Click amount to donate direct to CounterPunch
  • $25
  • $50
  • $100
  • $500
  • $other
  • use PayPal
Support Our Annual Fund Drive! CounterPunch is entirely supported by our readers. Your donations pay for our small staff, tiny office, writers, designers, techies, bandwidth and servers. We don’t owe anything to advertisers, foundations, one-percenters or political parties. You are our only safety net. Please make a tax-deductible donation today.
FacebookTwitterGoogle+RedditEmail

Lavabit’s Profile in Corporate Principles and Personal Courage

by ALFREDO LOPEZ

The term “collateral damage” is most frequently applied to the “non-targeted” death and destruction brought by bombs and guns. But it seems that our government, the master of collateral damage, is now doing it in “non-violent” ways. Take the recent situation at Lavabit.

The Texas-based email provider, specializing in encrypted email services, announced Thursday that it’s immediately suspending its services. The crux of the issue is obliquely revealed in the statement by Lavabit’s founder and owner Ladar Levison: “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.”

Most of us can’t be sure what forced Levison’s hand but the content and cryptic nature of his explanation speaks volumes. “As things currently stand,” he wrote, “I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.”

One of Lavabit’s 350,000 users is Edward Snowdon and, given the frenzied attacks against and investigations of this renowned whistle-blower, it’s pretty clear what happened. “Reading between the lines,” Wired’s Kevin Poulsen writes, “it’s reasonable to assume Levison has been fighting either a National Security Letter seeking customer information — which comes by default with a gag order — or a full-blown search or eavesdropping warrant.”

If that’s the case and LavaBit doesn’t give up what’s being demanded (probably Snowdown emails) Levison faces harsh criminal penalties. If he does give them up he contradicts the very purpose the provider was founded for in the first place and that would probably spell LavaBit’s death. It’s like forcing someone to play Russian Roulette with bullets in all the chambers. Except that one of those bullets is also aimed at our privacy and our ability to use the Internet the way it was intended.

Not only is this a significant and sobering expansion of the government’s attack on secure Internet communications; it also shows the complete disdain the Obama Administration has for people’s privacy, specifically in this case the 350,000 Lavabit users who now have no secure email service.

Ladar Levison founded Lavabit in 2004 for one reason: to provide a simple and powerful encrypted email service to anybody who wanted one. People could sign up for a free account or a paid one; the only difference was the amount of storage available to the user on Lavabit’s servers.

If there was any doubt about his intentions, Levison’s most recent statements make them clear: he considers the indiscriminate collection and inspection of email to be a crime against the American people and he had the skills to develop protocols to resist it. A Lavabit user could send and receive email to an account protecting the content of the email through a powerful encryption algorithm that would turn the email contents into unreadable gibberish unless someone had the proper decryption code to read it as it was written. This is a very popular approach to email that uses, among other methods, an “identification key” installed on a computer that would trigger a “decryption” making the content readable. It’s like the code used by spies in movies except more powerful and much more difficult to “crack”.

Many people are under the impression that such encryption is used only by highly skilled techies and computer savvy communicators. But the fact that 350,000 people were using Lavabit’s services belies that perception. In fact, Lavabit is only one of many services that provide such protection.

It’s pretty clear that the government wants Ed Swowdon’s email and when it noticed that Snowdon used a Lavabit email account to announce a press conference in Russia, they apparently came knocking on Lavabit’s door. That’s the door Levison is trying to close — he’s now huddled with lawyers figuring out how to resist this attack legally. That resistance is all too rare in this industry. For years now, the federal government has been forcing email providers to give up all kinds of information. In most cases, mainly involving large companies like Google or Verizon, the company does so willingly. But, even those who don’t want to give it up are forced to by a bizarre and particuarly nasty Congressionally-approved measure called “The National Security Letter.”

These letters, usually written by the FBI or the NSA, are government demands for information — demands that do not require any prior approval by a court — even the toothless and completely government-supportive Foreign Intelligence Surveillance Court (FISA). By law a National Security Letter must be “non-content seeking,” so it’s limited to phone records, email addresses and other identifiers. Some claim that the letters are sometimes much broader although the legally permitted information can set up targets for an investigation which can then be pursued with the other sources of data intelligence the government has.

For the most part, however, we don’t know what’s in those letters because, if you get one, you can’t tell anyone about it. Nobody, not even family or friends let alone the people you work with (even if they are affected by the letter’s demands) can ever be told you received a National Security Letter. If you do tell anyone, you go to jail. That prohibition–an astonishing violation of your First Amendment right of free speech, particularly considering that the letter is from a law enforcement agency, not a court–lasts forever unless you go to court and manage to get it lifted–something which rarely happens. But these letters are hardly rare. From 2003 to 2006 alone the Federal Bureau of Investigation issued 192,499 national security letter requests (and the frequency of their use has almost certainly increased since then.)

The other option Wired’s Poulsen mentions — a court order — is also possible in this particular case. In the end, it doesn’t make much difference because this is an attack that was sure to cause collateral damage.

The Facebook page Lavabit maintains, on which it reprinted the statement, is covered with responses that dramatize the blow this represents to the provider’s hundreds of thousands of users. Not only have many of these people lost their primary email account, and loads of email and other information they confidently stored on Lavabit’s servers, but many wonder if they are effectively losing the ability to send encrypted email.

