Secrets, lies and Snowden's email: why I was forced to shut down Lavabit

[Jeffrey Walton <noloader () gmail com>]

http://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email

My legal saga started last summer with a knock at the door, behind
which stood two federal agents ready to to serve me with a court order
requiring the installation of surveillance equipment on my company's
network.

My company, Lavabit, provided email services to 410,000 people –
including Edward Snowden, according to news reports – and thrived by
offering features specifically designed to protect the privacy and
security of its customers. I had no choice but to consent to the
installation of their device, which would hand the US government
access to all of the messages – to and from all of my customers – as
they travelled between their email accounts other providers on the
Internet.

But that wasn't enough. The federal agents then claimed that their
court order required me to surrender my company's private encryption
keys, and I balked. What they said they needed were customer passwords
– which were sent securely – so that they could access the plain-text
versions of messages from customers using my company's encrypted
storage feature. (The government would later claim they only made this
demand because of my "noncompliance".)

Bothered by what the agents were saying, I informed them that I would
first need to read the order they had just delivered – and then
consult with an attorney. The feds seemed surprised by my hesitation.

What ensued was a flurry of legal proceedings that would last 38 days,
ending not only my startup but also destroying, bit by bit, the very
principle upon which I founded it – that we all have a right to
personal privacy.

In the first two weeks, I was served legal papers a total of seven
times and was in contact with the FBI every other day. (This was the
period a prosecutor would later characterize as my "period of
silence".) It took a week for me to identify an attorney who could
adequately represent me, given the complex technological and legal
issues involved – and we were in contact for less than a day when
agents served me with a summons ordering me to appear in a Virginia
courtroom, over 1,000 miles from my home. Two days later, I was served
the first subpoena for the encryption keys.

With such short notice, my first attorney was unable to appear
alongside me in court. Because the whole case was under seal, I
couldn't even admit to anyone who wasn't an attorney that I needed a
lawyer, let alone why. In the days before my appearance, I would spend
hours repeating the facts of the case to a dozen attorneys, as I
sought someone else that was qualified to represent me. I also
discovered that as a third party in a federal criminal indictment, I
had no right to counsel. After all, only my property was in jeopardy –
not my liberty. Finally, I was forced to choose between appearing
alone or facing a bench warrant for my arrest.

In Virginia, the government replaced its encryption key subpoena with
a search warrant and a new court date. I retained a small, local law
firm before I went back to my home state, which was then forced to
assemble a legal strategy and file briefs in just a few short days.
The court barred them from consulting outside experts about either the
statutes or the technology involved in the case. The court didn't even
deliver transcripts of my first appearance to my own lawyers for two
months, and forced them to proceed without access to the information
they needed.

Then, a federal judge entered an order of contempt against me –
without even so much as a hearing.

But the judge created a loophole: without a hearing, I was never given
the opportunity to object, let alone make any any substantive defense,
to the contempt change. Without any objection (because I wasn't
allowed a hearing), the appellate court waived consideration of the
substantive questions my case raised – and upheld the contempt charge,
on the grounds that I hadn't disputed it in court. Since the US
supreme court traditionally declines to review decided on wholly
procedural grounds, I will be permanently denied justice.

In the meantime, I had a hard decision to make. I had not devoted 10
years of my life to building Lavabit, only to become complicit in a
plan which I felt would have involved the wholesale violation of my
customers' right to privacy. Thus with no alternative, the decision
was obvious: I had to shut down my company.
...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.