The Judicial System: NSA’s Key Recovery Service

By Kennard Herfel

Among the global gossamer of controversies concerning the NSA revelations brews a key case involving Ladar Levison, the founder of the encrypted email provider Lavabit. Levison created Lavabit soon after the Congress passed the Patriot Act to preserve citizens’ privacy in online messages.

Last Tuesday, the Fourth Circuit Court of Appeals heard oral arguments regarding the legitimacy of the contempt order placed on Levison for not providing the FBI with the Secure Sockets Layer (“SSL”) key to Lavabit. SSL is security technology that encrypts the links between server, client, and browser. The SSL encryption by Lavabit was likely too elaborate for the FBI to decrypt; thus, the FBI’s SSL request.

When the feds can’t decrypt SSL, like that used by Lavabit, they customarily turn to other methods to obtain the desired information, such as using “backdoor” hardware installation or asking the company to disclose the information or turn over the SSL key. To the extend of public knowledge, a company has never refused to comply with a government request for encryption keys—until Lavabit.

The case began when Edward Snowden—a Lavabit user and most likely the targeted user for the FBI’s investigation into Lavabit—leaked confidential NSA documents last June. The government served Levison with a “pen register” order, requesting real-time access to metadata from the targeted account. Levison refused to comply, concerned that the FBI would perform a dragnet search of Lavabit user accounts. His concern was not unwarranted as there are no definite guidelines for, or clear limitations on, such a search. Levison handed over the SSL key to the FBI only after he was charged with a $5,000 daily fine for non-compliance. Soon after doing this, however, Levison shut down Lavabit with great principled pride—and great monetary loss.

Levison is now challenging the contempt of court order brought against him for his initial refusal to disclose the encryption keys to Lavabit. With the promise of many more confidential documents to be revealed by Snowden and the growing concern around the world of how technology affects our civil liberties, passing time may be Levison’s best ally. The Fourth Circuit’s decision in this case could either mitigate the ease of government spying or reign in a new norm for those concerned with the future of civil liberties and technology.