The answer is “yes”, no matter the government’s basic intention. Even if the FBI (or whoever is doing this) isn’t targeting encryption per se, it sure doesn’t give a crap about protecting or respecting it. It’s collateral damage — attacking one “target” while carelessly destroying the ability of hundreds of thousands more to communicate securely.

For those tempted to view this as “one of a kind”, consider that hours after the Lavabit story hit, Silent Circle (another privacy-protecting provider) announced it was shutting down its email service. “We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now,” Silent Circle’s statement read. “We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.”

The most effective form of repression is getting people to react to it before it happens. We can only wonder which other providers will follow.

A question now arises. Is this, in fact, the best way to handle this kind of situation? Were there alternatives available to Lavabit? Was there a way to make sure Lavabit and Levison didn’t feel totally alone? That discussion will now undoubtedly ensue and it’s one we should all follow and participate in. It’s a tactical question for the entire progressive movement because encrypted email is the best way for our movement to communicate. It frustrates surveillance, resists easy reading by unintended readers and allows us to exercise our Fourth Amendment right to privacy in communication: a pillar of any organizing and movement-building.

No matter the opinions to be expressed, one thing must always be kept clear. We can have this discussion because Ladar Levison, faced with an excruciating choice, made a principled decision: he built an email provider to protect privacy and when it could no longer do that he refused to violate its purpose and he shut it down. Compare that principled, selfless response to the “come and get it” responses of so many corporate providers.

Alfredo Lopez writes about technology for This Can’t be Happening!

 

Alfredo Lopez writes about technology issues for This Can’t Be Happening!

More articles by:

2016 Fund Drive
Smart. Fierce. Uncompromised. Support CounterPunch Now!

  • cp-store
  • donate paypal

CounterPunch Magazine

minimag-edit

Weekend Edition
September 30, 2016
Friday - Sunday
Henry Giroux
Thinking Dangerously in the Age of Normalized Ignorance
Stanley L. Cohen
Israel and Academic Freedom: a Closed Book
Paul Craig Roberts – Michael Hudson
Can Russia Learn From Brazil’s Fate? 
Andrew Levine
A Putrid Election: the Horserace as Farce
Mike Whitney
The Biggest Heist in Human History
Jeffrey St. Clair
Roaming Charges: the Sick Blue Line
Rob Urie
The Twilight of the Leisure Class
Vijay Prashad
In a Hall of Mirrors: Fear and Dislike at the Polls
Alexander Cockburn
The Man Who Built Clinton World
John Wight
Who Will Save Us From America?
Pepe Escobar
Afghanistan; It’s the Heroin, Stupid
W. T. Whitney
When Women’s Lives Don’t Matter
Julian Vigo
“Ooops, I Did It Again”: How the BBC Funnels Stories for Financial Gain
Howard Lisnoff
What was Missing From The Nation’s Interview with Bernie Sanders
Jeremy Brecher
Dakota Access Pipeline and the Future of American Labor
Binoy Kampmark
Pictures Left Incomplete: MH17 and the Joint Investigation Team
Andrew Kahn
Nader Gave Us Bush? Hillary Could Give Us Trump
Steve Horn
Obama Weakens Endangered Species Act
Dave Lindorff
US Propaganda Campaign to Demonize Russia in Full Gear over One-Sided Dutch/Aussie Report on Flight 17 Downing
John W. Whitehead
Uncomfortable Truths You Won’t Hear From the Presidential Candidates
Ramzy Baroud
Shimon Peres: Israel’s Nuclear Man
Brandon Jordan
The Battle for Mercosur
Murray Dobbin
A Globalization Wake-Up Call
Jesse Ventura
Corrupted Science: the DEA and Marijuana
Richard W. Behan
Installing a President by Force: Hillary Clinton and Our Moribund Democracy
Andrew Stewart
The Democratic Plot to Privatize Social Security
Daniel Borgstrom
On the Streets of Oakland, Expressing Solidarity with Charlotte
Marjorie Cohn
President Obama: ‘Patron’ of the Israeli Occupation
Norman Pollack
The “Self-Hating” Jew: A Critique
David Rosen
The Living Body & the Ecological Crisis
Joseph Natoli
Thoughtcrimes and Stupidspeak: Our Assault Against Words
Ron Jacobs
A Cycle of Death Underscored by Greed and a Lust for Power
Uri Avnery
Abu Mazen’s Balance Sheet
Kim Nicolini
Long Drive Home
Louisa Willcox
Tribes Make History with Signing of Grizzly Bear Treaty
Art Martin
The Matrix Around the Next Bend: Facebook, Augmented Reality and the Podification of the Populace
Andre Vltchek
Failures of the Western Left
Ishmael Reed
Millennialism or Extinctionism?
Frances Madeson
Why It’s Time to Create a Cabinet-Level Dept. of Native Affairs
Laura Finley
Presidential Debate Recommendations
José Negroni
Mass Firings on Broadway Lead Singers to Push Back
Leticia Cortez
Entering the Historical Dissonance Surrounding Desafinados
Robert J. Burrowes
Gandhi: ‘My Life is My Message’
Charles R. Larson
Queen Lear? Deborah Levy’s “Hot Milk”
David Yearsley
Bring on the Nibelungen: If Wagner Scored the Debates
FacebookTwitterGoogle+RedditEmail
[i]
[i]
[i]
[i]