Lavabit

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Lavabit
Web address lavabit.com
Type of site Webmail
Owner Ladar Levison[1]
Launched 2004
Alexa rank Increase 31,640 (November 2013)[2]
IP address 72.249.41.52
Current status Suspended

Lavabit is an encrypted email service, founded in 2004, that suspended operations on August 8, 2013 after it was ordered to turn over its Secure Sockets Layer (SSL) private key to the US government. Lavabit is owned and operated by Ladar Levison.[1][3][4]

History[edit]

Lavabit was founded by Texas-based programmers who formed Nerdshack LLC, renamed Lavabit LLC the next year, allegedly prompted by privacy concerns about Gmail, Google's free, widely used email service, and their use of the content of users' email to generate advertisements and marketing data.[5] Lavabit offered significant privacy protection for their users' email, including asymmetric encryption. The strength of the cryptographic methods used was of a level that is presumed impossible for even intelligence agencies to crack. In August 2013, Lavabit had about 410,000 users and offered free and paid accounts with levels of storage ranging from 128 megabytes to 8 gigabytes.[6][7] In January 2011,[8] Lavabit had launched a shared web hosting service.[9]

Before the Snowden incident, Lavabit had complied with previous search warrants. For example, in June 2013 a search warrant was executed against a Lavabit account for suspected possession of child pornography.[10]

Connection to Edward Snowden[edit]

Court documents as described

Lavabit received media attention in July 2013 when it was revealed that Edward Snowden was using the Lavabit email address edsnowden@lavabit.com to invite human rights lawyers and activists to a press conference during his confinement at Sheremetyevo International Airport in Moscow.[11] The day after Snowden revealed his identity, the federal government served a court order, dated June 10, 2013 and issued under 18 USC 2703(d), a 1994 amendment of the Stored Communications Act, asking for metadata on a customer who was unnamed. Kevin Poulsen of Wired wrote that "the timing and circumstances suggest" that Snowden was this customer.[12] In July 2013 the federal government obtained a search warrant demanding that Lavabit give away the private SSL keys to its service affecting all Lavabit users.[13]

Suspension and gag order[edit]

On August 8, 2013, Lavabit suspended its operations, and the email service log-in page was replaced by a message from the owner and operator Ladar Levison.[1] The New Yorker suggested that the suspension might be related to the National Security Agency’s "domestic-surveillance practices".[14] Wired speculated that Levison was fighting a warrant or national security letter seeking customer information under extraordinary circumstances, as Lavabit had complied with at least one routine search warrant in the past.[11][15] Levison stated in an interview that he has responded to "at least two dozen subpoenas" over the lifetime of the service.[16] He hinted that the objectionable request was for "information about all the users" of Lavabit.[17]

Levison explained he was under gag order and that he was legally unable to explain to the public why he ended the service.[16] Instead, he asked for donations to "fight for the Constitution" in the United States Court of Appeals for the Fourth Circuit. Levison also stated he has even been banned from sharing some information with his lawyer.[16] Meanwhile, the Electronic Frontier Foundation called on the FBI to provide greater transparency to the public, in part to help observers "understand what led to a ten-year-old business closing its doors and a new start-up abandoning a business opportunity".[18]

Levison said that he could be arrested for closing the site instead of releasing the information, and it was reported that the federal prosecutor's office had sent Levison's lawyer an e-mail to that effect.[17] [19]

Lavabit is believed to be the first technology firm that has chosen to suspend/shut down its operation rather than comply with an order from the United States government to reveal information or grant access to information.[3] Silent Circle, an encrypted email, mobile video and voice service provider, followed the example of Lavabit by discontinuing its encrypted email services.[20] Citing the impossibility of being able to maintain the confidentiality of its customers' emails should it be served with government orders, Silent Circle permanently erased the encryption keys that allowed access to emails stored or transmitted by its service.[21]

In September 2013 Levison appealed the order that resulted in the closing of his website.[22]

Levison and his lawyer made two requests to Judge Claude M. Hilton to unseal the records, both of which were denied. They also launched an appeals case regarding legality of the original warrant. The appeals court then requested the records to be unsealed. Judge Claude M. Hilton then granted the request to unseal the records, despite his refusal the previous two times. On October 2, 2013, the Federal District Court in Alexandria, Virginia unsealed records in this case, with only the name and detail of the target of the search order censored. Wired suggested the target was likely Snowden.[4] The court records show that the FBI sought Lavabit's SSL private key. Levison objected saying that the key would allow the government to access communications by all 400,000 customers of Lavabit. He also offered to add code to his servers that would provide the information required just for the target of the order. The court rejected this offer since it would require the government to trust Mr. Levison and stated that just because the government could access all customers' communication did not mean they would be legally permitted to do so. Lavabit was ordered to provide the SSL key in machine readable format by noon, August 5 or face a fine of $5000 per day.[23] Levison closed down Lavabit 3 days later.

On October 14, 2013, Levison announced he would allow Lavabit users to change their passwords until October 18, 2013, after which they could download an archive of their emails and personal data.[24][25]

The court documents stated that on 13 July Levison sent an open letter to the assistant US attorney offering to give email metadata (without email content, usernames or passwords) to the FBI if it paid him $2,000 “to cover the cost of the development time and equipment necessary to implement my solution” and $1,500 to give data “intermittently during the collection period”.[26]

Afterwards, Levison wrote that after being contacted by the FBI, he was subpoenaed to appear in federal court, and was forced to appear without legal representation because it was served on such short notice; in addition, as a third party, he had no right to representation, and was not allowed to ask anyone who was not an attorney to help find him one. He also wrote that in addition to being denied a hearing regarding the warrant to obtain Lavabit's user information, he was held in contempt of court. The appellate court denied his appeal due to no objection, however, he wrote that because there had been no hearing, no objection could possibly have been raised. His contempt of court charge was also upheld on the ground that it was not disputed; similarly, he was unable to dispute the charge because there had been no hearing to do it in. He also wrote that "the government argued that, since the 'inspection' of the data was to be carried out by a machine, they were exempt from the normal search-and-seizure protections of the Fourth Amendment."[27]

See also[edit]

References[edit]

  1. ^ a b c "Lavabit". Lavabit. Archived from the original on August 8, 2013. Retrieved August 8, 2013. 
  2. ^ "Lavabit.com Site Info". Alexa Internet. Retrieved November 6, 2013. 
  3. ^ a b Ackerman, Spencer (August 9, 2013). "Lavabit email service abruptly shut down citing government interference: Founder of service reportedly used by Edward Snowden said he would not be complicit in 'crimes against the American people'". The Guardian. Retrieved August 9, 2013. 
  4. ^ a b Edward Snowden’s E-Mail Provider Defied FBI Demands to Turn Over Crypto Keys, Documents Show. Wired
  5. ^ Lavabit is a third person future of the word "to wash" in Latin, it means "he/she/it will wash"Lavabit High Scalability Writeup
  6. ^ Lavabit chief predicts 'long fight' with feds CNET, August 9, 2013. Retrieved August 13, 2013.
  7. ^ Ingersoll, Geoffrey (July 12, 2013). "How Edward Snowden Sends His Ultra-Sensitive Emails". Business Insider. Archived from the original on August 8, 2013. Retrieved 8 August 2013. 
  8. ^ "Lavabit ..::.. Home". Archived from the original on April 23, 2011. Retrieved September 10, 2013. 
  9. ^ "Lavabit Hosting". Archived from the original on Sep 10, 2013. Retrieved September 10, 2013. 
  10. ^ "In the Matter of the Search of: Lavabit LLC Email Account for Joey006@lavabit.com". Docket Alarm, Inc. Retrieved 10 August 2013. 
  11. ^ a b Poulsen, Kevin (August 8, 2013). "Edward Snowden’s Email Provider Shuts Down After Secret Court Battle". Wired. Archived from the original on August 8, 2013. Retrieved August 8, 2013. 
  12. ^ Poulsen, Kevin. "Feds Targeted Snowden’s Email Provider the Day After NSA Whistleblower Went Public." Wired. September 27, 2013. Retrieved on October 2, 2013.
  13. ^ Poulsen, Kevin. "Edward Snowden’s E-Mail Provider Defied FBI Demands to Turn Over Crypto Keys, Documents Show." Wired. October 2, 2013. Retrieved on October 2, 2013.
  14. ^ Davidson, Amy. "The N.S.A. and Its Targets: Lavabit Shuts Down". The New Yorker. Retrieved August 8, 2013. 
  15. ^ Jardin, Xeni (August 8, 2013). "Lavabit, email service Snowden reportedly used, abruptly shuts down". Boing Boing. Archived from the original on August 8, 2013. Retrieved August 8, 2013. 
  16. ^ a b c Mullin, Joe (August 14, 2013). "Lavabit founder, under gag order, speaks out about shutdown decision". Ars Technica. Retrieved August 16, 2013. 
  17. ^ a b Michael Isikoff (2013-08-15). "Lavabit.com owner: 'I could be arrested' for resisting surveillance order". NBC News Investigations. Retrieved 2013-09-15. "But a source familiar with the matter told NBC News that James Trump, a senior litigation counsel in the U.S. attorney's office in Alexandria, Va., sent an email to Levison's lawyer last Thursday — the day Lavabit was shuttered — stating that Levison may have 'violated the court order,' a statement that was interpreted as a possible threat to charge Levison with contempt of court." 
  18. ^ Samson, Ted (August 9, 2013). "Lavabit shutdown marks another costly blemish for U.S. tech companies". InfoWorld. Retrieved August 16, 2013. 
  19. ^ Nicole Perlroth and Scott Shane (October 2, 2013). "As F.B.I. Pursued Snowden, an E-Mail Service Stood Firm". New York Times. Retrieved 2013-10-02. 
  20. ^ Ribeiro, John. "After Lavabit, Silent Circle also shuts down its encrypted email service". PC World. Retrieved 9 August 2013. 
  21. ^ Sengupta, Somini (August 8, 2013). "2 E-Mail Services Close and Destroy Data Rather Than Reveal Files" (Bits blog). The New York Times. Retrieved August 10, 2013. 
  22. ^ Poulsen, Kevin. "Lavabit’s Owner Appeals Secret Surveillance Order That Led Him to Shutter Site." Wired. September 11, 2013. Retrieved on October 2, 2013.
  23. ^ http://cryptome.org/2013/10/lavabit-orders.pdf
  24. ^ "Lavabit to Briefly Reinstate Services for Data Recovery". PR Newswire. October 14, 2013. Retrieved October 14, 2013. 
  25. ^ "Lavabit ..::.. Liberty". Archived from the original on October 14, 2013. Retrieved October 14, 2013. 
  26. ^ Hern, Alex. "Lavabit founder offered to log users' metadata if FBI paid him $3,500." The Guardian. October 9, 2013. Retrieved on February 5, 2014.
  27. ^ Levison, Ladar. "[1] Secrets, lies and Snowden's email: why I was forced to shut down Lavabit. May 20, 2014. Retrieved on May 20, 2014.

External links[edit]