The Known Details on the Lavabit Demand
Ladar Levison’s interview with Amy Goodman yesterday was his most extensive statement about the demand he got that led him to shut down his company. I want to pull the important tidbits from that interview and this one, with Forbes’ Kashmir Hill, to collect what we know about the demand so far.
Levison told DN the entire service was insecure:
I felt that in the end I had to pick between the lesser of two evils and that shutting down the service, if it was no longer secure, was the better option. It was, in effect, the lesser of the two evils.
He told Hill that he shut down to protect all his users.
“This is about protecting all of our users, not just one in particular. It’s not my place to decide whether an investigation is just, but the government has the legal authority to force you to do things you’re uncomfortable with,” said Levison in a phone call on Friday.
The demand affected his paid users and involved him being forced to have access to the private information the system was designed to ensure he didn’t have.
And at least for our paid users, not for our free accounts—I think that’s an important distinction—we offered secure storage, where incoming emails were stored in such a way that they could only be accessed with the user’s password, so that, you know, even myself couldn’t retrieve those emails.
[snip]
in our case it was encrypted in secure storage, because, as a third party, you know, I didn’t want to be put in a situation where I had to turn over private information. I just didn’t have it. I didn’t have access to it. And that was sort of—may have been the situation that I was facing.
Levison told Hill he has complied with legal requests where the requested information was not encrypted (suggesting it involved his free users).
“I’m not trying to protect people from law enforcement,” he said. “If information is unencrypted and law enforcement has a court order, I hand it over.”
Snowden was a registered user of Lavabit, apparently under his own name.
Ladar, you were the service provider for Edward Snowden?
LADAR LEVISON: I believe that’s correct. Obviously, I didn’t know him personally, but it’s been widely reported, and there was an email account bearing his name on my system, as I’ve been made well aware of recently.
The government has prevented Levison from sharing some of the demand with his lawyer. And Levison thinks that’s because the government would be ashamed of the nature of the demand.
I mean, there’s information that I can’t even share with my lawyer, let alone with the American public. So if we’re talking about secrecy, you know, it’s really been taken to the extreme. And I think it’s really being used by the current administration to cover up tactics that they may be ashamed of.
He told Hill, too, the method they were demanding is what bothered him.
In this case, it is the government’s method that bothers him. “The methods being used to conduct those investigations should not be secret,” he said.
Update: In an interview w/MoJo, he suggests the demand pertains to bulk collection on an entire user base of people.
While Levison of Lavabit could not discuss the specifics of his case, he suggested that the government was trying to compel him to give access to vast quantities of user data. He explained that he was not opposed to fulfilling law enforcement requests that were “specific in nature” and “approved by a judge after showing probable cause,” and noted that he had responded to some two dozen subpoenas during his decade in business. “What I’m against, at least on a philosophical level,” he added, “is the bulk collection of information, or the violation of the privacy of an entire user base just to conduct the investigation into a handful of individuals.”
And suggested if they could intercept communications between the servers and the user, they could decrypt the communications.
if someone could intercept the communication between the Lavabit’s Dallas-based servers and a user, they could get the user’s password and then use that to decrypt their data.
What distinguishes this from previous subpoenas is what is so secret.
AARON MATÉ: And, Ladar, during this time, you’ve complied with other government subpoenas. Is that correct?
LADAR LEVISON: Yeah, we’ve probably had at least two dozen subpoenas over the last 10 years, from local sheriffs’ offices all the way up to federal courts. And obviously I can’t speak to any particular one, but we’ve always complied with them. I think it’s important to note that, you know, I’ve always complied with the law. It’s just in this particular case I felt that complying with the law—
JESSE BINNALL: And we do have to be careful at this point.
LADAR LEVISON: Yeah, I—
Levison questions whether it is possible to run cloud service in this country without being forced to spy on your customers.
I still hope that it’s possible to run a private service, private cloud data service, here in the United States without necessarily being forced to conduct surveillance on your users by the American government.
Levison suggests both his and Silent Circle’s unannounced shut-down served to avoid government efforts to capture data beforehand.
