So? They still have your credit card details to pay for the service, your cell phone ___location, the recipient of each email and the web pages you visited.
The actual contents of the emails is pretty much irrelevant- I'm pretty sure that international terrorists probably use code.
I'm also pretty sure that having one of these accounts and a series of logs showing your access to online gambling or movie sharing sites or banks in the Caymans is going to trip the same alarm bells.
But you said it: there's still too much identifying information left on the table.
There's another angle that threatens Calyx, too: they're just one rider on a "must-pass" bill away from being shut down and tied up in court. Or worse, made to _silently_ monitor your traffic after all their publicity about their privacy.
National Security Letters make it clear: the gag orders mean even if Nick Merrill wanted to tell you his company had been compromised, he wouldn't be able to.
There does seem to be a technical workaround, known as a "canary," where Nick Merrill posts a daily message far and wide signed from an air-gapped physically-secure private key that basically says, "Today is 11/Apr/2012. Under penalty of perjury, I have not been served with any legal threats."
Thus, the day the "canary" stops appearing, it becomes obvious what has happened; it seems that our current legal climate probably cannot compel him to _commit_ perjury, and his _inaction_ in posting his "canary" does not constitute a violation of any gag order; ironically, he conforms to it and by so doing alerts his customers to the problem.
Problems with this approach include:
• All the sites he has been using for the canary could get shut down simultaneously a la Megaupload
• Compromise of his private key
• Dwindling interest by his customers in checking multiple sits every day, even if the process can be mostly automated
"Today is 11/Apr/2012. Under penalty of perjury, I have not been served with any legal threats."
Under penalty of perjury is a meaningless phrase unless a court or other authorized body is requiring that statement of you. Look: under penalty of perjury, I am Chief Justice John Roberts of the United States Supreme Court.
Well, I'm not Chief Justice John Roberts. I lied about that. Am I in danger of going to jail for contempt of court? No, because nobody with judicial or administrative power required me to make a truthful declaration. Rather I made a statement I wanted you to believe and attached a common legal incantation to it - little different from a religious expression, such as 'God strike me dead if I lie.' In earlier times when people had little understanding of science, the sheer randomness of the world was attributed to mysterious divine provenance, and of course every so often these beliefs are validated in such dramatic fashion that the story is repeated (http://members.tm.net/lapointe/Lawyers3.htm for example, from 1988).
An awful lot of hackers I've met seem to think that law is strictly a matter of form, that if you say certain words in a certain order legal validity (and thus, truth-value of some sort) automatically attaches to them. This is not how law works, this is how magic works - and it's a good example of Arthur C. Clarke's comment that 'any sufficiently advanced form of technology is indistinguishable from magic.' Legal conventions are a form of social technology, and can not be taken at face value this way, any more than nontechnologists can foretell the future from blinkenlights.
It's the same notion that compels people to write "I don't own this song" under the youtube uploads of albums, as if mentioning copyright issues absolves you from them.
That being said, there are magic words that you can say that have very strong legal weight. For example, attaching a GPL licence to a piece of code you wrote has significant legal ramifications.
It's clear that "Under penalty of perjury" doesn't accomplish the intention of giving a canary message greater legal weight. I am, however, curious if there are some other "magic words" that could exist in a canary message which would help to signify its validity. For example, making it illegal for someone to fake the canary message.
I actually don't know if the government could require you to falsely affirm the nonexistence of a legal investigation as part of a gag order - in other words, if you simply stopped publishing your canary message, whether you could be required to do so. Perhaps the failure to comply with such a request would qualify as an obstruction of justice if therre were a colorable risk of it impeding a lawful investigation by tipping off the subject of the investigation; law enforcement officers with an appropriate warrant or authority could require an explanation of how the canary mechanism worked, in the same way that they could require you hand over keys to one's safe, say. There's no right to silence for non-defendants such as material witnesses.
First, thanks for adding good insights into what would (and would not) stand in court.
Would a 5th Amendment right (not witnessing against herself / self-incrimination) protect the owner of the ISP against a charge of obstruction of justice?
i.e. Owner of ISP refuses to post the canary after a gag order. She is not named as a defendant in the investigation. But she can defend herself against obstruction of justice charges: plead the 5th, and thus she is not compelled to falsely affirm the canary.
It's not clear this would work, either, but there might be some pretty solid precedents that could be used in this way.
Subornation of perjury is the crime of persuading a person to commit perjury; and also describes the circumstance wherein an attorney causes or allows another party to lie.
It's pretty clear this, not magic, is the end goal of the original statement.
You've misunderstood the Wikipedia article, which is not surprising because it is poorly written. The government can establish mechanisms for people to provide statements "under penalty of perjury", such as IRS forms. But the mere words "under penalty of perjury" aren't a magic incantation; they have force only when specifically given it by the government.
"Under penalty of perjury" is just a mechanism for substituting a written declaration for an in-person swearing.
