Pages 8-12 of this decision convey a narrative about Levison's handling of the FBI requests. In particular, they detail an escalation that Levison himself provoked:
* The DOJ reached out demanding metadata regarding (presumably, and let's just stipulate) Snowden's use of Lavabit.
* Levison rejected the request, on the auspices that Snowden had enabled the "storage encryption" feature of Lavabit.
Here it's worth knowing that Levison had previously complied with similarly narrow requests.
* Levison confirmed to the DOJ that he had the ability to circumvent the storage encryption.
* The DOJ responded to that concession by doing exactly what anyone would have expected them to do: they escalated their demand to include the decrypted Snowden data.
* The DOJ spent eleven days trying to meet with Levison, who stonewalled them; Levison "ignored the FBI’s repeated requests to confer".
* Only upon being threatened with a contempt citation did Levison actually enter a productive discussion with the DOJ.
* Four days after being threatened with contempt, Levison presented the DOJ with a proposal to charge the DOJ $2000 to design and implement his own pen/trap system which would provide data to the DOJ only at the conclusion of the order's time window, with timely updates being provided only at Levison's discretion and only with an additional charge attached.
* Only after this sequence of events does DOJ demand the TLS keys that would have compromised all Lavabit users activities.
Levison's attorneys and the DOJ litigated the question of whether the pen/trap order required him to cough up his TLS keys. But that only happened after Levison did his best to deter the DOJ from collecting information about Snowden. As evidence for this: the DOJ eventually did install a pen/trap device of some sort, without the TLS keys, and attempted to use it to collect evidence. Had Levison complied with the DOJ productively from the beginning, he probably could have worked with them to produce the information they required without compromising the rest of his users.
I already had a problem with Lavabit as an inept and dangerous privacy solution (you can obviously see that it was; Levison was trivially able to subvert the privacy of all of his users, and was eventually forced to do so).
But almost as bad as that is his handling of the legal situation here. Read the language of the decision carefully and you'll see that had Levison simply began this process with his proposal, minus the time lag problem, but perhaps even including the price tag, he might have had that solution accepted! Instead, he seems to have seized an opportunity to poke a giant bear with a stick. The bear then ate him and his users.
Later: Also, bad facts make bad law. Great to see that we now have more case law establishing that pen/trap orders demand TLS keys.
1) Compromise the presumed privacy of any parties in addition to the target, much less every one of a businesse's clientele. (If you have a search warrant for a apartment, do you get to search all the apartments in the building? No, unreasonable search and seizure on the face of it.)
2) Cause material damages as to completely destroy the core business of an unrelated and presumed innocent business owner. Albeit asshole.
The government argued successfully that the warrant was “very narrow, specific”, but while that may be true in intent it is not true in effect. If in order to tap one suspected criminal it is necessary to undermine the right to privacy of one or more innocent bystanders (much less many) law enforcement and the court's hands must necessarily be tied.
That a citizen would be resistant to this seems reasonable. So what is left should only be a question as to how much being an asshole to the FBI constitutes contempt of court.
I can't imagine they would not have demanded the keys if only he had been more cooperative from the beginning. And it is not unreasonable to believe he was fearful of that outcome from the beginning. In fact as part of the tap order he objected to he was required to "assist" which even the court noted was an ambiguous requirement (although avoided a decision on that issue).
* By the time he suggested it, he had demonstrated hostility to DOJ's cause
* He refused to provide timely updates, instead dictating that information would be provided only at the conclusion of the monitoring window
Levison told the FBI when first contacted that he could not do this because of the encryption mode the target used. He told the FBI [“Lavabit did not want to ‘defeat [its] own system.’”] presumably by disclosing it's private keys for the ssl traffic. Only later did he come up with a way that he could comply with this order without disclosing Lavabit's private keys, but by the next day that was already too late because:
That very same day as the first order the FBI got a new broader order that [instructed Lavabit to “provide the [FBI] with unencrypted data pursuant to the [Pen/Trap] Order” and reiterated that Lavabit was to provide “any information, facilities, or technical assistance . . . under the control of Lavabit . . . [that was] needed to provide the FBI with the unencrypted data.”]
So this is where I make my point above, that this seems over reaching, and Levison's reactions from that point forward are understandable if argumentative. It is only after this point that one could argue he "demonstrated hostility".
However, it should be noted here that this appeals court decision does not ratify the magistrate judge's approval of a wire tap or the original court's decision against Levison and Lavabit. This decision even notes that Levison fails to make the arguments I made above so cannot consider them.
None of that is justification to violate the privacy of innocent third parties.
