Feeds

Snowden's email provider gave crypto keys to FBI – on paper printouts

Lavabit founder says snoops demanded total access

Build a business case: developing custom apps

The former operator of a secure email service once used by NSA leaker Edward Snowden has been fined $10,000 for failing to give federal agents access to his customers' accounts, newly released court documents show.

In August, Ladar Levison shut down Lavabit, his security-minded email business, rather than comply with government demands that he claimed would have made him "complicit in crimes against the American people."

At the time, a gag order prevented him from discussing the details of his situation. But court documents unsealed on Wednesday reveal that the FBI wanted Levison to hand over encryption keys that would have given federal agents "real time" access to not just Snowden's account, but the accounts of all 40,000 of Lavabit's customers.

To Levison, that was going too far. "You don't need to bug an entire city to bug one guy's phone calls," he told The New York Times. "In my case, they wanted to break open the entire box just to get to one connection."

Levison claims he had complied with legal surveillance requests in the past, and that he proposed logging and decrypting just Snowden's communications and uploading them to a government server once per day.

But the FBI said that wasn't enough. It wanted access to the private SSL certificates used to encrypt all traffic on Lavabit, which Levison says would have given agents up-to-the-minute access to the emails of every Lavabit user. In July it produced a federal warrant ordering Levison to turn them over.

Prosecutors claim that monitoring Snowden was the only goal and that spying on Lavabit's other users was never part of the plan. "There's no agents looking through the 400,000 other bits of information, customers, whatever," one said during a hearing in August. But Levison still balked.

He certainly deserves credit for his pluck. Levison complied with the letter of the order, but he delivered the encryption keys as strings of numbers printed out on paper, rather than as electronic files. What's more, he intentionally printed them in a font designed to be hard to scan, one prosecutors described as "largely illegible."

Federal Judge Claude Hilton was not amused. He found Levison in contempt of court and levied a fine of $5,000 per day until the keys were provided in electronic form.

Levison held out for two days but finally relented, only to shut down Lavabit at the same time he gave up the certificates – a move a prosecutor later described as "just short of a criminal act."

Levison now says he hopes to one day revive his business, which he founded in 2004 and had been operating as a full-time job since 2010. But he also wants to make the public aware of what happened to him and the potential pitfalls for other businesses in the face of unchecked government surveillance.

"How as a small business do you hire the lawyers to appeal this and change public opinion to get the laws changed," Levison told the NYT, "when Congress doesn't even know what is going on?"

At least one Congressman has sided with Levison, however. Libertarian-leaning Rand Paul, the Republican junior senator for Kentucky, has urged voters to sign a petition against NSA spying and to donate to Campaign for Liberty, a conservative pressure group that has agreed to help fund Levison's legal defense.

"Even though he's lost his main source of income, Ladar Levison is fighting back," Paul wrote in a statement. "I believe his legal battle is a key part in our shared fight to restore our Fourth Amendment freedoms." ®

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.