If you look at the statute, the governing condition is (paraphrased) "under laws or circumstances requiring or permitting a sworn statement".
>>National Security Letters make it clear: the gag orders mean even if Nick Merrill wanted to tell you his company had been compromised, he wouldn't be able to.<<
Wouldn't be able to legally. If he feels strongly enough about this to start a company, he may feel strongly enough to defy the law.
When your opposition can legally order predator strikes on you, imprison you indefinately without charge, torture you in it's own military prisons and secretly ship you off to 3rd world prisons for more torture - then I don't think little legal tricks like reverse canaries are really going to work.
I agree that it's not much of a surprise, but tell me why wouldn't it work?
I don't have to reveal the hidden ___location and password to my air-gapped private key unless I am in court.
I agree that spending the rest of my life at Hotel Guantanamo isn't my favorite, but if he defies the Federal Gov't's established secret wiretapping, surely he has assessed the possibility of this happening already and he's not afraid?
Who knows the secret key/has access to the system?
Just him - in which case what happens to my data if he walks under a bus?
Or all the admins/the board/the lawyers?
So a three-letter-agency guy turns up with a SWAT team, you only need one of them to decide to reveal the key with a gun at their head - or with the threat that child porn would be found on his laptop/20kg of heroin would be found in his apartment. Chain = weakest link.
The "weakest link" problem can be ameliorated to some extent by using secret sharing cryptography, so that at least x% of participants must cooperate to reveal the secret key.
You're being too dismissive and you didn't read carefully. Their goal is to be unable to turn over information, and to that end, they say they'll discard the logs you refer to. So in theory, they won't have your cell phone ___location, what pages you visited, etc, or at least not for long. Your credit card is small potatoes by comparison; plenty of restaurants have that.
If they're also a telecom provider who can't comply with wiretaps, that's also huge.
Personally I think this is very exciting. Governments' game has been to make secret deals for surveillance; by announcing openly that they won't cooperate, this company will either succeed or may force the government to state openly the level of surveillance they demand. Citizens should know how out-of-control it's gotten.
The importance of your credit card is that it links the account with you.
Unless they are going to spend a gazzilion $ putting their own cell towers across the country with their own backbone then their partner telcos have your ___location = so does the NSA.
And unless you are only emailing people/visiting sites in their system then the other telcos have the end points of those links. Calyx could hide the originator of these packets, but in that case they are no different from any other VPN - and I have a lot more security from PATRIOT (or MPAA) requests using a VPN owned by a Liberian company run from a rack in Estonia than I do with one run out of the USA. Ironically your best 'security' at the moment from US wiretaps is to use a VPN owned by the Chinese government.
You're saying that this isn't worth doing because they still have to keep some minimal amount of information about their customers in order to do business? You're saying everyday people should contract with a company in Liberia to route their traffic through Estonia?
That's ridiculous. The point of this is not make it easy to evade justice. Remember, we do want the police to be able to gather evidence against criminals when it's warranted. It's to prevent mass surveillance of the population by the state. Having communications companies that minimize the data they gather about their customers and refuse to hand it over to the state without a warrant is a huge step forward in protecting the civil liberties of ordinary citizens. That's the point.
The point of this is not make it easy to evade justice. It's to prevent mass surveillance of the population by the state.
It's not clear to me that we can prevent mass surveillance without making it easier for criminals to evade justice.
I still think we should work to prevent mass surveillance, not because making things tough for law enforcement is not a problem, but because mass surveillance is a much bigger problem.
The point is that the government has the ability with the cooperation of the telcos to track everything.
This telco is claiming that they have the technical means to prevent that - while in fact they have no technical difference (other than storing your email encrypted) than any other.
If all they are claiming is that they are good guys and wouldn't hand over your data if ordered then you have no more security than all the other telcos who also said that - either because they were lying or they were ordered to say so.
If your risk model is that the telco will cooperate with the US government then the solution is a telco who has no reason to do so.
This telco is claiming that they have the technical means to prevent that - while in fact they have no technical difference (other than storing your email encrypted) than any other.
That isn't my interpretation.
They seem to be saying that they will do everything technically and legally possible to prevent tracking.
That's a significant difference from the current situation where telcos hand over information whenever the government asks, even if not ordered to do so.
> The importance of your credit card is that it links the account with you.
What if you pay with a prepaid Visa/Mastercard, since those aren't linked to your name? Or in cash (yes, that still exists!), or via money order (since sending cash in the mail is illegal, and money orders can't be reliably linked to an individual).
Its a 1st, necessary step. The rest requires some end-to-end encryption of even the destination - and maybe a secure, anonymous DNS query reflector or some such.
Or I'm talking nonsense. But a secure ISP that is not capable of eavesdropping is a start.
The actual contents of the emails is pretty much irrelevant- I'm pretty sure that international terrorists probably use code.
I'm also pretty sure that having one of these accounts and a series of logs showing your access to online gambling or movie sharing sites or banks in the Caymans is going to trip the same alarm bells.