Sponsored Content

In the two years since former government contractor Edward Snowden released information about the extent to which the United States government was surveilling its citizens, the push to be able to protect private information has gotten much stronger. Protected email accounts and versions of the web existed well before Snowden’s leaks; however, discussions over how to truly protect online communication have proliferated since. One important aspect of these conversations is whether it’s appropriate to continue to allow the government to have access to citizens’ communications, but there’s simply no easy answer to these questions.

It’s within this wholly uncertain context that lawyers and law schools are beginning to address these questions. Southwestern Law School, a leading voice in media law located in Los Angeles, California, is one of the institutions tackling these issues head on. Recently, Southwestern Law’s Donald E. Biederman Entertainment and Media Law Institute hosted its annual online privacy conference, featuring a panel entitled “Government Access to Data: Surveillance, Privacy and Security After Snowden.” The panel featured leading voices in the field of online privacy: Jon Callas, a cofounder of both Blackphone and Silent Circle, and Timothy Edgar, a professor at Georgetown University Law Center and a visiting fellow at Brown University’s Watson Institute for International Studies. It was moderated by Lee Tien, Senior Staff Attorney at the Electronic Frontier Foundation. Read on to learn about the panel’s discussions on the topic of private email and its role in the legal field.

Protecting Online Communication: A History

In order to explore the discussion about online privacy that the Southwestern Law panel undertook, it’s important to understand the context of protected communication. Even before Snowden’s leak, no one liked to imagine that their private communications were easily readable. More importantly, so many of us now store our most important information online–whether that is bank accounts, identification information, or medical records. Pieces of our personal information that used to be kept under lock and key in paper form are now stored in electronic, intangible ways. So it makes sense that ever since this kind of online storage has existed, some have sought to protect their information from prying eyes.

But after Snowden’s leak the urge to protect information became particularly focused on one set of prying eyes: the U.S. government. During the Southwestern Law panel, Tien introduced the complicated conversation about protected communication as follows:

That issue has come back in the post-Snowden world. Because one of the things that became really, really clear from his revelations is that the government spends a lot of time and energy thinking about how it can subvert and undermine the technology we use to protect our privacy.

Email Encryption

This brings us to the concept of encrypted email–one of the most basic building blocks of protected communication. There are multiple ways to encrypt email, but at its most simplistic form, encryption means that a message cannot be read by anyone who is not authorized to do so–whether it’s a government agency, employer, or a hacker looking for vulnerable personal information to exploit.

Encrypted email usually involves public and private “keys.” As the names indicate, public keys are available to the public–essentially anyone with whom you want to trade emails–and private keys are kept by the owner of the email account. Imagine Person A wants to exchange emails with Person B. Person A gives Person B her public key, and Person B writes an email, then uses the public key to encrypt it. When Person A receives the email, she needs to use her private key to unlock the email that has been encrypted with the public key–and because she’s the only one who has the private key, she’s the only one who is able to do so.

Of course, that is just encryption at a very basic level and it can be significantly more nuanced than that. The encryption described above requires some people to have keys–usually an account provider such as Gmail, for example. The next level of encryption that is said to be on the horizon will place the encryption process on the computer rather than on servers, so even the company providing the service won’t have the key. But that’s also where the legal concerns the Southwestern Law panel discussed start to come into play.

The Legality of Encrypted Email

There’s nothing inherently illegal about encrypting emails, but that hasn’t stopped those who create the programs and services from running into legal trouble here and there, particularly with the United States government. One case discussed by the Southwestern Law panel surrounded an email service called Lavabit, founded by entrepreneur Ledar Levison. Snowden used Lavabit, and when he fled the country after revealing information about the NSA’s surveillance program, the FBI wanted to access his account. However, the government requested the private encryption key for Lavabit generally in its attempt to access Snowden’s key. Lavabit provides encrypted email to nearly half a million people. Levison at first was unwilling to give that information, and chose to shut down the company after a very long legal back and forth in which he was served multiple times. The dominant narrative about what happened to Lavabit focuses on the complicated nature of what the FBI was asking for. During the panel, Tien explained the sheer difficulty of what the government was asking Levison to do:

After Lavabit shut down, some similar companies followed in its wake. SilentCircle, also offering encrypted email services, shut down in anticipation of similar issues with the government at some point in the future. Callas, a co-founder of SilentCircle, explained the decision to shut down while at the Southwestern panel, citing fear of a reputation hit, and saying that “when the house next door gets raided, you wonder if you’re next, and that’s when you make sure that your shredder is working.”

Despite Lavabit’s abrupt closure, companies haven’t stopped their quests to create truly private, encrypted email–they’ve just had to become more careful. One of the new companies that sprung up in the wake of the Snowden revelations and the subsequent focus on encrypted email is called ProtonMail. It promises that new frontier of encryption: a company that doesn’t have the keys to encrypted email. If a company doesn’t have the keys itself–the way Lavabit did–it can’t provide them when the government comes to call. Andy Yen, one of the founders of Proton Mail, explained:

We encrypt the data on the browser before it comes to the server. By the time the data comes to the server it’s already encrypted, so if someone comes to us and says we’d like to read the emails of this person, all we can say is we have the encrypted data but we’re sorry we don’t have the encryption key and we can’t give you the encryption key.

ProtonMail isn’t the only new service that’s attempting to make encrypted email even more private. Levison, along with a number of like-minded partners, created the Dark Mail Project, which is working on a new set of email protocols called Dime. Dime is specifically focused on metadata in addition to the actual messages being sent. Metadata includes things like location and time when a message was sent. That kind of information has also been highly coveted by the government. Again, like with ProtonMail, the logic is that if the provider doesn’t have the information the government is looking for, the government can’t go after the company.

Whether or not that’s strictly legal, however, does appear to be a gray area. Since some of these features are so cutting edge, it’s hard for American law to keep up with it. As Dailydot explains it:

As the law currently stands, people aren’t required to build online services that are accessible by a government request; but, if your service is in any way penetrable, the operators of those services can be compelled to turn over what information the government could theoretically access.

This lack of clear guidelines has sparked frustration from both email encryption companies and the government, which has led to the government asking for something called a “backdoor.”

Backdoors

A backdoor to encrypted email is pretty much exactly what it sounds like: a special entrance for the U.S. government–normally the FBI–to use in order to access data in case it needs to do so. But whether or not they should be instituted is a contentious point of debate. While the Southwestern Law panelists tended to argue against backdoors, in order to understand their points, it’s important to acknowledge the arguments for backdoors purported mainly by the government.

Arguments in Favor of Backdoors

The FBI’s argument for a backdoor is multi-faceted, but it all essentially boils down to a single idea: national security and safety. The most compelling argument is that if these types of software are used to arrange terror plots or other nefarious acts, the FBI, or any other relevant agency, needs to be able to gain access to that information. As President Barack Obama put it in January 2015: “If we find evidence of a terrorist plot…and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem.”

Those who espouse the necessity of backdoors also point out that it has nearly always been possible for the government–particularly the American government–to listen in on or read private correspondence between citizens if there is a national security issue at risk. While there are rules about reading citizens’ mail or wiretapping conversations, those options have almost always been open to government officials if the proper channels and rules were followed. The idea that a type of communication could be created in which the government simply could not access the messages is not consistent with American security practices to date.

Arguments Against Backdoors

One of the strongest arguments on this side is that creating a backdoor for the government weakens the system as a whole. There’s really no way to create a backdoor that only the U.S. government can use–it creates vulnerabilities that enterprising hackers, terrorist groups, or foreign governments can also exploit, albeit with a bit more difficulty. So, allowing the government to have access to encrypted emails in order to fight terrorism could backfire and weaken national security.

