Wow. Even for The Guardian, that's an amazingly misleading lede (can I trademark 'mislede'?) What he did was propose a way that he could comply with the legal order that he was given in a way that would minimize the exposure of his clients, rather than the absurdly broad fishing expedition that was demanded. He also noted that in order to comply with the order, he would need to do extra work and that he should be compensated for that work (and $3500 for a custom coding job is hardly extravagant).
The Guardian (quite consciously) implies that he was instead selling his clients' secrets on the open market, which is pretty much exactly the opposite of what really happened.
I donated to the Levison pledge drive thing. But can I sound a note of caution about the rush to hero worship here?
What seems to have happened is, Levison got screwed by the DOJ when he refused a request for information about Snowden's account, after having established a track record of cooperation in the past. The original demand was for targeted metadata. After Levison refused, the DOJ upped the ante, declared Levison untrustworthy, and demanded keys.
It seems clear to me that Levison was the victim of an injustice, and, once that injustice was inflicted on him, he followed through with the only ethical option available to him. I have no trouble seeing why he's deserving of support.
But Levison did cooperate with law enforcement. When he decided not to, it seemed to have been in support of his own politics. When his politics became too expensive, he seems to have backed down from them.
You make it sound like he sold out, but what you mean is that under the extortionist threat of financial ruin and bankruptcy, he acceded to the government's demand.
As a point of reference, here is http://en.wikipedia.org/wiki/Kathy_Kelly, whose principles are not open for compromise, despite the threat of repeated incarceration.
I agree with your point about Levison's own politics for refusing the initial limited request getting him in this situation. I also think he could be considerably more honest that this is what happened. But even by that standard, the headline is still very inaccurate.
He may have been willing and needed to log everyone's meta-data to get what the FBI wanted(assuming he wasn't doing so already), but the FBI only wanted the data on Snowden and that's all he probably was going to handover after extracting it from the logs. Certainly it's all he was originally required to hand over.
Fundamentally, the headline makes it seem like Levison was willing to sell out everyone for money and that FBI explicitly wanted everyone's data. Neither of these are the case. The FBI just used a very large sledge hammer to get data for one account because they felt Levison was jerking them around in part because of his demands for writing code to get that limited data.
> the headline makes it seem like Levison was willing to sell out everyone for money and that FBI explicitly wanted everyone's data. Neither of these are the case. The FBI just used a very large sledge hammer to get data for one account
Levison made an interesting claim that in fact the FBI systematically collects encryption keys to expand the US intelligence agencies' wiretapping capabilities:
> We know now that the N.S.A. has been systematically cracking encryption across the Web, and it has built a database of encryption keys that automatically decode messages ... Levison suggests that his case also illustrates one of the ways in which it collects them: by secretly compelling companies to turn them over.
I took that to mean his case revealed the FBI could get SSL keys under gag order, not that that was their objective in his case from the onset. (though given that they got them, the keys probably would end up in that database, hence why he closed down)
Remember, the FBI originally got an order for data on Snowden's account. Data that any other mail provider could easily hand over on at least a daily basis. Why would the FBI think that was a decent pretext for SSL keys?
As far as I can tell, the only reason the FBI got a federal judge to sign of on the SSL order was that Lavabit pissed off the Judge by not cooperating with the Feds on the original order to the Judge's satisfaction. Absent that, it's not the least bit clear they could have gotten an order for it.
The original order[0]( see Appedix A of Exhibit one on Page 4) wasn't even for everyone's data, just data(mainly envelope information and IP addresses) on one account(likely Snowden's). So yes, thats incredibly bad reporting on the Guardian's part.
I see what you mean but he, Ladar Levison, did offer to write the software to do logging for all users when there is a warrant. The FBI wanted to use the ruling as a way to circumvent warrants and scoop everything. So although the title is technically correct it omits the "why" since it makes better link bait.
That's really misleading. He offered to write the monitoring code so he'd be able to trust it not to be doing more than required, and asked to be paid $3,500 for the effort.
This is exactly what I said in a previous thread - that they were demanding development time from him for free. Levison comes across as a very reasonably guy who made every reasonable effort to comply.
At minimum it would be reasonable for them to cover both flat development, storage, transmission, and system costs, as well as opportunity costs for all involved. If you make me stop what I'm working on to build your pet project of the day, it's costing more than just my time to build your pet project, but also the time and delay that are being imposed on my other priorities.
