Lavabit, Edward Snowden and the Legal Battle For Privacy

The Legal Battle For Privacy

In early June 2013, Edward Snowden made headlines around the world when he leaked information about the National Security Agency (NSA) collecting the phone records of tens of millions of Americans.

It was a dramatic story. Snowden flew to Hong Kong and then Russia to avoid deportation to the US, where the government had charged him with violations of the Espionage Act. Journalists boarded a flight from Moscow to Havana on the speculation Snowden would be onboard. Some called him a hero; others branded him a traitor and a villain.

Meanwhile, on June 28, 2013, FBI agents showed up at the door of Ladar Levison. Levison owned an email service called Lavabit, and the agents had a pen register order requiring him to hand over the metadata for the email activity of a particular customer’s account. However, Levison argued that to do this, he’d have to reprogram the entire encryption system that protected his users’ privacy.

The court sealed the case, so the first the public heard of it was when Levison ended his email service, stating on Lavabit’s website: “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul-searching, I have decided to suspend operations.”

The full text of his statement is still available on the Lavabit site.

Only recently did the court lift Levison’s gag order, at which point he could confirm what everyone had guessed: the FBI had been after Edward Snowden’s communications made through Lavabit.

Every American email service provider has a clause in its privacy and non-disclosure policies that indicates it may disclose information as necessary to comply with law. Some promise they will inform customers if or when authorities request that information.

Yet, as in the case of Lavabit and Snowden, a gag order often accompanies the request, making it illegal to tell the customer the Government has requested access to the data. In these cases, the law wins, and the contract with the customer loses.

So, what do you do when presented with an FBI warrant for private data, which you believe to be unethical and even unconstitutional?

Email Providers Face a Serious Dilemma

There are two options:

1. You can fight these orders in court. However, smaller email Service Providers do not have the money on hand to fund an expensive legal battle and to pay “contempt of court” fees for non-compliance during the case. This lack of resources puts these companies at a serious disadvantage in their ability to push back. They have to give in.

2. You can give in and follow the letter of the request, but in a way that’s inconvenient for law enforcement. This buys time and can limit the scope of what the officers or agents can access. However, depending on the actions taken, it can also seriously hinder the email provider’s business.

For Lavabit, when law enforcement wanted Levinson to hand over an encryption key that would have not only exposed Snowden but also his other customers, he decided to close shop. He did not have the resources to fight the government in court and could not guarantee the privacy and security of his users’ email.

The Privacy Predicament

It is egregious that the government’s requests in pursuit of Snowden were so broad as to impinge on the privacy of 410,000 other unrelated users of Lavabit’s service. This is blatantly unconstitutional. It would be as if the police received a warrant to wiretap one person’s phone line and then listened to all calls in the city that included that phone line. Though it may not be technically possible to narrow the scope down to the communications of a specific individual, this does not give the government the right to infringe on the privacy of everyone who happens to have a phone.

This affair with Lavabit and Snowden preceded the recent iPhone decryption issue, when the FBI tried to force Apple to put in a backdoor in iOS software, post facto, so it could decrypt an iPhone belonging to Syed Farook, responsible for the San Bernardino shootings in December 2015.

Apple pushed back in legal proceedings. The FBI dropped the case when it found a third-party to unlock the iPhone.

Although that legal battle ended, another fight has begun. The government wants cellphone providers to build in legitimate “second front doors” to encrypted devices, so that it can access on demand with a court order.

This will jeopardize the privacy of average American citizens without making it significantly easier to catch the bad guys, who will inevitably get their unbreakable encryption elsewhere. Hundreds of companies outside the US offer secure encryption technology. These companies make it easy for people to get encryption outside the reach of American law.

If the fight for second front doors wasn’t enough, discouraging developments have worked their way through the courts, too. In June, a federal district court in Virginia ruled the federal government does not need a warrant to hack into an individual’s computer. Given the Fourth Amendment bars unlawful searches and seizures, it’s unlikely this ruling will hold up in appeal. Nonetheless, it speaks volumes for how the courts and governments view privacy and security.

The Fight Continues

It’s likely that many more court battles lie ahead as organizations and individuals go head-to-head with the government to argue their right to privacy.

Enter the Lavabit Legal Defense Foundation (known as LavaLegal for short). Lavabit’s founder Ladar Levison launched the nonprofit to help service providers avoid complying with unconstitutional requests, such backdoors and handing over encryption keys. The nonprofit will operate on donations.

If LavaLegal receives enough funding, it can help small companies continue operating as usual while pushing back on perceived unconstitutional requests, until the courts can make decisions in their cases. For small businesses, this could be a lifeline that lets them continue operating while paying hefty legal fees.

By Erik Kangas

Or Lenchner

Seeing what consumers see: opening the internet with IPPN

Opening the internet with IPPN To remain competitive and profitable, all brands must be data-gatherers. This is part of any brand’s daily routine, but a crucial portion of this data is only available online and ...
Tej Redkar

How AI Monitoring Can Make Your Business Smarter and Better

Business AI Monitoring When issues arise with digital technology—as they invariably do—companies must have the ability to fix them before they create any business impact. These days, more and more companies are discovering that the ...
Garry Connolly

What’s Behind Smart Devices? A Data Centre, Of Course

Smart TV's, Smart Phones, What’s Behind Smart Devices? It’s not difficult to be “smart” these days. We wake up in the morning and check our social media feeds on our smart phone while turning on ...
Amazon's Varies Revenue Segments

Amazon’s Varies Revenue Segments

Amazon Revenue Amazon has become the largest retailer worldwide, however it is projected to make up less than 5% of U.S. retail sales by the end of 2020. While most people are already familiar with ...
Bittitan

Episode 6: Cloud Migration: Why It’s More Important Than Ever

The Importance of Cloud Migration Moving fully to the cloud is still a concern for many companies, but with millions of employees working from home, there’s an even greater need to migrate. Mark Kirstein, VP ...
Lauren Brunson

The Growing Need to Consolidate Multi-Tenant Environments

Consolidate Multi-Tenant Environments Over the past four months, countless businesses and universities have scrambled to the cloud to enable their employees and students to work remotely during the global coronavirus pandemic. Managed service providers (MSPs) ...