There’s also a counter-argument to the idea that the U.S. government has traditionally had access to our private communication. This argument posits that the government’s ability to search private citizens doesn’t entitle it to whatever it wants, but rather gives it permission to try to gain access. As Edgar put it during the Southwestern Law panel:

The FBI director has been making the government’s traditional argument, which is the government has a right to monitor communications as long as they get a lawful order for it, under whatever that legal standard is. And I’ve always thought, even since law school, that just gets it completely backwards. The government’s warrant isn’t a right, it’s a permission. It’s a judge saying you are permitted under the law to do something that if you were a private citizen would be illegal because we think it’s important for law enforcement or national security.

There’s also the concern that the U.S. government would use backdoors to continue one-size-fits-all surveillance on American citizens. According to a poll conducted by the Pew Research Center, 73 percent of Americans think it is acceptable for the U.S. government to monitor suspected terrorists, yet only 37 percent of Americans think it’s acceptable for the government to spy on American citizens. Given the significant evidence that that type of monitoring was exactly what was happening, it makes sense that many would be hesitant to allow the American government in to monitor “terrorists” if that means giving it access to non-suspects as well.

So is it actually possible to have entirely private email?

It’s not an easy question to answer. Instead, it’s a matter of weighing priorities and sacrifices, and those aren’t consistent from person to person, let alone the American government as a whole. Southwestern Law, as well as other legal and academic institutions, is working to answer these questions, but it’s important to keep in mind that there may never be a cut-and-dry answer.

In order for communication to be completely and fully protected, we have to realize that we may get to the point where companies and developers are building systems so protected that no one can break them, not even their creators. That is viewed by some as deeply problematic, because there really will be no ability for surveillance or access for the government at that point.

While we aren’t yet at that point, it’s indubitable that Snowden changed the way that we look at privacy, national security, and communication, and his releases sparked a larger national debate about how to protect email. But the reality is that there may never really be an answer to the question of how to protect our online communications.

Resources

Primary

Southwestern Law: Biederman Institute: Online Privacy Conference

Additional

Lifehacker: How to Encrypt Your Email and Keep Your Conversations Private

Forbes: The Only Email System the NSA Can’t Access

Guardian: Secrets, Lies, and Snowden’s Email: Why I Was Forced to Shut Down Lavabit

Time: Hackers Unveil Their Plan to Change Email Forever

Center for Democracy and Technology: A “Backdoor” to Encryption For Government Surveillance 

Wall Street Journal: Obama Sides With Cameron in Encryption Fight

Slate: Obama Wants Tech Companies to Install Backdoors for Government Spying

Economist: Going Dark

Pew Research Center: Global Opinions of U.S. Surveillance

Southwestern Law School

Southwestern Law School, home of the #1 Entertainment Law program in the country, offers more than 60 courses, seminars, externships and clinics in entertainment and media law through its J.D. curriculum and LL.M. program in Entertainment and Media Law. Southwestern Law School is a partner of Law Street Creative. The opinions expressed in this author’s articles do not necessarily reflect the views of Law Street.

http://www.swlaw.edu/

The post Protecting Email Communication: Is it Possible? appeared first on Law Street.

In January I published a break down of the top cases and judicial issues to watch in 2014. Now that the year is coming to an end, it seems appropriate to give you a progress report and see where those cases all ended up.

8. Lavabit and Ladar Levison

The case in January: After Edward Snowden’s revelations about NSA spying, it was discovered that he was using an encrypted email service called Lavabit. The owner, Ladar Levison, was court-ordered to hand over access to the entire site to the government, because Lavabit’s programming made it impossible to hand over access to just Snowden’s account. In protest, Levison shut down the site, defied a gag order, and has now filed an appeal.

What happened in 2014: Ladar Levison lost his appeal in April when he was hit with contempt of court charges. However, the Fourth Circuit Court of Appeals, where the case was held, didn’t rule against Levison because of the merits of the case, but rather because it believed he had made a procedural misstep from the beginning and its hands were tied.

7. Jodi Arias

The case in January: In 2013, we saw the extremely weird case involving Jodi Arias in Arizona. She was eventually convicted of murdering her boyfriend, Travis Alexander. It was a gruesome and disturbing case in which the jury found her guilty; however, they could not agree on whether to sentence her to life in prison, or to death. A mistrial was declared on the sentencing portion of her trial and the new sentencing trial will also have new jurors.

What happened in 2014: The sentencing phase of Arias’ case is still underway. There’s controversy over some “mystery witness” and Arias demanding that the proceedings be made secret. What Arias’ sentence will be remains just as big of a mystery.

6. McCullen v. Coakley 

The case in January: McCullen v. Coakley has been waiting for its day in court since 2001. There was appeal after appeal before the Justices agreed to hear it. It involves a law that Massachusetts instituted to create a 35-foot buffer zone around reproductive health facilities.

What happened in 2014: SCOTUS ruled the Massachusetts buffer zones unconstitutional in the sense that they impeded protesters’ Freedom of Speech. If you’d like more information on the case, check out fellow Law Streeter Erika Bethmann’s excellent takedown of the decision: Sorry SCOTUS, Harassment isn’t Free Speech.

5. Silkroad Case

The case in January: The infamous illegal-good site Silk Road was removed from the web last Fall, and its alleged creator, Ross Ulbricht, was arrested. The site sold drugs and fraudulent IDs, among other things. In addition to being indicted for his work on the site, he has was accused of hiring assassins. The $80 million he allegedly made through the site is now in government custody.

What happened in 2014: The case against Ross Ulbrecht has been delayed until January 2015. He pleaded not guilty to various drug trafficking, money laundering, hacking, and criminal enterprise charges. According to his defense counsel, the case has been delayed because:

The court did not provide its reasons for the adjournment, but we asked for it earlier this week based on a couple of factors: the danger that the trial would run into the Christmas holidays, which would affect juror availability and the continuity of the trial; some technical and logistical delays (owing to the limitations inherent in Mr. Ulbricht’s pretrial confinement) in getting Mr Ulbricht access to some discovery; some other scheduling issues.

4. Marriage rights

The case(s) in January: The Supreme Court already put a stop to Utah’s same-sex marriage licenses in 2014. The case will now go to the nearest appeals court. This is just one example; there are other cases regarding the rights of homosexuals to marry all over the United States.

What happened in 2014: The victories just keep coming for gay marriage advocates. One of the biggest was on October 6 when the Supreme Court chose not to hear a whole collection of cases challenging same-sex marriage bans in a bunch of different states. Because it declined to weigh in on the appeals court decisions that had ruled the marriage bans unconstitutional, SCOTUS effectively increased the number of states with gay marriage to 30.

3. Voting Rights Cases

The case(s) in January: There have been a variety of efforts at the state level to change voting rights laws, and the DOJ and various special interest groups have stood up to these changes when needed. But in 2013, part of the Voting Rights Act was struck down by the Supreme Court. So, each challenge to voting rights has to be filed against separately. As a result, many suits will be heard in 2014 to states’ attempted voting rights changes.

What happened in 2014: As with gay marriage, there are a lot of cases still running through the system. Unlike gay marriage, there hasn’t been quite as much progress. There have been some cases argued in front of appeals courts, and some voter ID laws struck down, such as in Wisconsin and Texas. It seems like voter ID laws, as well as other restrictive voting laws will end up being decided on a state-by-state basis for a while.

2. Contraception 

The case(s) in January: There were contraception cases regarding coverage through the Affordable Care Act that made it to the court in 2013, but many more will be on deck in 2014. One involves a nonprofit called Little Sisters of the Poor, and others involve for-profit companies like Hobby Lobby.

What happened in 2014: The Hobby Lobby case was one of the biggest decisions to come out of SCOTUS this year. The Hobby Lobby decision made it so that private employers could refuse to provide certain contraception coverage in their insurance plans. While the justices attempted to make the case very narrow and make sure that they just ruled on the specifics of that case so that the “floodgates” wouldn’t be opened, what ramifications it may have down the road will be interesting to see.

1. NSA Cases

The case(s) in January: A lot of cases have been filed regarding the NSA’s monitoring of US citizens. A few may make it to the high court. US District Court Judge Richard Leon in Washington recently ruled that the NSA monitoring was unconstitutional. Meanwhile, District Court Judge William Pauley in New York dismissed a similar case. That kind of contradiction could lead to a big legal showdown in 2014.

What happened in 2014: This is another issue that has in many ways not come to its full judicial potential. Some cases are moving forward though — a federal appeals court in DC just started to hear a case that questioned the constitutionality of the NSA collecting so much data after the passage of the Patriot Act. This will be an issue to keep our eyes on moving into 2015.

Anneliese Mahoney

Anneliese Mahoney is Managing Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

The post Cases to Watch in 2014: Where are They Now appeared first on Law Street.

This year promises to be an interesting one in law. Here are some of the most interesting cases, trials, and legal topics y’all might want to keep your eyes on in 2014.

(Note: I have tried not to include Supreme Court cases that were heard in 2013 but will be ruled upon in 2014, as most of those have already been heavily covered by the media during oral arguments.)

8. Lavabit and Ladar Levison 

The case: After Edward Snowden’s revelations about NSA spying, it was discovered that he was using an encrypted email service called Lavabit. The owner, Ladar Levison, was court-ordered to hand over access to the entire site to the government, because Lavabit’s programming made it impossible to hand over access to just Snowden’s account. In protest, Levison shut down the site, defied a gag order, and has now filed an appeal.

Why it matters: This year, mainly from the NSA spying scandal, we learned about the technological abilities our government uses to monitor US citizens. This court ruling will either stifle or extend those abilities. For those who oppose the government having access to personal information, this Lavabit case may set important precedent — and it really will be a case to watch.

7. Jodi Arias Sentencing

The case: In 2013, we saw the extremely weird case involving Jodi Arias in Arizona. She was eventually convicted of murdering her boyfriend, Travis Alexander. It was a gruesome and disturbing case in which the jury found her guilty; however, they could not agree on whether to sentence her to life in prison, or death. A mistrial was declared on the sentencing portion of her trial and the new sentencing trial will also have new jurors.

Why it matters: The Defense has gone so far as to request a change of venue for the resentencing portion. They have argued that the huge media attention directed at the case has the potential for bias. That may be true, and it certainly wasn’t the first case with a big media blitz –Casey Anthony ring a bell? But if that’s actually the case, a change in venue won’t help — this case was huge all over the country. I’m reminded of an SNL skit from a few years ago about choosing jurors for OJ Simpson’s 2007 robbery and assault case. Watch it here, it’s really funny. But all joking aside, it’s the truth. It will be incredibly hard to find jurors who haven’t heard of Jodi Arias. Is it possible that our obsession with watching justice unfold is getting in the way of justice itself? Maybe we’ll get some answers with this retrial. 

6. McCullen v. Coakley 

The case: Oral arguments for McCullen v. Coakley are scheduled before the Supreme Court later this month. This case has been waiting for its day in court since 2001; there was appeal after appeal before the Justices agreed to hear it. It involves a law that Massachusetts instituted to create a 35-foot buffer zone around reproductive health facilities.

Why it matters: First of all, as I mentioned, this case has been going on for a very long time. The Supreme Court’s decision will add some sort of finality to it, no matter what the decision may end up being. Second, it could reverse a much-relied upon precedent, Hill v. Colorado, which allowed an eight-foot buffer zone. Finally, it raises an important constitutional issue about which right is more important: the right to free speech, assembly, and protest, or the right to seek an abortion without harassment?

Hopeful finality for this case.

5. Silkroad Case

The case: The infamous illegal-good site Silk Road was removed from the web this Fall, and its alleged creator, Ross Ulbricht, was arrested. The site sold drugs and fraudulent IDs, among other things. In addition to being indicted for his work on the site, he has now been accused of hiring assassins. The $80 million he allegedly made through the site is now in government custody. In 2014, he’ll either work out some sort of deal with the government, or face trial.

Why it matters: Silkroad had a huge market. It was relied upon by many people to get illegal goods relatively safely. Most of the Bitcoins (an electronic currency) in existence went through this site. And it was really only a matter of time until it shut down.

But, and this point is becoming a common trend on my list, it’s also another mark of how the government’s ability to use technology for prosecutorial purposes is evolving. I can assure you that this will have ramifications in the future, because people aren’t going to stop buying illegal stuff over the Internet. They’ll just get better at it.

4. Marriage Rights

The case(s): The Supreme Court already put a stop to Utah’s same-sex marriage licenses in 2014. The case will now go to the nearest appeals court. This is just one example; there are other cases regarding the rights of homosexuals to marry all over the United States.

A spontaneous reaction after the DOMA ruling last year.

Why it matters: 2013 was a banner year for gay rights in a lot of ways, but it’s important to note that the court cases will probably continue for years to come. There’s a lot of work to be done, and it doesn’t seem like the Supreme Court would unilaterally rule to legalize gay marriage. In 2014 we will continue to see more cases, trials, and hopefully, victories.

3. Voting Rights Cases

The case(s): There have been a lot of efforts at the state level to change voting rights laws, and the DOJ and various special interest groups have stood up to these changes when needed. But in 2013, part of the Voting Rights Act was struck down by the Supreme Court. So, each challenge to voting rights has to be filed against separately. As a result, many suits will be heard in 2014 to states’ attempted voting rights changes.

Why it matters: The change to the Voting Rights Act makes it more difficult for suits to be filed against voting rules, but special interest groups will also be under pressure to make changes before the 2014 midterms and 2016 national elections.

2. Contraception

The case(s): There were contraception cases regarding coverage through the Affordable Care Act that made it to the court in 2013, but many more will be on deck in 2014. One involves a nonprofit called Little Sisters of the Poor, and others involve for-profit companies like Hobby Lobby.

Why it matters: Not only is contraception a hot political issue, these cases involve parts of the Affordable Care Act. Parts of the ACA have already made it to the Supreme Court, but this will be a new decision will have ramifications as to whether or not companies are required to cover contraception for their employees, regardless of religious beliefs.

1. NSA Cases

The case(s): A lot of cases have been filed regarding the NSA’s monitoring of US citizens. A few may make it to the high court. US District Court Judge Richard Leon in Washington recently ruled that the NSA monitoring was unconstitutional. Meanwhile, District Court Judge William Pauley in New York dismissed a similar case. That kind of contradiction could lead to a big legal showdown in 2014.

Why it matters: The NSA surveillance debate was one of the biggest controversies of the year, and raised many legal questions about the ability of the government to monitor its people. What happens in these cases could set a serious precedent.

—

Anneliese Mahoney (@AMahoney8672) is Lead Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

Featured image courtesy of [Dan Moyle via Flickr]

Anneliese Mahoney

Anneliese Mahoney is Managing Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

The post Cases to Watch in 2014 appeared first on Law Street.

It’s been a week since the last Lavabit court documents were filed and here I am, still trying to make sense of the whole charade. When I first heard of the case, I wondered how it is possible that law enforcement agents can rummage around unchecked, even when their investigations bring them past the proverbial doorsteps of regular people.

Such was the case this past June when the FBI demanded the “master keys” to secure-email provider Lavabit’s servers. The order was part of an investigation into the Internet correspondence of Edward Snowden: one of Lavabit’s customers.

“But wait,” you say, “doesn’t a ‘master key’ mean that they could then monitor data on all of Lavabit’s customers? Even the ones that hadn’t done anything wrong?” To which I respond, “Elementary, dear Watson.”

So in light of this fact, the obvious question is then: does secure email even exist?

