Last summer, the government demanded that lavabit an encrypted email provider, return the private decryption keys so that the government could carry out real-time email tracking a specific user lavabit. All parties concerned assume that the user in question was Edward Snowden. Instead of turning the key private SSL required by the government, owner lavabit Ladar Levison decided to close the business. He did it because the keys would have allowed the government to monitor all lavabit of users, not just Snowden. The District Court held Levison contempt of court for refusing to hand over the keys.
Last week, a federal appeals court upheld the contempt order. The appeal decision was based solely on procedural grounds: lavabit did not properly "protect" its challenge to the order during the proceedings of the district courts. Due to an error lavabit procedure, the court unfortunately did not reach the bottom of whether the federal government has gone too far its statutory authority when it required private keys for encrypted e-mail clients lavabit.
The substantive debate relates to whether the "technical assistance" required by the US "pen register" and "trap and trace" the law can be used to require a service provider to restore the encryption keys to the US authorities. the assistance and technical information required by law is to "install" the device, "quietly" and "without interference." We believe that nothing in the law says that provider may be required to run also on the private keys that will allow law enforcement to crack so it can effectively interpret information.
Both the "pen register" and "trap and trace of "laws were written to allow the government to obtain" metadata "for a single, identified user. For lavabit, however, exposed private communications key to its entire user base - not a single user. Moreover - even if the order in the case of lavabit and status both expressly limited the information that the government was authorized to capture only "non-content" "metadata" and only for Snowden - the government if lavabit was handed the keys in question is. had free access to all email content as well as user names, passwords and other sensitive information for each user lavabit
This is a theme increasingly recurring: the government claims it does not capture the content and requirements for metadata specific to discrete individuals, but when the truth comes out, it becomes clear that they get (or want to get) the actual contents of private communications sent to and from many innocent and law-abiding citizens who are not covered either in all that relates to national security. The government claims then they reject all information "unauthorized" they gather, but it is more likely that they actually "throw" by sending in their "trash" in Utah, where they conveniently forget to never "empty ".
This question will inevitably arise in the future, in a case where the background of the dispute is preserved. Meanwhile, we strongly suggest you whenever possible using a service provider that provides you your own unique private key personally found that the supplier does not maintain itself. In this way, the service provider can be compelled to secretly help the government unencrypt your personal and private information. If the government wants your property, they will come to you and you will be able to contest the claim.
0 Komentar