Email service reportedly used by Edward Snowden abruptly shuts down
Well, this was a bit of mysterious news today. Apparently, the owner of Lavabit – the same email service reportedly used by NSA leaker Edward Snowden to contact human rights groups last month – has decided to shut down its operations in order to avoid becoming “complicit in crimes against the American people.” The message was cryptic but hinted the company has been battling legal issues over the privacy of its users’ data, leading many to speculate (without proof) that it’s connected to Snowden.
Here’s the message owner Ladar Levison posted at the home page of the Lavabit website earlier.
My Fellow Users,
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on–the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.
What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.
Owner and Operator, Lavabit LLC
While intentionally vague on the details, citing laws passed by Congress that prevent it from sharing what led to its decision, Lavabit gives us a glimpse into some sort of legal battle brewing behind the scenes. We’re left to read between the lines on the rest. It also concludes with, “Defending the constitution is expensive! Help us by donating to the Lavabit Legal Defense Fund here.”
But it is not known whether or not Lavabit’s apparent legal issues have anything to do with Snowden. The only thing we do know where Snowden is concerned is that he was reportedly one of its users.
Before he received temporary asylum, Edward Snowden met in July with human rights groups while still stranded in the transit zone of Russia’s Sheremetyevo airport. The former NSA contractor used the personal Lavabit email address “[email protected]” to send the invitation to those groups for that event, a detail that was widely reported to the public at the time.
Business Insider published this post last month on How Edward Snowden Sends His Ultra-Sensitive Emails. It described why the founders, strong privacy advocates, decided to launch Lavabit in 2004 as an alternative to Gmail.
“At the time, Lavabit’s founders felt Gmail was a great service but that Google was actively violating the privacy of its users by displaying ads related to keywords in their e-mail,” says the Lavabit official website.
So a few Texas programmers with a self-described “maniacal level of dedication” and “experience building mission critical systems” started a company called Nerdshack LLC, which then changed to Lavabit in 2005.
Google’s propensity to scan emails for key words and then market that data to advertisers was a clear violation of privacy to the Lavabit founders.
What seems most important here is that the company is taking a strong stance on the privacy of its users’ information, regardless of whose it may be. It will be interesting to watch if it comes back into operation.
Legal Insurrection has reached out to a few members of Congress who have been outspoken on the issues of NSA surveillance/privacy and about Edward Snowden to see if they had any comment or additional information on this matter, but we’ve not yet heard back. We’ll update this post if/when we do.
Donations tax deductible
to the full extent allowed by law.
So which is the “crime against the American people”, violating the U.S. Constitution or telling people about it?
wonder if its possibly related to the darkweb tor sites taken down this week.
Most people don’t have secrets worth sharing.
And, back when telephones first came into usage, it was strictly “party line.” An operator connected you. And, in many communities you could buy “party line” service from AT&T, which was cheaper than not sharing your line.
That meant when you want to make a call, you’d pick up your receiver. And, it was customary to bud in to whomever was also using the line, telling them you had to make a phone call.
Nobody shouted about “privacy issues!”
And, in rich homes where there were many telephone extensions ANYONE could pick up a receiver and listen in.
In offices bosses asked their secretaries not only to listen in, but to take shorthand notes.
Gmail’s FREE. And, in exchange for this service they are data mining “whatever.” Meanwhile, at Amazon I’m always seeing “stuff” they think I’ll buy … even though I am there to buy something else.
I never heard of Lavabit. But after Kim Dotcom’s New Zealand home was raided on instructions from our FBI, I knew that no matter what … “privacy” wasn’t on the horizon unless you went “cold turkey” … Wrote letters you can send through the postal service, because, oddly enough there are rules in place that it’s illegal for someone else to open and read your private mail.
Back in WW2 it also became the custom of British landladies (and others) to take your delivered letters over to the kettle where they were boiling tea … and the glue would “give” … so they could read the contents of your letters. And, then paste the envelope shut, again.
Good luck to American companies … because since MegaUpload got hit, America has been losing servers. People just go off to islands, elsewhere …
Let alone what happened to all the data stolen by the FBI from MegaUpload … which included lots of peoples personal pictures.