Mike Janke, Silent Circle’s CEO and co-founder, said, quote, “There was no 12-hour heads up. If we announced it, it would have given authorities time to file a national security letter. We decided to destroy it before we were asked to turn (information) over. We had to do scorched earth.” Ladar, your response?
LADAR LEVISON: I can certainly understand his position. If the government had learned that I was shutting my service down—can I say that?
JESSE BINNALL: Well, I think it’s best to kind of avoid that topic, unfortunately. But I think it is fair to say that Silent Circle was probably in a very different situation than Lavabit was, and which is probably why they took the steps that they did, which I think were admirable.
LADAR LEVISON: Yeah. But I will say that I don’t think I had a choice but to shut it down without notice. I felt that was my only option. And I’ll have to leave it to your listeners to understand why.
Everything is being monitored.
LADAR LEVISON: I think you should assume any communication that is electronic is being monitored.
This echoes something Levison told Forbes’ Kashmir Hill:
“I’m taking a break from email,” said Levison. “If you knew what I know about email, you might not use it either.”
Levison also told Hill his location in Texas made it harder to respond to a demand in VA.
“As a Dallas company, we weren’t really equipped to respond to this inquiry. The government knew that,” said Levison, who drew parallels with the prosecutorial bullying of Aaron Swartz. “The same kinds of things have happened to me. The government tried to bully me, and [my lawyer] has been instrumental in protecting me, but it’s amazing the lengths they’ve gone to to accomplish their goals.”
His statement shuttering the company mentioned an appeal to the Fourth Circuit, which includes VA, and the complaint against Edward Snowden was issued in EDVA.
Update: I hadn’t watched the continuation of the DN interview, where Nicholas Merrill, who challenged a National Security Letter back in 2004, came on. But as CDT’s Joseph Lorenzo Hall notes on Twitter, Levison strongly suggests his order came from the FISA Court.
LADAR LEVISON: I think it’s important to note that, you know, it’s possible to receive one of these orders and have it signed off on by a court. You know, we have the FISA court, which is effectively a secret court, sometimes called a kangaroo court because there’s no opposition, and they can effectively issue what we used to consider to be an NSL. And it has the same restrictions that your last speaker, your last guest, just talked about.
Hall also has an interesting piece on Lavabit and CALEA II that addresses issues I’ve been thinking about, in which he includes this discussion.
What did the government demand and under what authority prompted Lavabit’s shutdown? We don’t know, and that’s part of the problem. The Wiretap Act, which authorizes the government to intercept communications content prospectively in criminal investigations, indicates that a provider of wire or electronic communication service (such as Lavabit) can be compelled to furnish law enforcement with “all information, facilities and technical assistance necessary to accomplish the interception unobtrusively… .” 18 USC 2518(4). The Foreign Intelligence Surveillance Act (FISA), which regulates surveillance in intelligence investigations, likewise requires any person specified in a surveillance order to provide the same assistance (50 USC 1805(2)(B)) and so does the FISA Amendments Act with respect to directives for surveillance targeting people and entities reasonably believed to be abroad (50 USC 1881a(h)(1)). The “assistance” the government demands may include the disclosure of the password information necessary to decrypt the communications it seeks, if the service provider has that information, but modern encryption services can be designed so that the service provider does not hold the keys or passwords. Was the “assistance” that the government demanded of Lavabit a change in the very architecture of its secure email service? Was the “assistance” the installation of the government’s own malware to accomplish the same thing? Lavabit has not answered these questions outright, but it did make it clear that its concern extended to the privacy of the communications of all of its users, not just those of one user under one court order.
Just had a very interesting convotweet with a former “asset”. During discussions I realized that these NSA-military contractor systems are basically more illegal than first imagined.
It is as if the Military is operating on US soil against US citizens which is a HUGE No-no unless there are specific orders that reach specific intentions and the citizens are made aware of it.
@peasantparty: In other words, the NSA as we have currently been led to believe is not just a security theater. It is in fact an operation in Secret by the DOD.
All the contractors like Booz are being paid through military defense funding. Like Snowden said, they operate and respond like military actives. Lavabit is not just fighting the DOJ, it is fighting the US military!
