[cryptography] Secrets, lies and Snowden's email: why I was forced to shut down Lavabit

Jeffrey Walton noloader at gmail.com
Tue May 20 23:08:42 EDT 2014


My legal saga started last summer with a knock at the door, behind
which stood two federal agents ready to to serve me with a court order
requiring the installation of surveillance equipment on my company's

My company, Lavabit, provided email services to 410,000 people –
including Edward Snowden, according to news reports – and thrived by
offering features specifically designed to protect the privacy and
security of its customers. I had no choice but to consent to the
installation of their device, which would hand the US government
access to all of the messages – to and from all of my customers – as
they travelled between their email accounts other providers on the

But that wasn't enough. The federal agents then claimed that their
court order required me to surrender my company's private encryption
keys, and I balked. What they said they needed were customer passwords
– which were sent securely – so that they could access the plain-text
versions of messages from customers using my company's encrypted
storage feature. (The government would later claim they only made this
demand because of my "noncompliance".)

Bothered by what the agents were saying, I informed them that I would
first need to read the order they had just delivered – and then
consult with an attorney. The feds seemed surprised by my hesitation.

What ensued was a flurry of legal proceedings that would last 38 days,
ending not only my startup but also destroying, bit by bit, the very
principle upon which I founded it – that we all have a right to
personal privacy.

More information about the cryptography mailing list