Lavabit has filed its first brief in the 4th U.S. Circuit Court of Appeals in its landmark privacy case. Lavabit, is a secure email provider the same provider that was used by Edward Snowden the NSA whistleblower.
The first of what is expected to be many briefs reveals more details of Lavabit’s resistance of an 'aggressive’ government investigation. The company’s founder, Ladar Levison, shut down instead of complying with a July 16 government order to release its private SSL keys to its encryption. Lavabit says if it were to hand over its keys, its 40,000 users would be exposed as authorities sifted through their data to find anything useful they could use against Snowden.
In the brief, Levison appealed the court order. A government response is due by Nov. 4. Lavabit defends its stand to not hand over the keys in the brief, saying the keys “were not contraband, were not the fruits of any crime, were not used to commit any crime, and were not evidence of any crime.”
The new brief is 44 pages long and argues that the pen register statute does not give the U.S. government authorization to seize its services keys, nor does the Stored Communications Act. The company stated that the Fourth Amendment protects the company against the access of its users’ data.
The brief states, “The Fourth Amendment insists that a warrant name particular things to be searched; a warrant that permits open-ended rummaging through all of Lavabit's communications data is simply a modern-day writ of assistance, the sort of general warrant that the Fourth Amendment was ratified to forbid."
According to Lavabit, government officials forbade the company from telling anyone that it had compromised its security. The brief states that government officials "insisted that all of those parties be affirmatively misled into believing that the system remained secure against exactly the kind of secret monitoring that the government was proposing."
In the brief, the company also reveals that it offered to hand over the targets’ "login and subsequent logout date and time, the IP address used to connect." They also offered to release “non-content headers" from any future emails sent or received by the 'targets’ account.
Government officials declined the offer and demanded that the company give them real-time access to the so-called targets’ data.
Recently, GoDaddy canceled its SSL key used by Lavabit to encrypt its 400,000 subscribers' email communications after Levison publicly stated that he was forced to provide a copy of the key to the FBI.
GoDaddy spokesperson Elizabeth L. Driscoll recently told Forbes, "We revoked all of the SSL certificates we were able to associate with Lavabit. We're compelled by industry policies to revoke certificates when we become aware that the private key has been communicated to a third party and thus could be used by that party to intercept and decrypt communications.”
Edward Snowden’s use of Lavabit was revealed on July 11, when a journalist received an email invitation to a press conference at the Moscow Sheremetyevo airport from "email@example.com."
Edited by Alisen Downey