EFF:
“..EFF has been fighting in Congress for legislative reform of National Security Letters since 2005. In 2009 many hoped that President Obama having run for office promising to reform Bush-era surveillance abuses would work with Congress to curb NSL abuse. Unfortunately the Obama Administration has instead continued to block reform and has even sought to expand NSL powers…”
https://www.eff.org/issues/national-security-letters
“…Unfortunately the Obama Administration has instead continued to block reform and has even sought to expand NSL powers…”
this is a small but especially troublesome part of the obama adninistrations 3-pronged war on the other two branches of our federal government and on opportunities for ordinary citizens to become well informed about presidential actions involving national security.
to be sure, the congress deserves the most severe criticism and contempt for ever allowing an obscenity like nsl’s to be used by federal police.
also interesting about nsl’s:
http://www.wired.com/threatlevel/2013/03/nsl-found-unconstitutional
you have to wonder about political tone-deafness at the doj and the whitehouse. could there be a worse time to shine a bright light on such an unconstitutional federal police activity?
thanks for this particular article.. nothing is private. that much is obvious!
http://www.mattbors.com/blog/2013/08/13/obamas-dirty-dishes/
After all these revelations, will the American sheeple finally come to their senses and admit that the State does NOT provide “security”?
The whole National Security State is nothing but a criminal enterprise. Snowden, Levison and Manning et al have really been exposing the fact that our Rulers are mobsters. But I don’t think the sheeple will understand that until they or their family members are abducted by government goons and locked up for searching for recipes and nail polish on the Internet, or for emailing their friends on what an ignorant, pot-fried zombie Obama is.
Ladar Levison may have mentioned protecting his paid accounts, to assure those users, but I think the real focus should be on the free accounts. Two and a half weeks before lavabit went down I signed up for a free account. I did not need to give any info at all. Just picked a username@lavabit and a password with the caveat that if I forgot my password I’d lose the account because lavabit did not store that info. Presumably, the paid accounts have credit card info stored somewhere, the free accounts have absolutely no info attached to the accounts. I’ve been suspicious of cloud services long before the NSA info came out, so I have no idea what lavabit’s policies were, as I have my own cloud, it’s called an external drive and didn’t look into theirs.
Although Levison officially took lavabit offline last Thursday, the service actually went down on Wednesday. I had given a friend my lavabit email address and she copied it to both lavabit and gmail to make sure she had it right. Lavabit was down for maintenance from some point Wednesday afternoon until the official announcement that the service was no more. I’m assuming Levison was scrubbing his servers.
Ladar should have prefaced every (non-)statement with
“Of course, I’m speaking in the United States of America where I’m not allowed to discuss that.”
The NSA is exacly the kind of outfit the NSA ought to be protecting us FROM.
The US Post Office ought to be providing us all with safe and secure email that even a truly monstrous, cosmodemonic oufit like the NSA cannot subvert.
Of course, that would imply that we Americans were soveriegn and that our government served us … rather than the other way round, as it is today.
And we all continue to lap it up, don’t we ? to eat human waste right out of their hands.
The apparatus for a totalitarian regime is now in place. We are speaking of something here akin to what East Germany was., though modern reliance on technology may make that much much worse. The government now has the power to blackmail or coerce anyone it wants.
Unless the population protests this strongly, and takes steps to make their protest politically viable, then we can only expect things will truly get worse. In the beginning, it will be just a war against whistleblowers (as now) and certain minority groups. But as the paranoia spreads, as happened under Stalinism, the enemies of the people become anyone. Maybe you, maybe me, maybe anyone for who they might be or become.
The state power is there to ensure the future of the rich and powerful as the rich and powerful. It is all funded by the sheeple.
In this nothing has changed since the feudal times of the European middle ages: the king and the aristocracy ruled over the peasantry in the name of God, honour and (national) greatness.
The only threat to stability is a revolution and its weed must be squashed before it sprouts.
In the USA the king (preselected by one of the 2 parties) is powerless and changed every 4 or 8 years. The ruling class, however, is on for life just like any aristocracy in the past.
@tuezday: Fascinating. Thanks.