Talk:Lavabit

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
WikiProject Computing / Websites (Rated Start-class)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Websites.
 
Note icon
This article has been automatically rated by a bot or other tool because one or more other projects use this class. Please ensure the assessment is correct before removing the |auto= parameter.
WikiProject Mass surveillance (Rated Start-class, Mid-importance)
WikiProject icon Lavabit is within the scope of WikiProject Mass surveillance, which aims to improve Wikipedia's coverage of mass surveillance and mass surveillance-related topics. If you would like to participate, visit the project page, or contribute to the discussion.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
 

Lavarand?[edit]

It seems likely that the name "Lavabit" was inspired by the Lavarand project, but of course that is just an educated guess -- I cannot find a source. Please keep your eyes out for any mention of a connection. --Guy Macon (talk) 04:53, 9 August 2013 (UTC)

Lavabit a response to Gmail[edit]

Since Gmail was launched on April 1, 2004 in closed beta testing, I highly doubt that Lavabit was set up "by privacy concerns about Gmail, Google's free, widely-used email service" 2.28.47.176 (talk) 23:29, 8 August 2013 (UTC)

According to the source I used: "Edward Snowden is apparently using the service, which jumped into existence in 2004 as a result of privacy concerns about Gmail. "At the time, Lavabit’s founders felt Gmail was a great service but that Google was actively violating the privacy of its users by displaying ads related to keywords in their e-mail," says the Lavabit official website." Gamaliel (talk) 23:35, 8 August 2013 (UTC)
I think the inclusion of the statement is warranted and the dubious tag should probably be removed. I recall privacy concerns about Gmail being discussed before it was released universally. IronGargoyle (talk) 00:32, 9 August 2013 (UTC)
Please see the "history" and "secure" links below to see exactly what Lavibit claimed. --Guy Macon (talk) 04:53, 9 August 2013 (UTC)

Google cache of technical specifications[edit]

Here are some URLS to Google caches of some now-closed pages from lavabit.com. The first one specifically discusses National Security Letters.

Extended content

http://webcache.googleusercontent.com/search?q=cache:Ya-QbFDJV-4J:http://lavabit.com/secure.html
http://webcache.googleusercontent.com/search?q=cache:vBFJwOlEDkQJ:http://lavabit.com/questions.html
http://webcache.googleusercontent.com/search?q=cache:pRg8ZBvvDBwJ:http://lavabit.com/philosophy.html
http://webcache.googleusercontent.com/search?q=cache:y7UXIlGhAfMJ:http://lavabit.com/privacy_policy.html
http://webcache.googleusercontent.com/search?q=cache:sisRxxgjF10J:http://lavabit.com/history.html
http://webcache.googleusercontent.com/search?q=cache:d9UBXAerwxkJ:http://lavabit.com/hardware_software.html
http://webcache.googleusercontent.com/search?q=cache:it2Lg90qg4UJ:http://lavabit.com/statistics.html
http://webcache.googleusercontent.com/search?q=cache:A6bRHXto3b8J:http://lavabit.com/features.html
http://webcache.googleusercontent.com/search?q=cache:nJdjWjtnbyIJ:http://lavabit.com/health.html
http://webcache.googleusercontent.com/search?q=cache:rMrtOnu0TG8J:http://lavabit.com/news.html
http://webcache.googleusercontent.com/search?q=cache:ob3WitOyoEUJ:http://lavabit.com/settings.html
http://webcache.googleusercontent.com/search?q=cache:a_OXdg2hsWQJ:http://lavabit.com/personal_e_mail.html
http://webcache.googleusercontent.com/search?q=cache:f8UcJk2_bBcJ:http://lavabit.com/site_map.html

Also see this Russian site:

http://rt.com/usa/lavabit-email-snowden-statement-247/

There is a 2009 interview/Q&A that cover some of the technical details here:

http://possibility.com/LavabitArchitecture.html

Text of the secure.html page:

Extended content

Security Through Asymmetric Encryption

Why is secure mail storage important?

In an era where Microsoft and Yahoo’s e-mail services sell access past their spam filters, Google profiles user’s inboxes for targeted advertising, and AT&T allows the government to tap phone calls without a court warrant; we decided to take a stand.

Lavabit has developed a system so secure that it prevents everyone, including us, from reading the e-mail of the people that use it. We felt that this technical protection was necessary in addition to our Terms of Use and privacy policies.

In safer times, a strict Privacy Policy would have been enough to protect the rights of honest Internet citizens. But everything changed when the United States Congress passed the Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (PATRIOT) Act in 2001. If you’re currently unaware of the PATRIOT Act, we highly recommend you visit the Electronic Frontier Foundation (EFF) website.

The key element of the PATRIOT Act is that it allows the FBI to issue National Security Letters (NSLs). NSLs are used to force an Internet Service Provider, like Lavabit, to surrender all private information related to a particular user. The problem is that NSLs come without the oversight of a court and can be issued in secret. Issuing an NSL in secret effectively denies the accused an opportunity to defend himself in court. Fortunately, the courts ruled NSLs unconstitutional in 2005; but not before illustrating the need for a technological guarantee of privacy.

Lavabit believes that a civil society depends on the open, free and private flow of ideas. The type of monitoring promoted by the PATRIOT Act restricts that flow of ideas because it intimidates those afraid of retaliation. To counteract this chilling effect, Lavabit developed its secure e-mail platform. We feel e-mail has evolved into a critical channel for the communication of ideas in a healthy democracy. It’s precisely because of e-mail’s importance that we strive so hard to protect private e-mails from eavesdropping. How does it work?

