U.S. government willing to force release of SSL private keys when one user upsets them

[perennate]

http://arstechnica.com/tech-policy/2013/10/lavabit-defied-order-for-snowdens-login-info-then-govt-asked-for-sites-ssl-key/

Make sure you have perfect forward secrecy enabled. Otherwise who knows when the government will come knocking on your door for your private key and subvert the security of all of your users when one of them does something they don't like. And since we know the government sucks at protecting data it doesn't care about, your private key will undoubtedly end up public.

Oh and while they're at it they'll give you a secret gag order and fine you thousands of dollars per day you don't comply.

 

[texteditor]

Where ALL=1, don't be so dramatic.

Also dicking with the courts by handing them a copy printed in 4-point font, while funny, obviously isn't going to makes things easier for him.

 

[GIANT_CRAB]

This is already known long ago when Lavabit announced their shut-down.

Lavabit was forced by the government to give in its private SSL but refused and had to pay huge amounts of fine as an obstruction to government work offence.

Lavabit later had no choice but to shut-down.

 

[perennate]

Where ALL=1, don't be so dramatic.

Also dicking with the courts by handing them a copy printed in 4-point font, while funny, obviously isn't going to makes things easier for him.

Lavabit had more than one user; releasing it's private SSL key that it uses for its website implies that the security of all of its users is compromised.

I'm surprised he even complied with handing them the data. They could have easily used that with little effort; ever heard of OCR?

 

[perennate]

This is already known long ago when Lavabit announced their shut-down. Lavabit was forced by the government to give in its private SSL but refused and had to pay huge amounts of fine as an obstruction to government work offence. Lavabit later had no choice but to shut-down.

Details about it weren't released until now.

 

[jarland]

The word that best describes my attitude is FURIOUS.


Dear NSA,


Bomb president kill assassinate terrorist threat die destroy Allah Jesus Britney Spears civil war jihad


Come at me bro.

 

[WelltodoInformalCattle]

I'm sure they got bigger fish to fry jarland

In another note, it's interesting seeing how people in the US get furious at the NSA only when it intrudes on their privacy but when it concerns foreigners not a damn is given.

 

[jarland]

I'm sure they got bigger fish to fry jarland


In another note, it's interesting seeing how people in the US get furious at the NSA only when it intrudes on their privacy but when it concerns foreigners not a damn is given.

It's one thing to suspect, another to know. My knowledge of their foreign spying abilities came hand in hand with their domestic. We had no solid information to suggest that they were tapping every line of communication everywhere in the world until we had solid information suggesting that they were tapping every line in the world.

Furious as I may be over both foreign and domestic, foreigners aren't protected by the US constitution. I would encourage military action or economic sanctions to disagree with the US as a foreigner. As a citizen, I have to deal with the fact that my neighbors and/or myself actually played a part in this. It should absolutely be true that I am more furious about my angle than the angle of an outsider. You may have been wronged, but I have been betrayed.

 

[WelltodoInformalCattle]

To be honest, other countries are willingly screwing their own citizens over by collaborating with the NSA in data mining so blaming the NSA for everything is misguided on my part.

 

[terafire]

1984 is here. Looking forward to an Orwellian future. Freedom is slavery! (/sarcasm)