s*******y
发帖数: 851 | 1 【 以下文字转载自 Hardware 讨论区 】
发信人: Leiss (徕司), 信区: Hardware
标 题: Re: TrueCrypt倒了,一个时代结束了
发信站: BBS 未名空间站 (Mon Jun 2 05:18:41 2014, 美东)
没人贴这个?
http://lavabit.com/
May 20th, 2014
My Fellow Citizens,
My legal saga started last summer with a knock at the door, behind which
stood two federal agents ready to serve me with a court order requiring the
installation of surveillance equipment on my company’s network.
My company, Lavabit, provided email services to 410,000 people, and thrived
by offering features specifically designed to protect the privacy and
security of its customers. I had no choice but to consent to the
installation of their device, which would have provided the government with
access to all of the messages, for all of my customers, as they travelled to
and from other providers on the Internet.
But that wasn’t enough. The federal agents also said their court order
required me to surrender the company’s private encryption keys, and I
balked. What they claimed to need were customer passwords, which were sent
securely, so they could access the plain-text of messages for users taking
advantage of my company’s encrypted storage feature. (The government would
later claim they only demanded the encryption keys because of my "
noncompliance".) I didn’t realize until I retained an attorney that what
the agents proposed would have exceeded their authority.
Bothered by what the agents were saying, I informed them I would first need
to read the order they had just delivered and then consult with an attorney.
The feds seemed surprised by my hesitation.
What ensued was a flurry of legal proceedings that would last 38 days. When
the dust settled I found myself the owner of a $10,000 civil contempt fine,
my business shut down, and bit by bit, the very principle upon which I
founded it – that we all have a right to personal privacy, slipping quickly
away. (To appreciate just how fast the case moved, consider the median
timeframe for a similar proceedings was 9.7 months in 2012.)
The government lawyers tried to overwhelm me. In the first two weeks, I was
served court orders a total of seven times – leading to contact with the
FBI every other day. (This was the stretch a prosecutor would later
characterize as the "long period of silence".) It took a week for me to
identify an attorney who could adequately represent me given the complex
issues involved – and we were in contact for less than a day when agents
served me with a summons ordering me to appear in a Virginia courtroom (over
1,000 miles from home). Two days later, after admitting their demand to my
lawyer, I was served a subpoena for the encryption keys – also marking the
first time they put their demand in writing.
With such short notice, my first attorney was unable to appear alongside me
in court. Because the whole case was under seal, I couldn't admit to anyone
who wasn't a lawyer that I needed help, let alone why. In the days before my
appearance I would spend hours repeating the facts of the case to a dozen
attorneys, as I sought someone else that was qualified to represent me. I
also discovered that as a third party in a federal criminal indictment, I
had no right to counsel. Thus my pleas for more time were denied. After all,
only my property was in jeopardy – not my liberty. My right to a “fair
hearing” was treated as a nuisance, easily trampled by a team of determined
prosecutors. In the end, I was forced to choose between appearing alone, or
face a bench warrant for my arrest.
When I appeared in Virginia, the government replaced their subpoena for the
encryption key with a search warrant and a new court date. I retained a
small local law firm before returning home, and they took on the task of
assembling a legal strategy and filing briefs in the few short days
available. The court barred them from consulting outside experts, making it
difficult to understand the complex legal and technological issues involved.
Even a request to discuss the case with members of Congress was denied. To
make matters worse, the court wouldn’t deliver transcripts for my first
appearance for another two months. My legal team was forced to proceed
without access to information they needed.
Then, a federal judge entered an order of contempt against me – without
even a hearing. Let me be clear. I did not devoted 10 years of my life to
building Lavabit, with its focus on privacy, only to become complicit in a
plan which would have meant the wholesale violation of my customers’ right
to privacy. Thus with my options in court exhausted, the decision was easy.
I had to shut down my service. Placing my faith in the integrity of the
appeals process.
When the judge granted the contempt charge unopposed – ignoring my attorney
’s request to dispute the government’s claims – he created a loophole. I
was never given an opportunity to object, let alone provide a meaningful
defense. An important point, since the contempt charge endorsed new legal
claims – reversing what the court had previously indicated. Without an
objection on the record, the appellate court would rule that my right to an
appeal had been waived – since the charges hadn’t been disputed in
district court. Given the Supreme Court’s tradition of declining to review
cases decided on procedural grounds, I will likely be denied justice,
forever.
The most important question raised by my appeal was what constitutes a "
search," i.e., whether law enforcement may demand the encryption keys of a
business and use those keys to inspect the private communications of every
customer, when they are only authorized to access information belonging to a
select few.
The problem here is technological: until a communication has been decrypted
and the contents parsed, it is impossible for a surveillance device to
determine which network connections belong to the targeted accounts. The
government argued that since the "inspection" would be carried out by a
machine, they were exempt from the normal search-and-seizure protections of
the fourth amendment.
More importantly, the prosecution argued the exemption was because my users
had no expectation of privacy, even though the encryption they were trying
to break was created specifically to ensure a users' privacy.
If my experience serves any purpose, it is to illustrate what most already
know: our courts must not be allowed to consider matters of great importance
in secret, lest we find ourselves summarily deprived of meaningful due
process. If we allow our government to continue operating in secret, it is
only a matter of time before you or a loved one find yourself in a position
like I was – standing in a secret courtroom, alone, and without any of the
unalienable rights that are supposed to protect us from an abuse of the
state’s authority.
Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC
With my fight in court all but lost, I am focusing my attention on a
technical fix. Help me put control over who reads your email back into your
hands. Donate to the Lavabit Dark Mail Development Initiative today. Because
keeping your business your business is our business. |
|
