Feds demanded encryption key from Snowden's email provider Lavabit
Lavabit founder Ladar Levison resisted orders from the U.S. government to turn over encryption and SSL keys to bypass the email service's security features, newly unsealed documents reveal. Levison, who was previously silenced by a gag order, is now coming forward to talk about his fight to keep customer data out of the hands of the government.
Lavabit came to national attention when Levison shut down the encrypted email servicein August. Many speculated that the move was related to news that Lavabit was former National Security Agency contractor Edward Snowden's email provider of choice. Snowden has been charged with espionage after leaking national security documents to the press and is currently living in Russia, after being granted asylum. According to the Global Post, Lavabit's link to Snowden was reportedly made while coordinating an appearance at Moscow's Sheremetyevo International Airport in July.
According to court documents, Lavabit was ordered in June to turn over information about what appears to be Snowden's email account, home address, bank account numbers, telephone connection records, IP addresses and device information. The government also approved the installation of a pen register and the use of a trap a trace device, which captures both incoming and outgoing communication. Lavabit was also required to assist the Federal Bureau of Investigations with any technical assistance to accomplish the installation of the "pen/trap device."
Lavabit did not comply with the order because, according to court papers, the email account in question was using Lavabit's encryption service and Levison did want to "defeat [its] own system." The emails were encrypted in a way that would not allow Lavabit to have access to the messages. The government then requested encryption and SSL keys, but that would give them the ability to decrypt the email account of all of Lavabit's users.
A judge threatened to hold Levison in contempt for not complying with court orders. Levison told the court that he did not oppose the pen/trap device, but did not want to give the feds the ability to access the emails of Lavabit's users.
"You don't need to bug an entire city to bug one guy's phone calls," Levison said in an interview with the New York Times. "In my case, they wanted to break open the entire box just to get to one connection."
Levison ultimately conceded, but not in a format that would help the feds. Instead of turning in a digital file of the code needed to crack Lavabit's encryption, Levison submitted printout of the code in 4-point font.
Judge Claude M. Hilton then issued a $5,000-a-day fine until Levison turned over the code in a digital format. After losing an appeal, Levison turned over the encryption keys and shut down the email service.