The best line I read about Snowden is that he had his pockets filled with UBS drives.
You no longer need to hire a strong shouldered secretary, who could lift up the office files, and run with it on her shoulders.
Sometimes, what you really need is a hint on where you put the darn file you can’t find.
“Most people don’t have secrets worth sharing” sounds a lot like “if you’re not doing anything wrong you shouldn’t care if the police stop and frisk you.”
You cite interesting anecdotes about party lines in the old days of AT&T and Google analyzing your email programatically to target ads at you, but you’re losing the point that these are private companies that individuals choose to do business with. To me that is a very different thing than the government surreptitiously nosing into everybody’s communications. Your example of military censorship is, well, military which is different if you’re in the service or if it during time of war.
It bothers me that so many people, including you it seems, are happily slipping down the slope of lost privacy. Once it is gone how will we ever get it back?
“Wrote letters you can send through the postal service, because, oddly enough there are rules in place that it’s illegal for someone else to open and read your private mail”
Well, the rules against opening paper mail would have to be followed by the same people whose history of rule-following re digital messages is terrible. The reason paper mail is somewhat better is, as you indicate in your next paragraph, it’s not physically feasible to put human hands and eyes on every message.
Your points about various historical tolerances are interesting.
The Law? What does the Law matter to Obama and his administration?
So, what you’re saying is that you have not ever been a victim of Identity Theft; you’ve never had your hard and honestly earned money stolen from your bank account by a thief, and in spite of what precautionary measures were taken to prevent such a thing; you’ve not ever had your “free” email hacked into and your life threatened simply because you’ve never dared to speak out to defend the G-d given rights of victims of such as child abuse, to include the abuses done and crimes committed against the unborn, right?
I can see Obama saying “Nothing to see here, Move along. We’re not snooping on all your emails”
I’m confident Jay Carney will clear this up at the next press briefing.
I’m glad Lavabit is choosing to fight to the point of shutting down. We cannot say the same for Verizon, AT&T, Microsoft, Google, Apple, and who knows whom else who decided to cave in to NSA/FBI demands to the point of allowing those organizations to infiltrate their networks.
This whole episode is unsettling as we become a police state. Putin would do us a favor by bombing the hell out of the NSA complex in Utah. HELLO PRISM, ECHELON, XKEYSTROKE, and God knows what else … are you listening? [The answer to that is obviously yes].
Coincidentally, I learned about Lavabit today when searching for a new home email server after I let mine get attacked by a malevolent force when I stupidly used it as a blog address (NEVER use your personal email address – use a disposable address that is not tied to your identity or home address or home email and DO NOT check the boxes to receive mailings.)
So I discovered Lavabit and then found it was ‘closed for maintenance.’
Any suggestions for a safe email provider that works with Windows Live Mail/Outlook Express?
Lavabit has long since been a most well trusted friend. I hope it returns soon. Until then, I’m patiently awaiting Start Mail from IXQuick and Start Page.
Timid men prefer the calm of despotism to the tempestuous sea of liberty.
LOL its dailylos fault
I wonder how many years of prison and how many millions of dollars of fines the Lavabit CEO, and his family, was threatened with.
[…] six weeks, even though I have twice made the appropriate requests,” he wrote in a …Email service reportedly used by Edward Snowden abruptly shuts downlegal Insurrection (blog)Email service linked to Edward Snowden shuts downState […]
That is a very frightening message. That the CEO cannot even say publically without fear of criminal prosecution what he is being charged with indicates a lawless State to me. It is like Angela Corey on steroids.
Time for an email provider outside the USA?
I’m sure he received a “National Security Letter” which had the language in it that said “Revealing that you have received a National Security Letter (without permission) to any party is a Federal Offense.”
That is likely what Lavabit is fighting for, to be able to reveal that they have received a National Security Letter for the NSA/FBI/NRO to be allowed to go through their data.
