On 13.08.2013 23:54, Joseph Lorenzo Hall wrote: > This is all to say that I suspect the government's order requested > ongoing access to the private key(s) in memory for some subset of > Lavabit users, such that they could ask in the future for the encrypted > contents of those users' accounts and easily look up these private keys > to get the message cleartext.
Yes, that is my also my thinking. > It's unclear to me if this would require an order that ordered Lavabit > to write software to do this (e.g., a backdoor), but it sounds like > that's the case. And it seems clear that by shutting down the service > last week, no one can log-in again such that their ciphertext is safe. Sounds very similar to what happened with Hushmail around 2007. I do believe they had a secure client, but were forced to put in a backdoor. Java Anon Proxy (JAP) developed at my university in Germany was "convinced" to put in a backdoor by extra-legal pressure in 2003. -- Moritz Bartl https://www.torservers.net/ -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
