Policy

Lavabit Appeal to Set Email Privacy Precedent

|

Frank C. Müller \ Wikimedia

Secure email provider Lavabit failed to surrender its encryption keys to the government in 2013. It's been paying the price. In what some call a landmark privacy case, the Virginia-based 5th U.S. Circuit Court will decide whether or not Lavabit sufficiently complied with the lower court's orders last year. Three judges listened to opposing arguments Tuesday.

The feds presented a search warrant to the company in the summer 2013, in what many believe was a hunt for the emails of NSA whistle blower Edward Snowden. In response, encrypted email service Lavabit suspended operations in August 2013.

The company faced a tough decision. If Lavabit had relinquished its Secure Sockets Layer (SSL) private keys, it would have provided the government unrestricted access to 400,000 users' communications, not just the one user the FBI was looking for. Since users expected privacy—whether from governments or corporations—making the private key accessible undermines the point of Lavabit's privacy service. Rather than comply with court's orders, Lavabit founder owner Ladar Levison decided to halt Lavabit's operations completely.

Levison told BBC that if he wins the appeal he filed last August, Lavabit could rise from the dead. It would also set a precedent for future privacy communication cases.

Brian Hauss, a legal fellow for the American Civil Liberties Union (ACLU) told BBC News:

Mr Hauss hopes the case can "establish a principle that governments can't use a hammer when it should be using a scalpel".

"If the court does not find in Lavabit's favour, technology companies will look for new ways to protect user data," he added.

But judges seem to disagree about the focal point of the case. PC World explains:

For the proceedings, the judges actively listened to and questioned the arguments of both sides, though they seemed wary of turning the case away from the specifics of why Lavabit did not comply with court orders to turn over data on one of its users, and towards the larger issues that Lavabit raised in its highly publicized defense of what scope the government should have over those parties who hold SSL (secure socket layer) keys to encrypted data.

Last year, U.S. government meddling led to the closure of privacy services like Silent Circle and CryptoSeal. Faced with a government hostile toward privacy services, innovative, secure communication products are opening outside of the United States.

Reason's J.D. Tuccille argued in August:

Unfortunately, the government's position seems to be the same as that of the Mafia: If you're told to do business with the mob, you don't get to decide otherwise.

We'll see if the government continues down that path. A decision could take a few weeks.

Read more on Lavabit here.