Lavabit founder: “I had effectively lost the ability to control my own network”
“…and as a network administrator, that just was a completely untenable position.”
Ladar Levison, the founder of encrypted email service Lavabit, abruptly shut down the service in August after pressure from the government to hand over user information. Levison said at the time that the move was necessary in order to avoid becoming “complicit in crimes against the American people.”
Levison had been unable to comment much about the situation because he was legally prohibited from doing so. Since then, more has been made public in recent weeks after some of the documents in the case have been unsealed. Those alone revealed the lengths to which Levison went to try and get around the government’s demands, including fighting them with an ultra-tiny font (as The Verge put it).
In a previous interview, Levison briefly elaborated that he had in the past complied with warrants on routine law enforcement requests. But the circumstances surrounding the incident that finally prompted him to make the drastic decision to shut down his service were different.
In this recent interview with CNET, Levison discussed exactly why he felt he had no choice other than to shut down the encrypted email service.
When I finally lost my fight in court and I had to turn over the keys, I had decided long before that if that ever happened and I wasn’t able to tell people that it was happening, and as a result build the public’s support I needed to change the law, then the only ethical choice for me was to shut down. So the decision had already been made and it was just simply the act of turning over the keys that prompted me to take those steps and finally shut down the service.
The interviewer, Declan McCullagh, asks for clarification: “When you say keys, do you mean the master encryption keys, the SSL keys for web traffic?”
Levison’s response is quite revealing.
I mean the private keys that were used for SSL. Because when I turned those over, I was effectively turning over control of my network to the federal government. They could see everything coming in and out of my network and they could read the plain text. They could see passwords, they could see email content, they could intercept credit card transactions, everything that was at all sensitive. And I had effectively lost the ability to control my own network, and as a network administrator, that just was a completely untenable position.
Last week, the ACLU said in court filings that the US government’s demand had “fatally undermined” Lavabit, reported The Guardian.
The ACLU has filed a “friend of the court” briefing in defence of Lavabit and its founder, Ladar Levison, who faces contempt of court charges after his decision to close down his service rather than co-operate with US authorities.
ACLU lawyer Catherine Crump said the government’s “unreasonably burdensome” demands “fundamentally destroyed the company as a whole”.
“Lavabit’s business was predicated on offering a secure email service, and no company could possible tell its clients that it offers a secure service if its keys have been handed over to the government,” Crump said.
We might expect to see more in the future though, after this recent announcement of The Dark Mail Alliance – founded by Silent Circle & Lavabit.
Watch the full interview with Levison from CNET.
Donations tax deductible
to the full extent allowed by law.
Good to know there is at least one tech guy willing to stand up to this fascist government and say no, I won’t be complicit in your unconstitutional spying.
It appears the government held him in contempt for not being willing to lie to his consumers about their privacy … for not being willing to betray the constitution as well as completely sell out his own integrity at government’s demand.
This is a tactic used to get a drug dealer to rat out his connections, using the bait of a reduced sentence. But to use force to get a man that built a reputation on integrity, to sell out his countryman … this defines our current regime as pure evil.
Well meaning agents might catch a few terrorists this way, but thugs like Obama has working for him will certainly pull a Lerner or Holder on good people. When the corrupt minions inside our union run government need anything, they will just work a little overtime and pull up any records needed on justices or any that might be in their way. Government apparently demanded secret access to ALL users, not just the ones of warranted interest.
With our “legal insurrection” against the corrupt forces of media and Hollywood so dependent on the internet, just the knowledge that Holders or Lerners could listen to any communication is oppressive in itself. And despite all supposed safeguards, the public union army first and foremost serves itself, not “we the people”.
Sadly, “they” seem to be at the point where they WANT us to know they will with impunity, break the constitution and go after good men. Open intimidation is now part of the leftist’s “hang a few in public” offensive.
Until we, the people, stand up to this government intrusion like Ladar Levison, we will continue to get more than just contempt from the government.
On the flip side, (and flippantly), he’ll get free healthcare if sent to jail, right?
If civil disobedience results in such consequences, then perhaps it’s time to really pull out the plugs and go full bore John Galt. The government has shown itself to be incompetent in regards to efficiency and staying within its constitutional boundaries, but very competent in regards to corruption and waste.
Obama is a divider, Levison is a Uniter. He’s getting support from both the Left and the Right. Posts in support on both Slate and Firedoglake.
I’d check DU and Koss but I just ate.
This/stuff is going to be impossible to roll back.
From the previous article:
“we offered secure storage, where incoming emails were stored in such a way that they could only be accessed with the user’s password so that even myself couldn’t retrieve those emails.”
If the government didn’t have administrator access so they could change user access, what would be the point of any subpoena? They wouldn’t be able to access older emails nor even newer ones. Therefore, either he had formerly given government the same access in previous subpoenas, he didn’t give them anything from secure, paid storage at the time, or he changed the administrator privileges w/o alerting the suspect in other cases, but not this one.
“But in our case it was encrypted and secure storage because as a third party I didn’t want to be put in a situation where I had to turn over private information, I just didn’t have it, I didn’t have access to it. And that was sort of, may have been the situation that I was facing.”
Now, here we see his motivation in how he saw this case as different than any previous ones and why he didn’t comply:
“obviously I can’t speak to any particular one, but we’ve always complied with them. I think it’s important to note that I’ve always complied with the law, it’s just in this particular case I felt that complying with the law…”
And it’s at this point that Levison’s attorney interrupts, indicating that his client can only speak philosophically – he can speak only about why his philosophy behind Lavabit would prompt him to make the decision to shut the service down.’
So, he COULD have complied with the law, he just chose not to.
From the New Yorker piece, breaking down the story:
“On June 10th, the government secured an order from the Eastern District of Virginia. The order, issued under the Stored Communications Act, required Lavabit to turn over to the F.B.I. retrospective information about one account, widely presumed to be that of Snowden. (The name of the target remains redacted, and Levison could not divulge it.) The order directed Lavabit to surrender names and addresses, Internet Protocol and Media Access Control addresses, the volume of each and every data transfer, the duration of every “session,” and the “source and destination” of all communications associated with the account. It also forbade Levison and Lavabit from discussing the matter with anyone.”
Isn’t that metadata? I don’t see content in there, but I’m not a pro. (btw, that isn’t a NSL, just a standard warrant with a non-disclosure.)
Question: Wouldn’t the fact that the FBI would have to have a court order to get metadata or even content from a particular person instead of just sifting through the NSA ‘vacuum cleaner’ tend to disprove Snowden’s accusations? Especially considering who the target is/was?
The article says that: “Had the government taken Levison up on his offer, he may have provided it with Snowden’s data. Instead, by demanding the keys that unlocked all of Lavabit, the government provoked Levison to make a last stand.” However, IMO, since he had shown himself to be so hostile to the FBI and defensive of Snowden, I wouldn’t have trusted him to get the information, either.
In addition, if he is accurate that a request for one specific piece of information requires unlocking the entire system, I would not consider that a secure system at all. I also don’t think it would be true. It simply doesn’t make any sense (unless he was incompetent as a programmer).
If the “government” has the keys, what does that mean?
Does it mean just a few people have access to the keys? Dozens? Hundreds?
Its not about trusting the government or its intentions, its about whether or not you can trust all the individuals who have access. And if the government will hold those who abuse their knowledge accountable for their actions.