[ExI] How Lavabit Melted Down

[Eugen Leitl]

http://www.newyorker.com/online/blogs/elements/2013/10/how-lavabit-edward-snowden-email-service-melted-down.html

HOW LAVABIT MELTED DOWN

POSTED BY MICHAEL PHILLIPS AND MATT BUCHANAN

On August 8th, Lavabit, newly famous for being the secure e-mail service used
by the National Security Agency whistleblower Edward Snowden, went dark. Its
owner and operator, Ladar Levison, replaced its home page with a message: “I
cannot share my experiences over the last six weeks, even though I have twice
made the appropriate requests.” Levison could write only that he chose to
shut down the company rather than “become complicit in crimes against the
American people,” and he promised to “fight for the Constitution in the
Fourth Circuit Court of Appeals.”

Court-watchers repeatedly checked the Fourth Circuit docket to see whether
Levison would follow through. While the Fourth Circuit kept the appeals
secret and placed them under seal, observers deduced that Levison’s appeals
were the ones numbered 13-4625 and 13-4626. Last week, U.S. District Judge
Claude M. Hilton unsealed a hundred and sixty-two pages of previously secret
documents related to two District Court orders issued against Lavabit, so
that Levison could have a public record of his appeals. These disclosures
fall short of the ideal of open justice, but they do give Levison’s ordeal a
public shape.

They also allow Levison to speak more openly now. This past weekend, in
Manhattan’s Bryant Park, his demeanor was steady, if clearly burdened; he is,
after all, a man who was forced to destroy the business he had spent most of
the past decade building, and who is locked in a legal and philosophical
battle against the United States government.

Levison wore a white, starched collared shirt with thin gold cufflinks; the
afternoon was warm, and sweat, mixed with the gel that fixed his hair in a
slightly spiked coiffure, dotted his forehead. He spoke sternly but
calmly—his tenor lacked the quiet frenzy of, say, Thomas Drake, the N.S.A.
whistleblower, even though most of what he had to say was bad news, if you
value electronic privacy or security. He doesn’t use e-mail on his Android
smartphone, for instance, because neither the software nor the hardware of
any commercial phone can be trusted; carriers and phone makers can push
malware onto the device, he said. Yet his views are far from radical. While
he opposes the bulk collection of domestic communications, he has no such
strong feelings about the N.S.A.’s foreign-surveillance efforts. He is, if
anything, disappointed that the U.S. government would spy on its own citizens
on such a grand scale, and with such impunity, even though Levison’s decision
to build a privacy-oriented e-mail service in the first place, in 2004, was
partly in response to the Patriot Act. Part of Lavabit’s mission, before it
shut down, was that it would “never sacrifice privacy for profits.” One of
its most notable features was that, for paying users, it encrypted e-mail
messages and other files stored on its server so that they could not be read
by third parties without a user’s password.

As the Times reported last week, the unsealed documents reveal that the first
chapter of Levison’s “tangle with law enforcement” began in May—well before
the first Snowden leak of the N.S.A.’s massive database of call logs broke in
June—when an F.B.I. agent left his business card on Levison’s doorstep. On
June 10th, the government secured an order from the Eastern District of
Virginia. The order, issued under the Stored Communications Act, required
Lavabit to turn over to the F.B.I. retrospective information about one
account, widely presumed to be that of Snowden. (The name of the target
remains redacted, and Levison could not divulge it.) The order directed
Lavabit to surrender names and addresses, Internet Protocol and Media Access
Control addresses, the volume of each and every data transfer, the duration
of every “session,” and the “source and destination” of all communications
associated with the account. It also forbade Levison and Lavabit from
discussing the matter with anyone.

Levison now says that while that particular investigation “escalated,” it was
not the only one to land at his doorstep in recent years. He believes that
even if he hadn’t hosted the e-mail account of the target, Lavabit would
eventually have found itself in the position that it’s in now because it
“constitutes a gap” in the government’s intelligence. The broader
implication—as shown by the N.S.A.’s efforts to attack the anonymous Tor
network—is that intelligence agencies will try to crack any service designed
for privacy and used at scale.

On June 28th, the Eastern District Court of Virginia issued another order,
“authorizing the installation and use of a pen register and the use of a trap
and trace device” on all electronic communications being sent from or to the
account. The term “pen register” is a relic of Morse’s telegraph; it refers
to the mechanical pen that recorded the electrical pulses that routed a
telegraph. Today, the term is used to refer to any device or process that
records outgoing routing information, such as phone numbers dialed or e-mail
addresses typed. A “trap and trace device” does the inverse, and records
incoming phone numbers, e-mail addresses, and other connections. A court may
issue this kind of order if the information likely to be captured is
“relevant to an ongoing criminal investigation.” This order also forbade
Lavabit from discussing the matter.

The unsealed documents describe a meeting on June 28th between the F.B.I. and
Levison at Levison’s home in Dallas. There, according to the documents,
Levison told the F.B.I. that he would not comply with the pen-register order
and wanted to speak to an attorney. As the U.S. Attorney for the Eastern
District of Virginia, Neil MacBride, described it, “It was unclear whether
Mr. Levison would not comply with the order because it was technically not
feasible or difficult, or because it was not consistent with his business
practice in providing secure, encrypted e-mail service for his customers.”
The meeting must have gone poorly for the F.B.I. because McBride filed a
motion to compel Lavabit to comply with the pen-register and trap-and-trace
order that very same day.

Magistrate Judge Theresa Carroll Buchanan granted the motion, inserting in
her own handwriting that Lavabit was subject to “the possibility of criminal
contempt of Court” if it failed to comply. When Levison didn’t comply, the
government issued a summons, “United States of America v. Ladar Levison,”
ordering him to explain himself on July 16th. The newly unsealed documents
reveal tense talks between Levison and the F.B.I. in July. Levison wanted
additional assurances that any device installed in the Lavabit system would
capture only narrowly targeted data, and no more. He refused to provide
real-time access to Lavabit data; he refused to go to court unless the
government paid for his travel; and he refused to work with the F.B.I.’s
technology unless the government paid him for “developmental time and
equipment.” He instead offered to write an intercept code for the account’s
metadata—for thirty-five hundred dollars. He asked Judge Hilton whether there
could be “some sort of external audit” to make sure that the government did
not take additional data. (The government plan did not include any oversight
to which Levison would have access, he said.)

Most important, he refused to turn over the S.S.L. encryption keys that
scrambled the messages of Lavabit’s customers, and which prevent third
parties from reading them even if they obtain the messages. The pen-register
order required Levison to permit the F.B.I. to install the pen register and
provide “technical assistance necessary to accomplish the installation.”
Levison argued that the “technical assistance” provision did not require that
he surrender the S.S.L. keys, especially because he was willing to write
intercept code for the information the government desired. Giving up the keys
“would compromise all of the secure communications in and out my network,
including my own administrative traffic,” he told Judge Hilton. The U.S.
Attorney’s Office, for its part, insisted that without the S.S.L. keys, “the
data from the pen register will be meaningless,” an analysis shared by
others. But the pen-register data may not have been “meaningless” if the
government took up Levison’s offer to write his own intercept code.

Prior to the hearing on July 16th, the U.S. Attorney filed a motion for civil
contempt, requesting that Levison be fined a thousand dollars for every day
that he refused to comply with the pen-register order. Earlier in the day,
Hilton issued a search-and-seizure warrant, authorizing law enforcement to
seize from Lavabit “all information necessary to decrypt communications sent
to or from [the account], including encryption keys and SSL keys,” and “all
information necessary to decrypt data stored in or otherwise associated with
[the account].” On July 25th, Lavabit petitioned to cancel the subpoena and
warrant, arguing that if the “government gains access to Lavabit’s Master
Key, it will have unlimited access to not only [the account], but all of the
communications and data stored in each of Lavabit’s 400,000 e-mail accounts.”
Lavabit also asked the court to unseal its records and permit Levison to
speak.

It was the government’s insistence on collecting the S.S.L. keys that most
deeply disturbed Levison, and led to the shutdown of Lavabit. He believes
that not only would the F.B.I. have had unfettered, secret access to the
communications of his four hundred thousand customers—without being required
to give Levison a log of what it accessed—but putting his encryption keys in
the hands of the government would have opened Lavabit to a more profound
exploitation of his service’s communications. Levison worried that if he
turned the keys over to the F.B.I., the N.S.A. would have been able to obtain
them without his knowledge through a Foreign Intelligence Surveillance Act
court order. We know now that the N.S.A. has been systematically cracking
encryption across the Web, and it has built a database of encryption keys
that automatically decode messages; this is dangerous, Levison says, because
it allows the N.S.A. to read encrypted communications as they flow past the
agency’s taps of the broader Internet infrastructure by simply observing
them, leaving no trace of the surveillance, unlike a traditional
“man-in-the-middle” attack. This vulnerability, he insists, is not
sufficiently understood. And, while the Times’s initial reporting indicates
that the N.S.A.’s method of obtaining the keys for its database is “shrouded
in secrecy,” Levison suggests that his case also illustrates one of the ways
in which it collects them: by secretly compelling companies to turn them
over.

The F.B.I., Levison says, “sold its soul” to the N.S.A. to acquire its
technologies and become a “counter-intelligence agency” rather than a
domestic police force. The result is an agency with somewhat stunning
technical capabilities—it was the F.B.I. that used malware to identify users
of the Tor network in the course of its investigation of Freedom Hosting, the
anonymous service provider, an incident that disturbed Levison because it put
legitimate users at risk, even if he doesn’t agree with the illegal content
that Freedom Hosting was allegedly housing. Before the Bureau demanded
Lavabit’s S.S.L. keys, in fact, he was asked “half a dozen times” about any
point in the system where information flowed through unencrypted so that the
F.B.I. could tap it. One result of this newfound expertise, however, is that
Levison believes there is a knowledge gap between the Department of Justice
and law-enforcement agencies; the former did not grasp the implications of
what the F.B.I. was asking for when it demanded his S.S.L. keys. (According
to Levison, the F.B.I. agents who came to his house were surprised that he
hadn’t seen one of the sets of documents that had been e-mailed to him
demanding Lavabit’s information; they pointed to his phone and said he could
look up the information right there. He responded, “You know better than I do
why I don’t have e-mail on my phone.”)

On August 1st, Lavabit’s counsel, Jesse Binnall, reiterated Levison’s
proposal that the government engage Levison to extract the information from
the account himself rather than force him to turn over the S.S.L. keys.

THE COURT: You want to do it in a way that the government has to trust you—
BINNALL: Yes, Your Honor.

THE COURT: —to come up with the right data.

BINNALL: That’s correct, Your Honor.

THE COURT: And you won’t trust the government. So why would the government
trust you?

Ultimately, the court ordered Levison to turn over the encryption key within
twenty-four hours. Had the government taken Levison up on his offer, he may
have provided it with Snowden’s data. Instead, by demanding the keys that
unlocked all of Lavabit, the government provoked Levison to make a last
stand. According to the U.S. Attorney MacBride’s motion for sanctions,

At approximately 1:30 p.m. CDT on August 2, 2013, Mr. Levison gave the F.B.I.
a printout of what he represented to be the encryption keys needed to operate
the pen register. This printout, in what appears to be four-point type,
consists of eleven pages of largely illegible characters. To make use of
these keys, the F.B.I. would have to manually input all two thousand five
hundred and sixty characters, and one incorrect keystroke in this laborious
process would render the F.B.I. collection system incapable of collecting
decrypted data.

The U.S. Attorneys’ office called Lavabit’s lawyer, who responded that
Levison “thinks” he could have an electronic version of the keys produced by
August 5th. Judge Hilton ordered that Levison and Lavabit be fined five
thousand dollars for each day that they did not turn over the
electronic-encryption keys. On August 8th, rather than turning over the
master key, Levison shut down Lavabit. A week later, Levison’s lawyers
announced that they were appealing to Fourth Circuit Court of Appeals, an
announcement that nearly got Levison into further trouble; the appeal was
promptly placed under seal.

Levison believes that when the government was faced with the choice between
getting information that might lead it to its target in a constrained manner
or expanding the reach of its surveillance, it chose the latter. The
documents, and Levison’s comments to us, suggest that although he is a
skeptic, he was willing to work with the government: he offered to write
intercept code himself to capture their target’s metadata, and acknowledged
that the government might have a right to the person’s information. He was
willing to turn that information over, as he did in a case involving child
pornography; Lavabit’s archived site in fact explicitly states that one of
the reasons its most secure services are available to paying customers only
is so that if an account “is used for illegal purposes that money trail can
be used to track down the account owner.” But the government refused
Levison’s offer. It wanted the keys to everything, so he gave it nothing.

Levison will be back in court on Friday to file his opening brief with the
Fourth Circuit. The brief is Levison’s principal opportunity to make his
arguments. Levison may appeal the orders on a technological basis, and argue
that the pen-register order did not require the surrender of the S.S.L. keys.
Or he may appeal on a broader constitutional basis, and push the Fourth
Circuit to evaluate the legality of back-door Internet-surveillance programs.
On November 4th, the United States will file its response brief, after which
oral arguments will follow. Due to the case’s sensitivity, the court may hold
the arguments in secret. The United States and the court are waiting for
Levison’s brief, which could break one of at least two ways.

When this is all over, he plans to reopen Lavabit, if possible, in the United
States; he intends to stay in the country no matter what. If Lavabit can’t
operate securely in the U.S., he intends to hand off the project to someone
in a country with more sympathetic laws, such as Iceland or Switzerland. In
the meantime, he is beginning to think about the grander, harder project of
creating a replacement for e-mail that can be truly secure and easy to use,
although he’s not ready to say anything substantive about the project. With
the muzzle largely removed, he is now reluctantly engaging in a media blitz,
both to raise money for his legal defense through Rally.org and to boost
awareness of the grim nature of the surveillance state. When asked what he
was doing differently with his computing habits to protect his
communications, Levison offered an answer that’s becoming all too familiar
from people of his ilk: he wanted to keep it at least some of it a secret.

Michael Phillips is an associate at a Wall Street litigation firm. Matt
Buchanan is the editor of Elements.

Photograph by Mauricio Alejo.