How Lavabit Melted Down

How Lavabit Melted Down

On August 8th, Lavabit, newly famous for being the secure e-mail service used by the National Security Agency whistleblower Edward Snowden, went dark. Its owner and operator, Ladar Levison, replaced its home page with a message: “I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.” Levison could write only that he chose to shut down the company rather than “become complicit in crimes against the American people,” and he promised to “fight for the Constitution in the Fourth Circuit Court of Appeals.”

Court-watchers repeatedly checked the Fourth Circuit docket to see whether Levison would follow through. While the Fourth Circuit kept the appeals secret and placed them under seal, observers deduced that Levison’s appeals were the ones numbered 13-4625 and 13-4626. Last week, U.S. District Judge Claude M. Hilton unsealed a hundred and sixty-two pages of previously secret documents related to two District Court orders issued against Lavabit, so that Levison could have a public record of his appeals. These disclosures fall short of the ideal of open justice, but they do give Levison’s ordeal a public shape.

They also allow Levison to speak more openly now. This past weekend, in Manhattan’s Bryant Park, his demeanor was steady, if clearly burdened; he is, after all, a man who was forced to destroy the business he had spent most of the past decade building, and who is locked in a legal and philosophical battle against the United States government.

Levison wore a white, starched collared shirt with thin gold cufflinks; the afternoon was warm, and sweat, mixed with the gel that fixed his hair in a slightly spiked coiffure, dotted his forehead. He spoke sternly but calmly—his tenor lacked the quiet frenzy of, say, Thomas Drake, the N.S.A. whistleblower, even though most of what he had to say was bad news, if you value electronic privacy or security. He doesn’t use e-mail on his Android smartphone, for instance, because neither the software nor the hardware of any commercial phone can be trusted; carriers and phone makers can push malware onto the device, he said. Yet his views are far from radical. While he opposes the bulk collection of domestic communications, he has no such strong feelings about the N.S.A.’s foreign-surveillance efforts. He is, if anything, disappointed that the U.S. government would spy on its own citizens on such a grand scale, and with such impunity, even though Levison’s decision to build a privacy-oriented e-mail service in the first place, in 2004, was partly in response to the Patriot Act. Part of Lavabit’s mission, before it shut down, was that it would “never sacrifice privacy for profits.” One of its most notable features was that, for paying users, it encrypted e-mail messages and other files stored on its server so that they could not be read by third parties without a user’s password.

As the Times reported last week, the unsealed documents reveal that the first chapter of Levison’s “tangle with law enforcement” began in May—well before the first Snowden leak of the N.S.A.’s massive database of call logs broke in June—when an F.B.I. agent left his business card on Levison’s doorstep. On June 10th, the government secured an order from the Eastern District of Virginia. The order, issued under the Stored Communications Act, required Lavabit to turn over to the F.B.I. retrospective information about one account, widely presumed to be that of Snowden. (The name of the target remains redacted, and Levison could not divulge it.) The order directed Lavabit to surrender names and addresses, Internet Protocol and Media Access Control addresses, the volume of each and every data transfer, the duration of every “session,” and the “source and destination” of all communications associated with the account. It also forbade Levison and Lavabit from discussing the matter with anyone.

Levison now says that while that particular investigation “escalated,” it was not the only one to land at his doorstep in recent years. He believes that even if he hadn’t hosted the e-mail account of the target, Lavabit would eventually have found itself in the position that it’s in now because it “constitutes a gap” in the government’s intelligence. The broader implication—as shown by the N.S.A.’s efforts to attack the anonymous Tor network—is that intelligence agencies will try to crack any service designed for privacy and used at scale.

On June 28th, the Eastern District Court of Virginia issued another order, “authorizing the installation and use of a pen register and the use of a trap and trace device” on all electronic communications being sent from or to the account. The term “pen register” is a relic of Morse’s telegraph; it refers to the mechanical pen that recorded the electrical pulses that routed a telegraph. Today, the term is used to refer to any device or process that records outgoing routing information, such as phone numbers dialed or e-mail addresses typed. A “trap and trace device” does the inverse, and records incoming phone numbers, e-mail addresses, and other connections. A court may issue this kind of order if the information likely to be captured is “relevant to an ongoing criminal investigation.” This order also forbade Lavabit from discussing the matter.

