[liberationtech] Speculation as to what the US government ordered Lavabit to do?
Moritz Bartl
moritz at torservers.net
Tue Aug 13 15:08:36 PDT 2013
On 13.08.2013 23:54, Joseph Lorenzo Hall wrote:
> This is all to say that I suspect the government's order requested
> ongoing access to the private key(s) in memory for some subset of
> Lavabit users, such that they could ask in the future for the encrypted
> contents of those users' accounts and easily look up these private keys
> to get the message cleartext.
Yes, that is my also my thinking.
> It's unclear to me if this would require an order that ordered Lavabit
> to write software to do this (e.g., a backdoor), but it sounds like
> that's the case. And it seems clear that by shutting down the service
> last week, no one can log-in again such that their ciphertext is safe.
Sounds very similar to what happened with Hushmail around 2007. I do
believe they had a secure client, but were forced to put in a backdoor.
Java Anon Proxy (JAP) developed at my university in Germany was
"convinced" to put in a backdoor by extra-legal pressure in 2003.
--
Moritz Bartl
https://www.torservers.net/
More information about the liberationtech
mailing list