What the government ordered Lavabit to do


Lavabit was the encrypted email service that Edward Snowden used. Thanks to a court order that revealed hitherto secret hearings, we now know what prompted Ladar Levison, the founder of the company, to close the service.

The US government ordered the company to hand over the encryption keys to not only Snowden’s account but to every one of the 400,000 people who used the service. Basically, the government wanted Lavabit to defeat its own system, by allowing the FBI to install a “pen register trap and trace device” that could monitor all the email metadata. Levison had previously complied with targeted court orders to hand over data about specific individuals but balked at giving blanket access to everyone’s accounts.

Levison challenged the order and took the matter to the secret court (yes, we now live in a society where secret courts are commonplace) that ‘oversees’ (for want of a better term) such matters but the judge sided with the government and ordered Levinson to hand over the encryption keys.

But what Levinson did was hand them over in the form of a 11-page print-out in 4-point type that the government said was not only illegible but required them to enter by hand 2,560 key strokes, and an error in a single one would invalidate it. The furious government asked the judge to fine Lavabit $5,000 a day until he handed over an electronic version of the keys. Two days later, Levison did that, just hours after shutting down the service and destroying all the records.

You have got to admire Levison. It takes guts to defy the government in that way.

Comments

  1. says

    Given the size described for the key once it’s printed out, what they wanted was the server-side secret for the public key certificate. That would allow complete decryption of any traffic intercepted going into or out of the site; the FBI was basically saying “trust us” about the ‘metadata’ (which is probably nonsense, as I’ve explained elsewhere: they collect the whole thing but only look at the metadata and retrieve the full message if their internal search system flags it, or it’s a day that ends with the letter ‘y’)

    The pen register trap and trace device is the latest version of the FBI’s CARNIVORE, most likely a Narus programmable network sniffer.

Leave a Reply

Your email address will not be published. Required fields are marked *