How does asymmetric encryption protect your privacy? The short description is that for users of this feature, incoming e-mail messages are encrypted before they’re saved onto our servers. Once a message has been encrypted, only someone who has the account password can decrypt the message. Like all safety measures, encryption is only effective if it’s used. To ensure privacy, Lavabit has developed a complex system that makes the entire encryption and decryption process transparent to the end user.

This process works by combining three different encryption schemes with Elliptical Curve Cryptography (ECC) as the cornerstone. When a user activates the asymmetric encryption feature, two ECC keys are generated with 521 bits of strength. The first key, or the "public" key, is stored in plain text on the server. This public key is used to encrypt incoming messages. Because of how ECC works, only someone with the second “private” key can decipher messages encrypted with the public key. To protect the private key from attackers, it is encrypted using the Advanced Encryption Standard (AES) with a 256 bit key. AES is a synchronous encryption scheme that uses a secret passphrase to encrypt/decrypt a ciphered message. In the case of Lavabit’s secure e-mail system, the ciphered message is a user’s private key and the secret passphrase is a hashed version of the user’s password.

To ensure maximum security, passwords are hashed using the Secure Hash Algorithm (SHA). SHA takes the plaintext password as its input and produces a random 512 bit string as the output. With only the SHA output, it is cryptographically impossible to determine the original input. Effectively, hashing is a repeatable one-way process.

To increase the randomness of our hash outputs and the difficulty of reversing the process, Lavabit combines the password with the account name and a cryptographic salt. This combined string is then hashed three consecutive times, with the former iteration’s output being used as the input value of the next iteration. The output of the first hash iteration is used as the secret passphrase for AES mentioned above. The third iteration is stored in our password database and is used to verify that users entered their password correctly.

The product of this encryption process is a message that is cryptographically impossible to read without the password. We say "cryptographically impossible" because, in theory, an attacker with unlimited computing resources could use brute force to decipher the original message. However in practice, the key lengths Lavabit has chosen equal enough possible inputs that a brute-force attack shouldn’t be feasible for a long time to come.

We should note that this encryption process is only secure if you select a strong password. If your password is weak, an attacker would only need to brute force the password to crack our encryption. We should also note that this feature only protects messages on the Lavabit servers. Messages can always be intercepted before they reach Lavabit or between Lavabit’s servers and your personal computer, if SSL is not used. Finally, messages can be retrieved from your local hard drive if encryption software isn’t used on your computer to protect the files. These vulnerabilities are intentional. Our goal was to make invading a user’s privacy difficult, by protecting messages at their most vulnerable point. That doesn’t mean a dedicated attacker, like the United States government, couldn’t intercept the message in transit or once it reaches your computer.

Our hope is the difficulty associated with those strategies means they will only be used by governments on terrorists and scammers, not on honest citizens. If you’re intent on hiding your communications from the government, we recommend you investigate systems that secure messages throughout the entire e-mail system and not just at one particular point along that journey.

BTW, I was not able to find this at archive.org. --Guy Macon (talk) 00:42, 9 August 2013 (UTC)

News[edit]

Obviously we are engaged in news here, but I think it is justified. However, we must keep in mind that much of the news is that actual information about this matter is classified and thus unavailable. User:Fred Bauder Talk 13:35, 9 August 2013 (UTC)

The Letter[edit]

Including the whole letter in the article appears unencyclopedic. It's not notable enought for full inclusion. It may violate WP:OR and possibly WP:Copyright. We should cover what reliable sources say, not much more. We are not to inlude original material on the ground that it may disappear from internet otherwise. Also, by including the last sentence "Help us by donating to the Lavabit Legal Defense Fund" it reads a bit like advertising on Wikipedia. Regards, Iselilja (talk) 14:45, 9 August 2013 (UTC)

Full agreement. There's no need for the full text. Gamaliel (talk) 14:55, 9 August 2013 (UTC)
Good call, Iselilja. --Guy Macon (talk) 15:25, 9 August 2013 (UTC)
The letter is included, in full, in reliable sources. User:Fred Bauder Talk 21:34, 9 August 2013 (UTC)
Ok, if so, we don't have the OR problem if we include it. But we normally don't include full/long statements in articles, so why should we do it here? I think hightlighting the essential of the letter appears more encyclopedic. Regards, Iselilja (talk) 21:54, 9 August 2013 (UTC)
I view it as similar to an image; it contains information that text describing it does not. User:Fred Bauder Talk 14:09, 10 August 2013 (UTC)

LinkedIn as a source[edit]

Can we agree that LinkedIn is unreliable as a source? An IP keeps adding it as a reference into the article. It fails WP:LINKSTOAVOID as a social networking site and adds nothing of source value that isn't accomplished by the site link. Deadbeef 22:24, 9 August 2013 (UTC)

"Ceased" vs. "Suspended"[edit]

User:Elizium23 has reverted edits by both myself and User:MrScorch6200 which use the language "suspended" in reference to the site's current status, rather than Elizium's word choice of "ceased". He claims that the use of "suspended" is unsourced. However, the letter on the actual website contains the sentence: After significant soul searching, I have decided to suspend operations. I left an edit summary reverting his revert with that exact sentence to explain the use of "suspended"; however, he reverted that anyway, declaring it was unsourced. It is, in fact, sourced at the end of the one-line paragraph with reference one, which links to the site. I am confused as to why this is an issue with Elizium and would like further clarification. Deadbeef 05:08, 10 August 2013 (UTC)

