Lavabit Founder Ladar Levison Discusses His Federal Battle for Privacy

Last night, Lavabit founder Ladar Levison sat down for an interview and Q&A in front of the North American Network Operators Group (NANOG). After introducing himself by saying, "I'm Ladar, and I'm a nerd," Levison very candidly spoke about the origins of Lavabit—"an email service by geeks for geeks"—and the contempt case over his refusal to hand over Lavabit's SSL keys to the FBI in the Edward Snowden investigation.

Levison said he was inspired to create Lavabit after seeing internet service providers being served national security letters (NSLs). These letters are subpoena-like orders relating to national security that were originally accompanied by gag orders, which were ultimately found unconstitutional. Lavabit would therefore be an email service that didn't store metadata, and took the extra step of encrypting user emails before they were stored to disk. He also decided not to pursue venture capital in expanding Lavabit, allowing him to chart his own philosophical and ethical course.

"Effectively what the government said is that, 'We have this law on the books called the pen, trap and chase law, that allows us to monitor a service provider and collect meta information: who a person is emailing, when they're logging in, and from where'," said Levison early in the conversation. "Now, in most cases email services write that data out to log files and have it ready and available to hand over. I didn't. So what the government decided to do was demand my SSL keys, crack open that encryption, and collect the information themselves."

Levison said that the government wouldn't allow him to modify the software to collect the information on the user in question (Snowden). He also noted that the FBI investigators wouldn't give him any assurances that they would only collect meta information. They told Levison that they would be collecting passwords and content, even though they weren't legally authorized to do this.

The second time Levison met with an FBI agent, he was told that a warrant arrived via the agent's BlackBerry—a pen, trap and trace order that was also forwarded to Levison's email. The agent says that the warrant gave him the authority to collect meta information, passwords, content, and SSL keys, though key access wasn't spelled out in the order.

"Of course, my answer was, 'I think I need to consult an attorney because I've never heard of the FBI coming along and demanding the private keys of a business before," said Levison. And when he checked his email after the meeting, he saw the pen, trap and trace order, as well an order to compel, which was sent after Levison refused to hand over SSL keys.

Soon after, Levison was ordered to appear in a Virginia court, then hit with a subpoena explicitly demanding the SSL keys. The subpoena also required that Levison present the keys in front of a grand jury. And, of course, he was compelled not to speak about any aspect of his part in the government's investigation.

"It hit me: our government has gotten smart. If they're going to break the rules and violate the constitution, they've realized that all they have to do is make it illegal for anybody who knows about it to tell anybody," said Levison. "That way, if anybody says, 'Hey, you're violating the constitution and breaking the law,' they go to jail."

Ultimately, Levison turned over the SSL keys, but did so by printing them off on paper in small, difficult to read font. Apparently he did this to give himself time to get back to Dallas and shut down the service while the feds were decrypting the keys. But, the government said the text was illegible and hit him with $10,000 in fines first, so he shut down the service.

"I understand the need for keeping the names of the people under investigation a secret," said Levison. "What I think we need to have a discussion about publicly are the methods that our government is using to conduct surveillance."

Levison referenced a meeting in DC with Department of Justice attorneys after his hearing. He was trying to explain the sacred trust that exists between a service provider and its users. That is, the operator's job is to protect that trust.

"If I allowed them this sort of unrestricted access to my user's information, it would be a violation of that sacred trust. And the lead prosecutor's response was, 'Do you really think your user's trust you more than they trust us?'" said Levison, to laughter in the audience. "I also got into a long explanation of why it was important to unseal the request, because how do you fight in a democratic society to get a law changed that nobody knows exists?"

And, in the perhaps the most impactful part of the talk, Levison states:

If the court says that we basically have to do everything in our power to assist in these investigations, then we can have no secrets. We can't keep these private keys secrets. We can't keep our source codes secret. We could be forced to modify our products and services secretly to allow for government surveillance… We don't know who has been cooperating with the government to conduct investigations; which products have been changed to weaken their security to allow for surveillance. And those companies couldn't tell us.

If I can give everyone here a message it would be that, as a community, we need to make more of an effort to support Diffie-Hellman, because it would at least limit the damage in situations like this. It would limit [the government's] ability to decrypt SSL connections as a third party observer. And it would mean that if you were forced to turn over your keys at some future date, they couldn't retroactively go back and decrypt information. It would effectively force them to do a man in the middle; which, in my case, they would have done but in a lot of other cases they may not be prepared to do.

As ridiculous as Levison's ordeal sounds, American internet users are lucky he took a stand. By fighting to have his court orders unsealed, we can all see how the state uses legal force to break trust between service providers and users. Now that the tactics are better documented, the hope is that other service providers will be able to better mount a defense.