Thursday 14 November, 2013
The NSA spy program is big news. It seems like every few days new allegations hit the US government agency of its illegal spying activities. There are lots of stories about how it violated privacy laws and even broke its own rules. All of this is costing US cloud service providers a great deal of money as overseas companies choose safer data storage methods.
The NSA got Google, Facebook, Yahoo and other major tech companies to hand over sensitive private customer information but there was one email service provider that chose to close up shop rather than to sell out its customers. This service is called Lavabit.
Lavabit’s Encrypted Email Service
Lavabit was launched in 2004 and at the time it shut down, it had around 350,000 customers for its email service. It was dedicated to protecting the privacy of its users and although this can’t be verified, it is believed to have been used by NSA whistleblower Edward Snowden.
To protect its users’ data, Lavabit used encrypted data for all communications. The company itself did not keep the encryption keys. Only users could decrypt their data because it can only be decrypted with a password. This means that the owner or employees of Lavabit couldn’t read your emails even if they wanted to.
An Attack on Privacy
In June 2013 and then again in July, Lavabit received a court order from the NSA forcing it to participate in the NSA’s spy program. Lavabit rejected the order.
In August, Lavabit was suddenly shut down. The exact reasons were never given and the NSA was never mentioned. Lavabit founder Ladar Levison stated that although the First Amendment guaranteed his right to speak about it, congress had in recent years changed that and he refused to give details for presumably legal reasons.
In a message on his website, Levison said, ‘I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.’
Damaged US Credibility
This is the first case where an email service provider chose to shut down rather than to compromise its users’ privacy. For Levison, this meant the end of a company he built over the last decade. There are reportedly plans to pursue legal action. Another service called Silent Circle shut itself down preemptively although it received no order from the NSA.
New information about the NSA spying reveals it to be much more widespread and extra-legal than most realized, with the US government organization spying on the electronic communications of other countries. This has damaged the credibility of US-based email providers not only domestically but around the world.
Levison’s message ends with a warning about using US-based providers. ‘This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.’