You emphasized eleven days as if it is some astronomical figure. In normal court proceedings, the simplest act like scheduling a deposition for questioning a witness takes months.
In the real world, people just aren't sitting around doing nothing waiting for a subpoena from the FBI to come in. Sometimes they're in the middle of a big push for a project, sometimes they're shoring up security for the latest 0-day exploit, sometimes they're in Tahiti sipping drinks on a beach for two weeks without access to email or a phone.
Sure, time sensitive criminal cases would be great if it went faster but eleven days is not out of line by any stretch.
However, I worry about what losing this case means in the grand scheme of things. DoJ's argument was that they should be able to get the key to decrypt all e-mails for all of Lavabit's users, and the Court says that's fine because the government "wouldn't" use the key for anything other than the "target" - which seems like a ridiculous and incredibly reckless argument post-Snowden.
Would Google just hand over the key to all of their Gmail users? Let's imagine they weren't using PFS - or let's imagine they were asking Microsoft for the Outlook key, instead.
No, Google would comply with the narrow, specific warrant the first time. Again, it bears repeating that the only reason DoJ asked for the master key in the first place is because Levison refused to comply with the narrow requests. If Levison wouldn't do it, then the government would figure it out on their own, but the only reason this situation even came up is because Levison wouldn't do it.
Not complying with a narrow and specified warrant is highly hypocritical, especially in this case since Snowden's initial claims were entirely about wanting the NSA to have to have specific warrants for their searches instead of using broad search authorities. But when push came to shove and the government presented a narrow and specific warrant, of a type Levison had previously honored, all of a sudden that was no longer good enough for this particular privacy advocate.
I think Levison's mistake was that he did it all by himself, instead of hiring a lawyer and following the proper procedure for doing that. The government escalated with a broader request, which I guess was also their right to try (even if it's wrong), and then Levison tried to fight that with a lawyer, but I guess it was a little too late for that, and what he did initially complicated things for his case.
It's his right to fight the government request, or to appeal the court order to a higher court. But it's not his right to evade compliance. Yes the court is part of the government but it's not the executive part - courts can and do reject the arguments of the government (qua legal entity) all the time.
Presumably Twitter's lawyers avoid brinksmanship, knowing that they'll inevitably lose and, in the process, lose credibility with the court.
Being punished for hurting a prosecutor's feelings is not the same as being penalized for obstructing the proceedings of a court case.
This decision spends tens of pages applying the law to the facts of the case, and deciding against Levison.
Google wouldn't hand over the key to all of their Gmail users — they would offer a better option, which Levison did not.
She was never a coder though, and so her expertise on tech was limited to what was explained to her. I don't think Levison was making his claims about all emails everywhere being read by the goons at Minitrue in order to scare PJ in particular, but that was the net effect.
Can you explain?
I may be wrong, but my misunderstanding is that Groklaw shut down because there is no way of knowing whether or not the privacy has been compromised.
In other words, this incident revealed information that was already true; Groklaw shut down in the light of the new knowledge, but not because the previously-private communication was suddenly vulnerable.
And that was true since POP3 was invented. When you're sending the digital equivalent of postcards to each other then you can never know if your privacy has been compromised.
It's unclear to me what PJ really thought about the privacy of email before Levison, but what is clear is that Levison and SilentCircle's hysterical actions are what convinced PJ to close up shop.
If they can argue something like a copyright banner in a ROM is "a mere instrumentality", there's no reason the defense side shouldn't be able to argue giving calling information to a cell provider, or mail headers to a mail server, aren't essentially the same instrumentalities.
(I've talked to lawyers who agree, but they all also agree this ship has sailed for many decades.)
That said, yes, he's both technically and legally incompetent. It's sad, and has made bad law for everyone else.
On the other hand, mail headers and other such meta are frequently necessary to provide the service. The very act of using email requires giving one or more headers to one or more third-party email providers; the very act of making a phone call requires giving phone number information to one or more phone service providers.
That's different from the point you were trying to make. The provision of email addresses and phone numbers are inherently necessary for an email provider or telephone service provider to provide those services. They aren't just incidental data--they're a fundamental part of the service transactions at issue.
The problem of a company providing a privacy service being a SPOF necessitates a more distributed approach that can "route around" attempts to shut it down. Any current or future entrant in privacy app space needs to also consider that one of several lessons to avoid the same fate as Lavabit.
For now, even with GPG are there any good/cheap email services that just don't log anything, don't append IPs or correct time headers and are outside US jurisdiction? (Friend's server in Thailand doesn't count... More than one box plz)