I have nothing but respect for Ladar Levison. The founder of former secure email Lavabit, he shut his startup down when he was issued with court orders compelling him to install back doors into his system. His latest articles in The Guardian are Instapaper material; I encourage you to read them.

In a broader sense though, such cases demonstrate yet another disconnect between the expectations of end users, and the reality of system design.

In popular culture, we have the image in our minds of the phone tap. Whether by splicing a cable (as the name suggests) or listening in another room to someone’s private conversations, we can insert ourselves into the middle and eavesdrop on conversations. I get the feeling many in law enforcement and government are stuck in this 1970s cop movie mindset. If it worked for phones, why can’t secure communication providers just insert a back door or a tap?

One of the key problems with these demands is that the entire system would need to be rearchitected to comply. For those doing crypto right, there’s no way for an intermediary to access private keys or plaintext, as they are used and encrypted at the client side. For law enforcement, this sounds like techno babble, but its mathematical and algorithmic fact.

It’s almost as if PKI was designed this way. You don’t say.

Which leads us to an uncomfortable place. Whether intentional or otherwise, these requests are a disinsentive for secure system developers to place the locus of control with clients, as they may need to redesign their system at another stage to comply with secret court orders. Both providers and users suffer in this scenario.