Snowden's privacy-oriented email provider shuts down under U.S. government pressure

Snowden's privacy-oriented email provider shuts down under U.S. government pressure

Summary: An American company that specialized in highly encrypted email suspended operations today. The abrupt shutdown of Lavabit, a small Texas-based company, is suspected to be related to a court order related to its best-known customer, NSA leaker Edward Snowden.

SHARE:
101

An American company that specialized in private e-mail announced today that it is shutting down, effective immediately.

Normally, that wouldn’t be a big deal—after all, small tech companies fail all the time. But this company’s different. Lavabit,  which had been in operation since 2004, was outed last month as Edward Snowden’s email provider. And today the company’s owner and operator, Ladar Levison, announced that he was “walking away from nearly ten years of hard work” rather than “become complicit in crimes against the American people.”

Visitors to Lavabit’s website, including paying customers, now see this message:

lavabit-shutdown

What happened?

The details are cryptic, but here are a few essential facts.

On Friday, July 12, Edward Snowden, who had used his position as a trusted contractor at the NSA to steal thousands of classified documents, held a press conference at Moscow’s Sheremetyevo Airport to complain about an “unlawful campaign” against him by the United States government.

In a liveblog of the event, the Boston-based GlobalPost.com reported this crucial detail:

Sergei Nikitin, the head of Amnesty International’s Moscow office, and Vladimir Lukin, the Kremlin-appointed human rights ombudsman, are among those who confirmed to Russian news agencies that they would accept the invitation to Moscow’s Sheremetyevo Airport, reportedly sent Thursday from an email address supposedly belonging to Snowden.

The note, which could not be verified, requested the attendance of a slew of well-known rights workers and lawyers “for a brief statement and discussion regarding the next steps forward in my situation,” according to a copy of the invitation posted Lokshina.

It was sent from the email address “edsnowden@lavabit.com,” according to Lokshina’s post, and signed “Edward Joseph Snowden.”

[emphasis added]

Before and after Edward Snowden engineered the NSA document heist, he had been in touch via e-mail with several journalists scattered around the world. As part of the communication process, Snowden insisted on encrypting his correspondence using PGP software. He also used Lavabit, which offered “Security Through Asymmetric Encryption” as a key part of its service. In a white paper explaining its technology, Lavabit said “Lavabit has developed a system so secure that it prevents everyone, including us, from reading the e-mail of the people that use it.”

(The whitepaper is no longer available online, but a copy is still available in the Internet Archive.)

According to that whitepaper, here’s what happened to messages stored at Lavabit:

[I]ncoming e-mail messages are encrypted before they’re saved onto our servers. Once a message has been encrypted, only someone who has the account password can decrypt the message. Like all safety measures, encryption is only effective if it’s used. To ensure privacy, Lavabit has developed a complex system that makes the entire encryption and decryption process transparent to the end user.

[…]

We should note that this encryption process is only secure if you select a strong password. If your password is weak, an attacker would only need to brute force the password to crack our encryption. We should also note that this feature only protects messages on the Lavabit servers. Messages can always be intercepted before they reach Lavabit or between Lavabit’s servers and your personal computer, if SSL is not used. Finally, messages can be retrieved from your local hard drive if encryption software isn’t used on your computer to protect the files. These vulnerabilities are intentional. Our goal was to make invading a user’s privacy difficult, by protecting messages at their most vulnerable point. That doesn’t mean a dedicated attacker, like the United States government, couldn’t intercept the message in transit or once it reaches your computer.

And this section is inadvertently prescient:

Our hope is the difficulty associated with those strategies means they will only be used by governments on terrorists and scammers, not on honest citizens. If you’re intent on hiding your communications from the government, we recommend you investigate systems that secure messages throughout the entire e-mail system and not just at one particular point along that journey.

Levison’s note says, “I wish that I could legally share with you the events that led to my decision. I cannot.” That suggests he and his company were served with a warrant whose terms included a gag order prohibiting any disclosure of the order’s contents. That warrant could have been a National Security Letter, but it could just as easily have been a court order requiring the company to cooperate with an interception of Snowden’s correspondence as well as those of other Lavabit subscribers who might have been allegedly conspiring with Snowden.

The outrage over overly broad surveillance of U.S. citizens by the NSA doesn’t seem to apply here. Snowden freely admitted that he had broken the law in an act of civil disobedience. He has been indicted on three counts of espionage, theft, and conversion of government property. The criminal complaint was filed not in the secret Foreign Intelligence Surveillance Court but in the United States District Court in Virginia.

In a post on Google+, CNET’s Declan McCullagh speculated that Lavabit had been served with a court order to intercept passwords and possibly encryption keys, that they had fought the order for six weeks and lost, and had shut down the service rather than comply.

