Over at Just Security, I have a new post looking at the legal issues and new amici briefs in the Lavabit case. The case is really important because the Fourth Circuit Court of Appeals is in the process of deciding the first legal challenge to government seizure of the master encryption keys that secure our communications with web sites and email servers. The opinion could decide the future reliability of encryption protocols to protect all Internet communications. This dispute involves Lavabit, a now-shuttered encrypted email service provider, which the federal court for the Eastern District of Virginia ordered to give to FBI investigators its SSL key to assist in its investigation of one of Lavabit’s users. While the government wants these keys to decrypt user information, there is really no acceptable way for the Court to order a secure communications service to break its encryption protocol. The danger to innocent users is too great, and there are network effects that would shatter critical trust in SSL implementation as a whole. Aside from the danger to secured communications overall, nothing in our law requires providers of legitimate email services to turn over keys or otherwise dismantle the security on their systems to help out in a government investigation. Luckily, there’s an easy answer here. Lavabit offered to decrypt itself the data the FBI wants on the suspect and disclose it to the government, and the government presumably can get a search warrant for that particular user. This is what the Fourth Circuit should order, rather than undermine cybersecurity for us all in the hunt for one person. For alot more, click over and read the post.
The Center for Internet and Society at Stanford Law School is a leader in the study of the law and policy around the Internet and other emerging technologies.