It is not impossible that Lavabit will return, so "ceased" is inaccurate at the moment. "Suspended" sticks to what Ladar Levison said. If a "reliable" source says ceased, then they have not read Levison's announcement correctly.--♦IanMacM♦ (talk to me) 05:11, 10 August 2013 (UTC)
I agree with User:Deadbeef and User:Ianmacm, suspended is referenced in the official letter to Lavabit's users. Just for clarification, Ceased means "come to an end," while Suspend means "Temporarily prevent from continuing." As it is currently unknown if Lavabit will return, "suspend" is the word of choice. MrScorch6200 (talk) 05:36, 10 August 2013 (UTC)
Your problem is that you have two indisputably reliable secondary sources which say 'shut down': [1] and [2]. So you are going to need to reconcile this contradiction for your readers. Wikipedia reports what is contained in reliable secondary sources. The use of a primary source in this case is acceptable, but since your other sources clearly contradict it, you're going to either have to remove them entirely or document the discrepancy. It could be as easy as saying "some news outlets reported that they [permanently] shut down." It could also be as easy as finding later news articles which acknowledge the error and report what Lavabit actually said. But it is a disservice to readers to keep these sources in this article and not even mention what they actually say. Elizium23 (talk) 20:04, 10 August 2013 (UTC)
"Shut down" ≠ "Ceased". Those sources are reporting using the letter as their only source, and the language in the letter is "suspended". Their use of "shut down" is the secondary choice of language when the word choice from the letter itself can be used; not to mention, "shut down" can mean a variety of things and is more ambiguous. I can "shut down" my computer and turn it back on five seconds later. Besides, as was mentioned earlier, it is not inconceivable that the site could resume operations in the future; it is premature to write the article as an obituary. If they lose their court battle or otherwise announce a permanent end of operations, that would be the correct time to cast the article as such. Deadbeef 20:24, 10 August 2013 (UTC)
You have to keep in mind the logic behind our requirement for secondary sources. If we report something about someone, we don't just take their word for it. If we say "Lavibit experienced a voluntary discontinuation of email capability", we don't just take Lavabit's word for it -- maybe they are telling a fib. If we say "Lavibit announced a voluntary discontinuation of email capability", we are entirely correct to use Lavabit's exact phrasing instead of a paraphrase from a secondary source. WP:SECONDARY isn't just a rule we need to follow whether it makes sense or not. It is a tool to help us make better, more verifiable pages. --Guy Macon (talk) 21:16, 10 August 2013 (UTC)

Forbes article[edit]

http://www.forbes.com/sites/kashmirhill/2013/08/09/lavabits-ladar-levison-if-you-knew-what-i-know-about-email-you-might-not-use-it/

Dropping this here so I don't forget about it. Gamaliel (talk) 16:24, 12 August 2013 (UTC)

Quote from EFF blog post and Silent Circle[edit]

In the section Suspension and gag order, the second paragraph ends with a quote attributed to the EFF, "understand what led to a ten-year-old business closing its doors and a new start-up abandoning a business opportunity". Silent Circle is the new start-up it refers to, but in this Wikipedia article, Silent Circle isn't mentioned until the third paragraph of this section. The quote had me scratching my head, wondering what start-up it was referring to, until I got to the later mention of Silent Circle. This section should be edited so other readers aren't confused like I was, no? --anon. 71.183.133.71 (talk) 21:29, 17 August 2013 (UTC)

The start-up being referred to is Lavabit; I think that section reads pretty clearly given the context. Deadbeef 05:35, 18 August 2013 (UTC)
Huh? Did you have a momentary lapse of reason? :) --anon. 71.183.133.71 (talk) 01:35, 19 August 2013 (UTC)

Who is Edward Snowden?[edit]

After a brief skirmish among IPs, the page has been reverted to read the following: Lavabit received media attention in July 2013 when it was revealed that National Security Agency whistleblower Edward Snowden was using the Lavabit email address.... While at least one of the edits were undoubtedly POV, the question remains of what term of description to use for Snowden. Should it be whistleblower as it is now, or something else, like defector, leaker, etc.? I don't have any particular favorite term, but I would like consensus established so we have a discussion to refer back to so we can preemptively avoid edit wars about the semantics of it. Deadbeef 05:32, 18 August 2013 (UTC)

"Traitor", "Hero", etc. are clearly non-neutral, so we can throw those out. "Defector" is factually untrue. He is a fugitive, not a defector.
"Whistleblower" is used by a bunch of sources, but so is "leaker", and my impression is that "leaker" is more popular among the more reliable sources like newspaper news pages, "whistleblower" among blogs and newspaper opinion pages.
To me, what settles the question is these Google searches:
http://www.google.com/search?q=%22Edward+Snowden+isn%27t+a+whistleblower%22
http://www.google.com/search?q=%22Edward+Snowden+is+not+a+whistleblower%22
http://www.google.com/search?q=%22Edward+Snowden+is+a+whistleblower%22
http://www.google.com/search?q=%22Edward+Snowden+isn%27t+a+leaker%22
http://www.google.com/search?q=%22Edward+Snowden+is+not+a+leaker%22
http://www.google.com/search?q=%22Edward+Snowden+is+a+leaker%22
"Leaker" is clearly far less controversial. I say we go with "Leaker". --Guy Macon (talk) 08:18, 18 August 2013 (UTC)
I think "leaker" has a negative connotation, while "whistleblower" has a positive connotation". In his own mind he surely was the latter. The first fact has implication per WP:BIO, and the second thing also counts for something. So for these two reasons, and because I like to stick with edits which have had consensus for a while, I prefer the status-quo "whistleblower". Debresser (talk) 15:24, 28 August 2013 (UTC)

