Lavabit Appeal to Set Email Privacy Precedent

Frank C. Müller \ WikimediaFrank C. Müller \ Wikimedia

Secure email provider Lavabit failed to surrender its encryption keys to the government in 2013. It's been paying the price. In what some call a landmark privacy case, the Virginia-based 5th U.S. Circuit Court will decide whether or not Lavabit sufficiently complied with the lower court's orders last year. Three judges listened to opposing arguments Tuesday.

The feds presented a search warrant to the company in the summer 2013, in what many believe was a hunt for the emails of NSA whistle blower Edward Snowden. In response, encrypted email service Lavabit suspended operations in August 2013.

The company faced a tough decision. If Lavabit had relinquished its Secure Sockets Layer (SSL) private keys, it would have provided the government unrestricted access to 400,000 users' communications, not just the one user the FBI was looking for. Since users expected privacy—whether from governments or corporations—making the private key accessible undermines the point of Lavabit's privacy service. Rather than comply with court's orders, Lavabit founder owner Ladar Levison decided to halt Lavabit's operations completely.

Levison told BBC that if he wins the appeal he filed last August, Lavabit could rise from the dead. It would also set a precedent for future privacy communication cases.

Brian Hauss, a legal fellow for the American Civil Liberties Union (ACLU) told BBC News:

Mr Hauss hopes the case can "establish a principle that governments can't use a hammer when it should be using a scalpel".

"If the court does not find in Lavabit's favour, technology companies will look for new ways to protect user data," he added.

But judges seem to disagree about the focal point of the case. PC World explains:

For the proceedings, the judges actively listened to and questioned the arguments of both sides, though they seemed wary of turning the case away from the specifics of why Lavabit did not comply with court orders to turn over data on one of its users, and towards the larger issues that Lavabit raised in its highly publicized defense of what scope the government should have over those parties who hold SSL (secure socket layer) keys to encrypted data.

Last year, U.S. government meddling led to the closure of privacy services like Silent Circle and CryptoSeal. Faced with a government hostile toward privacy services, innovative, secure communication products are opening outside of the United States.

Reason's J.D. Tuccille argued in August:

Unfortunately, the government's position seems to be the same as that of the Mafia: If you're told to do business with the mob, you don't get to decide otherwise.

We'll see if the government continues down that path. A decision could take a few weeks.

Read more on Lavabit here.

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  • SweatingGin||

    I was catching a few rumors that this one wasn't going great. Good reason to have a startup not in the US. And maybe a dead-man's switch, in case you need to revoke the keys.

    Kind of tempting to setup a service for that. Pay a fee. Select a number of methods of communicating that you're still keeping your thing going (twitter post with specific code, emails, maybe another website, posts on those, etc.)

    If you don't check in for x period of time, it issues the revocation certs and sends whatever other things need to be sent.

  • Christophe||

    Revocation is a really shitty thing to have to rely on. It's a good last resort, but it's not reliable enough yet.

  • sarcasmic||

    Mr Hauss hopes the case can "establish a principle that governments can't use a hammer when it should be using a scalpel".

    When your only tool is a hammer...

  • pan fried wylie||

    ...I'da hammer in the morrrrrrrnin,
    I'da hammer in the evennnnnnin...

  • Doctor Whom||

    I'd hammer away justice.
    I'd hammer away freedom.

  • Doctor Whom||

    Fourth Circuit, not Fifth.

  • Fist of Etiquette||

    For the proceedings, the judges actively listened to and questioned the arguments of both sides, though they seemed wary of turning the case away from the specifics of why Lavabit did not comply with court orders to turn over data on one of its users...

    Not a good sign. They needed to find two or three brave judges who understood the Bill of Rights.

  • Aresen||

    Understanding the Bill of Rights is an automatice disqualifier in the judicial nomination process.

  • Cytotoxic||

    This is one of my hopes for the ZEDe cities of Honduras. They can totally become data-privacy hubs.

GET REASON MAGAZINE

Get Reason's print or digital edition before it’s posted online

  • Progressive Puritans: From e-cigs to sex classifieds, the once transgressive left wants to criminalize fun.
  • Port Authoritarians: Chris Christie’s Bridgegate scandal
  • The Menace of Secret Government: Obama’s proposed intelligence reforms don’t safeguard civil liberties

SUBSCRIBE

advertisement