Snowden's Secure Email Service Mysteriously Shuts Down
CREDIT: Lavabit LLC
Ever heard of Lavabit? Neither had we, but it was a secure email service that NSA leaker Edward Snowden used to communicate while on the run — and now it's been shut down.
"My fellow users, I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit," wrote Lavabit owner and operator Ladar Levison in an open letter posted on Lavabit.com today (Aug. 8). "After significant soul searching, I have decided to suspend operations."
Apart from the home page, all pages on Lavabit.com have been removed. According to earlier stories about Lavabit, the service offered strong end-to-end email encryption that would make it difficult for anyone other than an account holder to read messages.
"In theory, an attacker with unlimited computing resources could use brute force to decipher the original message," said a Lavabit self-description quoted three weeks ago by Business Insider. "However, in practice, the key lengths Lavabit has chosen equal enough possible inputs that a brute-force attack shouldn’t be feasible for a long time to come."
In the letter, Levison hinted that pressure from the federal government was behind the shutdown.
"I wish that I could legally share with you the events that led to my decision," he wrote. "Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests."
Gag orders and non-disclosure agreements are common in civil lawsuits and criminal cases, but Levison's mention of federal law may refer to the USA PATRIOT Act of 2001.
Passage of the act made it easier for government agencies to issue national security letters (NSLs), which compel companies and organizations to hand over metadata related to communications, without a warrant — and with a gag order forbidding the relevant entity from even disclosing that it had been issued an NSL.
Any American company, or any foreign company with operations in the U.S., can be issued an NSL.
"This experience has taught me one very important lesson," Levison concluded. "Without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States."