He seemed pretty ok with handing over user metadata for a rather small amount of cash though.
http://www.theguardian.com/technology/2013/oct/09/lavabit-metadata-log-3500-offer On Thursday, October 10, 2013, Eugen Leitl wrote: > > > http://www.newyorker.com/online/blogs/elements/2013/10/how-lavabit-edward-snowden-email-service-melted-down.html > > HOW LAVABIT MELTED DOWN > > POSTED BY MICHAEL PHILLIPS AND MATT BUCHANAN > > On August 8th, Lavabit, newly famous for being the secure e-mail service > used > by the National Security Agency whistleblower Edward Snowden, went dark. > Its > owner and operator, Ladar Levison, replaced its home page with a message: > “I > cannot share my experiences over the last six weeks, even though I have > twice > made the appropriate requests.” Levison could write only that he chose to > shut down the company rather than “become complicit in crimes against the > American people,” and he promised to “fight for the Constitution in the > Fourth Circuit Court of Appeals.” > > Court-watchers repeatedly checked the Fourth Circuit docket to see whether > Levison would follow through. While the Fourth Circuit kept the appeals > secret and placed them under seal, observers deduced that Levison’s appeals > were the ones numbered 13-4625 and 13-4626. Last week, U.S. District Judge > Claude M. Hilton unsealed a hundred and sixty-two pages of previously > secret > documents related to two District Court orders issued against Lavabit, so > that Levison could have a public record of his appeals. These disclosures > fall short of the ideal of open justice, but they do give Levison’s ordeal > a > public shape. > > They also allow Levison to speak more openly now. This past weekend, in > Manhattan’s Bryant Park, his demeanor was steady, if clearly burdened; he > is, > after all, a man who was forced to destroy the business he had spent most > of > the past decade building, and who is locked in a legal and philosophical > battle against the United States government. > > Levison wore a white, starched collared shirt with thin gold cufflinks; the > afternoon was warm, and sweat, mixed with the gel that fixed his hair in a > slightly spiked coiffure, dotted his forehead. He spoke sternly but > calmly—his tenor lacked the quiet frenzy of, say, Thomas Drake, the N.S.A. > whistleblower, even though most of what he had to say was bad news, if you > value electronic privacy or security. He doesn’t use e-mail on his Android > smartphone, for instance, because neither the software nor the hardware of > any commercial phone can be trusted; carriers and phone makers can push > malware onto the device, he said. Yet his views are far from radical. While > he opposes the bulk collection of domestic communications, he has no such > strong feelings about the N.S.A.’s foreign-surveillance efforts. He is, if > anything, disappointed that the U.S. government would spy on its own > citizens > on such a grand scale, and with such impunity, even though Levison’s > decision > to build a privacy-oriented e-mail service in the first place, in 2004, was > partly in response to the Patriot Act. Part of Lavabit’s mission, before it > shut down, was that it would “never sacrifice privacy for profits.” One of > its most notable features was that, for paying users, it encrypted e-mail > messages and other files stored on its server so that they could not be > read > by third parties without a user’s password. > > As the Times reported last week, the unsealed documents reveal that the > first > chapter of Levison’s “tangle with law enforcement” began in May—well before > the first Snowden leak of the N.S.A.’s massive database of call logs broke > in > June—when an F.B.I. agent left his business card on Levison’s doorstep. On > June 10th, the government secured an order from the Eastern District of > Virginia. The order, issued under the Stored Communications Act, required > Lavabit to turn over to the F.B.I. retrospective information about one > account, widely presumed to be that of Snowden. (The name of the target > remains redacted, and Levison could not divulge it.) The order directed > Lavabit to surrender names and addresses, Internet Protocol and Media > Access > Control addresses, the volume of each and every data transfer, the duration > of every “session,” and the “source and destination” of all communications > associated with the account. It also forbade Levison and Lavabit from > discussing the matter with anyone. > > Levison now says that while that particular investigation “escalated,” it > was > not the only one to land at his doorstep in recent years. He believes that > even if he hadn’t hosted the e-mail account of the target, Lavabit would > eventually have found itself in the position that it’s in now because it > “constitutes a gap” in the government’s intelligence. The broader > implication—as shown by the N.S.A.’s efforts to attack the anonymous Tor > network—is that intelligence agencies will try to crack any service > designed > for privacy and used at scale. > > On June 28th, the Eastern District Court of Virginia issued another order, > “authorizing the installation and use of a pen register and the use of a > trap > and trace device” on all electronic communications being sent from or to > the > account. The term “pen register” is a relic of Morse’s telegraph; it refers > to the mechanical pen that recorded the electrical pulses that routed a > telegraph. Today, the term is used to refer to any device or process that > records outgoing routing information, such as phone numbers dialed or > e-mail > addresses typed. A “trap and trace device” does the inverse, and records > incoming phone numbers, e-mail addresses, and other connections. A court > may > issue this kind of order if the information likely to be captured is > “relevant to an ongoing criminal investigation.” This order also forbade > Lavabit from discussing the matter. > > The unsealed documents describe a meeting on June 28th between the F.B.I. > and > Levison