Lavabit case highlights legal fuzziness around encryption rules

Defunct secure email service Lavabit argued that the government court order for encrypted email was too sweeping

While privacy advocates may see Lavabit as bravely defending U.S. privacy rights in the online world, federal judges hearing its appeal of contempt-of-court charges seem to regard the now defunct encrypted email service as just being tardy in complying with government court orders.

Attorneys from both Lavabit and the U.S. government agreed that the legal issues between them could have been resolved before heading to court, though neither party seemed to have an adequate technical answer of how Lavabit could have successfully passed unencrypted data to a law enforcement agency in order to meet the government's demands.

Three judges from the 4th U.S. Circuit Court of Appeals in Richmond, Virginia, on Tuesday heard Lavabit's appeal of a contempt-of-court ruling, which it had incurred for not turning over to the government unencrypted data of a single user, presumably Edward Snowden.

Judges Roger Gregory, Paul Niemeyer and Steven Agee presided over the hearing.

For the proceedings, the judges actively listened to and questioned the arguments of both sides, though they seemed wary of turning the case away from the specifics of why Lavabit did not comply with court orders to turn over data on one of its users, and towards the larger issues that Lavabit raised in its highly publicized defense of what scope the government should have over those parties who hold SSL (secure socket layer) keys to encrypted data.

The case had been "blown out of proportion with all these contentions," particularly around the use and possible misuse of the SSL keys, Niemeyer said. "There's such a willingness to believe" that the keys will be misused and that "the government will spy on everyone," he said.

Gregory had stated that "the encryption issue was a red herring," one that drew attention away from Lavabit's non-compliance.

The judges had noted that the case revolved around the validity of court orders, rather than the statutes that provide the basis for the court orders.

In June of last year, secure email service Lavabit was issued a court order to set up a U.S. Federal Bureau of Investigation "pen trap" in order to collect all routing data for one of its customers, thought to be Snowden. Snowden had just come to international attention for leaking classified documents from the U.S. National Security Agency. According to reports, he had used the service to alert the media of a press conference he was about to hold.

A pen trap is software that records all routing, addressing or signalling information between electronic communications, in this case email. Before the judges, Lavabit attorney Ian Samuels argued that Lavabit founder Ladar Levison agreed to set up the pen trap; the company had complied to at least one other similar court order in the past.

The FBI, however, had required the information in real time, and that the information would be unencrypted. Levison balked at these requirements. Nearly two weeks after the court order was issued, he responded by offering to set up an internal process that would unencrypt the user's communications, then send the results to the FBI at the end of 60 days. The only other alternative, he argued, would be to send the law enforcement agency the encrypted data, which would be useless.

The FBI did not agree to this approach, however, and in mid-July, issued a search warrant for Lavabit's SSL keys that would unencrypt the dispatches of interest.

This move proved to be politically explosive, however. Lavabit's SSL keys could unlock the data of all of Lavabit's users, not just the one user under scrutiny. By handing over its private SSL keys, Lavabit would potentially be making every customer's email accessible to the government.

By early August, Lavabit had capitulated and handed over the keys. Shortly after, Levison shuttered the service, stating that continuing operations for the company's 400,000 users would make him "complicit in crimes against the American people." By filing an appeal, Lavabit hopes to clear the contempt of court charge -- along with any financial penalties incurred -- and possibly restore operations.

The judges questioned Lavabit's motives, however. Niemeyer noted in the first court order, "the court is clearly intent in providing unencrypted data," and chastised Lavabit for taking so long to respond. Samuels argued that Levison, being a small business owner with no counsel on hand at the time, was slow in responding, because he was still determining the best way to comply with the court order without sacrificing the privacy of the service's other users.

Niemeyer stated that Lavabit's proposed solution to setting up a process to unencrypt the data was unacceptable, noting that "the FBI didn't want a middleman," and stating that "This is not what [Lavabit] were ordered to provide." Niemeyer also criticized Lavabit for not challenging the initial June 28 order, if it felt that order to be unreasonable.

Niemeyer also had some harsh words for the law enforcement agents on the case, suggesting that they did not work closely enough with Lavabit to overcome the technical obstacles. U.S. attorney Andrew Peterson said he did not know of any reason that Lavabit could not unencrypt the data in real time, though he personally couldn't explain to the court how that would be done.

Peterson argued on behalf of the government that the court order for the SSL keys had only been issued after it was obvious "that any trust between Lavabit and the government had broken down," by mid-July. The company had treated the court orders "like contract negotiations," he said, rather than as a legal requirement. Trust had also been eroded by the long periods of silence from Lavabit.

The judges did not seem to want to dwell on any possible Fourth Amendment issues. The ACLU has pointed out that the U.S. government possessing a set of private SSL keys that could unlock hundreds of thousands of users' emails is clearly a breach of privacy rights.

Peterson stated that the court order for the SSL keys specifically confined the law enforcement agency to only use the keys to examine the information of the one person under investigation.

The judges gave no indication of when they would return a verdict. Peterson said the government has no plans to prosecute Lavabit for obstruction of justice for shutting down its services after installing the pen trap.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitylegaldata protectionencryptionCriminalLavabit

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joab Jackson

IDG News Service
Show Comments



Victorinox Werks Professional Executive 17 Laptop Case

Learn more >

Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?