When the encrypted e-mail service reportedly used by NSA leaker Edward Snowden suddenly closed its doors in August, its founder mysteriously said he'd "been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit."
Ladar Levison couldn't provide further info, he said, because "Congress has passed laws that say otherwise." On Wednesday, however, the mystery was solved.
Drawing from newly unsealed court records, Wired's Kevin Poulsen reports that the FBI had, in its desire to trace a single Lavabit user, and in the face of resistance from the company on that score, obtained a search warrant demanding that Levison turn over the keys to the encryption that protected data for all the service's users.
"The privacy of...Lavabit's users are at stake," a Lavabit attorney told a judge during a closed-door hearing, Poulsen reports. "We're not simply speaking of the target of this investigation. We're talking about over 400,000 individuals and entities that are users of Lavabit who use this service because they believe their communications are secure. By handing over the keys, the encryption keys in this case, they necessarily become less secure."
The news comes amid scrutiny of the methods used by the US intelligence and law enforcement community, which, critics say, has run roughshod over privacy rights and the Constitution in the name of national security. A series of revelations about those methods -- which include the National Security Agency's collecting of data about every call made in the United States -- has followed former NSA contractor Snowden's passing of internal documents to journalists.
In outlining the more than 150 pages of newly unsealed court papers regarding Lavabit, Poulsen reports that Levison resisted an earlier "pen register" order requiring the e-mail provider "to record, and provide the government with, the connection information on one of its users every time that user logged in to check his e-mail."
Levison was threatened with criminal contempt and the possibility of jail time when, the court papers say, Lavabit "indicated that [it] had the technical capability to decrypt the information, but that Lavabit did not want to 'defeat [its] own system.'"
That's when the FBI obtained the search warrant calling for, the papers say, "all information necessary to decrypt communications sent to or from the Lavabit e-mail account [redacted] including encryption keys and SSL keys."
As noted, the unsealed documents are redacted, or blacked out in places, and they don't name Snowden as the object of the FBI's investigation. But Poulsen points out that the papers list violations of the Espionage Act and theft of government property as the offenses being looked into, and that these are the offenses with which Snowden has been charged.
After the issuing of the overall decryption warrant, Levison was reportedly willing to comply with the original pen register order, but the government had become impatient and insisted the privacy of Lavabit's other users would not be an issue.
"While the metadata stream would be captured by a device," it argued, "the device does not download, does not store, no one looks at it. It filters everything...and we get what we're required to get under the order...So there's no agents looking through the 400,000 other bits of information, customers, whatever."
That was enough for the judge, but Levison wasn't done with his refusal to cooperate. In response to the demand for the encryption keys, he provided an 11-page printout in tiny type.
"To make use of these keys, the FBI would have to manually input all 2,560 characters," the government responded, "and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data."
After an order from the judge for Levison to provide the electronic keys -- with a $5,000-a-day fine until he did so -- Levison shuttered Lavabit. He was quickly followed in his decision by another provider of encrypted e-mail, Silent Circle.
"Where the government would hypothetically cross the line is to violate the privacy of all of my users," Levison told CNET during an interview the day after he closed Lavabit. "This is not about protecting a single person or persons, it's about protecting all my users. What level of access to this nation does the government have?"
The government, on the other hand, said during the back and forth over the encryption keys that Levison "had every opportunity to propose solutions to come up with ways to address his concerns and he simply hasn't."
You can read Poulsen's piece in its entirety, along with the newly released court papers, here.
Levison has been ordered by the court not to reveal who the FBI's target is, and he's currently engaged in an appeal regarding the FBI warrants.