company:lavabit

Ladar Levison (Lavabit) au Parlement Européen
▻http://benjamin.sonntag.fr/Ladar-Levison-Lavabit-au-Parlement-Europeen

Il y a quelques mois, Ladar Levison, le patron de #Lavabit, une société américaine fournisseur d’#email sécurisé, était interviewé par le Parlement Européen pour parler de ses déboires contre le FBI sur la confidentialité des données de ses utilisateurs et de ses clés cryptographiques privées.

▻http://mediakit.laquadrature.net/formats_srt/20/42_small.mp4

#ssl #vie_privée #débat #snowden #démocratie #surveillance #vidéo

N.S.A. May Have Penetrated Internet Cable Links - NYTimes.com
▻http://www.nytimes.com/2013/11/26/technology/a-peephole-for-the-nsa.html?ref=technology

Although the Internet is designed to be a highly decentralized system, in practice a small group of backbone providers carry almost all of the network’s data.

Security experts say that regardless of whether Level 3’s participation is voluntary or not, recent N.S.A. disclosures make clear that even when Internet giants like Google and Yahoo do not hand over data, the N.S.A. and its intelligence partners can simply gather their data downstream.

That much was true last summer when United States authorities first began tracking Mr. Snowden’s movements after he left Hawaii for Hong Kong with thousands of classified documents. In May, authorities contacted Ladar Levison, who ran Lavabit, Mr. Snowden’s email provider, to install a tap on Mr. Snowden’s email account. When Mr. Levison did not move quickly enough to facilitate the tap on Lavabit’s network, the Federal Bureau of Investigation did so without him.

Mr. Levison said it was unclear how that tap was installed, whether through Level 3, which sold bandwidth to Lavabit, or at the Dallas facility where his servers and networking equipment are stored. When Mr. Levison asked the facility’s manager about the tap, he was told the manager could not speak with him. A spokesman for TierPoint, which owns the Dallas facility, did not return a call seeking a comment.

Verizon has said that it and other carriers are forced to comply with government requests in every country in which they operate, and are limited in what they can say about their arrangements.

“At the end of the day, if the Justice Department shows up at your door, you have to comply,” Lowell C. McAdam, Verizon’s chief executive, said in an interview in September. “We have gag orders on what we can say and can’t defend ourselves, but we were told they do this with every carrier.”

#nsa #masssurveillance #prism #bullrun #snowden #level3 #google #yahoo #lavabit #datacenter #backbone

Lavabit
▻http://lavabit.com

My Fellow Users,

I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on—the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.

What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.

Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC

Think Lavabit overreacted ? Think again: there is now proof that FBI extorts root certificates from companies. Cryptography is only as good as the PKI’s physical security and its political environment.

▻http://www.reddit.com/r/worldnews/comments/1nm8nr/new_evidence_reveals_fbi_demands_companies/ccjv26q

For those that don’t remember, Lavabit was Edward Snowden’s email provider, and they shut down their fucking business rather than cooperating with a court order they claimed “would make them complicit in crimes against the American people.” They were bound by a gag order and threatened with jail if they violated it.

Today they won a victory in court and were able to get the secret court order unsealed, and holy shit is it a doozy: the ACLU’s Chris Soghoian called it “the nuclear option.” The court order revealed the US government demanded Lavabit turn over their root SSL certificate, something that allows them to monitor the traffic of every user of the service. Security researchers have argued for years over whether the government would be so heavy-handed as to try this, but there has never been any proof that they actually do, as no one has ever challenged such an order in court.

If a government can force a company to turn over the SSL keys, it breaks the trust model for the entire internet. Everything from google to facebook to skype to your bank is only encrypted by SSL keys, and if the FBI can force Lavabit to hand over their SSL key, they can bet your ass they did the same thing to Google. People don’t understand how big this is from an internet trust model. This story changes everything. No US company that relies on SSL encryption can be trusted with sensitive data, which is what lavabit asserted in their “farewell address” and people thought was an overreaction."