Searching...
Saturday, 10 August 2013

Lavabit chief predicts 'long fight' with feds

Ladar Levison can't talk for legal reasons about the specifics of why he shut down Lavabit, his encrypted Web e-mail company, but he was hardly tight-lipped about the subject.
Lavabit went dark Thursday, after nearly 10 years in service. Lavabit is the Web mail service allegedly used by Edward Snowden to contact a Human Rights Watch representative in July. Snowden is the source of the recent unsettling revelations about National Security Agency surveillance activity.
Levison replaced the Lavabit login screen with a message that reads in part, "As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests." He would not share further details.
Levison, a San Francisco native and an enthusiastic beach-and-sand volleyball player who moved to Texas to go to college, currently resides in Dallas. He founded Lavabit in 2004 following his graduation from Southern Methodist University a few years earlier.
In an phone interview with CNET and Jesse Binnall, Levison's Virginia-based attorney, about the decision to shutter Lavabit, Levison spoke about the connection between Lavabit and the Patriot Act, how he thinks the laws regarding privacy ought to change, and how the American government is failing to uphold the U.S. Constitution.
What's the key issue here? Why did you shut down Lavabit?
Levison: For me it wasn't about protecting a single user, but protecting the privacy of all my users, coupled with the fact that I wasn't able to discuss it publicly.
I believe that people have the right to know what their government is doing. I had an issue with me doing what they wanted me to do without them disclosing it.
We've had a couple of dozen court orders served to us over the past 10 years, but they've never crossed the line...
Until now?
Levison: I can neither confirm nor deny "until now." Are you familiar with the case of Aaron Swartz, familiar with the accusations of prosecutorial misconduct? There may be parallels between that case and this.
What's worse is that I can't tell you what that abuse was.
"I'd rather shut down my service and my primary source of income than be complicit in crimes against the American people."
--Ladar Levison, founder of Lavabit
If you could write the legislation covering privacy and electronic communication, what would it say?
Levison: One of the things that would be nice to come out of this would be that the court shouldn't be able to make binding decisions that are secret. If there's going to be legislation from the bench, so to speak, it needs to be open to review from the American public.
Just the idea of secret laws, so to speak, bothers me tremendously. That should almost be a constitutional change.
We've shown that some of our most important freedoms can't be trusted to Congress, they need to be placed in the Constitution. Going beyond that, as an Internet service provider, there needs to be a more clear definition of our protections.
Right now, as a third-party litigation, we effectively have no rights. There's no legal framework that we can fight with or against anything that is unjust. They're abusing their secrecy to hide their surveillance methods.
I think that there's a lot more that will come out, and that needs to come out. I obviously can't tell you what was happening and what I know, and I was uncomfortable with it. I'd rather shut down my service and my primary source of income than be complicit in crimes against the American people.
In the current situation, are there any bright red lines that you wouldn't cross?
Levison: It's unfortunate that even our own lawmakers don't have a good understanding of what's going on.
Philosophically, I put myself in a position that I was comfortable turning over the information that I had. I built Lavabit in a reaction to the original Patriot Act. I didn't want to be in a position to turn [user data] over without judicial review.
A Facebook photo of Ladar Levison, founder of Lavabit, posing in 2011 with the National Basketball Association's Larry O'Brien Championship trophy.
(Credit: Ladar Levison)
Where the government would hypothetically cross the line is to violate the privacy of all of my users. This is not about protecting a single person or persons, it's about protecting all my users. What level of access to this nation does the government have?
How did the Patriot Act influence your e-mail service?
It played a big role in how I designed the custom platform. All I needed when somebody registers was a name and a password. I didn't need a real name, address, social security number, credit card number... Why should I collect that info if I didn't need it? [That philosophy] also governed what kind of information I logged.
Speaking philosophically, I think people who hold other people's private information and money have an obligation to be more open to the public. That principle of openness has become a key issue. It's definitely become an issue as it relates to some of the recent coverage in the media.
The current administration is not being transparent and open about what it is they're doing, even to members of Congress.
How have Lavabit's users reacted?
Levison: It's overwhelmingly positive. Some of them are understandably frustrated that I had to shut down without notice. I lost my one and only e-mail account over the past 10 years, as well. I feel my decision was the lesser of two evils.
What happens to your customer's e-mails and data?
Levison: I'm looking into setting up a site where users can download their data and set up a forwarding [e-mail] address, but that may take a week or two to set up. That's all I can do until I feel confident that I can resume the service without having to compromise its integrity.
"There's stuff that I can't share with my own lawyer. This is going to be a long fight."
--Ladar Levison, founder of Lavabit
I will make it clear that I don't plan to use any encryption for that site. [People] should only use it if they feel comfortable with the information being intercepted. And yes, I do plan to have that disclaimer on the site.
Unfortunately, what's become clear is that there's no protections in our current body of law to keep the government from compelling us to provide the information necessary to decrypt those communications in secret.
I'm still looking at seeing if that's even logistically feasible -- there's half a billion messages [sent in the 10 years Lavabit operated]. By shutting down the service, I will be losing the infrastructure that I used to support all those people.
There's stuff that I can't share with my own lawyer. This is going to be a long fight.
What made Lavabit successful?
Levison: Lavabit at the time of the shutdown had 410,000 users, with 40,000 weekly log-ins, 200,000 e-mails sent a day -- 1.4 million e-mails a week.
We were in a very narrow category of what I like to call medium-sized providers. Once you get over the 50,000 to 100,000 user threshold, e-mail becomes a very difficult problem of scale. It's why you see so many e-mail providers come and go.
"Philosophically, I put myself in a position that I was comfortable turning over the information that I had. I built Lavabit in a reaction to the original Patriot Act. I didn't want to be in a position to turn [user data] over without judicial review."
--Ladar Levison, founder of Lavabit
We managed to break through that barrier by building a custom platform to handle it. It's similar in architecture to some of the big guys [Google, Yahoo, and Microsoft, which combined provide Web mail to more than 1 billion people].
How did Lavabit get started?
Levison: I've been a geek my entire life. I was with a group of college friends of mine, that was how an e-mail service by geeks, for geeks, came about. [It was called] Nerdshack, with an emphasis on security and privacy. It had POP and IMAP access. For a long time we were the only free POP service.

0 comments:

Post a Comment

 
Back to top!