New details have emerged in the saga of Lavabit, the now offline secure email provider used by Edward Snowden. Apparently, the US government tried (and failed) to strong arm the service into giving up its private SSL key, a major security concession that would’ve given Uncle Sam access to all user data.
The story actually starts well before the general public was aware of any trouble at Lavabit. Back in June, the Feds served Lavabit a “pen register” order that would’ve required the email service to install software that would send the government with the connection information of one of its users — probably Edward Snowden — every time he logged on.
When Lavabit refused to do this, the government attempted to force Lavabit to do it. Prosecutors then threatened a criminal contempt charge. This was nothing compared to the search warrant they got soon there after demanding “all information necessary to decrypt communications sent to or from the Lavabit email account [redacted] including encryption keys and SSL keys.” Those keys would effectively give the government full, unfettered access to Lavabit user data. All of it.
In August, Lavabit unceremoniously shut down its email service citing a then undefined intrusion by the federal government. From the wording in founder Ladar Levison’s statement — “I have been forced to make a difficult decision: to become complicit in crimes against the American people…” — it sounded pretty severe. Indeed it was. [Wired]