The Funk Blog

The profound rantings of the one like Tom Atkinson… and now art gallery and shop.

Evidence of warantless NSA spying

You would think allowing the FBI to install a listening device on your internal trusted network would be enough right? Not for security darling Lavabit: the feds couldn't help themselves and went out of their way to try to see fully way more than they should have, twisting the laws, gagging him so he could not speak about it until recently.

Levison introduces DIME at DefconLevison introduces DIME at DefconSo he felt more honourable to shut it down - zapping it before the feds could make him spit out the keys on pain of death (literally). Silent Mail pre-emptively shutdown the next day purely at the thought of being compelled to betray its users like that. He was good at slowing proceedings "treating court orders like contract negotiations."

What ensued was a flurry of legal proceedings that would last 38 days. When the dust settled I found myself the owner of a $10,000 civil contempt fine, my business shut down, and bit by bit, the very principle upon which I founded it – that we all have a right to personal privacy, slipping quickly away - from lavabit.com

Another app Silent Mail shutdown around the same time in 2013 because they did not want to co-operate with the US spies and provide back-doors in their systems.

Security expert, hard working peoples hero, and founder of Lavabit Ladar Levison caught the feds out using warrantless search: Because even he did not know one of the four attorneys he called was also working with Wikileaks. How could he? How could the FBI breach that lawyer-client confidentially anyway?You can see at 11m 13s of this DEFCON video the transcript proving the seemingly illegal certainly unethical behaviour of the US prosecutor in this victimless crime case involving free speech:

NSA Warrantless Spying

NSA Warrantless Spying

You can read the long version posted to the homepage of Lavabit, but basically they broke him down and made him cough up the keys:

Then, a federal judge entered an order of contempt against me – without even so much as a hearing.

But the judge created a loophole: without a hearing, I was never given the opportunity to object, let alone make any any substantive defence, to the contempt change. Without any objection (because I wasn't allowed a hearing), the appellate court waived consideration of the substantive questions my case raised – and upheld the contempt charge, on the grounds that I hadn't disputed it in court. Since the US supreme court traditionally declines to review decided on wholly procedural grounds, I will be permanently denied justice.

In the meantime, I had a hard decision to make. I had not devoted 10 years of my life to building Lavabit, only to become complicit in a plan which I felt would have involved the wholesale violation of my customers' right to privacy. Thus with no alternative, the decision was obvious: I had to shut down my company.

Other companies like Google had already been compliant with  warranted searches for targeted individuals but never all their users in one hit. Yahoo is suing the NSA so they can at least publish what they have been asked to provide. But they were never asked to, nor did provide some form of master keys like Lavabit were and Silent Circle thought they mite. Amazing how even just the thought of being compelled in that manner caused Silent Circle to fold even though they were never served.

levisonThe Future of Email Will Be... Email!

Probably. This is my guess. Or Wickr. Or Chatsecure.

...in comes DIME (formerly Dark Mail), TOR and most rapidly and easily the amazing Wickr app to the rescue!

cyber crime button

References

http://darkmail.info/ Like phoenix this is rising from the ashes. My pick for the future of email. "The future of email is... email!" w/ D.I.M.E.

https://www.wickr.com/ - Perfect forward secrecy for mobiles and desktops wrapped in a beautiful easy to use walled garden. Nothing wrong with this except you can only chat with other wickr users and is closed source... it just needs more features.

https://chatsecure.org/ - Can be used to chat on Facebook. That would be an improvement over regular Android client for instance and mite protect against the built in physical access vulnerability inherent to all unencrypted android phones capable of being rooted, eg yours.

https://tails.boum.org/ - The Ultimate in insanely awesome going-for-100% protection. Run the OS itself from a bootable secure image run off USB key. You can't crack that if booting on real hardware (not virtualised).

blackphone-combohttps://blackphone.ch/ - The Ultimate in Secure Mobile Phone Hardware! Wow!

http://lavabit.com/ secure email site that was harassed by the FBI into shutting down

https://silentcircle.wordpress.com/2013/08/09/to-our-customers/

https://geti2p.net/

http://techblog.nz/693-Dissectingthebilliondollarapps Comparison of snapchat and wickr

http://arstechnica.com/tech-policy/2015/04/22/drug-dealer-cops-leaned-me-over-18th-floor-balcony-to-get-my-password/ This caught my eye

DEF CON 22 - Ladar Levison and Stephen Watt - introduce DIME beta (formerly Dark Mail)

Posted by tomachi on April 27th, 2015 filed in Politics