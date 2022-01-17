from the it's-a-trap! dept.
The email service that was shut down after the FBI demanded access to Edward Snowden's email account is making a comeback:
In 2013, Ladar Levison, founder of the encrypted email service Lavabit, took the defiant step of shutting down the company's service rather than comply with a federal law enforcement request that could compromise its customers' communications. The FBI had sought access to the email account of one of Lavabit's most prominent users — Edward Snowden. [...] Rather than undermine the trust and privacy of his users, Levison ended the company's email service entirely, preventing the feds from getting access to emails stored on his servers. But the company's users lost access to their accounts as well.
[...] On Friday, he's relaunching Lavabit with a new architecture that fixes the SSL problem and includes other privacy-enhancing features as well, such as one that obscures the metadata on emails to prevent government agencies like the NSA and FBI from being able to find out with whom Lavabit users communicate. He's also announcing plans to roll out end-to-end encryption later this year, which would give users an even more secure way to send email. The new service addresses what has become a major fault line between tech companies and the government: the ability to demand backdoor access to customer data.
Previously:
The Story of the Lavabit Shutdown
Related Stories
The Guardian has Ladar Levison's account, "why I was forced to shut down Lavabit".
My legal saga started last summer with a knock at the door, behind which stood two federal agents ready to to serve me with a court order requiring the installation of surveillance equipment on my company's network ...
He describes his subsequent struggles with the legal system, lack of representation, the closing of Lavabit, and finishes with ...
More importantly for my case, the prosecution also argued that my users had no expectation of privacy, even though the service I provided encryption is designed for users' privacy.
If my experience serves any purpose, it is to illustrate what most already know: courts must not be allowed to consider matters of great importance under the shroud of secrecy, lest we find ourselves summarily deprived of meaningful due process. If we allow our government to continue operating in secret, it is only a matter of time before you or a loved one find yourself in a position like I did standing in a secret courtroom, alone, and without any of the meaningful protections that were always supposed to be the people's defense against an abuse of the state's power.
Traffic Analysis Proof? (Score:2)
such as one that obscures the metadata on emails to prevent government agencies like the NSA and FBI from being able to find out with whom Lavabit users communicate.
If its on the public networks, this is going to be hard to disguise from good traffic analysis tools. Unless clients are generating a huge boat load of traffic, any traffic shows up very readily. Maybe he's planning to send a huge boatload of traffic to all clients and have them drop the majority of it that is not designated for them (and which they couldn't decrypt).
I'm astounded he didn't have end-to-end encryption all along. I assume that was really meant to say lavabit was relying solely on (broken) SSL, and not doing any client side encryption of the envelope, and thus the routing was all cleartext masked only by SSL.
No, you are mistaken. I've always had this sig.
Reply to This