Thursday, October 03, 2013

E-Mail Service Shut Down Rather Than Turn Over Control to the Federal Government

October 2, 2013

As F.B.I. Pursued Snowden, an E-Mail Service Stood Firm

By NICOLE PERLROTH and SCOTT SHANE
New York Times

DALLAS — One day last May, Ladar Levison returned home to find an F.B.I. agent’s business card on his Dallas doorstep. So began a four-month tangle with law enforcement officials that would end with Mr. Levison’s shutting the business he had spent a decade building and becoming an unlikely hero of privacy advocates in their escalating battle with the government over Internet security.

Prosecutors, it turned out, were pursuing a notable user of Lavabit, Mr. Levison’s secure e-mail service: Edward J. Snowden, the former National Security Agency contractor who leaked classified documents that have put the intelligence agency under sharp scrutiny. Mr. Levison was willing to allow investigators with a court order to tap Mr. Snowden’s e-mail account; he had complied with similar narrowly targeted requests involving other customers about two dozen times.

But they wanted more, he said: the passwords, encryption keys and computer code that would essentially allow the government untrammeled access to the protected messages of all his customers. That, he said, was too much.

“You don’t need to bug an entire city to bug one guy’s phone calls,” Mr. Levison, 32, said in a recent interview. “In my case, they wanted to break open the entire box just to get to one connection.”

On Aug. 8, Mr. Levison closed Lavabit rather than, in his view, betray his promise of secure e-mail to his customers. The move, which he explained in a letter on his Web site, drew fervent support from civil libertarians but was seen by prosecutors as an act of defiance that fell just short of a crime.

The full story of what happened to Mr. Levison since May has not previously been told, in part because he was subject to a court’s gag order. But on Wednesday, a federal judge unsealed documents in the case, allowing the tech entrepreneur to speak candidly for the first time about his experiences. He had been summoned to testify to a grand jury in Virginia; forbidden to discuss his case; held in contempt of court and fined $10,000 for handing over his private encryption keys on paper and not in digital form; and, finally, threatened with arrest for saying too much when he shuttered his business.

Spokesmen for the Justice Department and the F.B.I. said they had no comment beyond what was in the documents.

Mr. Levison’s battle to preserve his customers’ privacy comes at a time when Mr. Snowden’s disclosures have ignited a national debate about the proper limits of surveillance and government intrusion into American Internet companies that promise users that their digital communications are secure.

Much of the attention has been focused on Internet giants like Microsoft and Google. Lavabit, with just two employees and perhaps 40,000 regular users, was a midget by comparison, but its size and Mr. Levison’s personal pledge of security made it attractive to tech-savvy users like Mr. Snowden.

While Mr. Levison’s struggles have been with the F.B.I., hovering in the background is the N.S.A., which has worked secretly for years to undermine or bypass encrypted services like Lavabit so that their electronic message scrambling cannot obstruct the agency’s spying. Earlier in September, The New York Times, ProPublica and The Guardian wrote about the N.S.A.’s campaign to weaken encryption. Mr. Levison’s case shows how law enforcement officials can use legal tools to pry open messages, no matter how well protected.

Mr. Levison said he set up Lavabit to make it impossible for outsiders, whether governments or hackers, to spy on users’ communications. He followed the government’s own secure coding guidelines, based on the N.S.A.’s technical guidance, and engineered his systems so as not to log user communications. That way, even if he received a subpoena for a user’s communications, he would not be able to gain access to them. For added measure, he gave customers the option to pay extra to encrypt their e-mail and passwords.

Mr. Levison, who studied politics and computer science at Southern Methodist University, started Lavabit in April 2004, the same month Google rolled out Gmail. To pay his bills, he worked as a Web consultant, helping develop Web sites for major brands like Dr Pepper, Nokia and Adidas. But by 2010, the e-mail service had attracted enough paying customers to allow Mr. Levison to turn to Lavabit full time.

On occasion, he was asked to comply with government requests for specific e-mail accounts, including that of a child pornography suspect in Maryland this year. Mr. Levison said he had no qualms about cooperating with such demands, but the latest request was far broader, apparently to allow investigators to track Mr. Snowden’s whereabouts and associates. When Mr. Levison called the F.B.I. agent who had left the business card, the agent seemed interested in learning how Lavabit worked and what tools would be necessary to eavesdrop on an encrypted e-mail account.

The agent did not mention at first who the government was pursuing, and Mr. Levison will not name the targets of the government’s investigation. The name was redacted from the court order unsealed Wednesday, but the offenses listed are violations of the Espionage Act, and the timing of the government’s case coincides with its leak investigation into Mr. Snowden, which began in May when he fled Hawaii for Hong Kong carrying laptops containing thousands of classified documents.

By then, Mr. Snowden’s Lavabit e-mail address was already public. He had listed his personal Lavabit e-mail address in January 2010, and was still using a Lavabit address this July, when he summoned reporters to a news conference at the Moscow airport.

That e-mail invitation proved to be an unintended endorsement for Lavabit’s security. Before that, Mr. Levison said that, on average, Lavabit was signing up 200 new users daily. In the days after Mr. Snowden’s e-mail, more than 4,000 new customers joined each day.

But a month before the news conference, court documents show, Mr. Levison had already received a subpoena for Mr. Snowden’s encrypted e-mail account. The government was particularly interested in his e-mail metadata — with whom Mr. Snowden was communicating, when and from where. The order, from the Federal District Court in Alexandria, Va., required Mr. Levison to log Mr. Snowden’s account information and provide the F.B.I. with “technical assistance,” which agents told him meant handing over the private encryption keys, technically called SSL certificates, that unlock communications for all users, he said.

“It was the equivalent of asking Coca-Cola to hand over its secret formula,” Mr. Levison said.

By July, he said, he had 410,000 registered users. Similar services like Hushmail, a Canadian encrypted e-mail service, had lost users in 2007 after court documents revealed that the company had handed 12 CDs’ worth of decoded e-mails from three Hushmail accounts to American law enforcement officials through a mutual assistance treaty.

“The whole concept of the Internet was built on the idea that companies can keep their own keys,” Mr. Levison said. He told the agents that he would need their request for his encryption keys in writing.

A redacted version of that request, which was among the 23 documents that were unsealed, shows that the court issued an order July 16 for Lavabit’s encryption keys. Prosecutors said they had no intention of collecting any information on Lavabit’s 400,000 other customers. “There’s no agents looking through the 400,000 other bits of information, customers, whatever,” Jim Trump, one of the prosecutors, said at a closed Aug. 1 hearing.

But Mr. Levison said he spent much of the following day thinking of a compromise. He would log the target’s communications, unscramble them with the encryption keys and upload them to a government server once a day. The F.B.I. told him that was not enough. It needed his target’s communications “in real time,” he said.

“How as a small business do you hire the lawyers to appeal this and change public opinion to get the laws changed when Congress doesn’t even know what is going on?” Mr. Levison said.

When it was clear Mr. Levison had no choice but to comply, he devised a way to obey the order but make the government’s intrusion more arduous. On Aug 2, he infuriated agents by printing the encryption keys — long strings of seemingly random numbers — on paper in a font he believed would be hard to scan and turn into a usable digital format. Indeed, prosecutors described the file as “largely illegible.”

On Aug. 5, Judge Claude M. Hilton ordered a $5,000-a-day fine until Mr. Levison produced the keys in electronic form. Mr. Levison’s lawyer, Jesse R. Binnall, appealed both the order to turn over the keys and the fine.

After two days, Mr. Levison gave in, turning over the digital keys — and simultaneously closing his e-mail service, apologizing to customers on his site. That double maneuver, a prosecutor later told his lawyer, fell just short of a criminal act.

He hopes to resurrect the business he spent a decade building. “This wasn’t about one person,” Mr. Levison said. “This was about the lengths our government was willing to go to conduct Internet surveillance on one person.”

1 comment: