DOJ to Apple: Start Cooperating or You’ll Get the Lavabit Treatment

DOJ has submitted its response to Apple in the Syed Farook case. Amid invocations of a bunch of ominous precedents — including Dick Cheney’s successful effort to hide his energy task force, Alberto Gonzales effort to use kiddie porn as an excuse to get a subset of all of Google’s web searches, and Aaron Burr’s use of encryption — it included this footnote explaining why it hadn’t just asked for Apple’s source code.

Screen Shot 2016-03-10 at 6.17.50 PM

That’s a reference to the Lavabit appeal, in which Ladar Levison was forced to turn over its encryption keys.

As it happens, Lavabit submitted an amicus in this case (largely arguing against involuntary servitude). But as part of it, they revealed that the reason the government demanded Lavabit’s key is because “in deference to [Edward Snowden’s] background and skillset, the Government presumed the password would be impossible to break using brute force.”

Screen Shot 2016-03-10 at 6.34.21 PM

But that says that for phones that — unlike Farook’s which had a simple 4-digit passcode — the government maintains the right to demand more, up to and including their source code.

The government spends a lot of time in this brief arguing it is just about this one phone. But that footnote, along with the detail explaining why they felt the need to obtain Lavabit’s key, suggests it’s about far more than even Apple has claimed thus far.

Monday Morning: Put Your Pom-poms Down

A certain state governor (or his PR team) tweeted a bunch of smack last night during the Democratic presidential candidates’ debate. Like this:


It is to laugh. Every decision made by this administration about Flint has been about money, not about the right thing, and not even about the legal thing.

He put his pom-poms down last week long enough to lawyer up, though. Mm-hmm.

By the way, that’s the NSFW version – here’s the language-sanitized clean version of that video for your office space. Crank the volume and bring it.

All around Apple town

  • Email provider Lavabit filed an amicus brief in #AppleVsFBI, arguing the FBI’s demands could have adverse affects on businesses:

    Such precedence would likely result in many businesses moving their operations offshore, therefore, making it more difficult for law enforcement to obtain even ordinary assistance from such companies…

    Wow, sounds familiar, huh? Brief’s worth a read (pdf).

  • Apple VP of software engineering Craig Federighi wrote an op-ed for yesterday’s WaPo, restating an opinion Apple and many of its supporters already expressed:

    “…it’s so disappointing that the FBI, Justice Department and others in law enforcement are pressing us to turn back the clock to a less-secure time and less-secure technologies. …”

  • The stakes get higher in #AppleVsFBI as Apple prepares to launch several new iPhones and an iPad on March 21. We all know a decision by Judge Pym will affect these devices in the future, not just the San Bernardino shooter’s iPhone 5C.
  • And just to keep Apple users even more on their toes, there’s now Apple ransomware on the loose. So far only Mac devices have been targeted, but it’s only a matter of time before other Apple devices are similarly affected. I’d put my money on higher profile users or those using iPhones to remotely control costly systems.


And on this day in 1876, U.S. Patent 174,465 for Improvement in Telegraphy was granted to Alexander Graham Bell.

What will they write about this day in another 140 years? Do something worth writing about.

Imagine if Apple Were a Powerless Muslim?

In a piece on the Apple case, Amy Davidson tried to imagine the unintended consequences of broadening the application of the All Writs Act in this case.

If a case involving a non-digital phone network could be applied to smartphones, what technologies might an Apple precedent be applied to, three or four decades from now? (The N.S.A. used, or rather promiscuously misused, another pen-register case from the same era to justify its bulk data collection.) It no longer becomes fanciful to wonder about what the F.B.I. might, for example, ask coders adept in whatever genetic-editing language emerges from the recent developments in CRISPR technology to do. But some of the alarming potential applications are low-tech, too. What if the government was trying to get information not out of a phone but out of a community? Could it require someone with distinct cultural or linguistic knowledge not only to give it information but to use that expertise to devise ways for it to infiltrate that community? Could an imam, for example, be asked not only to tell what he knows but to manufacture an informant?

This is the situation that Apple is in, and that all sorts of other companies and individuals could be in eventually. There are problems enough with the insistence on a back door for devices that will be sold not only in America but in countries with governments that feel less constrained by privacy concerns than ours does. And there are reasons to be cynical about technology companies that abuse private information in their own way, or that jump in to protect not a principle but their brands. But the legal precedent that may be set here matters. By using All Writs, the government is attempting to circumvent the constitutionally serious character of the many questions about encryption and privacy. It is demanding, in effect, that the courts build a back door to the back-door debate.

She raises fair points.

Except when I read them, I thought instead of the demands FBI has already made.

FBI demanded that Lavabit turn over a key protecting all of its users to try to get to Edward Snowden, which led Ladar Levison to shut down the business, well before it got to the point where Ted Olson (who’s now helping Apple make its case, and presumably will all the way to the Supreme Court) would help him argue a legal case.

More directly on point to Davidson’s scenarios, there are numerous reports of FBI creating some artificial means of coercion — often having to do with immigration — that effectively force speech of a certain kind. That’s not far off Davidson’s example of an Imam being forced to inform (which, especially given the use of Section 215 to collect data to identify informants, might involve coercion of a different kind).

Obviously, Apple is huge and rich and powerful so it has the ability to fight such coercion (or just leave the country).

But the comparison is especially apt, I think, because it speaks to why the FBI might be willing to make such breath-taking demands from Apple. It’s used to demanding coercion, whether from smaller ISPs or Imams or Muslim immigrants. And because those people have no power to fight back, FBI has grown used to such ability to coerce cooperation.

On the Apple Back Door Rumors … Remember Lavabit

During the July 1 Senate Judiciary Committee hearing on back doors, Deputy Attorney General Sally Yates claimed that the government doesn’t want the government to have back doors into encrypted communications. Rather, they wanted corporations to retain the back doors to be able to access communications if the government had legal process to do so. (After 1:43.)

We’re not going to ask the companies for any keys to the data. Instead, what we’re going to ask is that the companies have an ability to access it and then with lawful process we be able to get the information. That’s very different from what some other countries — other repressive regimes — from the way that they’re trying to get access to the information.

The claim was bizarre enough, especially as she went on to talk about other countries not having the same lawful process we have (as if that makes a difference to software code).

More importantly, that’s not true.

Remember what happened with Lavabit, when the FBI was in search of what is presumed to be Edward Snowden’s email. Lavabit owner Ladar Levison had a discussion with FBI about whether it was technically feasible to put a pen register on the targeted account. After which the FBI got a court order to do it. Levison tried to get the government to let him write a script that would provide them access to just the targeted account or, barring that, provide for some kind of audit to ensure the government wasn’t obtaining other customer data.

The unsealed documents describe a meeting on June 28th between the F.B.I. and Levison at Levison’s home in Dallas. There, according to the documents, Levison told the F.B.I. that he would not comply with the pen-register order and wanted to speak to an attorney. As the U.S. Attorney for the Eastern District of Virginia, Neil MacBride, described it, “It was unclear whether Mr. Levison would not comply with the order because it was technically not feasible or difficult, or because it was not consistent with his business practice in providing secure, encrypted e-mail service for his customers.” The meeting must have gone poorly for the F.B.I. because McBride filed a motion to compel Lavabit to comply with the pen-register and trap-and-trace order that very same day.

Magistrate Judge Theresa Carroll Buchanan granted the motion, inserting in her own handwriting that Lavabit was subject to “the possibility of criminal contempt of Court” if it failed to comply. When Levison didn’t comply, the government issued a summons, “United States of America v. Ladar Levison,” ordering him to explain himself on July 16th. The newly unsealed documents reveal tense talks between Levison and the F.B.I. in July. Levison wanted additional assurances that any device installed in the Lavabit system would capture only narrowly targeted data, and no more. He refused to provide real-time access to Lavabit data; he refused to go to court unless the government paid for his travel; and he refused to work with the F.B.I.’s technology unless the government paid him for “developmental time and equipment.” He instead offered to write an intercept code for the account’s metadata—for thirty-five hundred dollars. He asked Judge Hilton whether there could be “some sort of external audit” to make sure that the government did not take additional data. (The government plan did not include any oversight to which Levison would have access, he said.)

Most important, he refused to turn over the S.S.L. encryption keys that scrambled the messages of Lavabit’s customers, and which prevent third parties from reading them even if they obtain the messages.

The discussions disintegrated because the FBI refused to let Levison do what Yates now says they want to do: ensure that providers can hand over the data tailored to meet a specific request. That’s when Levison tried to give FBI his key in what it claimed (even though it has done the same for FOIAs and/or criminal discovery) was in a type too small to read.

On August 1st, Lavabit’s counsel, Jesse Binnall, reiterated Levison’s proposal that the government engage Levison to extract the information from the account himself rather than force him to turn over the S.S.L. keys.

THE COURT: You want to do it in a way that the government has to trust you—
BINNALL: Yes, Your Honor.
THE COURT: —to come up with the right data.
BINNALL: That’s correct, Your Honor.
THE COURT: And you won’t trust the government. So why would the government trust you?
Ultimately, the court ordered Levison to turn over the encryption key within twenty-four hours. Had the government taken Levison up on his offer, he may have provided it with Snowden’s data. Instead, by demanding the keys that unlocked all of Lavabit, the government provoked Levison to make a last stand. According to the U.S. Attorney MacBride’s motion for sanctions,
At approximately 1:30 p.m. CDT on August 2, 2013, Mr. Levison gave the F.B.I. a printout of what he represented to be the encryption keys needed to operate the pen register. This printout, in what appears to be four-point type, consists of eleven pages of largely illegible characters. To make use of these keys, the F.B.I. would have to manually input all two thousand five hundred and sixty characters, and one incorrect keystroke in this laborious process would render the F.B.I. collection system incapable of collecting decrypted data.
The U.S. Attorneys’ office called Lavabit’s lawyer, who responded that Levison “thinks” he could have an electronic version of the keys produced by August 5th.

Levison came away from the debacle believing that the FBI didn’t understand what it was asking for when they asked for his keys.

One result of this newfound expertise, however, is that Levison believes there is a knowledge gap between the Department of Justice and law-enforcement agencies; the former did not grasp the implications of what the F.B.I. was asking for when it demanded his S.S.L. keys.

I raise all this because of the rumor — which Bruce Schneier inserted into his excerpt of this Nicholas Weaver post — that FBI is already fighting before FISC with Apple for a back door.

There’s a persistent rumor going around that Apple is in the secret FISA Court, fighting a government order to make its platform more surveillance-friendly — and they’re losing. This might explain Apple CEO Tim Cook’s somewhat sudden vehemence about privacy. I have not found any confirmation of the rumor.

Weaver’s post describes how, because of the need to allow users to access their iMessage account from multiple devices (think desktop, laptop, iPad, and phone), Apple technically could give FBI a key.

In iMessage, each device has its own key, but its important that the sent messages also show up on all of Alice’s devices.  The process of Alice requesting her own keys also acts as a way for Alice’s phone to discover that there are new devices associated with Alice, effectively enabling Alice to check that her keys are correct and nobody has compromised her iCloud account to surreptitiously add another device.

But there remains a critical flaw: there is no user interface for Alice to discover (and therefore independently confirm) Bob’s keys.  Without this feature, there is no way for Alice to detect that an Apple keyserver gave her a different set of keys for Bob.  Without such an interface, iMessage is “backdoor enabled” by design: the keyserver itself provides the backdoor.

So to tap Alice, it is straightforward to modify the keyserver to present an additional FBI key for Alice to everyone but Alice.  Now the FBI (but not Apple) can decrypt all iMessages sent to Alice in the future.

Admittedly, as heroic as Levison’s decision to shut down Lavabit rather than renege on a promise he made to his customers, Apple has a lot more to lose here strictly because of the scale involved. And in spite of the heated rhetoric, FBI likely still trusts Apple more than they trusted Levison.

Still, it’s worth noting that Yates’ claim that FBI doesn’t want keys to communications isn’t true — or at least wasn’t before her tenure at DAG. Because a provider, Levison, insisted on providing his customers what he had promised, the FBI grew so distrustful of him they did demand a key.

Caesars Palace Not Held to Same Standard Lavabit Is

I’m going to have a longer post about this opinion recommending a judge throw out the warrant, based on evidence FBI obtained by shutting down DSL and then pretending to be the cable guys that would fix it, used in bust Paul Phua (see this article for more).

But I want to point to the excuse FBI Agent Minh Pham used to explain away several other errors he made in the search warrant:

After Pham submitted and obtained the search warrant, he learned the affidavit contained errors. Specifically, it stated that Paul Phua wired $4 million into a Caesars account to secure a credit line. Pham later discovered it was actually Seng Chen “Richard” Yong that requested the wire to secure both their lines of credit. However, at the time Pham submitted the search warrant affidavit, he believed it was correct that Paul Phua had initiated this transfer.

The affidavit also stated Paul Phua had transferred approximately $900,000 from a casino in Fort Lauderdale, Florida, to the Caesars account. However, Pham later learned that Paul Phua had been only one of the individuals who signed the consent to have that money wire-transferred into Yong’s account. At the time Pham submitted the affidavit, he believed the statement was true based on documents from Caesars concerning monetary transfers that he had received. Pham referred to the spreadsheet contained in government’s Exhibit 2F as a document he relied upon to support his statement in the affidavit. The font size was very small and difficult to read.

He also discovered another error in the affidavit days later. There were transfers for $3 million between individuals in the villas. He looked at the spreadsheet, and it was off by one or two lines,” which caused him to associate the wrong name with the transfer. [my emphasis]

The font on the spreadsheet Caesars Palace had given the FBI when it requested they open an investigation was “very small difficult to read.”

You’ll recall that when the FBI went after Lavabit to get its crypto key, Lavar Levison tried to comply by providing a printout of the key. But the government complained it was illegible, and got Levison held in contempt.

In an interesting work-around, Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type. The government, not unreasonably, called the printout “illegible.”

“To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors wrote.

The court ordered Levison to provide a more useful electronic copy. By August 5, Lavabit was still resisting the order, and the judge ordered that Levison would be fined $5,000 a day beginning August 6 until he handed over electronic copies of the keys.

Apparently, huge casinos are held to a different standard than small email providers.


Lavabit and The Definition of US Government Hubris

Graphic by Darth

Graphic by Darth

Well, you know, if you do not WANT the United States Government sniffing in your and your family’s underwear, it is YOUR fault. Silly American citizens with your outdated stupid piece of paper you call the Constitution.

Really, get out if you are a citizen, or an American communication provider, that actually respects American citizen’s rights. These trivialities the American ethos was founded on are “no longer operative” in the minds of the surveillance officers who claim to live to protect us.

Do not even think about trying to protect your private communications with something so anti-American as privacy enabling encryption like Lavabit which only weakly, at best, even deigned to supply.

Any encryption that is capable of protecting an American citizen’s private communication (or even participating in the TOR network) is essentially inherently criminal and cause for potentially being designated a “selector“, if not target, of any number of searches, whether domestically controlled by the one sided ex-parte FISA Court, or hidden under Executive Order 12333, or done under foreign collection status and deemed “incidental”. Lavabit’s Ladar Levinson knows.

Which brings us to where we are today. Let Josh Gerstein set the stage:

A former e-mail provider for National Security Agency leaker Edward Snowden, Lavabit LLC, filed a legal brief Thursday detailing the firm’s offers to provide information about what appear to have been Snowden’s communications as part of a last-ditch offer that prosecutors rejected as inadequate.