I think he was trying to slow them down. He asked that amount for only one person, while FBI wanted free access for everything. He might've known they either wouldn't accept it, or if they did, only for that guy (which could be somewhat reasonable with a proper warrant), but they'd definitely wouldn't pay $3,000 each of his hundreds of thousands of his clients.
Yes, and almost every situation where somebody that has documents is served a subpoena for those documents can demand a fee to provide them, but thy do still have to provide the documents.
I always assumed that even then you had to be paid, like the guys who get pay measured in double-digit-cents-per-hour to make license plates or whatever.
Although I guess forced community service could be thought about the same way.
I don't know much about the inner workings of the penal system, but the 13th amendment (which generally abolished slavery) specifically allows for involuntary servitude as punishment for a crime.
AFAIK, yes. I guess it also depends on what it is, photocopying a single page is different from spending a week coding a solution to what the feds want.
Can you imagine the feds forcing you to do things that take a year to program, even if you don't have the resources?
Standard rules, never work for free. He had a request he had to comply with, that didn't compromise the security of the service for all users, and decided to make sure he was paid.
Easy way to make sure someone is genuinely committed? Ask them to pay. If i was in his shoes I'd have billed much higher. Much, much higher,
There is a realpolitik at work here; if your charge for handling a subpoena/warrant is higher than the FBI's cost to install a Carnivore/Omnivore box, guess what they're going to do.
I don't think he should have asked for the $3,500. He was the one who designed the system, why should the government have to pay him for him to comply with a lawful order, which he supposedly didn't oppose (metadata for one specific user), simply because he made it difficult to do in that system (requiring custom coding)?
This is, IIRC, the exact point that the judge made - just because you made something difficult/impossible in the system, doesn't mean you get to ignore a lawful request / court order. It's not the government's fault that he designed the system to make it hard to do something, requiring extra coding.
Because that's how these things work. Why should anyone have to work for the Feds for free? Google, Yahoo, Apple, Microsoft, AT&T, Verizon, Sprint, T-Mobile, etc etc all get paid for costs incurred to aide law enforcement. It's actually a tidy little business.
Also, $3,500 isn't worth discussing. The hearing to deny the motion cost more than the money involved. The Feds simply wanted access to more data than they were wanting to officially claim.
But then the question is why should you work for the Feds. At what point can they force you to implement something no matter what. Your not their employee, and you should have the right the refuse what you feel is unethical. There is nothing wrong with that. I took an entire class on the Engineering Ethics and now that $800 course which I loved is a waste of money for anyone that is forced to do work against their will.
All the telecom companies, which cooperate fully with law enforcement, charge for their services. It's perfectly fair to bill time and materials that you can no longer use to improve your business and generate revenue.
Not surprising at all. If you read between the lines of any of this guy's public statements, it's clear that he's a manipulative black hat out for power and money and couldn't give a shit less about his customer's security.
I've read all the previous articles as well. This single article is not going to change my impression. It's by piecing together all available information while maintaining grasp of the obvious to we get the whole picture. But somehow you think specific instances of this guys rhetoric, not his actions, carry more truth than the results.
"but he was just trying to get compensate" is completely ignorant argument because you've thrown away all context in making that argument. What is he getting compensated for exactly? Writing a script to CRUD data in his system? Wow, what a noble deed I can identify with! So how does this "revelation" FTFA contradict my assertion? It doesn't, in fact, it's more evidence for it.
So why am I downvoted? Probably because it's contrary to the popular narrative that this guy is some kind of freedom fighter when all evidence shows that this is not true. But nevermind evidence, his actions, etc., this guy wrote "I wouldn't do business with American IT firms" Spicy, salacious! I mean, he ran a business in America so he'd know not to trust himself. I guess we can give him internet points for telling us no to trust him in a roundabout way.
As everyone that has worked with any government knows taking money out of them is hard and slow and full of paper process. I think he was using it as a delay tactic, not as a personal enrichment scheme.
The color of the hat of the guy is unimportant - he could be wearing Walter White's fedora for all I care.
He shattered his business instead of betraying his own customers. At any point he could have just complied.
If you read between the lines - he obviously is trying to make money out of his business. He is not a freedom fighter or crypto anarchist. But he put his customers first.
The Guardian (quite consciously) implies that he was instead selling his clients' secrets on the open market, which is pretty much exactly the opposite of what really happened.