Ladar Levison is having a rough summer. It’s a little less than two months since the Lavabit founder was forced to shutter his secure email service amid legal complications. While the tech press has been piecing through the details, Levison has been slugging it out in the Fourth Circuit Court of Appeals, trying to defend the principles of cryptography in a federal courthouse. When I met him, he was in the midst of a press tour through New York, raising funds for his legal defense. So far, he’s raised about $80,000 of the $96,000 he estimates he’ll need for the trial. It’s a sign of how popular he’s become in recent months, and how much help he thinks he’ll need to get through the rest of the year.
"I had to figure out a way to fight this."
The troubles started in June of this year with a Lavabit user who — for reasons unknown — suddenly became very interesting to the FBI. There's been speculation that the user was Edward Snowden, the source of this summer's NSA leaks, but Levison has consistently refused to confirm it. Whoever it was, they brought a lot of heat with them, so much that the FBI eventually asked for admin-level access to the entire network, and threatened Levison with a contempt charge if he didn’t comply. "It suddenly hit me that even though I probably couldn't afford $5,000 for a lawyer, I had to figure out a way to fight this. Because any of the options they were giving me could end up with me being arrested."
"I didn't realize that real-time decryption of SSL streams was even possible."
The critical moment came when the FBI asked for Lavabit’s private SSL keys. He'd complied with warrants in the past, but this went beyond anything he’d anticipated. "I thought: I've never heard of the feds compelling a company to hand over SSL keys before. Has the law changed? Wait a minute. I didn't even realize that real-time decryption of SSL streams was even possible." That seemed to explain why the feds had been so secretive about the request, and why they showed up a month in advance for a background check on Levison. Just by serving the court order, they were tipping their hand to the scarily advanced state of NSA code-breaking. These were state secrets — secrets that would find their way to the front page of The New York Times just a few months later.
To pull off the attack, the FBI didn't need the user encryption keys, but they needed Levison's SSL keys. The FBI had started looking for a single user’s email, but it seemed that mission creep had set in, and once they had access to the network, they could go much further. "Verbally, FBI agents actually told me they were going to collect content and passwords," Levison says. "And I had a big problem with that."
"They're kidnapping your reputation and using it for their own purposes."
Levison says he tried to serve the court order without granting full-blown network access, but the government’s stance made it impossible. "One of my big demands was that they provide transparency," Levison says, "that they allow me to confirm that the device they wanted to stick on my network was only going to collect information on the account in question. And they wouldn't do it." The result, by now, is well-known: Levison handed over the keys in an unreadably small font, then shut down the service for good. "I was afraid they would come after me for obstructing justice," he says. "They wanted to, but I think the publicity was what stopped them."
Now that the court records have been unsealed, Levison is finally able to explain why the service had to be shut down. Having unfettered access to Lavabit’s SSL certificate was just too much. "They're kidnapping your reputation and using it for their own purposes," Levison says. As long as the service was still active, those keys would allow the FBI to scan everyone's email for keywords or use the certificates for Flame-style malware delivery. The network would simply belong to the FBI.
That’s worlds beyond a simple wiretap, and Levison sees the very idea as an existential threat to trusted third-party software. If law enforcement can hijack any network in the country with a court order, how can anyone be trusted? "How can you trust a piece of software that's signed by Microsoft or Symantec?" he asks. "If it's signed by their keys, the government can always demand those keys, create a modified version with malware and send it to you, and you wouldn't know if it's the modified malware version or the legit version because it's signed by the same people." Without trust, the whole system collapses.
If law enforcement can hijack any network in the country with a court order, how can anyone be trusted?
Which brings it back to Levison’s case, currently working its way through federal court. If Lavabit wins, it could set a precedent that services can’t be compelled to give away their certificates. That’s not a total victory, but in a world where FISA court orders can grant seemingly limitless legal authorities, it’s a good start. "What I think Congress really needs to do is set up protected classes of information," Levison says. "Things that the feds cannot demand from an innocent third-party service. Things like company encryption keys like SSL keys, source code, and admin-level passwords. If we don't get that, it will be difficult — if not impossible — to trust the security of American products and services for the foreseeable future."
That’s a big ask, the kind of grand, trust-restoring gesture we can hope for but rarely expect. But without it, it’s hard to see how American companies can regain users’ trust. It’s all the more troubling because Lavabit is an outlier in the tech world — built on promises of privacy yet small enough to be shut down over a principle. And while the Lavabit case has become a rallying point for anti-surveillance cases, there’s no reason to think Levison is the first person who’s been compelled to give up a service’s SSL keys. He’s just the first person to shut down a network over it.
Photography by Michael Shane