DOJ: 'Locking its front gate' doesn't let Lavabit off the hook for search warrants

Filed Under: Cryptography, Featured, Law & order

Lavabit logoYou can't get out of cooperating with government-ordered electronic surveillance by shutting down, any more than a business can stop police from executing a search warrant by locking its front gate, the US Department of Justice (DOJ) tutted at Lavabit on Tuesday.

Here's what the DOJ said on Tuesday, in a filing in an appeal by Lavabit (posted courtesy of Lawfareblog.com):

Just as a business cannot prevent the execution of a search warrant by locking its front gate, an electronic communications service provider cannot thwart court-ordered electronic surveillance by refusing to provide necessary information about its systems.

Lavabit, the former encrypted email provider to National Security Agency (NSA) secret-leaker Edward Snowden, shuttered its service in August following court orders demanding metadata about an unnamed user who just about everybody assumes was Snowden.

After much wrangling, founder Ladar Levison eventually gave the government Lavabit's crytopgraphic key in digital form, after having first printed out and handed over a copy of the key in 4-point type that left the government's judge none too pleased.

As soon as Levison gave the government the encryption key to unlock metadata on their target's email, he turned around and shut everything down.

That meant that even though the government had the key, there was nothing to open with it - including the founder's own email account, given that, as they say, he ate his own dog food.

Lavabit's suicide has pleased the government about as much as being given an encryption key it can't read without a microscope.

Which is, likely, why the government's brief sounds a tad prickly.

In the document, the DOJ says that Lavabit is wrong, wrong, wrong about everything, including:

  • Feeding them encryption keys printed in teensy weensy ant-sized type,
  • The notion that the company only had to help agents install a pen/trap device to monitor communications without actually helping them to decipher anything the device snooped on, and
  • Nuking the whole shebang to prevent the government from using the encryption key Lavabit eventually coughed up (in non-teensy weensy, usable form).

The DOJ also countered Lavabit's assertion that handing over the encryption key would enable the government to snoop on all users' encrypted email.

Well of course the government wouldn't do that, the DOJ said. That would be illegal!

To wit:

That other information not subject to the warrant was encrypted using the same set of keys is irrelevant; the only user data the court permitted the government to obtain was the data described in the pen/trap order and the search warrant. All other data would be filtered electronically, without reaching any human eye.

The DOJ also dismissed Lavabit's argument that disclosing its encryption key was not what one does if one advertises its service as being encrypted:

Lavabit’s belief that the orders here compelled a disclosure that was inconsistent with Lavabit’s "business model" makes no difference. Marketing a business as "secure" does not give one license to ignore a District Court of the United States.

In sum, an exasperated-sounding court has said that, no, of course you are NOT allowed to NOT do what a court orders you to do.

Granted, it's not breaking news at 11.

But readers will hopefully pardon journalists and security cognoscenti for keeping an eye out on the various strategies that internet service providers take to deal with government demands in these surveillance-happy times, be it Facebook patenting an easier way to pass data to the government or Lavabit's Levison slipping out the back door when agents tried to serve him with a subpoena.

Literally. He was spotted exiting through his home's rear door.

I suggest reading the court document - his evasive maneuvers are impressive, be they legalistic, business-oriented or corporeal.

What do you think? Should the Lavabit founder's civil disobedience tactics be applauded, or given the thumbs down?

Please let us know your thoughts in the comments section below.

, , ,

You might like

23 Responses to DOJ: 'Locking its front gate' doesn't let Lavabit off the hook for search warrants

  1. Stephen H · 313 days ago

    The DoJ is enjoying this role of evil overlord, methinks. A guy can't choose not to run his business instead of being co-opted into spying on all his customers? (No, I don't trust anyone who says "of course we wouldn't look at the other stuff" - especially when they've already been caught so many times).

    He didn't impede their work, he did what he should have. In fact, he was required to report to his certificate-issuing authority that his certificate had been compromised, and the feds wouldn't even allow that. There is no point in a security infrastructure if it's only secure for SOME of us.

