Lavabit Details Unsealed: Refused To Hand Over Private SSL Key Despite Court Order & Daily Fines
from the as-expected dept
Initially, Lavabit was sent a pen register order letting the government know every time Ed Snowden logged in (Snowden's name is redacted, but it's clear that this is about him). Lavabit said that it wouldn't defeat its own encryption system, and the court quickly ordered Lavabit to comply:
By July 9, Lavabit still hadn’t defeated its security for the government, and prosecutors asked for a summons to be served for Lavabit, and founder Ladar Levison, to be held in contempt “for its disobedience and resistance to these lawful orders.”Once again, Levison refused to reveal the SSL keys, leading to the $5,000 per day fine imposed by Magistrate Judge Theresa Buchanan. The fines began August 6th. Lavabit shut down on August 8th.
A week later, prosecutors obtained the search warrant demanding “all information necessary to decrypt communications sent to or from the Lavabit email account [redacted] including encryption keys and SSL keys.”
Again, something along those lines was what many people had assumed happened, but now it's been confirmed. Kudos to Levison for standing his ground on this. I know that people in our comments like to insist that every company should act this way, but it's not nearly as easy when its your life's work on the line, and you have the entire US government (including huge monetary fines and the possibility of jail time) coming down on you.