Failure to hand over encryption keys could land Lavabit founder Levison with hefty fines
Lavabit, the email service once used by whistleblower Edward Snowden, has lost an appeal against a contempt of court ruling that he delayed the US Government’s attempts to gather information by refusing to hand over encryption keys. the email service, which has since closed, was eventually forced to comply anyway.
The US government asked for SSL keys to look at the metadata (dates and other details of communications) for a specific Lavabit user, believed to be Snowden, The service’s founder Ladar Levison at first refused, and when forced to comply, provided the keys printed in a tiny typeface.
The court ruled that Lavabit had not followed correct procedures in its initial hearings, and had not raised a specific challenge to the district court’s authority under the so-called “pen/trap statute”. Levinson could now be fined for contempt.
Little Lavabit love
“Levison’s statement to the district court simply reflected his personal angst over complying with the pen/trap order, not his present appellate argument that questions whether the district court possessed the authority to act at all,” read a statement from the fourth US circuit court of appeals Judge G Steven Agee.
“Arguments raised in a trial court must be specific and in line with those raised on appeal.”
The case stems back to June last year, when the US government sought to acquire private keys for SSL encrypted traffic of a specific Lavabit user, thought to be Snowden. Officials sought to put a tap on the communications of that target to collect metadata.
Levison, when approached by FBI officials, refused to hand over the keys, which eventually led to the contempt of court charge.
According to the court filing denying his appeal, Levison suggested he could provide the content the government was after, rather than using their interception tools. The government decline the offer, saying it needed real-time acquisition of the target’s data.
A device to intercept traffic was installed as part of the pen/trap order, but could not gather usable information as the encryption keys had not been provided.
Officials did eventually get the keys in August 2013, however. “The government sought penalties of $5,000 a day until Lavabit provided the encryption keys to the government. The district court granted the motion for sanctions that day. Two days later, Levison provided the keys to the government. By that time, six weeks of data regarding the target had been lost,” the court ruling read.
Levison could now be fined thousands of dollars.
Are you a pedant on privacy issues? Try our quiz!