We are not operating in a vacuum. This issue has been discussed ad nauseum over at Talk:Edward Snowden. We should be internally consistent, and since there has been no consensus there on his label (beyond "American computer specialist") we should omit the labels. --Dr. Fleischman (talk) 18:21, 6 September 2013 (UTC)

I agree 100%. Follow the lead of the Edward Snowden page and if anyone wants to change the label, tell them to get consensus there and we will follow. --Guy Macon (talk) 21:25, 6 September 2013 (UTC)

Lavabit letter archives[edit]

https://lavabit.com/

WhisperToMe (talk) 20:34, 18 August 2013 (UTC)

Legal action[edit]

The removed paragraph says that a search warrant was executed against a user of this service. How is legal action against a mere user notable for this article? Should we update Yahoo! and Google whenever kiddie porn is found there too? Absurd! Elizium23 (talk) 20:15, 26 August 2013 (UTC)

If Yahoo! or Google suspended operations, implying that they would rather shut down than comply with some sort of government order that they cannot talk about, then the fact that they had previously complied with a valid search warrant signed by a judge would be very much relevant. It tells us something important about what the secret government order was not. --00:46, 27 August 2013 (UTC)
Okay, it tells us many important things. Which source that was included with the proposed edit explained what those important things were, and how they were related? Elizium23 (talk) 00:49, 27 August 2013 (UTC)
I added it back in with a slightly modified version to indicate its relevance. Speedplane (talk) 04:27, 27 August 2013 (UTC)
I am of the same opinion as Elizium23, and think this paragraph shoud be removed. However, the way it was reworded by Speedplane, even though it comes down to original research, is so ingenious, that I will leave it for another editor to do the remove. But if and when that remove will come, I support it completely. Debresser (talk) 09:10, 27 August 2013 (UTC)
I think that it is important and that it should be left in. May I make a request? instead of any further reverts, let's follow the steps in WP:CON and WP:DR to resolve any remaining disagreements. --Guy Macon (talk) 14:05, 27 August 2013 (UTC)
WP:CON is fine as long as we are mindful of policies such as WP:V and WP:SYNTH. You need to provide sources that say things that are asserted in the article, not just throw stuff in there to prove a point. The new edit is even worse. Where is the evidence that Lavabit complied with this search warrant? The only source is WP:PRIMARY, a public record of the warrant. All it proves is the fact of the warrant's existence, and that is in no way proof of relevance to the article at hand or compliance thereof. Elizium23 (talk) 16:38, 27 August 2013 (UTC)
Re: "Where is the evidence that Lavabit complied with this search warrant?": On the morning of March 28. 2013, Special Agent Daniel E. O'Donnel of the FBI violent crimes against children section applied for a search warrant[3] for all records and other information, including the contents of all emails, for the Joey006@lavabit.com account.[4] On the same morning, U.S. Magistrate Judge Stephanie A Gallagher signed the search warrant, and as a result, at 2:41 PM, Lavabit Owner Ladar Levison transferred all of the requested information to a DVD and gave it to special agent O'Donnel.[5]
Re: "that is in no way proof of relevance to the article at hand or compliance thereof": for evidence of compliance, see above. As for relevance to the article at hand, that is a matter of editorial judgement to be determined, as I said before, by Wikipedia's Consensus policy. Here are two sources[6][7] that establish relevance. --Guy Macon (talk) 00:31, 28 August 2013 (UTC)
Then you would have to add info from that source. As it is, the relevance is not explained and the information should be removed. Debresser (talk) 10:54, 28 August 2013 (UTC)

──────────────────────────────────────────────────────────────────────────────────────────────────── I couldn't help noticing that after you asked "Where is the evidence that Lavabit complied with this search warrant?" and I provided the evidence (took me about ten seconds of Googling) you just moved on to your next argument without any acknowledgment that your question had been answered. Please consider the possibility that you are more focused on winning than on working with other editors to improve the page.

While WP:V does say "Any material lacking a reliable source directly supporting it may be removed", it does 'not say that we must add citations for every claim. What it says is "Attribute all quotations and any material challenged or likely to be challenged to a reliable, published source using an inline citation." I do not believe that the material is likely to be challenged or that you are seriously challenging it. That being said, if you insist that we clutter up the page with citations establishing things that nobody is ever going to challenge, we can do that. What we will not do is delete material that you know full well is verifiable without any consensus to remove it. See WP:PRESERVE.

