← Back to context

Comment by Karunamon

11 years ago

Explain, please.

What prevents an NSL from compelling Google from minting a new certificate (they are a CA), providing the keys to the bad guys, and distributing that certificate in Chrome? NSLs have been used in the past to compel positive action (c.f. Lavabit), so I really don't see how you think there's any practical limit to their power.

My understanding is that there isn't a limit. If I am wrong about this, then kindly reply directly here so we can all learn instead of giving the "read up on" non-answer.

An NSL can be used only to compel release of connection or transaction metadata, and cannot be used to compel disclosure of message contents. It's basically a fast-track for getting things like call records, and it most emphatically cannot be used to compel turning over a certificate or allowing a man-in-the-middle.

To my knowledge the exact details of the Lavabit case were never released, but from what has been released it's quite clear that the issue was regarding a warrant and a gag order, because the ensuing litigation wouldn't have been remotely applicable to an NSL (otherwise Lavabit's attorney would have won on a walk).

None of this is to say that I think NSLs should exist. In fact, I think they're a terrible idea. But the vast majority of discussions around them and similar topics is so grossly uninformed that it's impossible to take most people seriously on these subjects.

  • Okay, so not an NSL. Incorrect terminology pointing at the same awful effect, an unaccountable court issuing unchallengeable rulings that cannot be discussed.

    No substantial difference from the concept I'm complaining about.