You may recall that in August, the owner of secure email provider Lavabit abruptly shut down the service, leaving little indication as to why, other than a cryptic message posted at the company’s website.
Based upon limited statements made by Lavabit’s owner Ladar Levison since he shutdown the service – he has said he could not offer much detail about the case or he’d face potential charges – it seemed clear that the company was facing a government request for user data that was more than a typical law enforcement matter. The fact that Lavabit was also an email service used by NSA leaker Edward Snowden only fueled such speculation at the time.
Since then, Lavabit has struggled privately in its legal battle. But now, at least some of that speculation is over, after a court unsealed documents in the case on Wednesday.
From the NY Times:
The full story of what happened to Mr. Levison since May has not previously been told, in part because he was subject to a court’s gag order. But on Wednesday, a federal judge unsealed documents in the case, allowing the tech entrepreneur to speak candidly for the first time about his experiences. He had been summoned to testify to a grand jury in Virginia; forbidden to discuss his case; held in contempt of court and fined $10,000 for handing over his private encryption keys on paper and not in digital form; and, finally, threatened with arrest for saying too much when he shuttered his business.
In short, Lavabit first received a request from the government in June to provide data for one of its email users (whom many still presume to be Snowden based upon the timing and the charges listed in the unsealed documents). Because that user had enabled Lavabit’s premium secure service, Levison explained that he could not easily comply with the request because, based on Lavabit’s system, only the user is supposed to have access to the encryption key. So the government filed a motion that compelled Lavabit to comply with the request.
Levison has said in interviews that he’d not previously had any issue with complying with standard law enforcement requests, provided there was a legitimate order to do so. So he tried to come up with a compromise in this case, according to the NY Times.
A redacted version of that request, which was among the 23 documents that were unsealed, shows that the court issued an order July 16 for Lavabit’s encryption keys. Prosecutors said they had no intention of collecting any information on Lavabit’s 400,000 other customers. “There’s no agents looking through the 400,000 other bits of information, customers, whatever,” Jim Trump, one of the prosecutors, said at a closed Aug. 1 hearing.
But Mr. Levison said he spent much of the following day thinking of a compromise. He would log the target’s communications, unscramble them with the encryption keys and upload them to a government server once a day. The F.B.I. told him that was not enough. It needed his target’s communications “in real time,” he said.
“How as a small business do you hire the lawyers to appeal this and change public opinion to get the laws changed when Congress doesn’t even know what is going on?” Mr. Levison said.
When it was clear Mr. Levison had no choice but to comply, he devised a way to obey the order but make the government’s intrusion more arduous. On Aug 2, he infuriated agents by printing the encryption keys — long strings of seemingly random numbers — on paper in a font he believed would be hard to scan and turn into a usable digital format. Indeed, prosecutors described the file as “largely illegible.”
That last paragraph highlights the lengths to which Levison went to try and work around the circumstances. It’s a detail that did not go unnoticed by some tech blogs, like The Verge, which ran this post with the headline, Snowden’s email provider Lavabit fought government surveillance with ultra-tiny font.
I have to admit, it was quite the creative stunt.
Not surprisingly, Levison was ordered to provide a new copy of the information, according to Wired.
“To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors wrote.The court ordered Levison to provide a more useful electronic copy. By August 5, Lavabit was still resisting the order, and the judge ordered that Levison would be fined $5,000 a day beginning August 6 until he handed over electronic copies of the keys.On August 8, Levison shuttered Lavabit, making any attempt at surveillance moot. Still under a gag order, he posted an oblique message saying he’d been left with little choice in the matter.
Levison’s attorney argued that the company’s concern for its other customers had a lot to do with its hesitance to hand over the security keys to the government, according to Wired.
“The privacy of … Lavabit’s users are at stake,” Lavabit attorney Jesse Binnall told [Senior U. S. District Court Judge] Hilton. “We’re not simply speaking of the target of this investigation. We’re talking about over 400,000 individuals and entities that are users of Lavabit who use this service because they believe their communications are secure. By handing over the keys, the encryption keys in this case, they necessarily become less secure.”
In addition to the NY Times article, I recommend reading the Wired article in its entirety, as it provides a full account and timeline of Lavabit’s story. The rest of that story, of course, remains to be seen.
The complete set of unsealed documents can be viewed here.
CLICK HERE FOR FULL VERSION OF THIS STORY