You might want to explain exactly why you think it to be not relevant when Techdirt, Forbes, and two other editors think it is. --Guy Macon (talk) 13:39, 28 August 2013 (UTC)

Guy, I never asked for any such evidence. Please check yourself my few short posts above. Also, please don't make this personal (see WP:NPA). I have no personal interest in this issue, please don't make it look like I do. Also, absent further arguments to keep this fragment, and in view of the protests raised here, I think we will not be able to fulfill your request to refrain from further edits much longer . Debresser (talk) 15:20, 28 August 2013 (UTC)
Do what you think is best. Be aware that except for cases such as blatant vandalism or clear BLP violations, I generally limit myself to one revert. Will I be getting an answer to the question I asked above anytime soon? --Guy Macon (talk) 17:37, 28 August 2013 (UTC)
Would you mind repeating the question, please? Debresser (talk) 18:55, 28 August 2013 (UTC)
Because I believe that this is a waste of effort, this will be my last response to you in this thread. For the record, I asked why you think it to be not relevant when Techdirt, Forbes, and two other editors think it is. You could have found that unanswered question yourself by looking up two replies in the thread. Given the above, combined with fact that you also wrote "Where is the evidence?" followed shortly by "I never asked for any such evidence", I must reluctantly conclude that further attempts to communicate will be unproductive, so I withdraw my question. Feel free to have the last word; I will not respond. --Guy Macon (talk) 03:36, 29 August 2013 (UTC)
I will challenge the WP:RS status of documents found on cryptome.org. Where is their editorial oversight and reputation for fact-checking? Elizium23 (talk) 21:49, 28 August 2013 (UTC)
You seriously think that cryptome.org forged official court documents and that nobody -- including RT[8][9] -- noticed? Fine. My source is the U.S. District Court For the District Of Maryland. There is no requirement that sources used on Wikipedia be available online. --Guy Macon (talk) 03:36, 29 August 2013 (UTC)

RfC: Should information about Lavabit complying with previous search warrants be included?[edit]

At issue is whether we should delete or keep the following text:

Before the Snowden incident, Lavabit had complied with previous search warrants. For example, on June 10, 2013, a search warrant was executed against Lavabit user Joey006@lavabit.com for alleged possession of child pornography.

Information about the search warrant in question: [10][11][12][13]

--Guy Macon (talk) 17:30, 28 August 2013 (UTC)

Survey[edit]

Keep means retain information about Lavabit complying with previous search warrants.
Delete means exclude information about Lavabit complying with previous search warrants.
Neutral means that either retaining or excluding the material in question is acceptable.


  • Keep: (Note: I am the filing editor.) In my opinion, it is notable and relevant that Lavabit did not have a problem with court-ordered subpoenas or search warrants, but did have a problem with the government making warrantless demands for information without showing evidence of probable cause to a judge. Multiple media outlets[14][15] have expressed the same opinion. --Guy Macon (talk) 17:30, 28 August 2013 (UTC)
  • Keep if we omit the email address. The incident is relevant, but not the identity of the user. Gamaliel (talk) 17:47, 28 August 2013 (UTC)
  • Delete as original research which must be deleted. The relevancy is not the issue so much here. Debresser (talk) 19:02, 28 August 2013 (UTC)
  • Delete until better sourcing can be established. First source is WP:PRIMARY and the others do not meet WP:RS standards of a reputation for fact-checking and editorial oversight. Elizium23 (talk) 21:57, 28 August 2013 (UTC)
  • Keep although should just refer to "a user." One can take issue with the secondary source(s) in isolation but when all of the available sources are considered collectively I don't think that one can fairly dispute that the incident occurred, and we should allow the reader to draw his or her own conclusion about significance. I'd add that there is no general ban on the use of primary sources when the source is not used to support anything beyond a "straightforward, descriptive statement of fact."--Brian Dell (talk) 06:21, 29 August 2013 (UTC)
  • Delete per Debresser and Elizium23. OR/SYNTH. If a secondary source can be found, this could remain, but of course without the email address and probably not necessary to mention the issue, either, just state "although Lavabit had complied with previous search warrants". --Randykitty (talk) 06:31, 29 August 2013 (UTC)
  • Keep Citing facts someone else published is not original research (WP:ORIGINAL). Primary sources are not prohibited (WP:PRIMARY), but there is a prohibition against interpretation; there is no interpretation here, just cold hard facts. Notability (WP:NOTE) is an article policy, not a content policy; but it is notable information, given the context. Docket Alarm, as a noted PACER republisher (see the PACER article), is more reliable than any newspaper I have read; so WP:RS arguments fail (its smart thinking on Guy Macon's part to include a PACER republisher for WP:RS attacks). The only question here is relevance. I think its relevant, the fact that cryptome.org republished it only adds to the evidence that it is relevant, but I do urge the editor to revert himself and omit the username in question, as its TMI. Int21h (talk) 07:08, 29 August 2013 (UTC)
  • Keep seems notable enough.--♦IanMacM♦ (talk to me) 07:15, 29 August 2013 (UTC)
  • Keep – It's supported by a reliable source. WP:PRIMARY clearly allows the use of primary sources. One of the main factors in questioning PSs is the ability of those primarily involved to misrepresent themselves. Court documents not written by either of the opposing parties. However, finding a secondary source (able to support analytic context to the hard facts) is still a very good idea. —Sowlos  07:42, 29 August 2013 (UTC)
  • Keep and rephrase. As long as it's made clear that the previous warrants were lawful, and the reason they're shutting down is about illegal warrants. The owner of Lavabit has said himself that he complied with legal requests for information in an interview to Democracy Now (at 7:57). -- intgr [talk] 08:37, 29 August 2013 (UTC)
  • Keep but delete the email address, as suggested above: The comment seems factual and highly relevant. I was initially concerned about the credibility of the link to docketalarm.com, because I hadn't seen it before and there is no Wikipedia article on it. However, one of the comments above said it is a well-known and reputable publisher, and I assume that comment is correct. I concur with the suggestions above that docketalarm.com is NOT a primary reference. I also find persuasive the suggestion that judicial rulings be considered similar to review articles in academic research journals: Judges put their reputations on the line with each such decision, and they must decide based on filings by plaintiffs and defendants and occasionally others. To me, this suggests a more careful review than an article approved by an anonymous referee.
It could be nice to add a second secondary source as also suggested above. However, I don't see that as necessary.
I do have one concern: I cannot find a web site for the "Maryland District Court", cited on the docketalarm.com web page to which that reference links. Is this the United States District Court for the District of Maryland? I assume it is, but I don't understand why docketalarm.com would use an informal name for that court and not its full official legal name? Similarly, if "Maryland District Court" is a common name for the United States District Court for the District of Maryland, why isn't there a redirect for it?
Also, am I correct that court records in the U.S. are all in the public domain, but users must pay to download copies from the Maryland District Court (or whatever court heard this case)? If yes, what do you think about placing a copy in Wikisource, then providing a link to that copy? If anyone is concerned about whether the Wikisource copy is accurate, they can download another original copy from the web site of the Maryland District Court. DavidMCEddy (talk) 12:09, 29 August 2013 (UTC)
  • Keep - Of course it's relevant. No need to worry about it being original research. Just quote court papers, etc., and besides there is not an actual need to do so, as it has been documented in other articles. --Paulmd199 (talk) 13:50, 29 August 2013 (UTC)
  • Keep it, but delete the email address, as it is a very minor detail, and cite the following sources:
Poulsen, "Edward Snowden’s Email Provider Shuts Down Amid Secret Court Battle" Wired August 8, 2013
Masnick, "Feds Hit Lavabit With A Warrant Back In April, But Shutdown Likely Over Something Much Bigger" Techdirt August 12, 2013 Dezastru (talk) 16:20, 29 August 2013 (UTC)
  • Keep, with removal of the personal email address and the addition of sources such as Wired and Techdirt (per Dezastru), there is no issue here. petrarchan47tc 06:15, 6 October 2013 (UTC)