    Seriously, what does the DoJ want? And what does it expect companies in other jurisdictions to do if faced with similar demands? This whole thing is beyond a joke, and Lavar Levison should be entitled to compensation for the mess he's been put through by his own government.

    • Glenn · 311 days ago

      It shouldn't, but it amazes me that neither the courts or the executive branch (DOJ) seems to question the constitutionality of any of this. Their actions may well be "legal," but if they are, that legality is predicated on an unconstitutional redefinition of the right to privacy.

  2. Anders Andersson · 313 days ago

    The Lavabit founder's civil disobedience tactics should be applauded

  3. Robert · 313 days ago

    clap, clap, clap, clap...

  4. Andrew · 313 days ago

    I seriously don't believe any government has a right to do this and the courts should also consider their on positions as some of the data may be their own, do they really want the spies to know everything, I don't think so. Does the words "Official Secrets" mean anything to these people any more or is everyone entitled to know. The more that know the more leaks are possible.

  5. Rob · 313 days ago

    Should be no different then a Confidentiality Agreement between client and attorney. The laws need to reflect this so Govt doesn't spin out of control, as the NSA is already.

    NSA needs to be dismantled, before they know exactly what time we all take a wiz.!!

  6. Esher · 313 days ago

    Applauded. Legal and illegal stopped being synonymous with right and wrong a long time ago.

  7. Rob · 313 days ago

    " Well of course the government wouldn't do that, the DOJ said. That would be illegal! "

    Yeah Right...got it..!!

    ROTFLMAO

  8. ScottK · 313 days ago

    Nothing but applause for this Lavabit.

  9. Freida Gray · 312 days ago

    Maybe the government needs to add something to the "Of course we wouldn't do that.It would be illegal "statement.That something should be..."Besides,we've already done it."

  10. Roger Tobie · 312 days ago

    I think Ladar Levison did the right thing, no doubt about it. It arguably may not be the "legal" thing from the DOJ's point of view. But it seems to me Levison's relationship to his now former users is comparable to Attorney / Client privilege or Doctor / Patient privilege. As to assuring us they are going to only look at the targeted persons email because to do otherwise would be illegal, that is a simple and fatuous lie. They have to look at the other emails meta data at least, if only to see that it is not the target they are seeking. Big Brother is definitely watching us and has been for at least the last twenty years according to other information I have come across. It's just now becoming public knowledge. Remember, "It's for our own good". Yeah, right.

  11. omegapsy · 312 days ago

    I don't even think is is civil disobedience. For one, while his antics can be viewed as such, he has complied with EVERYTHING that the courts ask him to do. Him shutting down the servers was nothing more than keeping his word to ALL Lavabits users in the fact that their data is secure. That is him keeping to his own morals. On top of that, whether they say they wont or not, releasing the keys and giving access to all of the data including his OWN email account could be taken as a protected fifth amendment stance. But that could only work in the instance that he was talking about something through his email that could be used as evidence against himself.

  12. ClaireC · 312 days ago

    DoJ's analogy is false. When a company locks its doors, the police can then knock them down - in other words, they are free to attempt to gain access however best they can. This is actually quite common, and it says "if you don't cooperate. we'll do it anyway".
    But "refusing to provide information" is a demand for cooperation, not merely an order to stand aside while they search. That requires not a warrant, but a much harder-to-get subpoena.
    Furthermore, although they can subpoena someone to provide information, the one subpoenaed can also invoke the 5th amendment and refuse to testify if there is any element of self-incrimination. Since what they are demanding would give access to everyone's diaries, so to speak, there is certainly an element of self-incrimination involved.

  13. viciousaloysius · 312 days ago

    Applauded absolutely.

  14. Gee Wiz · 312 days ago

    He is wrong, the law is the law. What gives him the right to break the law over someone who commits another crime? Do you people who support this guy's antics also support other criminals - tax evaders, domestic abusers, drunk drivers?

    I do not think he should have to put a black box into his network, but he should have to comply with a court order to pull records for specified information. Then, if he wanted to change the way things are done, he should have then fought a case in court.

    Was the NSA right to do what they are doing, no, but it doesn't give others the right to break the law as they see fit.

