[thecodeore]

The email encryption was not in play here, from what I understand the end user was the only person with the key to the email "inbox" encryption

What is in play here was the SSL Key that is used to encrypt the browser traffic between LB and the user. No differant than the SSL Cert used when you make an online purchase

It technologically impossible/impractical to have a separate SSL cert for each user, that is just not how the HTTPS protocall was designed

This is not Lavabits doing, that is the work of the Internet Engineering Task Force (IETF)

[eli]

If your landlord only had a master key to all apartments they could use that as a reason to refuse to turn it over for access to one apartment?

[thecodeore]

That is a poor analogy.

By turning over the SSL Key the FBI using the Pen Trap Device would capture in real time all data of all users and be decrypting it in real time.

Turning over a Master Key to a building would not give the FBI instant access to all apartments simultaneously, nor would they have the ability to go back in time to look at previous data, nor thousands of other problems with this analogy

People are attempting to conflate physical keys with encryption keys simply because years ago the mathematicians used the word "keys" as analog to explain things to the general public. This does not mean there is, in reality, any analogous relationship between encryption keys and physical keys

[res0nat0r]

They could have instant access if they duplicate the key and raid all apartments simultaneously.

Also the legal speak above states I believe that even that the FBI clould technically access other user data, this does not somehow disallow this from happening because is not ideal. It is more a fault of Lava it than anything else.

[thecodeore]

How is it the Fault of Lavabit?

SSL is a standard secure communication protocol of the internet, it is not lavabits design and it is impossible for Lavabit to modify while still keep interoperability.

You do not seem understand the underlying problem, as many people are misinformed as to which key the government was requesting., They WERE NOT asking for the key of the private inbox data, they were asking for the GoDaddy Signed SSL key that encrypts the web browser session from the Lavabit User to the Lavabit server, not the user level key for the encrypted mail box stored on LB servers

This is the same protocol that HN uses for this very site, Amazon, Gmail, and thousands of other sites use every day to secure communications between public servers and the users of those servers

[res0nat0r]

> SSL is a standard secure communication protocol of the internet, it is not Lavabits design and it is impossible for Lavabit to modify while still keep interoperability.

Correct. If Lavabit wanted to be 100% immune from these type of subpoenas, then they would have designed the system to never have been accessible this way. I'm guessing (just like Hushmail) that having a proper end-to-end type encryption, like forcing the users to use some sort of PGP on their end would reduce uptake, thus preventing them from having a viable business model, so they compromised in this way.

Just because SSL is a standard etc is irrelevant. The government is going to use its subpoena power to get to the information they have reasonable suspicion is being sheltered by Lavabit. If the least intrusive method unfortunately exposes everyones data, well that really is what they call "tough luck."

[thecodeore]

Further on the "tough luck" point, that is not how our legal system is suppose to work, the government infact does not get access to any information even if they have a reasonable suspicion it is being "sheltered", there are all kinds of limits that are suppose to exist, and the "tough luck" part is suppose to be the burden of the GOVERNMENT not the people,

[thecodeore]

You really do not understand what is going on here.

Hushmail would have the exact same problem, Hushmail is not all that different from Lavabit.

When you load a message from your hushmail encrypted inbox it is DECRYPTED on the server side using the password you provided at login, then the HTML representing the email contained in your inbox it is then ENCRYPTED by the web server using SSL and Signed Certificate that is recognized by a web browser, in Hushmails case that CA is thawte, in LB case the CA was GoDaddy and sent to you.

ALL HUSHMAIL USERS share the same SSL Encryption from the Hushmail server to their Browser, this is how the web works. There is no changing at least not by a single company.

The only way around that would be to not use HTTP, or web browsers. But then you could create an entire new messaging system like BitMessage, but LavaBit was attempting to give people private EMAIL, not create a new messaging protocol

[dingaling]

> It technologically impossible/impractical to have a separate SSL cert for each user, that is just not how the HTTPS protocall was designed

Not impossible; each paying user[0] could be granted their own subdomain based on username and then an SSL cert issued specific to that domain.

What really stands out from reading the unsealed documents is that there was no separation of data and control within Lavabit; Mr Levison argues at one point that handing-over the SSL certs will also expose his administrative commands. Well, tough. Control and data should never flow in the same channel, particularly when handling data for which you have already received and processed warrants in the past.

[0] there were only 10,000 users paying for the high-security service. The other 400,000 were on the standard offering, without at-rest encryption.