End-to-end security: the key is having more than one.

In a conversation with Johns Hopkins University cryptography professor Matthew Green, Green said that the answer is yes. It does exist. But according to him, the name of the game is “end-to-end” security. In short, end-to-end security is a type of program where data is encrypted locally on a user’s device before it’s sent through the server to a recipient. The recipient then uses his or her own password to decrypt the message. This bars even the provider from being able to untangle the data in a way that’s readable.

Green, who has written about the subject in The New Yorker, says that the way the company’s servers revolved around SSL decryption, or essentially one set of master keys, was “the real problem with Lavabit.”

“The mail that came in was not encrypted using your password,” he said. “It was encrypted using SSL. And so anyone who got that SSL could be able to read all the data. And so it wasn’t a very good design from that perspective.”

But end-to-end security is not exactly a perfect science either. More geared toward text messaging and phone communications, there are only a few programs that use end-to end security technology with email. They usually come in the form of add-ons such as Pretty Good Privacy or Privacy Guard, where senders and recipients must use the same service.

However, Green says that at encryption software company Silent Circle, programmers are working to change that. In late Oct., the company announced that, with the help of Lavabit founder Ladar Levison, they would develop a new product called Dark Mail that integrates end-to-end protection with their email service.

Wait on technology. Not on Washington.

In a blizzard of political headway that some are now calling “the Snowden effect,” many lawmakers have announced their efforts to rally behind surveillance reform. One such effort is the USA FREEDOM ACT, a bill that has, since its introduction in late Oct., picked up 102 cosponsors from both parties. The bill calls for heightened regulation on surveillance activities, such as pen/trap procedures like the one that spelled doom for Lavabit’s a few months ago.

But Green says that it’s not enough, “forget about the government. Just imagine that the only people after you are criminals. You’re not going to be able to rely on laws to protect you from that kind of person.”

Furthermore, where the bill now sits in a congressional committee might just be its final resting place.

“I would love to see some kind of legal solution to all of this surveillance but I’m not sure that we [will] get something that we can really rely on. Ways that you can protect yourself and add privacy is to do it yourself and to do it through technology rather than hoping that the laws are going to be changed.”

However, that’s not to say that Green opposes the bill.

“I haven’t really looked at the legislation… but it sounds like a good idea,” he said.

—

Featured image courtesy of [twitter.com/mattwi1s0n via Flickr]

Jimmy Hoover

Jimmy Hoover is a graduate of the University of Maryland College Park and formerly an intern at Law Street Media. Contact Jimmy at staff@LawStreetMedia.com.

The post Secure Email, a Myth? appeared first on Law Street.

In a highly anticipated statement, the United States Department of Justice (DOJ) pilloried claims by secure email provider, Lavabit LLC, that the FBI violated the law when it ordered the surveillance tool known as a pen/trap device to be placed on the latter’s servers.

Lavabit came under pressure in July of this year to hand over the keys to their security system after the FBI began investigating one of their customers; that customer was Edward Snowden.

When Lavabit refused, claiming that to do so would enable government agents to monitor the communication “metadata” of not just Snowden but all of their customers, the presiding District Court of Eastern Virginia served the company with a court order once again requiring the company to furnish the keys.

The company’s Texas-based founder, Ladar Levison, moved to quash the order. The court denied that motion.

From there, Levison only began to lose more footing. On Aug. 2nd, he finally delivered the keys to the FBI– the only problem being that the paper’s 4-point font rendered them illegible.

Levison was charged with civil contempt days later. The sanctions for the charge were $5,000 for each day he failed to deliver them. Then, in a move that garnered much media attention, Levison disobeyed a court gag-order and shut down his business. The message on the homepage url that is still live reads, “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.”

On Oct. 10th, he filed an appeal brief with the Fourth Circuit Court of Appeals of the United States. The justice department’s latest brief is a reply to that appeal. In the brief,  they state that an electronic business, like other businesses, cannot defy lawful warrants by simply “locking its front gate.” Moreover, “marketing a business as “secure” does not give one license to ignore a district court of the United States.”

But if the Appeals Court should feel otherwise, the DOJ hedged their bets. Because Lavabit did not move to quash the initial grand jury subpoena, but only the court warrant. They argued that Lavabit has forfeited any arguments to contest the contempt charge.

In light of the global surveillance disclosures of 2013, the case mirrors what many today feel is a battle between privacy and the far reaches of the government.

The court has not yet set a date for oral argument.

—

Featured image courtesy of [Gage Skidmore via Flickr]

Featured Image Courtesy of [Flickr]

Jimmy Hoover

Jimmy Hoover is a graduate of the University of Maryland College Park and formerly an intern at Law Street Media. Contact Jimmy at staff@LawStreetMedia.com.

The post DOJ to Lavabit’s Levison: ‘Too Bad, So Sad’ appeared first on Law Street.

For most Americans, large chunks of our lives play out online. We have numerous social media sites, we check our bank accounts through “secured” websites, and we use email for almost all we do—work, social plans, and everything in between. It’s sad, but I can say without a doubt that there have been days where I have interacted with people over email more than in person. And every day, we’re reminded that our Internet lives are lulled into a false sense of security. Yet we still make our email password the name of our dog combined with the year we were born, and assume digital theft will never happen to us.

In 2004, Texas-based Ladar Levison created Lavabit, a highly encrypted email host that aimed to fix these Internet security problems for anyone who wanted it. Characterizing Lavabit as highly encrypted is actually a gross understatement—Lavabit encryption was viewed as uncrackable for even government intelligence agencies. There were free and paid versions of Lavabit’s email services. As of August 2013, Lavabit counted about 410,000 users.

One of these users was the now infamous Edward Snowden; his Lavabit email address was discovered this July. The Federal Government almost immediately obtained a search warrant commanding that Lavabit allow the government access to its system.

Because of the way this request was phrased—the government wanted access to the entire Lavabit system, not just Snowden’s account—Levison refused to cooperate. Levison was first instructed to hand over the “SSL” keys to his site (essentially a way to allow the government to view all the information contained in Lavabit accounts). Levison first responded to this order by handing over the SSL keys on paper in tiny font, rendering them almost unusable.  Finally he handed over the SSL keys digitally—he will pay a $10,000 fine for that delay—but shut down the site.

No one is completely sure exactly why Levison suspended the site, given that he is now under gag order. He has said that he is banned from sharing some information even with his lawyer. He has also said that he could be arrested for closing down Lavabit instead of just releasing the SSL keys. He is currently filing an appeal with the United State Court of Appeals for the Fourth Circuit. His appeal is based on the Fourth Amendment, which prevents unreasonable search and seizure. He has also claimed that the government cannot ask a company to do something that will go directly against the purpose of their business. His lawyers likened it to “commanding the City of Richmond to give the police a key to every house within the city limits. To comply with the government’s subpoena would have either required Lavabit to perpetrate a fraud on its customer base or shut it own entirely.”

Lavabit did actually go back online very briefly for 72 hours starting the evening of October 14^th so that users could download any emails they needed that remained on the site. As of yet, there are no plans for Lavabit to reopen.

This shutdown offers ramifications for any other sites that offer completely encrypted email services. Silent Circle, one of Lavabit’s competitors, shut down its silent email software right after Lavabit went dark.

Levison’s appeal will be interesting to watch. In a modern world that is inundated with fast, online, communication, privacy is always at issue. Online identity should be a concern for everyone. Can companies create services that allow us to hide those online communications from Big Brother? The results of Levison’s appeal will answer that question, for better or for worse.

[Forbes]

—

Featured image courtesy of [IGregma via Flickr]

Anneliese Mahoney

Anneliese Mahoney is Managing Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

The post The New Frontier of Privacy: Lavabit’s Encrypted Email No More appeared first on Law Street.