undefined | Better HN

0 pointsmankyd12y ago0 comments

What I don't see is these three statements:

1. Force Lavabit to provide their private SSL keys and route all their traffic through a government machine that performed a man-in-the-middle style data collection; 2. Change their software to subvert Lavabit’s own security measures and log emails after SSL decryption but before encrypting with the users’ public keys; or 3. Require Lavabit to install malicious code to infect their own customers with government-supplied malware.

It sounds like he already has the ability to comply with demands for information. I don't see where this new stipulation by them requires any meaningful change to his existing infrastructure.

0 comments

1 comments · 1 top-level

m8urn12y ago

Again, that's the whole point. He wasn't able to provide them with what they wanted, and doing so meant that he either had to allow them to intercept messages (or passwords) on Lavabit's application servers, which is the only place they could be intercepted. Doing so would require either impersonating their servers through a MitM or code changes on their server.

I do acknowledge in the article that this could simple be an overhyped reaction to placing a black box on his network, but the statements Levison made seem to indicate otherwise. And hey I could be wrong about this whole thing, it still is largely speculation based on circumstantial evidence.

j / k navigate · click thread line to collapse