Menu
Lavabit to have its day in federal appeals court

Lavabit to have its day in federal appeals court

The now defunct secure email service is standing up for the right to protect encrypted communications

Lavabit, the private email service that shut down last year after a court order called for its private SSL (secure socket layer) keys, will make its case Tuesday before a U.S. federal appeals court.

Although tangentially related to former NSA contractor Edward Snowden's activities, the case could eventually affect all Web service providers, such as Google or Facebook, in that it could set precedents for the legal scope that law enforcement agencies will have over those holding the keys to encrypted data.

"This case is about protecting the encryption architecture that underwrites the security of the Internet," said Brian Hauss, a legal fellow for the American Civil Liberties Union (ACLU). "That architecture depends on SSL encryption and SSL encryption depends on the continued privacy of the private keys of the companies that use that encryption."

Before the 4th U.S. Circuit Court of Appeals in Richmond, Virginia, lawyers for the now defunct email service will argue that the government electronic wiretap orders that Lavabit received -- orders that spurred the company to shutter operations -- were far too broad, and jeopardized the Fourth Amendment right to privacy of its users.

Snowden reportedly used the Lavabit email service just after he exposed the first of what would become many confidential National Security Agency (NSA) documents.

Lavabit was founded by Ladar Levison, who set the operation up as an encrypted email service. By 2013, it had attracted over 400,000 users.

Just after Snowden had fled the U.S. in June 2013, the FBI produced a court order demanding from Lavabit metadata about a single account, presumably Snowden's, although many of the early records dealing with the case remain under a court seal. The order cited a 1994 amendment to the Stored Communications Act that allows federal law enforcement agencies to traffic data without a search warrant.

Soon after, the U.S. Federal Bureau of Investigation obtained another "pen register order" allowing for a "pen trap" to collect all routing data for the individual. A pen trap records all routing, addressing or signalling information between electronic communications, in this case email.

Lavabit agreed to the pen trap, but refused to turn over to the government its SSL keys that would allow the law enforcement agency to decrypt the communications in real time. Lavabit's SSL keys worked for all of Lavabit's users, not just the one user under scrutiny. By handing over its private SSL keys, Lavabit would be making all of its users' email open to the government.

Lavabit offered to develop a work-around that would capture only the email of the person under scrutiny. The FBI declined Lavabit's proposal, however, and the company was held in contempt of court for not handing over the keys in a timely fashion.

By August, Lavabit had capitulated and handed over the keys. Shortly after, Levison shuttered the service. Levison had argued that by nature of its business, a secure email service can't host a surreptitious government pen trap. Doing so betrays the entire service it is offering to its customers.

Although both parties are expected to focus on procedural and technical considerations, the appeal will also raise many far-reaching questions about how much access law enforcement agencies should be allowed in their investigations.

Court orders that call for a company's SSL keys in order to pursue a single suspect are far too broad and could chill free speech, some argue.

"If, in the name of criminal law, we violate the privacy of an entire swath of innocent people, we risk violating some of the necessary rights of citizens to keep our democracy healthy," said Aris Michalopoulos, co-founder of the Empeopled social networking site. Empeopled filed a brief in support of Lavabit in the case.

As the law currently stands in relation to electronic services, "people aren't able to speak freely, without looking over their shoulder, and worrying that somebody is listening," Michalopoulos said.

Already the actions of law enforcement agencies have left other companies wary of offering similar secure email services.

For instance, Silent Circle, a communications provider co-founded by PGP inventor Phil Zimmermann, shut its encrypted email service in August, citing how the government's actions in the Lavabit case would make such services impossible to run.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesLavabitMaillegalinternetcybercrime

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments