Feeds

Snowden's secure email provider Lavabit shuts down under gag order

Won't be 'complicit in crimes against the American people'

Reducing the cost and complexity of web vulnerability management

Lavabit, the security-conscious email provider that was the preferred email service of NSA leaker Edward Snowden, has closed its doors, citing US government interference.

"I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit," founder Ladar Levison said in a statement posted to the company's homepage on Thursday. "After significant soul searching, I have decided to suspend operations."

Prior to its closure, Lavabit was a dedicated email service that offered subscribers "the freedom of running your own email server – without the hassle or expense."

In addition to a variety of flexible configuration options, the service boasted that all email stored on its servers was encrypted using asymmetric elliptical curve cryptography, in such a way that it was impossible to discern the contents of any email without knowing the user's password.

As a whitepaper posted to the company's website (now removed, but available from the Internet Archive) observed:

Our goal was to make invading a user's privacy difficult, by protecting messages at their most vulnerable point. That doesn't mean a dedicated attacker, like the United States government, couldn't intercept the message in transit or once it reaches your computer.

Our hope is the difficulty associated with those strategies means they will only be used by governments on terrorists and scammers, not on honest citizens.

It now seems, however, that Levison's hope was just wishful thinking. Without going into details, his statement on Thursday made plain that pressure from the US government was behind his decision to shutter Lavabit.

"I feel you deserve to know what's going on – the first amendment is supposed to guarantee me the freedom to speak out in situations like this," Levison wrote. "Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests."

Under current US law, requests for information by US intelligence agencies often carry a gag order that forbids the party receiving the request from disclosing what information was requested, or even that a request was made at all.

The gag orders can be challenged by appealing to the shadowy Foreign Intelligence Surveillance Court (FISC), which operates in complete secrecy, but such appeals are seldom granted.

Not even Google or Microsoft – each of which, it must be said, has far deeper pockets than Lavabit – has managed to challenge the surveillance orders. Both companies were named by Snowden as having turned over user data to government spies under the secretive PRISM program, but the FISC won't allow them to reveal to the public what they may or may not have actually disclosed.

Little wonder, then, that Levison's "appropriate requests" have similarly been denied.

The Lavabit founder says he next plans to challenge the government's ruling in the US Fourth Circuit Court of Appeals. A favorable ruling, he says, would allow him to "resurrect Lavabit as an American company" – though he doesn't appear to hold out much hope.

"This experience," Levison wrote, "has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States." ®

Choosing a cloud hosting partner with confidence

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.