Lavabit & OTP

Remember Lavabit?

Turns out the real reason the feds went after it hammer and tong was Edward Snowden.

A redaction oversight by the US government has finally confirmed that the Federal Bureau of Investigation’s targeting of secure email service Lavabit was used specifically to spy on Edward Snowden.

Ladar Levison, creator of the email service, which was founded on a basis of private communications secured by encryption and had 410,000 users, was served a sealed order in 2013 forcing him to aid the FBI in its surveillance of Snowden.

Levison was ordered to install a surveillance package on his company’s servers and later to turn over Lavabit’s encryption keys so that it would give the FBI the ability to read the most secure messages that the company offered. He was also ordered not to disclose the fact to third-parties…

Documents obtained from the federal court were published by transparency organisation Cryptome, as noted by Wired’s Kim Zetter, revealing that “Ed_Snowden@lavabit.com” was the intended target of the action against Lavabit.

Meanwhile, The Cousins are not fucking around:

Internet service providers and technology companies will be forced to install “back-door” flaws into their products, so British police and security services can access them on demand.

The move was announced in draft documents published in support of ‘s controversial Investigatory Powers Bill, announced in November 2015.

Companies will also be banned from revealing whether they had been made to install “back-door” access routes, leaving customers unable to know whether their messages and search history are truly secure.

And if the draft documents are approved and the Bill known as the “Snoopers’ Charter” is , the controversial measures will be partially paid for by British taxpayers.

Face it, folks – you want perfect secrecy, you’re going to have to do it the old-fashioned way: OTP, or one time pads. More conveniently, books: 1 Using books is a simple, though tedious, method of encryption. Importantly, it’s not something NSA, the FBI or even the FSB can crack. 2

It works like this – select a book, any book. For this example we will use Gravity’s Rainbow, the 1973 Viking version, ISB 0-670-34832-5. The novel is 760 pages and seemingly uses every word in the English language. By using a page:line:character format one can encode an email message thusly…

12:9:3 183:15:7 238:14:11 310:9:38 194:11:17 7:1:1….ad infinitum.

…to include, it’s worth noting, the key you intend to use for your next encoded message (Infinite Jest; Little, Brown; 1995, 1st Edition, ISBN 0-316-92004-5; 1079 pages).

To recap, select a book known only to you and the recipient as the key; encode your message (including the next key/book used) and email. For added security (if only by obscurity) encrypt the email before it is sent (PGP is highly effective with email). Et voilà, perfect secrecy. 3

Lavabit & OTP

Show 3 footnotes

  1. The main difference between using books and a one-time pad is a one time pad’s security is based on all possible pads that could be created, whereas a book cipher’s security is based on all possible books ever published.
  2. Unless they think you’re passing nuclear secrets or are a terrorist, in which case they’ll just rendition your ass.
  3. This method is time consuming; the tl;dr crowd ought to just stick with Twitter and Instagram; it’s not like they have anything worth encoding.

Something to say...?