That’s certainly a reasonable scenario, but those who know the details aren’t talking.

In a closing note, Levison offered a warning about anyone doing business with U.S. tech companies:

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.

So far, no other U.S. companies have reported similar orders.

Topics: Privacy, Government, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

101 comments
Log in or register to join the discussion
  • Alternative

    Lavabit users looking for a free privacy-conscious electronic communication web app may be interested in ThreadThat dot com.
    MrPrivacy
    • ThreadThat dot com

      Until the gov't comes for them.
      jpolk84
      • Big Brother

        Right--you're not paranoid if what you fear is true--remember that folks when they come for you! Government invasion of privacy and denial of freedom must be stopped!
        tkuwait
        • paranoid

          As Henry Kissinger once said: "Just because you are paranoid doesn't mean they are not out to get you".
          samp_z
          • Kissinger

            Kissinger is hardly an example of govenment non-interference in private affairs.
            bobp4
          • Kissinger (cont'd)

            he doesn't need to be for his statement to be valid...
            brichter
  • 2

    This is tyranny. We have a completely corrupt government that no longer abides by the Constitution.
    stalepie
    • Amen

      They're out of control.

      Snowden is more of a patriot than anyone in our government. They don't give a crap about what's right, moral, or legal anymore. They sure as heck don't care about the citizens anymore. They see us as a threat to their tyranny, rather than their employer.
      BillDem
      • Sorry have to dissagree...

        a patriot does not run and hide and say "save me"... that's a coward. He didn't do it for patriotism, he did it for 15 minutes of fame and it backfired. If he had stayed then you could call him a hero.
        ScanBack
        • What nonsense.

          The US army are all cowards. They've never gone into a fair fight with anyone. Shooting unarmed civilians with unmanned drones from thousands of miles away, that's cowardice. Obama would rather kill 10 civilians than risk the life of a single US "patriot". Your state apparatus is a cowardly bully to the rest of humanity. Ed Snowden knows this and he's trying to educate you.
          johnaaaaaaaaa5
          • War isn't a question of "fair fighting"

            It's a question of _winning_. It isn't like boxing, or football. You do what you have to do.
            That being said, the killing of innocents is always bad, accomplishes nothing, and counterproductive. We have enough trouble with those who attack us out of sheer hatred, but we certainly don't need to extend that animosity by angering the rest of the world with careless, wreckless and poorly focused attacks.
            I don't really know what truly sensitive information Snowden leaked, but I feel that it wasn't intended to damage US interests, but a misguided attempt to curb out government's growing disregard for the First Amendment.
            Papa_Bill
          • Its in our ballcourt or are we misguided

            Misguided? But prescient. He was smart enough to flee to countries that he could not be assassinated or kidnapped from. Please rest assured that the same people who went after Bin Laden would have been sent against him. Snowden is if anything a realist and his disclosures have derailed the Obama juggernaut and it's up to us to fight for our freedom and the Bill of Rights.
            primartcloud
          • Fair fight?

            Since when is war about that?
            brichter
          • Anyone who beleives in an army fighting fair deserves to be annihilated.

            Shooting unarmed civilians, by drone or otherwise, isn't cowardice, it's a war crime.

            But the U.S. Army is definitely NOT cowardly; nor are any of the other branches of the U.S military for that matter. When we fight, we fight to win. And we try our best to make sure our civilian masters don't send us into no win situations. Unfortunately, we not always successful at that; and most recently it's been even harder considering that most of our nation's leaders have no military experience and are complete and utter incompetents when it comes to the use of the military, including the current Commander in Chief.
            Dr_Zinj
        • If...

          If he had stayed, do you think we would have ever heard of him? Think about it. NDAA, no due process, *cough*patriot*cough act, no trial, no phone calls, simply disappears. The longer he's out and about the more of a symbol he is. Avoiding capture isn't cowardice, it's prudence.
          Tora1337
          • True enough.

            As they say, "dead men tell no tales (anymore)"
            Papa_Bill
        • So

          Not hanging around to be deep sized by an NSA black ops team after blowing the whistle on unconstitutional surveillance of US citizens makes him a coward? Hmmm...interesting (weird) perspective you have
          archangel9999
        • ScanBack

          Sorry ScanBack, staying would have gained him the description of Fool not hero. Leaving to carry on the fight from out of the reach of the government allows him to continue to expose their excesses. Staying would have gotten him a trip to Guantanamo or another "accidental" death by FBI, NSA or any of the other US thug groups.
          hrwaller
      • BillDem

        You are a douchebag to think that Snowden is a patriot. He nothing more then a traitor who only want's to be in the spot light.
        nemothrax
        • Under The Bush administration??

          Would you have the same opinion?
          partman1969