[jahfer]

I might be misunderstanding here, but going through the court transcript (p. 49–50), but it sounds like the gov't was entitled to installing a pen register[0] since (replace phone with email/internet):

"that because you knowingly expose phone numbers to the phone company when you dial them (you are voluntarily handing over the number so the phone company will connect you, and you know that the numbers you call may be monitored for billing purposes), the Fourth Amendment doesn't protect the privacy of those numbers against pen/trap surveillance by the government."

Since all of the network communication happens over SSL though, they are unable to read any of the data going into or out of the network without the encryption keys.

Shouldn't they only be able to access what's exposed to the outside network, or are they actually entitled to the unencrypted text, even if that's not available without being inside the connection? Forgive my lack of technical/legal understanding here.

[0] https://ssd.eff.org/wire/govt/pen-registers

[chacham15]

The problem is that the email is still sent to the address in an unencrypted format. Lavabit, upon receiving an email, then encrypted it. Therefore, Lavabit itself was provided with an unencrypted version of the email. That means that the expectation of privacy does not exist and the government has a right to the information. Or at least, that is the argument that the government puts forth.

[XorNot]

They're not entitled to the contents of the email because the service can operate without the contents. The service can not operate without the origin and destination details however.

That's what pen register metadata is - it's not email contents.

[chacham15]

> They're not entitled to the contents of the email because the service can operate without the contents.

This is mistaken. It is not the case that the service must operate by law. The service can only operate if it does not infringe civil liberties. To be more specific, it must not violate the fourth amendment of the constitution. The reason that metadata does not violate the fourth amendment is that there exists an expectation for whomever you give the message to to actually read the metadata much in the same way that you expect the post office to read the mailing address.

As I was trying to say in the parent comment, Lavabit, upon receipt of an email encrypts the entire email including the metadata. This still falls short of relieving the expectation I previously discussed because it still receives the email unencrypted. Hence, the government will argue that it has a right to the entire contents (even though the headers may suffice in some cases).

[MWil]

I'm confused by your statement. They're not entitled to the contents of the communications b/c Congress hasn't/may no be able to authorize it.

[XorNot]

Pen register metadata was deemed not protected by the Supreme Court, but privacy rights still protect the content of most communications from seizure without a warrant.

It all comes down to reasonable expectation: to send a letter, or make a phone call, you obviously have to tell the phone company the details of who you're calling. Therefore the information is not considered to have a reasonable expectation of privacy. Whereas you don't need to convey the content of your email or voice conversations to them for the service to operate - you could scramble your voice, or encrypt your email, and it wouldn't change a thing.

[MWil]

That's a great observation and it depends on how you define "exposed." Since it's technically feasible to capture the information, perhaps even retroactively, it's certainly been sent to a third party (Lavabit) for retention but they have just chosen to voluntarily put blinders on when it comes to that information.

So the question is whether it requires actual exposure or exposure in the regular course of business.