Tech firm appeals US order to surrender encryption keys

Lavabit, a private email service used by Edward Snowden, is in court appealing against a government order to hand over its encryption keys.

Founder Ladar Levison suspended his firm in the summer in protest over the order, believed to relate to the former US National Security Agency contractor.

Lawyers will argue the orders was too broad and would have exposed the data of all of Lavabit’s customers.

Commentators say the case could become a landmark one for internet privacy.

If the appeal, lodged in the appeals court in Virginia, was successful, Lavabit would be resurrected, Mr Levison said.

Yesterday he tweeted: “My day in court is almost upon us.”

Lawyers for the now defunct firm argue the government order to seize Lavabit’s encryption keys gave it access to the emails of 4000,000 users not just the single account it was interested in.

When the court reaches its verdict, which could take weeks, it could set a precedent for whether US law enforcement agencies can in future compel firms to hand over keys to unlock all of their data.

In the UK, under the Regulation of Investigatory Powers Act, the government has the right to demand encryption keys are handed over but the law is less clear in the US.

Private data
When Mr Snowden fled the US in June 2013, the FBI produced a court order demanding data from an individual Lavabit account.

Lavabit initially refused to comply with the order but eventually agreed to the setting up of a so-called “pen trap”, which collects all routing data for the individual.

However the firm refused to hand over encryption keys that would have allowed the agency to decrypt messages in real time.

Lavabit was held in contempt of court and in August shut the service down.

Mr Levison said at the time: “This experience has taught me one very important lesson – without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”

He said he had been barred from discussing the specific events that had led to his decision to shut the service down.

Hammer or scalpel?
As well as answering specific questions related to the case, the appeal could also decide the future of encrypted mail services.

“This case is about protecting the encryption architecture that underwrites the security of the internet,” said Brian Hauss, a legal fellow for the American Civil Liberties Union (ACLU).

“That architecture depends on SSL [Secure Sockets Layer] encryption and SSL encryption depends on the continued privacy of the private keys of the companies that use that encryption,” he added.

Mr Hauss hopes the case can “establish a principle that governments can’t use a hammer when it should be using a scalpel”.

“If the court does not find in Lavabit’s favour, technology companies will look for new ways to protect user data,” he added.

Silent Circle, a similar private email firm, also shut its encrypted email service in August, saying government actions towards Lavabit would make such services impossible to run.

Late last year Lavabit and Silent Circle set up a not-for-profit organisation called the Dark Mail Alliance, to resurrect the concept of secure email and create a service that was impossible to wiretap.

Mike Janke, chief executive of Silent Circle, is also due to launch an encrypted smartphone dubbed the Blackphone, which could be unveiled at Mobile World Congress next month.

One comment

  1. screenshot · · Reply

    Reblogged this on Screenshots News.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: