The story behind Lavabit and why the email provider shutdown


Recommended Posts

A most disturbingly and amazing look at how bad our country is getting:

 

 

The U.S. government in July obtained a search warrant demanding that Edward Snowden?s e-mail provider, Lavabit, turn over the private SSL keys that protected all web traffic to the site, according to to newly unsealed documents.

The July 16 order came after Texas-based Lavabit refused to circumvent its own security systems to comply with earlier orders intended to trace the internet IP address of a particular Lavabit user. The name of the target is redacted from the unsealed records, but the offenses under investigation are listed as violations of the Espionage Act and theft of government property ? the exact charges that have been filed against NSA whistleblower Snowden in the same Virginia court.

The records in the case, which is now being argued at the 4th U.S. Circuit Court of Appeals, were unsealed today by a federal judge in Alexandria, Virginia. They confirm much of what had been suspected about the conflict between the pro-privacy e-mail company and the federal government, which led to Lavabit voluntarily closing in August rather than compromise the security it promised users.

The filings show that Lavabit was served on June 28 with a so-called ?pen register? order requiring it to record, and provide the government with, the connection information on one of its users every time that user logged in to check his e-mail. Because they provide only metadata, pen register orders can be obtained without ?probable cause? that the target has committed a crime.

In the standard language for such an order, it required Lavabit to provide all ?technical assistance necessary to accomplish the installation and use of the pen/trap device?

A standard email provider can easily funnel such information to the government upon request. But Lavabit offered paying customers a secure e-mail service that uses custom software to protect user?s information.

Lavabit founder Ladar Levison balked at the demand, and the government filed a motion to compel Lavabit to comply. Lavabit told the feds that the user had ?enabled Lavabit?s encryption services, and thus Lavabit would not provide the requested information,? the government wrote.

Full article: http://www.wired.com/threatlevel/2013/10/lavabit_unsealed

 

Link to comment
Share on other sites

 

They confirm much of what had been suspected about the conflict between the pro-privacy e-mail company and the federal government, which led to Lavabit voluntarily closing in August rather than compromise the security it promised users.

 

I salute them for sticking to their guns. I wonder where their customers will go to get secured emails?

Link to comment
Share on other sites

This to me is one of the best parts of the story:

 

 

 

In an interesting work-around, Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type. The government, not unreasonably, called the printout ?illegible.?
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.