The homepage of Lavabit.com was changed Thursday to a letter from
the company’s owner announcing that the site’s operations have
ceased following a six-week long ordeal that is prompting the
company to take legal action in the Fourth Circuit Court of
Appeals.
Now in the midst of an escalating fight from the federal
government aimed at cracking down on encrypted communications,
one of the last free and secure services has thrown in the towel
under mysterious circumstances.
“I have been forced to make a difficult decision: to become
complicit in crimes against the American people or walk away from
nearly ten years of hard work by shutting down Lavabit. After
significant soul searching, I have decided to suspend
operations,” owner and operator Ladar Levison of Dallas,
Texas wrote in the statement. “I wish that I could legally
share with you the events that led to my decision. I cannot.”
“I feel you deserve to know what’s going on–the First
Amendment is supposed to guarantee me the freedom to speak out in
situations like this. Unfortunately, Congress has passed laws
that say otherwise,” wrote Levison. “As things currently
stand, I cannot share my experiences over the last six weeks,
even though I have twice made the appropriate requests.”
Levison’s statement comes two months after Snowden, a former
analyst at intelligence contractor Booz Allen Hamilton, revealed
himself to be the source of leaked NSA documents disclosing vast
surveillance programs operated by the United States government. A
month later, the Global Post published an article in which a
Lavabit.com email address thought registered to Snowden was
revealed.
Global Post wrote on July 12 that the
Sheremetyevo Airport press conference hosted by Snowden later
that day was announced in an invitation sent to human rights
groups by the email address “edsnowden[at]lavabit.com” and signed
by “Edward Joseph Snowden.” Washington Post foreign affairs
blogger Max Fisher and Guardian journalist Glenn Greenwald have
both since reported Lavabit as being the provider of Mr.
Snowden’s email needs.
During a question-and-answer session hosted by the Guardian last
month, Snowden wrote, “Encryption works. Properly implemented
strong crypto systems are one of the few things that you can rely
on.”
Although Lavabit’s website is now almost entirely inaccessible, a
cached version hosted by Google provides background on why and
how the service provided highly secure encryption to its users.
“In an era where Microsoft and Yahoo’s e-mail services sell
access past their spam filters, Google profiles user’s inboxes
for targeted advertising, and AT&T allows the government to
tap phone calls without a court warrant; we decided to take a
stand,” one page reads. “Lavabit has developed a system so
secure that it prevents everyone, including us, from reading the
e-mail of the people that use it.”
By combining three different encryption schemes with Elliptical
Curve Cryptography, Lavabit provided a service purposely
developed to provide protection against government surveillance.
“The result is that once a message is stored on our servers in
this fashion, it can’t be recovered without knowing a user’s
password. This provides a priceless level of security,
particularly for customers that use e-mail to exchange sensitive
information,” the company wrote.
“The key element of the PATRIOT Act is that it allows the FBI
to issue National Security Letters (NSLs). NSLs are used to force
an Internet Service Provider, like Lavabit, to surrender all
private information related to a particular user. The problem is
that NSLs come without the oversight of a court and can be issued
in secret. Issuing an NSL in secret effectively denies the
accused an opportunity to defend himself in court. Fortunately,
the courts ruled NSLs unconstitutional in 2005; but not before
illustrating the need for a technological guarantee of
privacy,” one cache’s page reads.
“Lavabit believes that a civil society depends on the open,
free and private flow of ideas. The type of monitoring promoted
by the PATRIOT Act restricts that flow of ideas because it
intimidates those afraid of retaliation. To counteract this
chilling effect, Lavabit developed its secure e-mail platform. We
feel e-mail has evolved into a critical channel for the
communication of ideas in a healthy democracy. It’s precisely
because of e-mail’s importance that we strive so hard to protect
private e-mails from eavesdropping.”
Lavabit noted that brute force attacks could theoretically allow
a third-party to see password-protected emails, “However in
practice, the key lengths Lavabit has chosen equal enough
possible inputs that a brute-force attack shouldn’t be feasible
for a long time to come.”
According to Snowden’s Q-and-A on the Guardian last month,
generally speaking, “endpoint security is so terrifically weak
that NSA can frequently find ways around it.”
Now as Levison and crew prepare for a fight in appeals court, he
suggests very few are safe from having even secure emails stolen
by the US government.
“This experience has taught me one very important lesson:
without congressional action or a strong judicial precedent, I
would _strongly_ recommend against anyone trusting their private
data to a company with physical ties to the United States,”
he says in the statement.
On a since removed page from Lavabit.com, the company once wrote,
“Like insurance, we hope our secure e-mail platform is
something you’ll never need. However, should the issue ever
arise, like insurance, you’ll be glad you have it.”
Earlier this year, Federal Bureau of Investigation general
counsel Andrew Weismann said the Justice Department wants to be
able to decrypt all messages sent over the Internet in real
time by the end of 2014.
“The problem with not having [that ability in America] is that
we’re making the ability to intercept communications with a court
order increasingly obsolete,” Weissman added. “Those
communications are being used for criminal conversations, by
definition…and so this huge legal apparatus that many of you know
about to prevent crimes, to prevent terrorist attacks is becoming
increasingly hampered and increasingly marginalized the more we
have technology that is not covered” through current law.
According to a cache’s page of the company history, Lavabit began
in 2004 and most recently handled service for upwards of 60,000
individuals at a rate of around 200,000 emails a day.
“How many Lavabit users have just been impacted by the hand of
attempted government oppression in secret?” security
researcher Jacob Appelbaum tweeted on Thursday. “The path
chosen by Lavabit is an honorable choice. It is also horrible
that they must now ruin their company to try to keep their
integrity.”
Representatives from Lavabit did not immediately return requests
for comment.
Republished from: RT