"A Court Order Is an Insider Attack"
Ed Felten makes a strong argument that a court order is exactly the same thing as an insider attack:
To see why, consider two companies, which we’ll call Lavabit and Guavabit. At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party—in this case, the government. Meanwhile, over at Guavabit, an employee, on receiving a bribe or extortion threat from a drug cartel, copies user data and gives it to an outside party—in this case, the drug cartel.
From a purely technological standpoint, these two scenarios are exactly the same: an employee copies user data and gives it to an outside party. Only two things are different: the employee’s motivation, and the destination of the data after it leaves the company. Neither of these differences is visible to the company’s technology—it can’t read the employee’s mind to learn the motivation, and it can’t tell where the data will go once it has been extracted from the company’s system. Technical measures that prevent one access scenario will unavoidably prevent the other one.
This is why designing Lavabit to be resistant to court order would have been the right thing to do, and why we should all demand systems that are designed in this way.
Also on BoingBoing.
Jeff Martin • October 17, 2013 1:27 PM
Anyone have any interesting resources on how exactly an organization can be made resistant to court orders?