The disagreement detailed in a brief filed Thursday with the U.S. Court of Appeals for the Fourth Circuit resulted in Lavabit turning over its encryption keys to the federal government and then shutting down the firm’s secure e-mail service altogether after viewing it as unacceptably tainted by the FBI’s possession of the keys.

I have a different take on the key language from Lavabit’s argument in their appellate brief though, here is mine:

First, the government is bereft of any statutory authority to command the production of Lavabit’s private keys. The Pen Register Statute requires only that a company provide the government with technical assistance in the installation of a pen- trap device; providing encryption keys does not aid in the device’s installation at all, but rather in its use. Moreover, providing private keys is not “unobtrusive,” as the statute requires, and results in interference with Lavabit’s services, which the statute forbids. Nor does the Stored Communications Act authorize the government to seize a company’s private keys. It permits seizure of the contents of an electronic communication (which private keys are not), or information pertaining to a subscriber (which private keys are also, by definition, not). And at any rate it does not authorize the government to impose undue burdens on the innocent target business, which the government’s course of conduct here surely did.

Second, the Fourth Amendment independently prohibited what the government did here. The Fourth Amendment requires a warrant to be founded on probable cause that a search will uncover fruits, instrumentalities, or evidence of a crime. But Lavabit’s private keys are none of those things: they are lawful to possess and use, they were known only to Lavabit and never used by the company to commit a crime, and they do not prove that any crime occurred. In addition, the government’s proposal to examine the correspondence of all of Lavabit’s customers as it searched for information about its target was both beyond the scope of the probable cause it demonstrated and inconsistent with the Fourth Amendment’s particularity requirement, and it completely undermines Lavabit’s lawful business model. General rummaging through all of an innocent business’ communications with all of its customers is at the very core of what the Fourth Amendment prohibits.

The legal niceties of Lavabit’s arguments are thus:

The Pen Register Statute does not come close. An anodyne mandate to provide information needed merely for the “unobtrusive installation” of a device will not do. If there is any doubt, this Court should construe the statute in light of the serious constitutional concerns discussed below, to give effect to the “principle of constitutional avoidance” that requires this Court to avoid constructions of statutes that raise colorable constitutional difficulties. Norfolk S. Ry. Co. v. City of Alexandria, 608 F.3d 150, 156–57 (4th Cir. 2010).

And, later in the pleading:

By those lights, this is a very easy case. Lavabit’s private keys are not connected with criminal activity in the slightest—the government has never accused Lavabit of being a co-conspirator, for example. The target of the government’s investigation never had access to those private keys. Nor did anyone, in fact, other than Lavabit. Given that Lavabit is not suspected or accused of any crime, it is quite impossible for information known only to Lavabit to be evidence that a crime has occurred. The government will not introduce Lavabit’s private keys in its case against its target, and it will not use Lavabit’s private keys to impeach its target at trial. Lavabit’s private keys are not the fruit of any crime, and no one has ever used them to commit any crime. Under those circumstances, absent any connection between the private keys and a crime, the “conclusion[] necessary to the issuance of the warrant” was totally absent. Zurcher, 436 U.S., at 557 n.6 (quoting, with approval, Comment, 28 U. Chi. L. Rev. 664, 687 (1961)).

What this boils down to is, essentially, the government thinks the keys to Lavabit’s encryption for their customers belong not just to Lavabit, and their respective customers, but to the United States government itself.

Your private information cannot be private in the face of the United States Government. Not just Edward Snowden, but anybody, and everybody, is theirs if they want it. That is the definition of bullshit.

[Okay, big thanks to Darth, who generously agreed to let us use the killer Strangelovian graphic above. Please follow Darth on Twitter]

Update on Lavabit

I’ve been trying to keep an eye on the public information about the government’s demand on Lavabit. And in a new interview with Ars Technica, Ladar Levison basically gives us a multiple choice guess on what the request was: either altering the source code or turning over the private key securing his HTTPS certificate.

Levison said he has always known Lavabit safeguards could be bypassed if government agents took drastic measures, or as he put it, “if the government was willing to sacrifice the privacy of many to conduct surveillance on the few.” For instance, if he was forced to change the code used when a user logs in, his system could capture the plain-text password needed to decrypt stored e-mails. Similarly, if he was ever forced to turn over the private encryption key securing his site’s HTTPS certificate, government agents tapping a connection could observe the password as a user was entering it. But it was only in the past few weeks that he became convinced those risks were realistic.

“I don’t know if I’m off my rocker, but 10 years ago, I think it would have been unheard of for the government to demand source code or to make a change to your source code or to demand your SSL key,” Levison told Ars. “What I’ve learned recently makes me think that’s not as crazy an assumption as I thought.”

I and others have suggested this (whichever of these options this demand took) is basically CALEA II — FBI’s repeated demands that it have a back door into anything — before its time.

But Congress has not yet authorized CALEA II. So why did the (presumably) FISA Court approve this demand?

When the FISA Court becomes the Exotic Surveillance Shop

I’m still updating yesterday’s post collecting everything we might know about the government’s demand to Lavabit that led Ladar Levison to shut it down.

I’d like to consider the implications of Levison’s hint that the order or warrant he got came not solely from the FBI — as a National Security Letter would — but from the FISA Court.

LADAR LEVISON: I think it’s important to note that, you know, it’s possible to receive one of these orders and have it signed off on by a court. You know, we have the FISA court, which is effectively a secret court, sometimes called a kangaroo court because there’s no opposition, and they can effectively issue what we used to consider to be an NSL. And it has the same restrictions that your last speaker, your last guest, just talked about.

(The restrictions in question pertain to the gag and risk of prison that came with the National Security Letter Nicholas Merrill received.)

Several of us on Twitter today brainstormed what kind of FISA order this might involve: possibilities include using a physical FISA search to get keys from Lavabit’s users, using the Internet dragnet precedents to use FISA’s Pen Register/Trap and Trace provision to get the keys, treating the keys as “tangible things” under Section 215 and demanding them that way, or possibly just a traditional electronic surveillance warrant. They also might have issued a protection order requiring Lavabit to archive things that users otherwise might be able to delete, as they have in a prior case.

But the implication is that all happens under the FISA Court and not (as, for example, the government’s demand for Twitter information on WikiLeaks associates did in that investigation) the Eastern District of VA court.

And that, to me, seems as problematic as the gag and the apparently exotic request.

Consider: presumably the target of this order is Edward Snowden and alleged accomplices of his, though hints about the order suggest the government demanded information on all of Lavabit’s users to get to the information on Snowden. Snowden has already been charged in a criminal complaint (which has been released, but is still not docketed). Snowden has been charged with several crimes, not just probable cause that he’s an agent of a foreign power (and while many in government have been trying to claim he’s a defector to Russia since those charges, at the time he was charged there was no hint of his being a foreign agent).

In other words, this is now and seems to have always been a criminal investigation, not a foreign intelligence investigation (and it didn’t start out as an old-style Espionage investigation, which would have been the appropriate application with Snowden to get into a foreign intelligence court).

So why is it in the “Foreign Intelligence Surveillance Act” court (if in fact it is)? Why isn’t it in a Title III Court, with a nice hefty gag attached to it that would serve the same purpose as the legal gag tied to FISA orders?

Hell, why is it gagged anyway, since it had been publicly reported that Snowden was a Lavabit customer, and since the government itself has leaked that it is investigating and has charged Snowden?

The obvious answer is likely because the FISA Court is where the exotic precedents live — wacky interpretations of Pen Register/Trap and Trace statutes to allow bulk collection of stuff that might loosely be called Internet metadata or of the word “relevant” to mean “whatever the government wants it to mean.”

And that, it seems to me, presents a troubling new interpretation for the “significant purpose” language in FISA, which was passed after 9/11 to allow the government to use information collected under the guise of foreign intelligence for criminal prosecution purposes. The idea, then, was that the court is supposed to serve primarily as a foreign intelligence shop with the criminal use being incidental.

But the very vague outlines of the Lavabit demands appears to suggest the government has reversed that, using the FISA Court for investigative purposes that might easily be accomplished under Title III, except that the government is relying on exotic precedents that only exist in the secret FISA Court.

With so much secret about this order, we can’t be sure, but it appears the government is using the FISA Court for this exotic theory when the appropriate venue should be a traditional Article III court.

You know? Courts that might find such exotic theories outrageous and might disclose the outlines of it to Snowden if he were ever put on trial.

The Known Details on the Lavabit Demand

Ladar Levison’s interview with Amy Goodman yesterday was his most extensive statement about the demand he got that led him to shut down his company. I want to pull the important tidbits from that interview and this one, with Forbes’ Kashmir Hill, to collect what we know about the demand so far.

Levison told DN the entire service was insecure:

I felt that in the end I had to pick between the lesser of two evils and that shutting down the service, if it was no longer secure, was the better option. It was, in effect, the lesser of the two evils.

He told Hill that he shut down to protect all his users.

“This is about protecting all of our users, not just one in particular. It’s not my place to decide whether an investigation is just, but the government has the legal authority to force you to do things you’re uncomfortable with,” said Levison in a phone call on Friday.

The demand affected his paid users and involved him being forced to have access to the private information the system was designed to ensure he didn’t have.

And at least for our paid users, not for our free accounts—I think that’s an important distinction—we offered secure storage, where incoming emails were stored in such a way that they could only be accessed with the user’s password, so that, you know, even myself couldn’t retrieve those emails.


in our case it was encrypted in secure storage, because, as a third party, you know, I didn’t want to be put in a situation where I had to turn over private information. I just didn’t have it. I didn’t have access to it. And that was sort of—may have been the situation that I was facing.

Levison told Hill he has complied with legal requests where the requested information was not encrypted (suggesting it involved his free users).

“I’m not trying to protect people from law enforcement,” he said. “If information is unencrypted and law enforcement has a court order, I hand it over.”

Snowden was a registered user of Lavabit, apparently under his own name.

Ladar, you were the service provider for Edward Snowden?

LADAR LEVISON: I believe that’s correct. Obviously, I didn’t know him personally, but it’s been widely reported, and there was an email account bearing his name on my system, as I’ve been made well aware of recently.

The government has prevented Levison from sharing some of the demand with his lawyer. And Levison thinks that’s because the government would be ashamed of the nature of the demand.

I mean, there’s information that I can’t even share with my lawyer, let alone with the American public. So if we’re talking about secrecy, you know, it’s really been taken to the extreme. And I think it’s really being used by the current administration to cover up tactics that they may be ashamed of.

He told Hill, too, the method they were demanding is what bothered him.

In this case, it is the government’s method that bothers him. “The methods being used to conduct those investigations should not be secret,” he said.

Update: In an interview w/MoJo, he suggests the demand pertains to bulk collection on an entire user base of people.

While Levison of Lavabit could not discuss the specifics of his case, he suggested that the government was trying to compel him to give access to vast quantities of user data. He explained that he was not opposed to fulfilling law enforcement requests that were “specific in nature” and “approved by a judge after showing probable cause,” and noted that he had responded to some two dozen subpoenas during his decade in business. “What I’m against, at least on a philosophical level,” he added, “is the bulk collection of information, or the violation of the privacy of an entire user base just to conduct the investigation into a handful of individuals.”

And suggested if they could intercept communications between the servers and the user, they could decrypt the communications.

if someone could intercept the communication between the Lavabit’s Dallas-based servers and a user, they could get the user’s password and then use that to decrypt their data.

What distinguishes this from previous subpoenas is what is so secret.

AARON MATÉ: And, Ladar, during this time, you’ve complied with other government subpoenas. Is that correct?

LADAR LEVISON: Yeah, we’ve probably had at least two dozen subpoenas over the last 10 years, from local sheriffs’ offices all the way up to federal courts. And obviously I can’t speak to any particular one, but we’ve always complied with them. I think it’s important to note that, you know, I’ve always complied with the law. It’s just in this particular case I felt that complying with the law—

JESSE BINNALL: And we do have to be careful at this point.


Levison questions whether it is possible to run cloud service in this country without being forced to spy on your customers.

I still hope that it’s possible to run a private service, private cloud data service, here in the United States without necessarily being forced to conduct surveillance on your users by the American government.

Levison suggests both his and Silent Circle’s unannounced shut-down served to avoid government efforts to capture data beforehand.

Mike Janke, Silent Circle’s CEO and co-founder, said, quote, “There was no 12-hour heads up. If we announced it, it would have given authorities time to file a national security letter. We decided to destroy it before we were asked to turn (information) over. We had to do scorched earth.” Ladar, your response?

LADAR LEVISON: I can certainly understand his position. If the government had learned that I was shutting my service down—can I say that?

JESSE BINNALL: Well, I think it’s best to kind of avoid that topic, unfortunately. But I think it is fair to say that Silent Circle was probably in a very different situation than Lavabit was, and which is probably why they took the steps that they did, which I think were admirable.

LADAR LEVISON: Yeah. But I will say that I don’t think I had a choice but to shut it down without notice. I felt that was my only option. And I’ll have to leave it to your listeners to understand why.

Everything is being monitored.

LADAR LEVISON: I think you should assume any communication that is electronic is being monitored.

This echoes something Levison told Forbes’ Kashmir Hill:

“I’m taking a break from email,” said Levison. “If you knew what I know about email, you might not use it either.”

Levison also told Hill his location in Texas made it harder to respond to a demand in VA.

“As a Dallas company, we weren’t really equipped to respond to this inquiry. The government knew that,” said Levison, who drew parallels with the prosecutorial bullying of Aaron Swartz. “The same kinds of things have happened to me. The government tried to bully me, and [my lawyer] has been instrumental in protecting me, but it’s amazing the lengths they’ve gone to to accomplish their goals.”

His statement shuttering the company mentioned an appeal to the Fourth Circuit, which includes VA, and the complaint against Edward Snowden was issued in EDVA.

Update: I hadn’t watched the continuation of the DN interview, where Nicholas Merrill, who challenged a National Security Letter back in 2004, came on. But as CDT’s Joseph Lorenzo Hall notes on Twitter, Levison strongly suggests his order came from the FISA Court.

LADAR LEVISON: I think it’s important to note that, you know, it’s possible to receive one of these orders and have it signed off on by a court. You know, we have the FISA court, which is effectively a secret court, sometimes called a kangaroo court because there’s no opposition, and they can effectively issue what we used to consider to be an NSL. And it has the same restrictions that your last speaker, your last guest, just talked about.

Hall also has an interesting piece on Lavabit and CALEA II that addresses issues I’ve been thinking about, in which he includes this discussion.

What did the government demand and under what authority prompted Lavabit’s shutdown? We don’t know, and that’s part of the problem. The Wiretap Act, which authorizes the government to intercept communications content prospectively in criminal investigations, indicates that a provider of wire or electronic communication service (such as Lavabit) can be compelled to furnish law enforcement with “all information, facilities and technical assistance necessary to accomplish the interception unobtrusively… .” 18 USC 2518(4). The Foreign Intelligence Surveillance Act (FISA), which regulates surveillance in intelligence investigations, likewise requires any person specified in a surveillance order to provide the same assistance (50 USC 1805(2)(B)) and so does the FISA Amendments Act with respect to directives for surveillance targeting people and entities reasonably believed to be abroad (50 USC 1881a(h)(1)). The “assistance” the government demands may include the disclosure of the password information necessary to decrypt the communications it seeks, if the service provider has that information, but modern encryption services can be designed so that the service provider does not hold the keys or passwords. Was the “assistance” that the government demanded of Lavabit a change in the very architecture of its secure email service? Was the “assistance” the installation of the government’s own malware to accomplish the same thing? Lavabit has not answered these questions outright, but it did make it clear that its concern extended to the privacy of the communications of all of its users, not just those of one user under one court order.