Threaded discussion[edit]

Please keep discussion in this section and refrain from threaded discussions in the survey section.


  • Comment Some editors are of the opinion that the person who posts the RfC should not post a comment in the survey section, on the theory that he/she made his case in the lead and that repeating it in the survey would be a form of double voting. I disagree. I think that the question in the lead should be worded neutrally and that you should not be able to tell what the filing editor's position is from the lead alone. --Guy Macon (talk) 17:30, 28 August 2013 (UTC)
  • Protest This text is not a reflection of the sources, but rather WP:ORIGINAL RESEARCH. The sources show 1. that Lavabit complied with a certain warrant (that was NOT connected to anything NSA-realted) 2. speculation that Lavabit did not want to comply with a NSA-related warrant. The present text, connecting these two things, is in itself original research, and can therefore not be kept. The question raised by Guy Macon is therefore not the right question. The issue is not if the information is relevant, the issue is a WP:OR one. I propose to close the survey immediately. Debresser (talk) 19:02, 28 August 2013 (UTC)
I don't know what RfC you are reading, but the one I posted simply says "At issue is whether we should delete or keep the following text" Nowhere did I ask whether the information is relevant.
If you think it should be deleted because it is original research, make your case, and if your argument is compelling, the consensus will be to delete it because it is original research.
If you think it should be deleted because it is not relevant, make your case, and if your argument is compelling, the consensus will be to delete it because it is not relevant.
My considered opinion is that it is relevant and that it is not original research, but if the consensus goes against me, I will accept the consensus. --Guy Macon (talk) 19:46, 28 August 2013 (UTC)
This is not original research, because Guy Macon is not the origin of the research. I'm not sure why there is confusion over that? Are you suggesting Guy Macon is the original source of this information? That Guy Macon is actually the Maryland District Court? Or are you asserting that Guy Macon is the publisher behind cryptome.org? Because if you cannot sustain such assertions (both, not just either IMO), then your assertion that it is WP:ORIGINAL fails. The source is a warrant returned to the Maryland District Court and published by the same. It is republished by cryptome.org (as public domain information). It is faithfully interpreted in the statements in question here, meeting the WP:PRIMARY policies. Original thought, that is connecting various information from various sources into coherent argument, and deciding what information is relevant to a given article, is not original research; a source is not required asserting that such a statement is relevant to the Wikipedia article at hand. Wikipedia editors, that is all of us, decide which of these thoughts make the cut. That is the only question here, if it is relevant, and let me tell you what pisses off almost all editors at some point: there is no policy on content that prevents material such as this, and there is no policy that allows its inclusion, so such questions are the source of epic debates. But the main point I'm making is your argument that there is some policy preventing it fails. Int21h (talk) 06:46, 29 August 2013 (UTC)
  • Comment Secondary sources have taken note of this search warrant in the context of the current government demands, so it's not original research if used properly and in the manner of those sources. Gamaliel (talk) 19:04, 28 August 2013 (UTC)
In any case we need not mention the user and the issue (child pornography). Debresser (talk) 19:07, 28 August 2013 (UTC)
Why not? --Guy Macon (talk) 19:46, 28 August 2013 (UTC)
I think there is no prohibition against it, but I think you should consider removing the username. Is it relevant? Does it add anything important? I don't think so. I think the fact that its child porn could be seen as relevant, but some random username? That is like including the exact timespan the warrant was executed in, down to the seconds, and the fact that it was a DVD, and the DVD was a Memorex DVD. You see what I'm getting at? Not prohibited, but not really useful information either. Int21h (talk) 06:46, 29 August 2013 (UTC)
That a very good point. I just changed it to read
"Before the Snowden incident, Lavabit had complied with previous search warrants. For example, on June 10, 2013, a search warrant was executed against a Lavabit email address for alleged possession of child pornography"
That keeps the important part (it was a real search warrant signed by a judge against the user or users of a specific email address) while dropping the irrelevant (the actual email address itself).
Part of the problem here is that we cannot say anything that passes VP:V about whatever caused Lavabit to suspend operations. All we know is that Lavabit is legally prohibited from revealing anything. An educated guess based upon many similar government actions is that someone in the federal government made a warrantless demand for all info on all users and claimed that the they had secret evidence showing probable cause that they did not have to reveal. Of course we cannot put anything like that in the article; it would be WP:OR and WP:SYNTH. What we can do is to present the known results of previous government demands for user information and let the reader draw her own conclusions.
I gave a lot of thought about the phrase "against a Lavabit email address" as opposed to "against a Lavabit user", but looking carefully at the search warrant, the FBI had no idea who the user was or even whether it was a single user or a group sharing an email address in an attempt to cover their tracks. So really, the search warrant was executed against a Lavabit email address. --Guy Macon (talk) 12:17, 29 August 2013 (UTC)
I would suggest "against a Lavabit account" instead. An email address is only a string, a location. An account is a bit higher-level, while still retaining anonymity and allowance for the unknown. Deadbeef 12:34, 29 August 2013 (UTC)
Seems reasonable. Done. --Guy Macon (talk) 13:49, 29 August 2013 (UTC)

(This was moved from the survey section. It is a response to DavidMCEddy's comment (11th from the top).)
Yes, that is the court; I think the court's official name is "United States District Court" and the official name of the district is "District of Maryland", so "Maryland District Court" is a reasonable identifier. (Law != logic.) Yes they are in the public domain; they are all works of the federal government, and government edicts as well. Yes, the court makes people pay for public domain information that other websites provide for free, because its damn near free to publish. (Yes, the Chief Justice of the US Supreme Court should be impeached; if Aaron Burr can impeach Justice Samuel Chase over judicial conduct, then Justice Roberts can be impeached over PACER.) The affidavit is not a writing of a judge, but of an FBI agent. The only thing the judge did was sign the other forms, and the only thing the FBI agent did was check a few boxes and sign the forms. They are not important enough for Wikisource IMO, but there is no prohibition. Int21h (talk) 18:53, 29 August 2013 (UTC)



How Snowden's Email Provider Tried To Foil The FBI Using Tiny Font[edit]

New to this article, I don't immediately see a section that would allow for this information, so I'll just leave the link. petrarchan47tc 06:56, 6 October 2013 (UTC)

$10,000 fine[edit]

This:

In August, Lavabit became the first technology firm to shut down rather than disclose information to the U.S. government. Lavabit owner Ladar Levison closed his encrypted email company after refusing to comply with a government effort to tap his customers’ information. It is now been confirmed the FBI was targeting National Security Agency leaker Edward Snowden, who used Lavabit’s services. But Levison says that instead of just targeting Snowden, the government effectively wanted access to the accounts of 400,000 other Lavabit customers. Levison now says that since first going public, he has been summoned before a grand jury, fined $10,000 for handing over encryption keys on paper instead of digitally, and threatened with arrest for speaking out. The Justice Department began targeting Labavit the day after Snowden revealed himself as the source of the NSA leaks. Levison joins us to discuss his case along with his attorney, Jesse Binnall. "What they wanted was the ability, basically, to listen to every piece of information coming in and out of my network," Levison says.[16]

Has been stated two occasions on this program, including an interview with Levison, and possibly more since I am posting this before watching the interview.

I can't find another source for this while searching for any of the keywords. I for one would very much like to know the basis for this fine. Perhaps I will learn more in the interview, but it seems worthy of inclusion. I mean, what Law says any information must be transmitted digitally? Much less SSL keys.--184.21.215.174 (talk) 15:13, 7 October 2013 (UTC)

Here is the link to the program, with transcript: Democracy Now. petrarchan47tc 23:07, 7 October 2013 (UTC)

Update[edit]

Now that Lavabit lost on appeal. Many parts of the article need to be updated. 62.39.140.158 (talk) 11:35, 25 April 2014 (UTC)

May update[edit]

Levison's gag order was lifted; more updating to do: Secrets, lies and Snowden's email: why I was forced to shut down Lavabit petrarchan47tc 06:55, 21 May 2014 (UTC)

March 2016 info[edit]

Further information has been disclosed inadvertently by the US Government and it is being covered by various news sources. Apparently the requested user metadata regarded Edward Snowden. [17] For a coherent, historic view on all these events, maybe rather large parts of the events leading up to and following the shutdown should be updated? — Northgrove 10:08, 18 March 2016 (UTC)

As the article in Wired says "It's been of the worst-kept secrets for years". There was never any real doubt that Ed Snowden was the target, given that he contacted journalists using the email address Ed_Snowden@lavabit.com.--♦IanMacM♦ (talk to me) 10:47, 18 March 2016 (UTC)

Online/offline[edit]

Re this edit: it depends what you mean by online or offline. Since August 2013, the site has offered no e-mail service. At the time of writing, http://lavabit.com/ displays a page explaining why the service was discontinued. None of this really counts as Lavabit being online, as it cannot be used to send or receive e-mails any more.--♦IanMacM♦ (talk to me) 09:36, 16 December 2014 (UTC)

Archive.is blacklisting[edit]

@Ianmacm: You have been removing a notice that Cyberbot II added to the page, calling attention to several blacklisted links from archive.is. However, a wide community consensus decided that archive.is links should be universally blacklisted, and Cyberbot II is noting them accordingly. In addition, Cyberbot II was allowed to add banners calling out blacklisted links after an administrator review; see Wikipedia:Bots/Requests for approval/Cyberbot II 4 for the discussion archive. Unless you would like to start a new RFC to overturn these past decisions, the community consensus stands that archive.is links are banned, and Cyberbot II is allowed to add banners calling out these blacklisted links. Cheers, IagoQnsi (talk) 18:15, 5 April 2016 (UTC)

The messages should be on the talk page. Cyberbot was critcised for this before. People do actually look at the talk pages, so there is no need to yell out a non-urgent problem as the first thing in the article.--♦IanMacM♦ (talk to me) 18:20, 5 April 2016 (UTC)
@Ianmacm: The purpose of message boxes is to call out issues, and a consensus has decided that Cyberbot II's banner was acceptable. If you think those banners should be on the talk page rather than the main page, then I encourage you to open an RFC about it. But right now, the consensus stands that the blacklisted links banner is useful and belongs on the main page. -IagoQnsi (talk) 18:24, 5 April 2016 (UTC)
Many archive.is links were added in good faith, although I prefer archive.org. The trouble is that perfectly good archived links are being written off as spam. It is all highly unsatisfactory.--♦IanMacM♦ (talk to me) 18:27, 5 April 2016 (UTC)
@Ianmacm: There is an RfC at Wikipedia:Archive.is RFC 4 with the proposal "Remove archive.is from the Spam blacklist and permit adding new links (Oppose/Support)".
Looks like that got resolved, since the discussed blacklist banner no longer exists on the article, and InternetArchiveBot / Cyberbot II is now reformatting archive.is archiveurls (albeit erroneously) and not complaining about them -- see the next section. --Dan Harkless (talk) 10:28, 18 May 2017 (UTC)

External links modified[edit]

Hello fellow Wikipedians,

I have just modified 6 external links on Lavabit. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

YesY An editor has reviewed this edit and fixed any errors that were found.

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

YesY The help request has been answered. To reactivate, replace "helped" with your help request.

Cheers.—InternetArchiveBot (Report bug) 12:02, 12 May 2017 (UTC)

The bot does not self revert. If an issue is discovered, it's assumed the editor will hit the undo button and report the error. If you reported them, in most cases the tool will autocorrect IABot's perception of the URL and will not come back to repeat the mistake. When deadurl is missing, it's implied to be deadurl=yes. So IABot reads the original URLs as dead. The bot requires at least 9 days of downtime to consider a URL dead.—CYBERPOWER (Chat) 18:29, 21 May 2017 (UTC)
@Cyberpower678: OK, thank you. BTW, I think it's not a good design to have the help request in your template have to get erased when it's responded to. This is especially bad if the original editor who asked for help gets busy and other editors have to address the issue. I think you should change that to allow marking as responded without deleting the text of the request. I will reproduce my erased request here:
InternetArchiveBot modified 6 URLs on Lavabit, marking all of them as dead. Only two of them actually are, the hosting.lavabit.com and liberty.lavabit.com ones. I've reported the false positive dead URLs via the tools.wmflabs.org interface, but nothing in the tool nor the template text explains whether that is sufficient to get the bot to fix them, or if I have to put them back the way they were manually. Looking into it further, I see that all of these URLs except for the first one already had 'archiveurl's specified in them by whoever added them, but they had correctly not added 'deadurl=yes' to them. Is an explicit 'deadurl=no' necessary/sufficient to stop the bot from doing this? Or does it rewrite as 'deadurl=yes' regardless, if an archiveurl is present? I don't know why it called the first URL dead, as that one was added by me and did not have an 'archiveurl' on it (though in retrospect perhaps it should have, if 'deadurl=no' can be used as I posit above, since it's text that will be expected to change in the nearish future). Perhaps the server was down temporarily, but is it documented somewhere how long a URL has to be down for for the bot to consider it dead? Also, the edit summary from the bot said "Rescuing 6 sources and tagging 0 as dead", which is quite misleading given that it added 'deadurl=yes' to all of them; that should presumably say something like "Rescuing 6 sources and tagging 0 as unarchived dead links". --Dan Harkless (talk) 10:19, 18 May 2017 (UTC)
Even if a single editor is dealing with the issue, it's a lot easier to remember what the details are if the request doesn't get erased. After re-reviewing my request and your response, I have added explicit 'deadurl=no's to the cites the bot erroneously marked as dead. Thanks again for your help, and I hope you will consider my suggestions for improvements to your service. --Dan Harkless (talk) 08:18, 23 May 2017 (UTC)