The unsealed documents describe a meeting on June 28th between the F.B.I. and Levison at Levison’s home in Dallas. There, according to the documents, Levison told the F.B.I. that he would not comply with the pen-register order and wanted to speak to an attorney. As the U.S. Attorney for the Eastern District of Virginia, Neil MacBride, described it, “It was unclear whether Mr. Levison would not comply with the order because it was technically not feasible or difficult, or because it was not consistent with his business practice in providing secure, encrypted e-mail service for his customers.” The meeting must have gone poorly for the F.B.I. because McBride filed a motion to compel Lavabit to comply with the pen-register and trap-and-trace order that very same day.

Magistrate Judge Theresa Carroll Buchanan granted the motion, inserting in her own handwriting that Lavabit was subject to “the possibility of criminal contempt of Court” if it failed to comply. When Levison didn’t comply, the government issued a summons, “United States of America v. Ladar Levison,” ordering him to explain himself on July 16th. The newly unsealed documents reveal tense talks between Levison and the F.B.I. in July. Levison wanted additional assurances that any device installed in the Lavabit system would capture only narrowly targeted data, and no more. He refused to provide real-time access to Lavabit data; he refused to go to court unless the government paid for his travel; and he refused to work with the F.B.I.’s technology unless the government paid him for “developmental time and equipment.” He instead offered to write an intercept code for the account’s metadata—for thirty-five hundred dollars. He asked Judge Hilton whether there could be “some sort of external audit” to make sure that the government did not take additional data. (The government plan did not include any oversight to which Levison would have access, he said.)

Most important, he refused to turn over the S.S.L. encryption keys that scrambled the messages of Lavabit’s customers, and which prevent third parties from reading them even if they obtain the messages. The pen-register order required Levison to permit the F.B.I. to install the pen register and provide “technical assistance necessary to accomplish the installation.” Levison argued that the “technical assistance” provision did not require that he surrender the S.S.L. keys, especially because he was willing to write intercept code for the information the government desired. Giving up the keys “would compromise all of the secure communications in and out my network, including my own administrative traffic,” he told Judge Hilton. The U.S. Attorney’s Office, for its part, insisted that without the S.S.L. keys, “the data from the pen register will be meaningless,” an analysis shared by others. But the pen-register data may not have been “meaningless” if the government took up Levison’s offer to write his own intercept code.

Prior to the hearing on July 16th, the U.S. Attorney filed a motion for civil contempt, requesting that Levison be fined a thousand dollars for every day that he refused to comply with the pen-register order. Earlier in the day, Hilton issued a search-and-seizure warrant, authorizing law enforcement to seize from Lavabit “all information necessary to decrypt communications sent to or from [the account], including encryption keys and SSL keys,” and “all information necessary to decrypt data stored in or otherwise associated with [the account].” On July 25th, Lavabit petitioned to cancel the subpoena and warrant, arguing that if the “government gains access to Lavabit’s Master Key, it will have unlimited access to not only [the account], but all of the communications and data stored in each of Lavabit’s 400,000 e-mail accounts.” Lavabit also asked the court to unseal its records and permit Levison to speak.

It was the government’s insistence on collecting the S.S.L. keys that most deeply disturbed Levison, and led to the shutdown of Lavabit. He believes that not only would the F.B.I. have had unfettered, secret access to the communications of his four hundred thousand customers—without being required to give Levison a log of what it accessed—but putting his encryption keys in the hands of the government would have opened Lavabit to a more profound exploitation of his service’s communications. Levison worried that if he turned the keys over to the F.B.I., the N.S.A. would have been able to obtain them without his knowledge through a Foreign Intelligence Surveillance Act court order. We know now that the N.S.A. has been systematically cracking encryption across the Web, and it has built a database of encryption keys that automatically decode messages; this is dangerous, Levison says, because it allows the N.S.A. to read encrypted communications as they flow past the agency’s taps of the broader Internet infrastructure by simply observing them, leaving no trace of the surveillance, unlike a traditional “man-in-the-middle” attack. This vulnerability, he insists, is not sufficiently understood. And, while the Timess initial reporting indicates that the N.S.A.’s method of obtaining the keys for its database is “shrouded in secrecy,” Levison suggests that his case also illustrates one of the ways in which it collects them: by secretly compelling companies to turn them over.