You would think that after 10 years of operations, that he’d have built up enough of a nest egg to fight any law which muzzles his 1st amendment rights, but apparently, he’d rather just fold and walk away. In either case, it stinks.
unfortunately, it’s my understanding that this is not the way that these laws work. If Mr. Levison was to release the nature of the NSA requests that he is fighting or even that he received requests from the NSA pertaining to certain individuals, he would be charged with crimes for leaking information. I wonder if these charges would be tried in a regular criminal court or in a ‘secret’ court. My bet is that the govt would never allow such info to come out to regular citizens sitting on a jury.
It’s a sad day when secret courts are becoming more and more a part of our lexicon when talking about our own government.
He might be tried in Dean Wormer’s court and put on “double secret probation”. It truly is an Animal House [with a chimpanzee in charge] and it’s 1984. Scary times. Wish the technology existed to bring the Founding Fathers back to life.
The closing message is a warning to everyone. Its the only way he could give it. The “Secret Court” will not allow any other message to be sent.
Hard choice, but the right one.
Silent Circle made the right choice, shut down US operations / offerings, preemptively. ( Now they just need to get completely out of the country. As a corporation as well. )
If only more had backbone to do the same…
It’s clear the gubmint DEMANDS access to all our e-mail, the 4th Amendment be damned, the FISA secret court has spoken! The gubmint does not want secure, encrypted communications between citizens. Next up … opening and reading US mail.
But what would happen if a company set up an encrypted, secure e-mail server and service not on US soil? What would be the gubmint tactic to counter that? Would I be prohibited from signing up with that service?
But what would happen if a company set up an encrypted, secure e-mail server and service not on US soil? What would be the gubmint tactic to counter that? Sounds like a good idea but… the gubmint could still access all emails sent to/from anyone on your service by getting them from the U.S. based servers of the folks your clients communicate with. The only people your clients would be able to actually communicate privately with would be other clients. And most of your clients might not even realize this UNLESS you made it very clear to them when they signed up.
Or alternatively, the gubmint could require all U.S. based email services to simply block emails to/from your off-shore service from reaching their destination. An “electronic Berlin Wall” that most Americans would never even know existed. How many clients would you be able to keep if emails they were expecting never arrived and they discovered that 99% of the messages they sent went nowhere.
I think that you’re missing the premise with this one B_Angel.
The way to do this would be to set up an “end-to-end” tunnel encryption set up, with an encrypted payload where there is a “public” key and a “private” key between the parties.
This is an older version of how it would work, based on “PGP” encryption. Basically one party creates a “public” key, and publishes said “public” key to the world, along with the version of encryption that they are using.
Any person who wants to send the first party a message drafts the message, opens the PGP encryption program, drops the message into the file, and “encrypts” it to the “public” key provided. The person then sends the encrypted message across the network to the first party, who has the “private” key, and can decrypt the message by applying the “private” key to the message.
Even if the government intercepts the message in the pipeline, all they see is gobbledygook. If you really want to be paranoid about it (I have been in the past), you set up a Digital Signature through the Message Identity property, where if the message has been altered in any way prior to decrypt, it will fail to decrypt, along with a message as to it failing because it was altered.
Couple this with a Hidden TOR Network connection bouncing your connection off of a dozen or so IP addresses, and you have effectively made it impossible to find or identify you.
Can the message be “brute-force” hacked? Sure, with sufficient computing power and enough time anything can be brute-forced. However, the time, effort and computing power necessary to do so become obscenely expensive very, very quickly as the encryption algorithm improves, or as longer and longer encryption keys are used.
There is really only one way around this type of encryption: physical access to the hardware of either the sender or the recipient.
As for setting up an electronic Berlin Wall, it’s not ever going to be allowed to happen. If one whiff of that got out, ICANN would die a very swift, VERY public death, and the Department of Commerce (which oversees some of ICANN’s functions) and every remaining tech company would immediately FLEE the country.
What is particularly unusual is that Lavabit was not allowed to give its 300,000+ users advanced warning that they would lose their e-mail accounts. (In fact, the suspension of e-mail services was initially billed as a temporary maintenance disruption). This has led to serious inconvenience and even material financial losses to some users.
It looks like this may have been designed as a slap in the face to all those who dared to encrypt their e-mails robustly, not solely a tactical move against Snowden.