General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsShuttering of Lavabit and Silent Mail Illustrate Potential Effects of a CALEA II
Here is the best writeup of these secure encrypted email services and why the law needs to be clarified --
Shuttering of Lavabit and Silent Mail Illustrate Potential Effects of a CALEA II
https://www.cdt.org/blogs/joseph-lorenzo-hall/1408shuttering-lavabit-and-silent-mail-illustrate-potential-effects-calea-
Read the whole thing, but the two key paragraphs for those who deal with technology-
"The result goes far beyond what Congress provided for even in CALEA I. That statute has a provision explicitly intended to preserve the ability of service providers to offer unbreakable encryption. (“A telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.” 47 USC 1002(b)(3) (emphasis added)) CALEA I also explicitly states that it does not authorize “any law enforcement agency or officer to prohibit the adoption of any … service, or feature by any provider of a wire or electronic communication service.” Moreover, CALEA I allows, indeed encourages, companies to disclose the surveillance features they adopt by providing a safe harbor for compliance with “publicly available technical requirements or standards.”
What did the government demand and under what authority prompted Lavabit’s shutdown? We don’t know, and that’s part of the problem. The Wiretap Act, which authorizes the government to intercept communications content prospectively in criminal investigations, indicates that a provider of wire or electronic communication service (such as Lavabit) can be compelled to furnish law enforcement with “all information, facilities and technical assistance necessary to accomplish the interception unobtrusively… .” 18 USC 2518(4). The Foreign Intelligence Surveillance Act (FISA), which regulates surveillance in intelligence investigations, likewise requires any person specified in a surveillance order to provide the same assistance (50 USC 1805(2)(B)) and so does the FISA Amendments Act with respect to directives for surveillance targeting people and entities reasonably believed to be abroad (50 USC 1881a(h)(1)). The “assistance” the government demands may include the disclosure of the password information necessary to decrypt the communications it seeks, if the service provider has that information, but modern encryption services can be designed so that the service provider does not hold the keys or passwords. Was the “assistance” that the government demanded of Lavabit a change in the very architecture of its secure email service? Was the “assistance” the installation of the government’s own malware to accomplish the same thing? Lavabit has not answered these questions outright, but it did make it clear that its concern extended to the privacy of the communications of all of its users, not just those of one user under one court order."
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
snooper2
(30,151 posts)then nothin 
KittyWampus
(55,894 posts)And those who are able to help us understand have an agenda. Some will make things seem more sinsister and others will make things seem innocuous.
snooper2
(30,151 posts)It's basically two-fold
Say you own a company and you provide voice/video/data/internet services. (email would be included in Data)
If you encrypt the traffic for the customer then you are required to assist law enforcement to un-encrypt the traffic as you basically "hold the keys"
If the customer is encrypting the traffic on their own then you are not liable to try to help LEA (law enforcement agencies) un-encrypt that traffic.
What happened I believe with Lavabit is THEY were providing the encryption services for the customers. Somebody, FBI or NSA sent a warrant for an account (Snowy's?) and they would have requested the un-encrypted data as the law specifies for.
So, instead of complying, the owner felt it was his duty to "protect" his customer's data so he just shut the whole fucking thing down. That is why when that news first came out I said he better listen closely to what his lawyer says because he may get into a heap shit of trouble.