Give Me Complicity or Give Me Death: Lavabit Chooses Death

Today, Lavabit, an email service provider that promised its customers better privacy and security than other publicly available services, shut its doors.  Reading between the lines of a cryptic message posted on the site’s homepage, about six weeks ago the service was served with some kind of demand for user information, as well as a gag order preventing the company from disclosing both the details of that order as well as its very existence.  Rather than cooperate, owner Ladar Levison has decided to close the doors on his 10-year-old company.  In his letter, Levison wrote, “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. … What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.“

If you want to donate to Lavabit’s legal fund, use this link.

There are two sad lessons to learn from the (potentially temporary) demise of Lavabit. 

First, communications service providers are at a severe disadvantage when it comes to resisting even abusive or overbroad government surveillance demands. The court processes and the reasons for surveillance are kept secret from the companies. The cases that interpret the government's powers under the law are secret. Knowledgeable counsel is hard to find… and expensive.

Yet, in a world where the FISA court has rubber stamped government collection of every phone record on everybody, where foreigners have no rights and the contents of Americans’ international communications are regularly scooped up, where the FBI is installing malware on phones and laptops, and where spies are demanding user passwords and SSL network decryption keys, complying with court process can be directly at odds with protecting your customers’ right to privacy. Some lawyers believe there is little, if anything, companies can say to successful challenge even potentially dangerous forms of surveillance. Yet, failure to comply can mean fines, or jail time, or, potentially worse, seizure of the business’ servers.

So, in the choice between complicity or death, Lavabit chose death. 

Second, the fact that neither Americans nor foreigners trust the U.S. government and its NSA anymore puts the U.S. communications companies at a severe competitive disadvantage. American law provides almost no protection for foreigners, who comprise a growing majority of any global company's customers. And even though Americans receive more nominal legal protection, we now know that these legal protects haven’t stopped the NSA from wiretaps fiber optic cables inside the United States, warrantlessly gathering Americans’ emails and chats from service providers like Google, Microsoft, Yahoo and Apple, collecting phone records on every American for the past seven years, or demanding that companies build, or at least maintain, surveillance backdoors in products advertised as secure from eavesdropping.

This mistrust of the U.S. government’s relationship with Internet companies is particularly damaging to cloud computing services, a sector led by American firms like Microsoft, Google and Amazon. Foreign companies say they are less likely to do business with U.S. cloud companies, and foreign governments have entertained the idea of requiring data be kept locally. The truth is, we don’t know that switching to non-U.S. based communications service providers would avoid U.S. government overreaching. The agency’s surveillance of foreigners overseas is essentially unregulated by any law. We don’t know how the NSA targets foreign providers, their methodology could be equally invasive as those programs we know about here at home.  Local data storage is twice as dangerous: overseas providers are almost certainly subject to surveillance abuses by spy agencies or law enforcement in their home countries as well as in the U.S.  That is one reason why I have called for a warrant requirement for any and all surveillance directed at U.S. companies, regardless of the citizenship of the target. 

As Chris Sprigman and I wrote back in June, America invented the Internet, and our Internet companies are dominant around the world. But the U.S. government, in its rush to spy on everybody, may end up killing our most productive industry.  Lavabit may just be the canary in the coal mine. 

 

 

 

 

Comments

This is a real turning point for the USA and its much admired constitution I believe, and not for the better. There was much criticism from the West, and particularly the USA, on how the Russian KGB and the East German Stasi conducted themselves during the cold war. Is it not such a shame that this Big Brother syndrome is now infecting the way in which US politicians and state are operating.

I do not believe that it was ever in Edward Snowden's mind to harm his own country - rather he must have been in such turmoil by what was being done to US citizens and allies 'in the name of the country' that he eventually decided it was prudent to leak this information. I do not know, but it appears that so far he has not leaked anything critical to the security of the USA. He has simply embarrassed the President of the United States and the CIA.

The damage to the USA would have been minimal if it had either completely ignored all the furore or simply admitted what it was doing for the sake of the nation. The whole thing would have blown away by itself. Instead they have taken to these paranoid actions that are really doing more harm to their fabulous country and constitution.

What a real shame.

"As Chris Sprigman and I wrote back in June, America invented the Internet, and our Internet companies are dominant around the world. "

errr... fucking arrogant considering you're wrong, it was invented by a Brit.

It's far, far too late to worry about this. Back when the PATRIOT act came in, we knew it was impossible to store medical or financial records on US based systems, since federal laws (reasonably) required prevention of access from non-authorized persons, of which US agents certainly counted. What Snowden recently revealed is that we have to be even more cautious about data interception, but there was already no way the majority of cloud service users would have used US services. This is just a final nail in the coffin for the minority still considering it. For nonUS companies, US systems are good for toy projects only.

Lavabit not chose death, he chose Freedom and Liberty the fundamental principle of our Nation.
Who ever has fear buy a dog.
Not only the Constitution shall prevail, also the Universal Declaration of Human Rights.
NSA are in frank violation of both.

Free country or not, America. Try to use what few brains you have and make the right choice, OK?

I think I read some time ago that many overseas companies were building their own internet backbones, and avoiding the U.S. So except for traffic into the U.S., their email and browsing is likely only subject to snooping by their own governments (like China and Iran). Some of my email servers are in Germany and Norway.

looks like to a fair extend... USA has been frightened into this position (paranoid)... by the Al-Qeada organization... .. after 10+ long years, seemed to me like Al-Qeada won.. and USA lost..

I am not supportive of what Al-Qeada do, neither was I impressed with what USA is doing too..
we could all live in a more peaceful world if we dont mess with each others politics /culture/religion.. or worst still play politics

I respect lavabit

The shutting down of lavabit in august took me by surprise, as a result I lost my personal mailaddress since 2004. In the most pressing circumstances for days earlier my mother died and things had to be arranged. Personal mishaps do happen. But more serious, the arrangements for a new exhibition were tied in with intensive mailcontact and suddenly no one could send or receive mail to that nerdshack account. The damages of the sudden disappearance without prior warning becomes only clear now. The application for a government-grant wasnot processed because no extra information could be sollicited from my nerdshack private account, artists didnot receive replies and I didnot receive their mails.
It now even seems that in july the mail I did send did not reach a number of addresses. It appears the US was blocking all traffic from and to the lavabitservers regulary since june. That does also mean that the damages assessed by the US-government are much more serious than we assume as concerned citizens. However, I do not want to live in the shadow of a stasi-society in which everyone is monitoring everyone for the sake of freedom.. And neither do I want to live in a society in which personal dialogue is cut short without any prior warning for the sake of a personal stance. An internetplatform is an agora on which people must be able to express their opinions.
And: a democratic society is an open society.. read Popper.

Add new comment