Wired has the background on just what the fedspies did that prompted Ladar Levison to shut down the privacymail service, Lavabit.
It was a heck of a principled thing Levison did, and a gutsy one, shutting down a service with 400,000 paying (including about 10k paying; correction from Steve in comments) customers rather than betray those who trusted him.
We already knew that. What we didn’t know (among other things) was how he handled the fed demand when he was finally forced into a corner after a hard fight:
The judge also rejected Lavabit’s motion to unseal the record. “This is an ongoing criminal investigation, and there’s no leeway to disclose any information about it.”
In an interesting work-around, Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type. The government, not unreasonably, called the printout “illegible.”
“To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors wrote.
Carl Bussjaeger, who sent the Wired link, says, “Life imitates Art.”
From Carl’s novel Net Assets (Page 127. Scene: Feds have subpoenaed the Launcher Company’s financial records. The company complies, but in the interest of security, have encrypted the files.):
“Oh, yeah,” Neville said, once reminded of the encryption aspect of this charade. “You have that crypto key with you? Eventually, they’re bound t’ think of gettin’ an order for that. Might as well have it ready.”
Leroy slipped a large folded envelope from a rear pocket. “Here you go. Two hundred kilobit ASCII, printed out in 6 point Staccato font, bold face and italic, guaranteed OCR unreadable and to induce terminal eyestrain in the first ten people trying to enter it manually.”
I hope Levison can eventually reopen Lavabit in some freer country. Now, there’s a man who has earned the trust people gave him.
That was a heroic act on his part. Heroes are getting hard to find anymore, but it’s inspiring that a few have made the news over the past year or two.
Claire,
Just read about this myself through Hacker News.
Just a nit: I believe he only had 10,000 PAYING customers.
Thanks for your articles. First ran across you years ago and loved your Hardyville series.
Steve
Steve — Thank you for the correction and the kind comment. Both are most welcome.
What Lava bit is losing in money by shutting down it made up for in street cred, karma, “good will”, and such. I hope they come back in another incarnation out beyond the NSA’s purview. Sad news about Silk Road in re that notion today.
I got a kick out of that key disclosure. Ed Felten wrote about Lavabit too, but check the link in that piece, to an interesting story about the Silk Road takedown.
Wow, that puts a different face on things, that the Silk Road guy contracted out some killings (assuming that is something to be believed – might be govco disinformation).
I suspect Silk Road 2 will be online shortly. The technology and the market have not disappeared. People will adjust and carry on…
I bet providers of privacy services will move outside of the US. If they have any sense.