Secure mail gets shutdown and provider can't say why

[someotherguy]

http://www.fastcoexist.com/1682825/l...gone-heres-why

Lavabit provided secure email to about 350,000 users

In comparison to other email providers, such as google/yahoo, he was storing email in encrypted form such that even he couldn't open it (google/yahoo can look at emails, if they want to - I'm sure internally in company the emails are secured, but people with clearance can look at email, so can automated programs). This is accomplished by requiring either passwords or keys, usually those things aren't feasibly crackable on current hardware.

Below are guesses, as if he did get NSL, he cannot confirm or deny it, or say anything about it.

The owner/operator likely got served with NSL (National Security Letter) - which means he has to deliver information about some people, and it comes with a gag order. You cannot speak of the letter (although that part has been controversial) and he is kind of implying he got it - by not confirming or denying it.

one of the invitees to a press conference held by Edward Snowden at Sheremetyevo airport revealed that Snowden had reportedly emailed from a Lavabit address.

So you could probably guess who's emails they asked about.

Basically when you get such a letter, you should not tell anyone about the letter, and you should surrender all information requested to the government. And if you don't, you basically violated the law, go directly to jail.


-------------------------

On a personal note, I think it is very sad that we have laws which let government force people to spy, and not allow them to even mention that government has recruited them.

[Tradewind]

Dude hosted a service used by someone wanted by the government. Turned it into some big brew-ha-ha. People riding the wave because it's "cool." Nothing new. If Snowden was a serial killer child molester, nobody would be shitting their pants if the FBI/NSA whatever asked for records on him. But because he's become some posterboy for "Murrican Oppression" people are getting all shitty about it.

[time0ut]

Good thing its encrypted. Its unlikely they will get very far.

As far the NSL, I think its a necessity. It makes sense to not tell people you are spying on that you are spying on them. Silencing those who know is logical and legal.

That said, it seems like the category of 'national security' keeps growing. It now includes drug interdiction, terrorism, firearms trafficking, and other law enforcement issues. (Obviously not the case here though)

[v2prwsmb45yhuq3wj23vpjk]

Dude hosted a service used by someone wanted by the government. Turned it into some big brew-ha-ha. People riding the wave because it's "cool." Nothing new. If Snowden was a serial killer child molester, nobody would be shitting their pants if the FBI/NSA whatever asked for records on him. But because he's become some posterboy for "Murrican Oppression" people are getting all shitty about it.

Well, I am at least one person who would have an issue with it either way.

Also, I doubt it's related only to Snowden. He says he's shutting down to prevent crimes against the American people, not refusing to provide information that he already has. Seems like the government ordered Lavabit to allow them to see their data and he's shutting down to prevent people from sending data to prevent the government from intercepting it.

[Tradewind]

Well, I am at least one person who would have an issue with it either way.

Also, I doubt it's related only to Snowden.

At least they asked lol.

[v2prwsmb45yhuq3wj23vpjk]

At least they asked lol.

If they asked then Lavabit would still be up and running because they would have said "lolno".

[Tradewind]

If they asked then Lavabit would still be up and running because they would have said "lolno".

Well ok "asked" is a loose term there I'll admit, probably more like "told." Which is a sliver better than "did it anyway, without your knowledge."

[Mormolyce]

Dude hosted a service used by someone wanted by the government. Turned it into some big brew-ha-ha. People riding the wave because it's "cool." Nothing new. If Snowden was a serial killer child molester, nobody would be shitting their pants if the FBI/NSA whatever asked for records on him. But because he's become some posterboy for "Murrican Oppression" people are getting all shitty about it.

See I have no problem with the government ordering a company to hand over information that is relevant to a criminal investigation.

The fact that they can do so covertly with a mandatory non-disclosure requirement on the subject company though? That seems excessive and unnecessary. If they are requesting information on Snowden there is no reason why they can't do so transparently.

Just seems like part of the ever-increasing trend of no oversight applied to government organisations.

[Tradewind]

See I have no problem with the government ordering a company to hand over information that is relevant to a criminal investigation.

The fact that they can do so covertly with a mandatory non-disclosure requirement on the subject company though? That seems excessive and unnecessary. If they are requesting information on Snowden there is no reason why they can't do so transparently.

Just seems like part of the ever-increasing trend of no oversight applied to government organisations.

Well an NSL, to me anyway, appears to be somewhat transparent. At least to the person being served it. It just has all of that non-disclosure mumbojumbo attached to it. It's reasonable enough for people to be somewhat upset at the NDA part. But a recipient of an NSL has the right to appeal the gag order in court.

[Bakis]

Reminds me of Google's document in court.

"Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use web-based email today cannot be surprised if their emails are processed by the recipient's [email provider] in the course of delivery. Indeed, 'a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.'"

Agree I see no reason at all for having encrypted mail..

[Theodon]

Agree I see no reason at all for having encrypted mail..

Unsure if you were being ironic here so I'll reply in a serious manner;

The recipient's assistant is under contract to keep personal information or data secure and private. In that way the personal data has some level of protection, as it's often not worth benig locked up for a major breach of the data protection act, or getting a heavy fine and losing your job for something inconsequential. There's also only two links in the chain when it comes to possible breach of that agreement too; the assistant and the deliverer.

When the mail is being delivered, it's illegal for the deliverer to open the mail and it's illegal to break in to a mailbox and steal the mail also. It's protected by law from deposit to delivery, so in that way you expect a certain level of privacy through protection against those acts. I consider that example you've quoted to be a false equivalency with that in mind.

E-mail is less secure, so encryption is really the only way to secure it from random people reading your mails if they manage to get access to the mail server or your inbox on a different computer without the decryption key/software. The nature of computer access also makes it much easier to get access in a way that keeps the door open for further intrusion without the target individual knowing about it, or get access to a great many more inboxes than would be possible through physical mail delivery. E-mail also contains a different kind of data entriely than its ink and paper counter-part, which can cause a great deal more harm if its accessed by malicious people.

Normal mail and e-mail cannot be compared like that.

Also, that quote in your post was from an article that has been twisted to portray a message that has nothing to do with the original intent behind it;

This line has been widely misinterpreted to make it seem like Google is saying Gmail users have no expectation of privacy when they use Gmail, and the outrage is thick. Consumer Watchdog put out a press release calling the line a "stunning admission" that "Google has finally admitted they don't respect privacy."

Unfortunately for outrage junkies, there's just nothing here. First of all, Google's argument isn't even about Gmail users, who are covered by Google's unified privacy policy. Google's argument is about non-Gmail users who haven't signed Google's terms of service. It's right there in black and white — the heading for the section literally starts with the words "The Non-Gmail Plaintiffs."

From there, Google's argument starts broadly and moves towards the specific — that's where the "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties" line comes in. That's a quote from the 1979 Supreme Court case Smith v. Maryland, in which the court upheld what's called the "third-party doctrine," saying that once you involve a third party in communication, you lose legally enforceable privacy rights.

source

Another reason why snailmail and e-mail aren't comparable is because of different laws surrounding them.

[Rapti]

At least there are some who dont bend over like lil bi...es.

[Masark]

Agree I see no reason at all for having encrypted mail..

I'll take it you send any physical mail as postcards and never use envelopes?

[Prokne]

Well ok "asked" is a loose term there I'll admit, probably more like "told." Which is a sliver better than "did it anyway, without your knowledge."

Its probably either a search warrant or a subpoena for the information they want. You cant refuse to comply with these and if you do its called obstruction of justice or you are placed in contempt and you can go to jail.

BTW the above are the ways that the government should be getting information on Americans, legal court orders, not blanket deals with internet companies or hacking. People should comply with them or the government might try to use other, less privacy keeping, ways to get what they want.

- - - Updated - - -

Another reason why snailmail and e-mail aren't comparable is because of different laws surrounding them.

So USPS mail is secure because its a federal law that you cant mess with someone else's mail but the USPS is basically a 3rd party service that is delivering your mail. I think these laws also apply to shippers like UPS and Fedex but Im not sure.

If they wanted to the government could also make it illegal to hack into someone elses email while it is on a server(considered either in the postal service's possession or in the mailbox) but instead they bend outdated laws to new technology. Probably so that its easier for people to get into your stuff. This law is from 1979, it cant really be applied to email or certain internet technologies, and even if it could it can be interpreted a lot of ways because it doesnt specifically mention the internet or electronic communications.

Theres another law that was made in the 90s that allows the government to just seize any email that you have on a server for more than 180 days because its considered "abandoned information." In the 90s email wasnt stored on servers, it was downloaded to your computer when you checked it so if it was on the server for 6 months it was probably never going to be used again. But now your emails stay on the server until you delete them even if you are using them and havent "abandoned" them, but they still use that law to take any older information they want. It basically demonstrates why laws concerning new technologies that constantly change need to be revised often. They certainly shouldnt be using a case from 1979 to determine how they can get your email.