by Mike Masnick
Wed, Sep 25th 2013 1:51pm
by Glyn Moody
Wed, Sep 18th 2013 4:06pm
Lavabit's Levison Now Avoids Email Altogether, Has Turned Into A 'Political Activist' Thanks To The NSA
from the unintended-effects dept
Reporting on comments he made recently at the Privacy Identity Innovation conference in Seattle, AllThingsD has a useful update on what he's doing currently. He says that he is still hopeful that the courts will allow him to re-start Lavabit; but until then, he is taking some rather extreme precautionary measures, avoiding email altogether:
Levison is making use of "the electronic equivalent of a methadone clinic" by messaging people through Facebook, LinkedIn, text and the new encrypted communication service Silent Circle. "I haven't needed a real and valid email address to register for something yet," he said.
It's a little hard to reconcile that understandable concern that the NSA may be eavesdropping with his use of relative insecure services like Facebook, but presumably he knows what he is doing here. Maybe he only conducts relatively trivial conversations using them, saving more serious stuff for Silent Circle, and the really serious stuff for face-to-face meetings.
"Anything that I consider sensitive, I try to talk about it to people in person, with my cellphone off, in an area where I know that nobody’s pointing a parabolic mic at me," Levison said. "If you're fighting the government that's what you need to do."
Levison's thoughts on communications and security are obviously of interest, but the key news that we learn from the AllThingsD piece is the following:
"I've had to switch from becoming a small business owner worrying about making payroll, to overnight becoming a political activist," Levison said.
The following hint of something big to come is intriguing:
Though he had suggested when he shut down Lavabit that he was at imminent risk of arrest, Levison said today he is "less worried" about that now. "What I'm more worried about is what I have planned for the future," he added ominously, then declined to elaborate.
What's significant is that the NSA's attempts to bully Levison into secret obedience have backfired badly, producing the opposite effect: in his own words, he's become a "political activist" -- one, moreover, who is technically savvy and has experience of dealing with the snoops. That makes him a hugely valuable ally for those wishing to bring some transparency and accountability to the US government's surveillance activities -- and an obvious problem for the NSA. No wonder he's worried about being spied upon.
by Mike Masnick
Fri, Aug 16th 2013 3:59pm
from the either-you-help-us-spy-on-people-or-you're-a-criminal dept
... a source familiar with the matter told NBC News that James Trump, a senior litigation counsel in the U.S. attorney’s office in Alexandria, Va., sent an email to Levison's lawyer last Thursday – the day Lavabit was shuttered -- stating that Levison may have "violated the court order," a statement that was interpreted as a possible threat to charge Levison with contempt of court.That same article suggests that the decision to shut down Lavabit was over something much bigger than just looking at one individual's information -- since it appears that Lavabit has cooperated in the past on such cases. Instead, the suggestion now is that the government was seeking a tap on all accounts:
Levison stressed that he has complied with "upwards of two dozen court orders" for information in the past that were targeted at "specific users" and that "I never had a problem with that." But without disclosing details, he suggested that the order he received more recently was markedly different, requiring him to cooperate in broadly based surveillance that would scoop up information about all the users of his service. He likened the demands to a requirement to install a tap on his telephone.It sounds like the feds were asking for a full on backdoor on the system, not unlike some previous reports of ISPs who have received surprise visits from the NSA.
by Mike Masnick
Mon, Aug 12th 2013 11:57am
from the not-your-everyday-search-warrant dept
Either way, given the timing of all of this, it's possible that the shutdown may have not involved Snowden or anything related to the NSA surveillance at all, but is the result of a totally unrelated case. Obviously, at this point, only the government and Levison actually know the details, but it does seem worth noting that the government has targeted Lavabit email addresses in the past. However, according to Levison himself, it seems clear that what they were asking for that made him shut down was quite a bit more involved than an ordinary search warrant. In an interview with Forbes, Levison stated that he's cooperated in the past with government requests, noting that there have been about two dozen over the past decade.
Levison isn’t an privacy absolutist. He has cooperated in the past with government investigations. He says he’s received “two dozen” requests over the last ten years, and in cases where he had information, he would turn over what he had. Sometimes he had nothing; messages deleted from his service are deleted permanently.That certainly suggests that what the government was asking for here wasn't a mere search warrant for existing information associated with an account, but something more involved -- such as a proactive wiretap on all future messages, something that you'd imagine the feds would be interested in on an account of someone such as Snowden.
“I’m not trying to protect people from law enforcement,” he said. “If information is unencrypted and law enforcement has a court order, I hand it over.”
In this case, it is the government’s method that bothers him. “The methods being used to conduct those investigations should not be secret,” he said.
by Mike Masnick
Fri, Aug 9th 2013 5:56am
from the us-government-destroying-american-businesses dept
Given that, it's noteworthy that another secure email provider, Silent Circle, chose to announce its own plans to close down its secure email service hours later. Silent Circle isn't facing the same hidden court orders/government demands, but it recognized that it would likely come some day soon -- and thus it was better to shut down ahead of time, before the government forced it to make the same decision. I'm somewhat surprised that Silent Circle didn't at least give its customers a day or whatever to close out their email, but rather the company flat out destroyed its servers, noting:
"Gone. Can't get it back. Nobody can."The company is still offering other secure tools that feature end-to-end encryption such that there's nothing they can hand over to the government.
If a court orders us to allow them to secretly place surveillance "sniffers" on a specific account, we will fight this order to the highest judicial authority possible. If we lose, we will shut down the business and call it a day. End of story.Still, this kind of thing is showing how these ridiculous surveillance policies from the US government are doing massive harm to US businesses, basically making them either lie to their customers and violate their privacy, or to shut down completely. It's going to drive many, many users to overseas services. Is that really worth it?
by Mike Masnick
Thu, Aug 8th 2013 1:17pm
from the standing-on-principles dept
Apparently there were just over 400,000 email accounts on Lavabit at the time they shut down -- victims of the US government trying to spy on certain email accounts.
My Fellow Users,
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.
What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.
Owner and Operator, Lavabit LLC
It's not difficult to make an educated guess as to what happened. The Feds went to Lavabit demanding access to Ed Snowden's email. Lavabit refused. The feds went to (secret) court and the (secret) court said (in secret) that Lavabit had to turn over the information. And Lavabit's response is noble: it is shutting down and fighting in court, rather than becoming a pawn in this and compromising the trust and reputation its built up over the years. Lavabit also includes a link on their site for a legal defense fund.