Feeds

Snowden's secure email provider Lavabit shuts down under gag order

Won't be 'complicit in crimes against the American people'

High performance access to file storage

Lavabit, the security-conscious email provider that was the preferred email service of NSA leaker Edward Snowden, has closed its doors, citing US government interference.

"I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit," founder Ladar Levison said in a statement posted to the company's homepage on Thursday. "After significant soul searching, I have decided to suspend operations."

Prior to its closure, Lavabit was a dedicated email service that offered subscribers "the freedom of running your own email server – without the hassle or expense."

In addition to a variety of flexible configuration options, the service boasted that all email stored on its servers was encrypted using asymmetric elliptical curve cryptography, in such a way that it was impossible to discern the contents of any email without knowing the user's password.

As a whitepaper posted to the company's website (now removed, but available from the Internet Archive) observed:

Our goal was to make invading a user's privacy difficult, by protecting messages at their most vulnerable point. That doesn't mean a dedicated attacker, like the United States government, couldn't intercept the message in transit or once it reaches your computer.

Our hope is the difficulty associated with those strategies means they will only be used by governments on terrorists and scammers, not on honest citizens.

It now seems, however, that Levison's hope was just wishful thinking. Without going into details, his statement on Thursday made plain that pressure from the US government was behind his decision to shutter Lavabit.

"I feel you deserve to know what's going on – the first amendment is supposed to guarantee me the freedom to speak out in situations like this," Levison wrote. "Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests."

Under current US law, requests for information by US intelligence agencies often carry a gag order that forbids the party receiving the request from disclosing what information was requested, or even that a request was made at all.

The gag orders can be challenged by appealing to the shadowy Foreign Intelligence Surveillance Court (FISC), which operates in complete secrecy, but such appeals are seldom granted.

Not even Google or Microsoft – each of which, it must be said, has far deeper pockets than Lavabit – has managed to challenge the surveillance orders. Both companies were named by Snowden as having turned over user data to government spies under the secretive PRISM program, but the FISC won't allow them to reveal to the public what they may or may not have actually disclosed.

Little wonder, then, that Levison's "appropriate requests" have similarly been denied.

The Lavabit founder says he next plans to challenge the government's ruling in the US Fourth Circuit Court of Appeals. A favorable ruling, he says, would allow him to "resurrect Lavabit as an American company" – though he doesn't appear to hold out much hope.

"This experience," Levison wrote, "has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States." ®

High performance access to file storage

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
European Court of Justice rips up Data Retention Directive
Rules 'interfering' measure to be 'invalid'
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Bored with trading oil and gold? Why not flog some CLOUD servers?
Chicago Mercantile Exchange plans cloud spot exchange
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.