Home / Software & Gaming / Security / Lavabit defied government request for SSL, shut down servers instead

Lavabit defied government request for SSL, shut down servers instead

There's been a lot of speculation over the past couple of months about why exactly Lavabit, the somewhat controversial, but always protected email service, shut down in August. There was certainly some links to Edward Snowden and there was speculation that it was to help the admins fight a US government subpoena. That's looks to have been half right, as new documents have come to light, which shows Lavabit voluntarily ended its service in order to deny the US government access to every single user's data.

Back in July, when some of the Edward Snowden fiasco was hitting its peak, the US government obtained a secret order that demanded Lavabit hand over the site's SSL key, which would have given the authorities access to Mr Snowden's email – which he was purportedly using to invite human rights lawyers and activists to his hideout in the Moscow airport – but beyond that, it would have made every single user on the service vulnerable to government intrusion.

The owner and founder of the site, Ladar Levison, claimed that handing over the key would be too much of a compromise of the site's principles and that of its users' privacy. While the authorities attempted to hold Levison in contempt and the judge gave him a sound haranguing , he stood firm and continued to resist handing over the key. By the start of August, the court began to fine Levison $5,000, for every day that he didn't comply. Within a weak, seeing no alternative, he destroyed the company servers and shut it down completely.


He later confirmed and detailed this action on his Facebook page, as well as thanking those that chosen to donate to his legal defence fund:

“Without the donations people have made to the Lavabit Legal Defense Fund there is no way I would have been able to afford the legal support needed to win my appeal. I was afraid a precedent would be set that would allow our government to continue violating the intellectual property rights of American internet service providers and the privacy of honest citizens.”

“People using my service trusted me to safeguard their online identities and protect their information. I simply could not betray that trust. If the Obama administration feels compelled to continue violating the privacy rights of the masses just so they can conduct surveillance on the few then he should at least ask Congress for laws providing that authority instead of using the courts to force businesses into secretly becoming complicit in crimes against the American people.”

If you wish to contribute to Mr Levison's Legal Defense Fund, you can do so here.

KitGuru Says: A ballsy move, especially since this company has been Levison's main source of income and business since 2004. That's a huge commitment to the privacy of data and should be a statement taken on board by the authorities. 

That said, the destruction of the servers isn't ideal. Were any of you Lavabit customers? Did you lose any important information when the servers shut down? [Thanks Ars]

Become a Patron!

Check Also

Sony investigating claims of major security breach

This week, a ransomware group claimed to have breached "all of Sony's systems", putting the stolen data up for sale on the dark web. Sony has yet to confirm that an attack has taken place but the company is now investigating.