Judges Poised To Hand US Spies The Keys To The Internet
CIS Director of Civil Liberties Jennifer Granick discusses a recent ruling ordering email provider Lavabit to hand over it's SSL keys to the government and why the NSA could potentially do more with information than originally thought it if they are allowed to keep it indefinitely.
How does the NSA get the private crypto keys that allow it to bulk eavesdrop on some email providers and social networking sites? It’s one of the mysteries yet unanswered by the Edward Snowden leaks. But we know that so-called SSL keys are prized by the NSA – understandably, since one tiny 256 byte key can expose millions of people to intelligence collection. And we know that the agency has a specialized group that collects such keys by hook or by crook. That’s about it.
Which is why the appellate court challenge pitting encrypted email provider Lavabit against the Justice Department is so important: It’s the only publicly documented case where a district judge has ordered an internet company to hand over its SSL key to the U.S. government — in this case, the FBI.
“We know from the minimization rules that are out that if they collect encrypted information they’re allowed to keep it indefinitely,” says Jennifer Granick, Director of Civil Liberties at the Stanford Center for Internet and Society. “That’s exactly why the Lavabit case is so important.”