at Levison’s home in Dallas. There, according to the documents, > Levison told the F.B.I. that he would not comply with the pen-register > order > and wanted to speak to an attorney. As the U.S. Attorney for the Eastern > District of Virginia, Neil MacBride, described it, “It was unclear whether > Mr. Levison would not comply with the order because it was technically not > feasible or difficult, or because it was not consistent with his business > practice in providing secure, encrypted e-mail service for his customers.” > The meeting must have gone poorly for the F.B.I. because McBride filed a > motion to compel Lavabit to comply with the pen-register and trap-and-trace > order that very same day. > > Magistrate Judge Theresa Carroll Buchanan granted the motion, inserting in > her own handwriting that Lavabit was subject to “the possibility of > criminal > contempt of Court” if it failed to comply. When Levison didn’t comply, the > government issued a summons, “United States of America v. Ladar Levison,” > ordering him to explain himself on July 16th. The newly unsealed documents > reveal tense talks between Levison and the F.B.I. in July. Levison wanted > additional assurances that any device installed in the Lavabit system would > capture only narrowly targeted data, and no more. He refused to provide > real-time access to Lavabit data; he refused to go to court unless the > government paid for his travel; and he refused to work with the F.B.I.’s > technology unless the government paid him for “developmental time and > equipment.” He instead offered to write an intercept code for the account’s > metadata—for thirty-five hundred dollars. He asked Judge Hilton whether > there > could be “some sort of external audit” to make sure that the government did > not take additional data. (The government plan did not include any > oversight > to which Levison would have access, he said.) > > Most important, he refused to turn over the S.S.L. encryption keys that > scrambled the messages of Lavabit’s customers, and which prevent third > parties from reading them even if they obtain the messages. The > pen-register > order required Levison to permit the F.B.I. to install the pen register and > provide “technical assistance necessary to accomplish the installation.” > Levison argued that the “technical assistance” provision did not require > that > he surrender the S.S.L. keys, especially because he was willing to write > intercept code for the information the government desired. Giving up the > keys > “would compromise all of the secure communications in and out my network, > including my own administrative traffic,” he told Judge Hilton. The U.S. > Attorney’s Office, for its part, insisted that without the S.S.L. keys, > “the > data from the pen register will be meaningless,” an analysis shared by > others. But the pen-register data may not have been “meaningless” if the > government took up Levison’s offer to write his own intercept code. > > Prior to the hearing on July 16th, the U.S. Attorney filed a motion for > civil > contempt, requesting that Levison be fined a thousand dollars for every day > that he refused to comply with the pen-register order. Earlier in the day, > Hilton issued a search-and-seizure warrant, authorizing law enforcement to > seize from Lavabit “all information necessary to decrypt communications > sent > to or from [the account], including encryption keys and SSL keys,” and “all > information necessary to decrypt data stored in or otherwise associated > with > [the account].” On July 25th, Lavabit petitioned to cancel the subpoena and > warrant, arguing that if the “government gains access to Lavabit’s Master > Key, it will have unlimited access to not only [the account], but all of > the > communications and data stored in each of Lavabit’s 400,000 e-mail > accounts.” > Lavabit also asked the court to unseal its records and permit Levison to > speak. > > It was the government’s insistence on collecting the S.S.L. keys that most > deeply disturbed Levison, and led to the shutdown of Lavabit. He believes > that not only would the F.B.I. have had unfettered, secret access to the > communications of his four hundred thousand customers—without being > required > to give Levison a log of what it accessed—but putting his encryption keys > in > the hands of the government would have opened Lavabit to a more profound > exploitation of his service’s communications. Levison worried that if he > turned the keys over to the F.B.I., the N.S.A. would have been able to > obtain > them without his knowledge through a Foreign Intelligence Surveillance Act > court order. We know now that the N.S.A. has been systematically cracking > encryption across the Web, and it has built a database of encryption keys > that automatically decode messages; this is dangerous, Levison says, > because > it allows the N.S.A. to read encrypted communications as they flow past the > agency’s taps of the broader Internet infrastructure by simply observing > them, leaving no trace of the surveillance, unlike a traditional > “man-in-the-middle” attack. This vulnerability, he insists, is not > sufficiently understood. And, while the Times’s initial reporting indicates > that the N.S.A.’s method of obtaining the keys for its database is > “shrouded > in secrecy,” Levison suggests that his case also illustrates one of the > ways > in which it collects them: by secretly compelling companies to turn them > over. > > The F.B.I., Levison says, “sold its soul” to the N.S.A. to acquire its > technologies and become a “counter-intelligence agency” rather than a > domestic police force. The result is an agency with somewhat stunning > technical capabilities—it was the F.B.I. that used malware to identify > users > of the Tor network in the course of its investigation of Freedom Hosting, > the > anonymous service provider, an incident that disturbed Levison because it > put > legitimate users at risk, even if he doesn’t agree with the illegal content > that