    • djfiii · 310 days ago

      I Think we all agree that he has violated the law as it is currently interpreted by courts. The point is that the laws need to be modified to address privacy in the digital age; law enforcement is taking advantage of that lack of currency to put their hands on everything.

      It almost always takes people breaking stupid laws before change starts to happen. Would you also suggest that Rosa parks was wrong to refuse to sit in the back of the bus just because that was illegal at the time?

    • Stephen H · 310 days ago

      Lex iniusta non est lex (Latin: An unjust law is no law at all).

      To be more specific, he did not break the law. He did everything that was asked of him, and yet the government demanded more. Had he not shut down the service, his users would have been able to sue him for damages and he would have undermined the security of the web. If a private key is compromised it must be reported - yet he wasn't allowed to. What choices did he have?

      And you suggest that his government was giving him a choice about how to monitor traffic - it wasn't! They were going to grab everything, and then "ignore the bits we don't have a warrant for". And the court thought this was fine?

      Ladar Levison's choice was between total betrayal of his customers, and shutting down the service. He did the right thing, but should not have been placed in that invidious position.

  15. Rick · 312 days ago

    As we all know, the intelligence apparatus is completely out of control and corporate and government fraud is rampant. The DOJ is complicit in this fraud and this whole situation is eveidence that the corporate and government sectors need to be brought back under proper governance with appropriate checks and balances which are clearly missing here

  16. Anonymous · 312 days ago

    This is governmental over-reach at it's finest- and I cannon stand for it.

    A good example of why Americans are a knee jerk, slippery slope, civil liberty lovin' group.

    We right wingers shoot ourselves in the foot.

    We have a history of not being able to be trusted to target the "cancer" without destroying the healthly tissue.

    All I ask of the governement is to "discern the wheat from the chaff".

  17. Dave Levey · 312 days ago

    100% behind lavabit

  18. John · 312 days ago

    How about a standing ovation... So the DoJ is going to 'force' him to stay in business. Who's going to pay his bills then. Will they. He did comply with the requirement's, the order did not specify the font size of the key, nor did it require him to maintain an open business once he complied with the order. In order for a warrant to be valid it must SPECIFY, he could have given them the key in binary or hexadecimal and he would still have met the requirement as outlined...

  19. desbest · 309 days ago

    Blanket warrants are wrong.

  20. Aaron · 301 days ago

    Ladar Levison's actions showed personal courage in defense of what he believed to be right,

    At it's best, a delaying action, at it's worst a futile action. He reacted to the fact that the "Law" in the US has little or no relationship to "Justice". And tried to "op-out". John Galt would have approved, I think.

    A standard sci-fi plot about how to take over a country. Find a country in stress, or stress it yourself, and pass a law that makes you the law.

    Gemany had Hitler and his 'enabling act'.

    The US has the Military-Industrial-Government complex and the "Patriot Act".

    The dam has been broken and the water has escaped, Humpty-Dumpty is nothing but a pile of shell fragments. Surrender you freedom, so we can make you safe, has taken over the nation..

    There will be pauses, but the slide down the slippery slope as the power structure in Washington, D.C. grows like an invasive plant to choke off the freedom in the US cannot be prevented .

    But, at some point, it might be remembered that "The United States of America" was created by a contract between the states. And that what is in Washington, D.C. is not providing the services contracted for.

    When the terms of a contract are not fulfilled, the parties of that contract have the right to declare it invalid, and to be no longer be bound by the terms of the broken contract..

    What the US calls "The Civil War" was just such an action. States wishing to declare that contract invalid were forced to remain parties to a contract they no longer considered valid.

    "The South shall rise again" reflects the fact that that fire was not put out. It was only buried and has been smoldering all this time. The next time it bursts into flame, maybe the South will not be alone.

    I fear a bit to write this, our government now works like a farmer picking a chicken for the pot. Scatter some grain, let the chickens start eating. Make a loud noise, and swing a long stick, any chicken that sticks it's head up goes missing.

    If they cannot find something you have done wrong, they will create it.

    Most gangsters were not sent to jail for killing people, but for some crime involving money. If they want you, they will get you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.