowden | Technology | ... - 0 views

www.theguardian.com/...dar-lavabit-spy-edward-snowden

surveillance state NSA Lavabit Snowden litigation

shared by Paul Merrell on 21 Mar 16 - No Cached
  • A redaction oversight by the US government has finally confirmed that the Federal Bureau of Investigation’s targeting of secure email service Lavabit was used specifically to spy on Edward Snowden. Ladar Levison, creator of the email service, which was founded on a basis of private communications secured by encryption and had 410,000 users, was served a sealed order in 2013 forcing him to aid the FBI in its surveillance of Snowden. Levison was ordered to install a surveillance package on his company’s servers and later to turn over Lavabit’s encryption keys so that it would give the FBI the ability to read the most secure messages that the company offered. He was also ordered not to disclose the fact to third-parties. After 38 days of legal fighting, a court appearance, subpoena, appeals and being found in contempt of court, Levison abruptly shuttered Lavabit citing government interference and stating that he would not become “complicit in crimes against the American people”.
  • We now know that reports of Snowden’s use of Lavabit for his secure communications were true and that, as most presumed, the reason the FBI drove Lavabit into closure was to surveil the leaker of the NSA files. Documents obtained from the federal court were published by transparency organisation Cryptome, as noted by Wired’s Kim Zetter, revealing that “Ed_Snowden@lavabit.com” was the intended target of the action against Lavabit. The documents were released after legal action from Levison, who has been fighting in an attempt to lift himself from his order of silence and reveal what really happened. A motion filed in December prompted the court to order the release of files within the case, specifically with the identity of the subscriber redacted. As the documents show, that didn’t happen. Snowden’s email address was left unredacted, and while Levison is still under order not to reveal who the FBI was after, the redaction error has confirmed Snowden as the target.
Gary Edwards

Pandora Internet Radio - Listen to Free Music You'll Love - 0 views

www.pandora.com/...1484167889615808438

Edward-Snowden Lavabit

shared by Gary Edwards on 10 Aug 13 - No Cached
  • Gary Edwards on 10 Aug 13
     
    Bye bye encryption :( It's incredible to think this could happen in America. Marbux and I recently signed up for lavabit accounts, hoping to use the PGP encryption. And we knew uber patriot Edward Snowden had used Lavabit. Yet, it didn't occur to us that the Feds would shut demand their information and shut them down. We are fools. We take our freedom for granted and expect the Constitution to be upheld and adhered to. It's the law of the land, and no entity, public or private, can trump the law of the land. Yet, here we are. Totally trumped. No longer free. I feel like someone so used to the passing of night into day and back again, my freedom so caught up within the rhythms of the seasons and the passing of time that I am unable to see that it's become night time and darkness everywhere. There will be no return to sunlight unless we make it so. And the Guardian has it right: Cloud Computing will grind to a halt in the USSA. excerpt: "On Thursday afternoon, Ladar Levison, the owner and operator of Lavabit, an email service that prides itself on privacy and security, abruptly closed his website, posting a short message to his former users. "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit," he wrote. "After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot." Levison might be gagged by the law, but it's not hard to guess at least part of the reason why his site is having legal troubles. In early July, journalists and human rights activists received an email from edsnowden@lavabit.com, inviting them to a press conference in Moscow's Sheremetyevo airport. Given the NSA leaker's understandable desire for security, it is not surprising that Edward Snowden would use a service designed for keeping messages out of prying hand
Paul Merrell

Lavabit To Release Code As Open Source, As It Creates Dark Mail Alliance To Create Even... - 0 views

www.techdirt.com/...surveillance-proof-email.shtml

surveillance state NSA Dark Mail Alliance NSA-blowback

shared by Paul Merrell on 31 Oct 13 - No Cached
  • This whole morning, while all these stories of the NSA hacking directly into Google and Yahoo's network have been popping up, I've been at the Inbox Love conference, all about the future of email. The "keynote" that just concluded, was Ladar Levison from Lavabit (with an assist from Mike Janke from Silent Circle), talking about the just announced Dark Mail Alliance, between Lavabit and Silent Circle -- the other "security" focused communications company who shut down its email offering after Lavabit was forced to shut down. Levison joked that they went with "Dark Mail" because "Black Mail" might have negative connotations. Perhaps just as interesting, Levison is going to be releasing the Lavabit source code (and doing a Kickstarter project to support this), with the hope that many others can set up their own secure email using Lavabit's code, combined with the new Dark Mail Alliance secure technology which will be available next year. As noted, the Alliance is working on trying to create truly secure and surveillance-proof email. Of course, nothing is ever 100% surveillance proof -- and both members of the alliance have previously claimed that it was almost impossible to do surveillance-proof email. However, they're claiming they've had a "breakthrough" that will help.
  • The newly developed technology has been designed to look just like ordinary email, with an interface that includes all the usual folders—inbox, sent mail, and drafts. But where it differs is that it will automatically deploy peer-to-peer encryption, so that users of the Dark Mail technology will be able to communicate securely. The encryption, based on a Silent Circle instant messaging protocol called SCIMP, will apply to both content and metadata of the message and attachments. And the secret keys generated to encrypt the communications will be ephemeral, meaning they are deleted after each exchange of messages. For the NSA and similar surveillance agencies across the world, it will sound like a nightmare. The technology will thwart attempts to sift emails directly from Internet cables as part of so-called “upstream” collection programs and limit the ability to collect messages directly from Internet companies through court orders. Covertly monitoring encrypted Dark Mail emails would likely have to be done by deploying Trojan spyware on a targeted user. If every email provider in the world adopted this technology for all their users, it would render dragnet interception of email messages and email metadata virtually impossible.
  • Importantly, they're not asking everyone to just trust them to be secure -- even though both companies have the right pedigree to deserve some level of trust. Instead, they're going to release the source code for public scrutiny and audits, and they're hoping that other email providers will join the alliance. At the conference, Levison recounted much of what's happened over the last few months (with quite a bit of humor), joking about how he tried to be "nice" in giving the feds Lavabit's private keys printed out, by noting that he included line numbers to help (leaving unsaid that this would make OCR'ing the keys even more difficult). He also admitted that giving them the paper version was really just a way to buy time to shut down Lavabit.
  • ...1 more annotation...
  • Janke came up on stage to talk about the importance of changing the 40-year-old architecture of email, because it's just not designed for secure communications. The hope is that as many other email providers as possible will join the Alliance and that this new setup becomes the de facto standard for end-to-end secure email, which is where Levison's open sourcing of his code gets more interesting. In theory, if it all works out, it could be a lot easier for lots of companies to set up their own "dark mail" email providers. Either way, I would imagine that this development can't make the NSA all that happy.
  • Paul Merrell on 31 Oct 13
     
    Oh, Goody!
Gary Edwards

E-mail's Big Privacy Problem: Q&A With Silent Circle Co-Founder Phil Zimmerma... - 1 views

www.forbes.com/...cle-co-founder-phil-zimmermann

privacy surveillance state NSA-Patriot-Act-NDAA NSA-Whistleblower Surveillance-Partnership Edward-Snowden

shared by Gary Edwards on 11 Aug 13 - No Cached
  • Customers of Silent Circle’s encrypted mail service got an unfortunate surprise on Friday: all their messages had been deleted. The management  of Silent Circle, an encryption firm that specializes in smartphone communication, abruptly shut down their e-mail service yesterday, saying they were pre-empting the U.S. government from forcing them to hand over customer data. While they were confident they could protect text messages, voice calls and video calls, e-mail had always been less secure because it relied on standard Internet protocols. Yesterday’s catalyst was a competitor, Lavabit, whose founder announced he was shutting his email-hosting company down due to an apparent government investigation, and told Forbes on Friday: “If you knew what I knew about e-mail, you might not use it.” Edward Snowden had been a Lavabit user.
  • Phil Zimmermann, the inventor of popular email encryption service Pretty Good Privacy (PGP) and co-founder of Silent Circle, told us even he was using e-mail less and less, and relying more heavily on mobile messaging services in the quest for privacy. He also explained the gnawing problem of Silent Circle’s e-mail service and why the company was now planning to put servers in Switzerland. Read the full Q&A with Zimmermann below, and you can read Kashmir Hill’s interview with Lavabit’s founder here.
  • Gary Edwards on 11 Aug 13
     
    Good interview with Phil Zimmerman, the inventor of PGP, and founder of Silent Circle eMail Service.  Which is being shut down because of the what the Feds did to LavaBit. What concerns me most about this illegal and systematic invasion of privacy is the massive potential for blackmail and extortion.  Think of what the IRS illegally did to tens of millions of Americans, targeting them because of their religious and political views, and seeking volumes of highly personal information far beyond reasonable requirements.   What happens when the politicians in power start using the IRS and NSA for political purposes - like what we just saw in the 2012 elections? When I was working on the wiki-Word and SurDoc projects, we were very concerned about having our documents and designs hosted or passing through competitor (Microsoft and Google) servers and email systems.  At the time I thought I was just being paranoid.  Now we know differently.  We had every reason to be concerned.
Paul Merrell

Judges Poised to Hand U.S. Spies the Keys to the Internet | Threat Level | Wired.com - 0 views

www.wired.com/...courtint

surveillance state FBI NSA Lavabit litigation

shared by Paul Merrell on 04 Feb 14 - No Cached
  • How does the NSA get the private crypto keys that allow it to bulk eavesdrop on some email providers and social networking sites? It’s one of the mysteries yet unanswered by the Edward Snowden leaks. But we know that so-called SSL keys are prized by the NSA – understandably, since one tiny 256 byte key can expose millions of people to intelligence collection. And we know that the agency has a specialized group that collects such keys by hook or by crook. That’s about it. Which is why the appellate court challenge pitting encrypted email provider Lavabit against the Justice Department is so important: It’s the only publicly documented case where a district judge has ordered an internet company to hand over its SSL key to the U.S. government — in this case, the FBI. If the practice — which may well have happened in secret before — is given the imprimatur of the U.S. 4th Circuit Court of Appeals, it opens a new avenue for U.S. spies to expand their surveillance against users of U.S. internet services like Gmail and Dropbox. Since the FBI is known to work hand in hand with intelligence agencies, it potentially turns the judiciary into an arm of the NSA’s Key Recovery Service. Call it COURTINT. Oral arguments in the Lavabit appeal were heard by a three-judge panel in Richmond, Virginia last week. The audio (.mp3) is available online (and PC World covered it from the courtroom). It’s clear that the judges weren’t much interested in the full implications of Lavabit’s crypto key breach, which one of the judges termed “a red herring.”
Paul Merrell

Faced With The Security State, Groklaw Opts Out | Popehat - 0 views

www.popehat.com/...ecurity-state-groklaw-opts-out

surveillance state NSA NSA-blowback Groklaw

shared by Paul Merrell on 21 Aug 13 - No Cached
  • For ten years Pamela Jones has run Groklaw, a site collecting, discussing, and explaining legal developments of interest to the open-source software community. Her efforts have, justifiably, won many awards. She's done now.
  • That's not why she's stopping. Pamela Jones is ending Groklaw because she can't trust her government. She's ending it because, in the post-9/11 era, there's no viable and reliable way to assure that our email won't be read by the state — because she can't confidently communicate privately with her readers and tipsters and subjects and friends and family.
  • In making this choice, Jones echoes the words of Lavar Levison, who shut down his encrypted email service Lavabit. Levison said he was doing so rather than "become complicit in crimes against the American people": “I’m taking a break from email,” said Levison. “If you knew what I know about email, you might not use it either.” Lavabit was joined by encryption provider Silent Circle:
  • ...2 more annotations...
  • The extent of NSA surveillance is unknown, but what little we see is deeply unsettling. What our government says about it can't be believed; the government uses deliberately misleading language or outright lies about the scope of surveillance. So I don't blame Pamela Jones or question her decision. It's not the only way. I don't think it's my way, yet — though I am having some very concerned conversations about whether it's safe, or even ethical, to have confidential attorney-client communications by email.
  • I hope that Pamela's decision will arouse the interest, or attention, or outrage, of a few more people, who will in turn talk and write and advocate to get more people involved. Groklaw was a great resource; citizens will care that it's gone. (The government and its minions won't.) Pamela's choice will likely be met with the usual arguments: the government doesn't care about your emails. If you have nothing to hide you have nothing to worry about. This is about protecting us from terrorist attacks, not about snooping into Americans' communications. Don't you remember 9/11? I tire of responding to those. Let me offer one response that applies to all of them: I don't trust my government, I don't trust the people who work for my government, and I believe that the evidence suggests that it's irrational to offer such trust.
Paul Merrell

N.S.A. Able to Foil Basic Safeguards of Privacy on Web - NYTimes.com - 1 views

www.nytimes.com/...-much-internet-encryption.html

surveillance state NSA GCHQ NSA-capabilities

shared by Paul Merrell on 06 Sep 13 - No Cached
Gary Edwards liked it
  • The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
  • The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.
  • The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
  • ...11 more annotations...
  • “For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
  • Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth-generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network.
  • For at least three years, one document says, GCHQ, almost certainly in collaboration with the N.S.A., has been looking for ways into protected traffic of popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document. (Google denied giving any government access and said it had no evidence its systems had been breached).
  • Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip. “And they went and did it anyway, without telling anyone,” Mr. Kocher said. He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information.
  • The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus on GCHQ but include thousands from or about the N.S.A. Intelligence officials asked The Times and ProPublica not to publish this article, saying it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful privacy tools.
  • The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June. “Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.
  • Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.
  • At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.
  • Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method. Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology and later by the International Organization for Standardization, which has 163 countries as members. Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.” “Eventually, N.S.A. became the sole editor,” the memo says.
  • But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence. A 2010 document calls for “a new approach for opportunistic decryption, rather than targeted.” By that year, a Bullrun briefing document claims that the agency had developed “groundbreaking capabilities” against encrypted Web chats and phone calls. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum.
  • Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
  • Paul Merrell on 06 Sep 13
     
