Report — From the May 2016 issue

Unhackable

The quest for an email the government can’t read

Download Pdf
Read Online
( 2 of 6 )

Ladar Levison was working as a systems engineer in 2004, when Google released Gmail, a service that promised a free email account with one gigabyte of storage. He realized, he told me later, that he “could run to CompUSA and set up a free email service that was on par with Gmail and give people one gigabyte, too.” He didn’t originally conceive of Lavabit as a service for political dissidents, but he was interested in user privacy. Unlike big providers such as Google and Yahoo, Levison didn’t want to collect user data for advertising purposes.

“What would differentiate us is we’d build a service that we’d want to use ourselves,” Levison said. “We wouldn’t want our messages profiled. We understood what keyword analysis was. If your buddy was sending messages about trouble with his wife, you wouldn’t want to be seeing ads with divorce lawyers on the right.” He’d only allow random advertising, even though “you don’t make much money that way.” To generate revenue, Levison added an encryption feature for paying customers. At its peak, Lavabit had around 400,000 free users and 10,000 paid subscribers, among them Edward Snowden.

In the spring of 2013, Snowden began leaking NSA documents to Glenn Greenwald and other journalists at the Guardian and the Washington Post. That summer, two FBI agents knocked on Levison’s door with a court order for access to Lavabit’s metadata logs. When he said that he didn’t keep such logs, the agency responded by demanding Lavabit’s SSL keys, long digital codes that would allow the FBI to decrypt user passwords and breach the account of every Lavabit user.

Today, Apple is facing a similar demand from the agency, which would like to unlock the iPhone 5C provided to Syed Rizwan Farook by his employer, the San Bernardino County Department of Public Health. On December 2, 2015, Farook and his wife killed fourteen people and wounded twenty-two in a shooting attack before being shot dead by police.

The government believes there may be some evidence related to the attack on Farook’s phone, which they can’t acquire without Apple’s help. Apple contends that helping in this case amounts to creating a “back door” that could be used on millions of other iPhones. Of course, the world’s most valuable company has more legal resources than Levison, who made a decent but by no means extravagant living. What’s more, Levison’s case was put under seal, precluding him from seeking public support for his defense.*

*Out of respect for user privacy, Levison has never specified the primary target of the FBI’s request, which remains under seal. But in March, the federal government accidentally released an unredacted document confirming that it was Ed_Snowden@lavabit.com.

Levison was aware of some precedents for his predicament. In 2007, Hushmail, a privacy-minded email provider in Canada that was used by NSA whistle-blower Thomas Drake and others, received a court order as part of a U.S. investigation targeting steroid dealers. Hushmail turned over decrypted messages to the DEA, badly damaging its reputation in the hacker community. But Hushmail had faced a targeted request, not a demand to hand over its SSL keys. While Levison had cooperated in the past with investigations of Craigslist scams and other small frauds, he’d never been asked to unmask his entire clientele. As he saw it, he had two choices. He could cooperate with the government — violating his users’ privacy and losing their trust in the process — or he could shut Lavabit down.

No matter the outcome of Apple’s current battle with the FBI, it’s a safe bet that the company won’t opt to close its doors. But on August 7, 2013, Lavabit did just that. Levison closed his email service, and then delivered the now-useless encryption keys to the FBI. The following day, he posted a statement on Lavabit’s homepage:

I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul-searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot.

At the time, Levison figured he’d “take a cushy corporate job,” but he soon discovered that his defiance had struck a chord with privacy advocates. At one security conference he ran into Mike Janke, a cofounder of Silent Circle, an encrypted-communications firm. On the day that Levison announced the closure of Lavabit, Silent Circle preemptively closed its own email service, in anticipation of government meddling. The two men agreed to cooperate on a new, better service. They formally called the venture the Dark Mail Alliance. Since that meeting, Silent Circle has largely focused on telephony security. According to Silent Circle’s cofounder, Phil Zimmermann, securing email communication is much more difficult than protecting telephony. “Phone calls are ephemeral,” he told me. “Emails are around for a long time.”

For Levison, the difficulty is part of the appeal. His goal is to build an email service that can’t be subpoenaed by the FBI — one in which there would be no centralized keys to unlock users’ secrets. To the uninitiated this may sound like a simple project, but Levison faces technological hurdles that the creators of email never anticipated.

You are currently viewing this article as a guest. If you are a subscriber, please sign in. If you aren't, please subscribe below and get access to the entire Harper's archive for only $45.99/year. Or purchase this issue on your iOS or Android devices for $6.99.

= Subscribers only.
Sign in here.
Subscribe here.

Download Pdf
Share
’s article “The Super Bowl! (Of Fishing)” appeared in the April 2013 issue of Harper’s Magazine. He lives in Visalia, California.

More from Paul Wachter:

Get access to 167 years of
Harper’s for only $45.99

United States Canada

THE CURRENT ISSUE

March 2018

The Great Divide

= Subscribers only.
Sign in here.
Subscribe here.

Nobody Knows

= Subscribers only.
Sign in here.
Subscribe here.

The Other Whisper Network

= Subscribers only.
Sign in here.
Subscribe here.

The Infinity of the Small

= Subscribers only.
Sign in here.
Subscribe here.

Empty Suits

= Subscribers only.
Sign in here.
Subscribe here.

view Table Content
Close

Sign up to receive The Weekly Review, Harper’s Magazine’s singular take on the past seven days of madness. It’s free!*

*Click “Unsubscribe” in the Weekly Review to stop receiving emails from Harper’s Magazine.