The F.B.I., Levison says, “sold its soul” to the N.S.A. to acquire its technologies and become a “counter-intelligence agency” rather than a domestic police force. The result is an agency with somewhat stunning technical capabilities—it was the F.B.I. that used malware to identify users of the Tor network in the course of its investigation of Freedom Hosting, the anonymous service provider, an incident that disturbed Levison because it put legitimate users at risk, even if he doesn’t agree with the illegal content that Freedom Hosting was allegedly housing. Before the Bureau demanded Lavabit’s S.S.L. keys, in fact, he was asked “half a dozen times” about any point in the system where information flowed through unencrypted so that the F.B.I. could tap it. One result of this newfound expertise, however, is that Levison believes there is a knowledge gap between the Department of Justice and law-enforcement agencies; the former did not grasp the implications of what the F.B.I. was asking for when it demanded his S.S.L. keys. (According to Levison, the F.B.I. agents who came to his house were surprised that he hadn’t seen one of the sets of documents that had been e-mailed to him demanding Lavabit’s information; they pointed to his phone and said he could look up the information right there. He responded, “You know better than I do why I don’t have e-mail on my phone.”)

On August 1st, Lavabit’s counsel, Jesse Binnall, reiterated Levison’s proposal that the government engage Levison to extract the information from the account himself rather than force him to turn over the S.S.L. keys.

THE COURT: You want to do it in a way that the government has to trust you—

BINNALL: Yes, Your Honor.

THE COURT: —to come up with the right data.

BINNALL: That’s correct, Your Honor.

THE COURT: And you won’t trust the government. So why would the government trust you?

Ultimately, the court ordered Levison to turn over the encryption key within twenty-four hours. Had the government taken Levison up on his offer, he may have provided it with Snowden’s data. Instead, by demanding the keys that unlocked all of Lavabit, the government provoked Levison to make a last stand. According to the U.S. Attorney MacBride’s motion for sanctions,

At approximately 1:30 p.m. CDT on August 2, 2013, Mr. Levison gave the F.B.I. a printout of what he represented to be the encryption keys needed to operate the pen register. This printout, in what appears to be four-point type, consists of eleven pages of largely illegible characters. To make use of these keys, the F.B.I. would have to manually input all two thousand five hundred and sixty characters, and one incorrect keystroke in this laborious process would render the F.B.I. collection system incapable of collecting decrypted data.

The U.S. Attorneys’ office called Lavabit’s lawyer, who responded that Levison “thinks” he could have an electronic version of the keys produced by August 5th. Judge Hilton ordered that Levison and Lavabit be fined five thousand dollars for each day that they did not turn over the electronic-encryption keys. On August 8th, rather than turning over the master key, Levison shut down Lavabit. A week later, Levison’s lawyers announced that they were appealing to Fourth Circuit Court of Appeals, an announcement that nearly got Levison into further trouble; the appeal was promptly placed under seal.

Levison believes that when the government was faced with the choice between getting information that might lead it to its target in a constrained manner or expanding the reach of its surveillance, it chose the latter. The documents, and Levison’s comments to us, suggest that although he is a skeptic, he was willing to work with the government: he offered to write intercept code himself to capture their target’s metadata, and acknowledged that the government might have a right to the person’s information. He was willing to turn that information over, as he did in a case involving child pornography; Lavabit’s archived site in fact explicitly states that one of the reasons its most secure services are available to paying customers only is so that if an account “is used for illegal purposes that money trail can be used to track down the account owner.” But the government refused Levison’s offer. It wanted the keys to everything, so he gave it nothing.

Levison will be back in court on October 10th to file his opening brief with the Fourth Circuit. The brief is Levison’s principal opportunity to make his arguments. Levison may appeal the orders on a technological basis, and argue that the pen-register order did not require the surrender of the S.S.L. keys. Or he may appeal on a broader constitutional basis, and push the Fourth Circuit to evaluate the legality of back-door Internet-surveillance programs. On November 4th, the United States will file its response brief, after which oral arguments will follow. Due to the case’s sensitivity, the court may hold the arguments in secret. The United States and the court are waiting for Levison’s brief, which could break one of at least two ways.

When this is all over, he plans to reopen Lavabit, if possible, in the United States; he intends to stay in the country no matter what. If Lavabit can’t operate securely in the U.S., he intends to hand off the project to someone in a country with more sympathetic laws, such as Iceland or Switzerland. In the meantime, he is beginning to think about the grander, harder project of creating a replacement for e-mail that can be truly secure and easy to use, although he’s not ready to say anything substantive about the project. With the muzzle largely removed, he is now reluctantly engaging in a media blitz, both to raise money for his legal defense through Rally.org and to boost awareness of the grim nature of the surveillance state. When asked what he was doing differently with his computing habits to protect his communications, Levison offered an answer that’s becoming all too familiar from people of his ilk: he wanted to keep it at least some of it a secret.

Michael Phillips is an associate at a Wall Street litigation firm. Matt Buchanan is the editor of Elements.

Photograph by Mauricio Alejo.