Levison, interviewed by This Week in Tech’s Leo Laporte, says the government forced him to release the site’s secure encryption keys that would have given them access to data flowing in and out of the service from all users – not just a single target. It is believed that Edward Snowden, who continues to leak classified NSA documents to the media, was using the service to communicate with journalists.
Lavabit’s security was more robust than other commercial email providers in that users hold their own encryption keys to email data they store on the company’s servers. Levison (and the government for that matter) could not decrypt data on the Lavabit servers. The keys the government requested from Levison would have enabled government agents to monitor data from any user on his service.
“My particular system was unique in the sense that it was encrypted in and it was encrypted out,” Levison said, speculating that his security model made it impossible for the government to monitor traffic flowing in and out of the service.
Levison was restricted from commenting publicly on the matter until now. In shuttering the service, Levison said to comply with the government request and continue operating would have made him complicit in “crimes against the American people.”
Levison did eventually turn over the keys, but not in a format the government was expecting. Rather than supply them electronically, he printed the key out on 11 pages in small type.
“I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on—the first amendment is supposed to guarantee me the freedom to speak out in situations like this,” Levison wrote in his announcement shutting down the service.
Levison speculates that other email providers have already granted the government access to their systems, using servers that automate the process of serving warrants and turning over specific user data to government agents.