Snowden’s Email Provider Refused to Hand Over Encryption, SSL Keys to FBI

1 comment

Texas-based email provider Lavabit refused to allow the federal government to decrypt the email of Edward Snowden, the former NSA contractor who has been leaking top-secret documents related to the US government surveillance program.

According to a report by Wired on Wednesday, in July, the FBI ordered Lavabit to turn over its private SSL key which would have enabled it to wiretap its email users. While the name of the target is redacted from the unsealed records, it is likely to have been Snowden the FBI was after as the offenses under investigation are listed as violations of the Espionage Act.

Lavabit did not comply with the order, and told the FBI that though it had the technical ability to decrypt the information, doing so would defeat its own system.

Lavabit was taken to court over the matter, where US Magistrate Judge Theresa Buchanan ordered it to comply, threatening the company with criminal contempt.

The following week, prosecutors obtained a search warrant that demanded all information needed to decrypt communications sent to or from the Lavabit email account, including encryption keys and SSL keys.

Lavabit hadn’t complied with the order by August 5, and a court said that Lavabit founder Ladar Levison would be fined $5,000 a day for every day he didn’t turn over the keys.

On August 8, Levison closed Lavabit, refusing to “become complicit in crimes against the American people.”

While encryption has received more attention since the US government’s spying program was revealed a few months ago, this case shows that even encrypted communications are not 100 percent secure.

In August, Google began automatically encrypting data stored in its cloud service, giving users the option of allowing Google to manage the encryption keys (which some pointed out defeats the purpose of encryption in the first place) or users can manage their own keys. A Google spokeswoman said that it doesn’t provide encryption keys to any government and provides user data only in accordance with the law.

Add Your Comments

  • (will not be published)

One Comment

  1. Freddy Kuman

    It's best to use encrypted email services that gives user the ability to store the encryption key locally such us provided by SaluSafe.