Freedom Hosting was allegedly housing. Before the Bureau demanded > Lavabit’s S.S.L. keys, in fact, he was asked “half a dozen times” about any > point in the system where information flowed through unencrypted so that > the > F.B.I. could tap it. One result of this newfound expertise, however, is > that > Levison believes there is a knowledge gap between the Department of Justice > and law-enforcement agencies; the former did not grasp the implications of > what the F.B.I. was asking for when it demanded his S.S.L. keys. (According > to Levison, the F.B.I. agents who came to his house were surprised that he > hadn’t seen one of the sets of documents that had been e-mailed to him > demanding Lavabit’s information; they pointed to his phone and said he > could > look up the information right there. He responded, “You know better than I > do > why I don’t have e-mail on my phone.”) > > On August 1st, Lavabit’s counsel, Jesse Binnall, reiterated Levison’s > proposal that the government engage Levison to extract the information from > the account himself rather than force him to turn over the S.S.L. keys. > > THE COURT: You want to do it in a way that the government has to trust you— > BINNALL: Yes, Your Honor. > > THE COURT: —to come up with the right data. > > BINNALL: That’s correct, Your Honor. > > THE COURT: And you won’t trust the government. So why would the government > trust you? > > Ultimately, the court ordered Levison to turn over the encryption key > within > twenty-four hours. Had the government taken Levison up on his offer, he may > have provided it with Snowden’s data. Instead, by demanding the keys that > unlocked all of Lavabit, the government provoked Levison to make a last > stand. According to the U.S. Attorney MacBride’s motion for sanctions, > > At approximately 1:30 p.m. CDT on August 2, 2013, Mr. Levison gave the > F.B.I. > a printout of what he represented to be the encryption keys needed to > operate > the pen register. This printout, in what appears to be four-point type, > consists of eleven pages of largely illegible characters. To make use of > these keys, the F.B.I. would have to manually input all two thousand five > hundred and sixty characters, and one incorrect keystroke in this laborious > process would render the F.B.I. collection system incapable of collecting > decrypted data. > > The U.S. Attorneys’ office called Lavabit’s lawyer, who responded that > Levison “thinks” he could have an electronic version of the keys produced > by > August 5th. Judge Hilton ordered that Levison and Lavabit be fined five > thousand dollars for each day that they did not turn over the > electronic-encryption keys. On August 8th, rather than turning over the > master key, Levison shut down Lavabit. A week later, Levison’s lawyers > announced that they were appealing to Fourth Circuit Court of Appeals, an > announcement that nearly got Levison into further trouble; the appeal was > promptly placed under seal. > > Levison believes that when the government was faced with the choice between > getting information that might lead it to its target in a constrained > manner > or expanding the reach of its surveillance, it chose the latter. The > documents, and Levison’s comments to us, suggest that although he is a > skeptic, he was willing to work with the government: he offered to write > intercept code himself to capture their target’s metadata, and acknowledged > that the government might have a right to the person’s information. He was > willing to turn that information over, as he did in a case involving child > pornography; Lavabit’s archived site in fact explicitly states that one of > the reasons its most secure services are available to paying customers only > is so that if an account “is used for illegal purposes that money trail can > be used to track down the account owner.” But the government refused > Levison’s offer. It wanted the keys to everything, so he gave it nothing. > > Levison will be back in court on Friday to file his opening brief with the > Fourth Circuit. The brief is Levison’s principal opportunity to make his > arguments. Levison may appeal the orders on a technological basis, and > argue > that the pen-register order did not require the surrender of the S.S.L. > keys. > Or he may appeal on a broader constitutional basis, and push the Fourth > Circuit to evaluate the legality of back-door Internet-surveillance > programs. > On November 4th, the United States will file its response brief, after > which > oral arguments will follow. Due to the case’s sensitivity, the court may > hold > the arguments in secret. The United States and the court are waiting for > Levison’s brief, which could break one of at least two ways. > > When this is all over, he plans to reopen Lavabit, if possible, in the > United > States; he intends to stay in the country no matter what. If Lavabit can’t > operate securely in the U.S., he intends to hand off the project to someone > in a country with more sympathetic laws, such as Iceland or Switzerland. In > the meantime, he is beginning to think about the grander, harder project of > creating a replacement for e-mail that can be truly secure and easy to use, > although he’s not ready to say anything substantive about the project. With > the muzzle largely removed, he is now reluctantly engaging in a media > blitz, > both to raise money for his legal defense through Rally.org and to boost > awareness of the grim nature of the surveillance state. When asked what he > was doing differently with his computing habits to protect his > communications, Levison offered an answer that’s becoming all too familiar > from people of his ilk: he wanted to keep it at least some of it a secret. > > Michael Phillips is an associate at a Wall Street litigation firm. Matt > Buchanan is the editor of Elements. > > Photograph by Mauricio Alejo. > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > [email protected] <javascript:;>.
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