    Lengthy article, lots of new information on NSA decryption capabilities, none of it good for those who value their data privacy.
  • Gary Edwards on 06 Sep 13
     
    Thanks Paul - nice job cutting this monster down to size :)
Paul Merrell

NSA Spying Inspires ProtonMail 'End-to-End' Encrypted Email Service | NDTV Gadgets - 0 views

gadgets.ndtv.com/...encrypted-email-service-526769

surveillance state secure-email ProtonMail

shared by Paul Merrell on 20 May 14 - No Cached
  • ne new email service promising "end-to-end" encryption launched on Friday, and others are being developed while major services such as Google Gmail and Yahoo Mail have stepped up security measures.A major catalyst for email encryption were revelations about widespread online surveillance in documents leaked by Edward Snowden, the former National Security Agency contractor."A lot of people were upset with those revelations, and that coalesced into this effort," said Jason Stockman, a co-developer of ProtonMail, a new encrypted email service which launched Friday with collaboration of scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN.Stockman said ProtonMail aims to be as user-friendly as the major commercial services, but with extra security, and with its servers located in Switzerland to make it more difficult for US law enforcement to access.
  • "Our vision is to make encryption and privacy mainstream by making it easy to use," Stockman told AFP. "There's no installation. Everything happens behind the scenes automatically."Even though email encryption using special codes or keys, a system known as PGP, has been around for two decades, "it was so complicated," and did not gain widespread adoption, Stockman said.After testing over the past few months, ProtonMail went public Friday using a "freemium" model a basic account will be free with some added features for a paid account.
  • By locating in Switzerland, ProtonMail hopes to avoid the legal woes of services like Lavabit widely believed to be used by Snowden which shut down rather than hand over data to the US government, and which now faces a contempt of court order.Even if a Swiss court ordered data to be turned over, Stockman said, "we would hand over piles of encrypted data. We don't have a key. We never see the password."
  • ...3 more annotations...
  • As our users from China, Iran, Russia, and other countries around the world have shown us in the past months, ProtonMail is an important tool for freedom of speech and we are happy to finally be able to provide this to the whole world," the company said in a blog post.Google and Yahoo recently announced efforts to encrypt their email communications, but some specialists say the effort falls short."These big companies don't want to encrypt your stuff because they spy on you, too," said Bruce Schneier, a well-known cryptographer and author who is chief technology officer for CO3 Systems."Hopefully, the NSA debate is creating incentives for people to build more encryption."Stockman said that with services like Gmail, even if data is encrypted, "they have the key right next to it if you have the key and lock next to each other, so it's pretty much useless."
  • Lavabit founder Ladar Levison meanwhile hopes to launch a new service with other developers in a coalition known as the "Dark Mail Alliance."Levison told AFP he hopes to have a new encrypted email system in testing within a few months and widely available later this year."The goal is to make it ubiquitous, so people don't have to turn it on," he said.But he added that the technical hurdles are formidable, because the more user-friendly the system becomes, "the more susceptible it is to a sophisticated attacker with fake or spoofed key information."Levison said he hopes Dark Mail will become a new open standard that can be adopted by other email services.
  • on Callas, a cryptographer who developed the PGP standard and later co-founded the secure communications firm Silent Circle, cited challenges in making a system that is both secure and ubiquitous."If you are a bank you have to have an email system that complies with banking regulations," Callas told AFP, which could allow, for example, certain emails to be subject to regulatory or court review."Many of the services on the Internet started with zero security. We want to start with a system that is totally secure and let people dial it down."The new email system would complement Silent Circle's existing secure messaging system and encrypted mobile phone, which was launched earlier this year."If we start competing for customers on the basis of maximum privacy, that's good for everybody," Callas said.
  • Paul Merrell on 20 May 14
     
    They're already so swamped that you have to reserve your user name and wait for an invite. They say they have to add servers. Web site is at https://protonmail.ch/ "ProtonMail works on all devices, including desktops, laptops, tablets, and smartphones. It's as simple as visiting our site and logging in. There are no plugins or apps to install - simply use your favorite web browser." "ProtonMail works on all devices, including desktops, laptops, tablets, and smartphones.
1 - 10 of 10
Showing 20 items per page