The Owner of An Encrypted Email Service Says "No" to the FBI (In a tiny, tiny font)

Thursday, October 03, 2013 - 11:00 AM

The NSA whistleblower and former agent of CIA & NSA, Edward Snowden. (Laura Poitras/Praxis Films/Shutterstock)

Yesterday, a federal judge unsealed records from the case of Lavabit, the privacy-first email service used by Edward Snowden, versus the government. It's a compelling read, and it's a rare story because it shows a company refusing to comply with demands to give up a customer's privacy. 

Back in late June, the FBI asked Lavabit founder Ladar Levison for access to the metadata for an accident that was almost certainly Snowden's. Levison refused, which began a behind closed doors fight between him and the government that lasted until August. First, Levison was threatened by the judge with criminal contempt. Then, when he agreed to comply with the initial request, the FBI then asked for more data -- rather than just metadata, which would've shown who Snowden was talking to and where he was, they wanted Lavabit's SSL keys. With those, the FBI could eavesdrop on the entirety of all of Lavabit's email traffic. The FBI told the judge that while they'd have the capacity to spy on the data of any of Lavabit's 400,000 users, they just wouldn't do that. From Wired:

“We can assure the court that the way that this would operate, while the metadata stream would be captured by a device, the device does not download, does not store, no one looks at it,” [Prosecutor James] Trump said. “It filters everything, and at the back end of the filter, we get what we’re required to get under the order.”

“So there’s no agents looking through the 400,000 other bits of information, customers, whatever,” Trump added. “No one looks at that, no one stores it, no one has access to it.”

The judge ordered Levison to hand over the key, and he did. Kind of. He printed out the encryption code on 11 pages of 4 point type, so that it would be useless and illegible. The court ordered a more useful copy, and said they'd fine Lavabit $5,000 every day he refused. And so on August 8th, Levison shut down his company rather than comply.

One of the emerging themes this week is that the technology that's supposed to protect our privacy is only as reliable as the human beings responsible for it. In the case of Lavabit, Levison went much further than most people in his position would to protect his users. And because the entire case was under a gag order until yesterday, he did it out of the public eye. He'll be back in appeals court this month.

Tags:

More in:

Comments [3]

Germangirl

I am confused. You write: "[...] the case of Lavabit [...] was under a gag order until yesterday, he did it out of the public eye."
In Germany the whole case was a big news story on 9th August, so the day it became known over here.

Oct. 14 2013 02:19 PM
irv

"...the FBI asked Lavabit founder Ladar Levison for access to the metadata for an accident that was almost certainly Snowden's. "

I think "accident" should be "account"?

Oct. 03 2013 11:29 AM
Rob Brown from Minneapolis

"access to the metadata for an accident"? A mistype, I suspect. account?

Oct. 03 2013 11:19 AM

Leave a Comment

Email addresses are required but never displayed.

Supported by

 

Embed the TLDR podcast player

TLDR is a short podcast and blog about the internet by PJ Vogt and Alex Goldman. You can subscribe to our podcast here. You can follow our blog here. We’re also on Twitter, and we play Team Fortress 2 more or less constantly, so find us there if you like to communicate via computer games from six years ago.

Subscribe to Podcast iTunes RSS

Feeds