In 2013, Ladar Levison, founder of the encrypted email service Lavabit, took the defiant step of shutting down the company’s service rather than comply with a federal law enforcement request that could compromise its customers’ communications.
The FBI had sought access to the email account of one of Lavabit’s most prominent users — Edward Snowden. Levison had custody of his service’s SSL encryption key that could help the government obtain Snowden’s password. And though the feds insisted they were only after Snowden’s account, the key would have helped them obtain the credentials for other users as well.
Lavabit had 410,000 user accounts at the time.
Rather than undermine the trust and privacy of his users, Levison ended the company’s email service entirely, preventing the feds from getting access to emails stored on his servers. But the company’s users lost access to their accounts as well.
Levison, who became a hero of the privacy community for his tough stance, has spent the last three years trying to ensure he’ll never have to help the feds break into customer accounts again.
“The SSL key was our biggest threat,” he says.
On Friday, he’s relaunching Lavabit with a new architecture that fixes the SSL problem and includes other privacy-enhancing features as well, such as one that obscures the metadata on emails to prevent government agencies like the NSA and FBI from being able to find out with whom Lavabit users communicate. He’s also announcing plans to roll out end-to-end encryption later this year, which would give users an even more secure way to send email.
The new service addresses what has become a major fault line between tech companies and the government: the ability to demand backdoor access to customer data. Last year when the FBI sought access to an iPhone used by the San Bernardino shooter, Apple couldn’t get into the phone because the security scheme the company built in to the device prevented it from unlocking the phone without the shooter’s password. (Eventually, the FBI found another way to access the phone’s data, ending the dispute with Apple.)
“This is the first step in a very long journey,” Levison told The Intercept prior to the re-launch. “What we’re hoping for is that by the end of this year we’ll be more secure than any of the other encrypted messaging apps out there on the market.”
A number of encryption services and apps make this claim, but Lavabit has a particular claim to fame: It was an encrypted email service that Snowden used before the shutdown.
Snowden told The Intercept that he plans on reactivating his Lavabit account once it relaunches, “if only to show support for their courage.” But he says he can’t speak for the security of the revamped Lavabit before the service is available.
Today’s launch is only for existing users to reinstate their old accounts under the new architecture so they will work with the end-to-end encryption client software when it’s rolled out. Lavabit is asking account holders to log in over IMAP or POP, so their encrypted passwords, usernames, and keys can be regenerated under the new architecture.
Although Lavabit has some 50 million encrypted email messages on its servers belonging to these users, account holders won’t be able to access their old correspondence. Levison isn’t sure if they will migrate old emails to the new platform, since they’re stored in a different data format.
With the new architecture, Lavabit will no longer be able to hand over its SSL key, because the key is now stored in a hardware security module — a tamper-resistant device that provides a secure enclave for storing keys and performing sensitive functions, like encryption and decryption. Lavabit generates a long passphrase blindly so the company doesn’t know what it is; Lavabit then inserts the key into the device and destroys the passphrase.
“Once it’s in there we cannot pull that SSL key back out,” says Sean, a Lavabit developer who asked to be identified only by his first name. (Many of Lavabit’s coders and engineers are volunteers who work for employers who might not like them helping build a system that thwarts government surveillance.)
If anyone does try to extract the key, it will trigger a mechanism that causes the key to self-destruct.
The hardware security module is a temporary solution, however, until end-to-end encryption is available, which will encrypt email on the user’s device and make the SSL encryption less critical.
Once Lavabit becomes open to new users, customers will have three modes of service to choose from: Trustful, Cautious, and Paranoid.
Trustful is aimed at people who don’t have a lot of risk and want ease of use. It works a lot like the old Lavabit, where the email encryption is done on Lavabit’s server.
Users have to trust that Lavabit has designed the system so the company can’t obtain their password and see their communications. For many, Levison’s decision to shut down his business to defy the feds is enough to earn their trust. But Levison and his team have made the code for their server open source, so users can see how it’s designed and verify the architecture prevents the company from learning their passwords.
If someone doesn’t want Lavabit running the server, they can also download the open-source software and install it on a server of their own.
“What other encrypted messaging system allows you to download the server and use it yourself?” Levison asks.
For people who don’t want to trust Lavabit and don’t want to run their own server, Cautious mode will offer end-to-end encryption. This moves encryption off the server and onto the user’s device. It’s designed for people who want more security and the ability to easily use their account on multiple devices, such as a phone, laptop, and desktop computer.
The user installs Lavabit client software on his or her device to generate an encryption key. That key is encrypted using a passphrase the user chooses and is sent to Lavabit where it’s stored. Lavabit can’t access and decrypt it; only the client software on the user’s device can. If the user installs the client software on another device, the client will obtain the encryption key from Lavabit’s server and the user will unlock it with his or her passphrase and import it into the client software, which will use the key to encrypt the user’s email.
Some people who want more security — like activists, journalists, and whistleblowers — might balk at having their key stored on a third-party server. That’s where Paranoid mode comes in. The key for doing end-to-end encryption remains on the user’s device and never goes to Lavabit’s server. But to use another device, the user has to manually move the key to it. And there’s no way to recover the key if the user loses it or deletes it.
All three modes will use another new architecture feature called Dark Mail to obscure email metadata.
Metadata is the transaction data that includes the “to,” “from,” and “subject” lines. It’s generally not encrypted, even when email content is. Spy and law enforcement agencies can draw connections between people and derive information about someone from metadata.
Dark Mail obscures metadata using a design modeled on Tor — the Onion Router. The metadata is encrypted, and the sender’s ISP knows which account is sending the email but not the destination account, only the destination domain. When it reaches that domain, the server there decrypts the “to” field of the email to deliver it to the right account. The destination domain doesn’t know the account that sent the email, only the domain from which it came.
Given the increasingly crowded landscape of encrypted services and apps, it may be hard for Lavabit to stand out. But its most famous one-time user believes it has at least one major advantage.
Lavabit’s greatest offering is “a proven willingness to shut down the company rather than sell out their users, even if a court makes the wrong call,” says Snowden. “That’s actually a very big deal: They might be the only ones in the world that can claim that.”
Top photo: Ladar Levison, poses for a portrait at his home office in Garland, TX, on Tuesday, July 15, 2014.
Commendable, but will not make a difference.
In the United States of America, what’s coming will make all attempts to deny government access to citizens email, messaging, and telephone accounts, illegal, and such illegal activities will subject the “criminal (s) to severe penalties, including prosecution and jail time, using a much strengthened Patriot Act.
Privacy is dead, and buried.
We are doomed! Nowadays, the seemingly unrealistic physical requirements of Quantum computing, have become less and less of an issue.
~
https://en.wikipedia.org/wiki/Quantum_computing
https://en.wikipedia.org/wiki/Superconductivity
https://en.wikipedia.org/wiki/High-temperature_superconductivity
https://en.wikipedia.org/wiki/Antarctic
https://en.wikipedia.org/wiki/South_Pole
The Chinese already set up large stations in the Antarctic. Now, is it also part of the South China Sea?
~
RCL
But how do you protect against something like this. They push it out for weapons detection but of course it could be programmed for many different things.
https://patriot1tech.com/solutions/nforce-data-sheet/
Shazzlemail seems to be quite good
I do have PureVPN subscription which encrypts my all ineternet activities, do I need extra protection as well for my email security or that would be enough?
Definitely you need more. VPN is just secure and private tunnel through bad neighborhood of your local ISP/Sarbucks Wifi. But your email as it safely travels through your VPN has to arrive somewhere and be stored on some server.
After that your VPN does not protect it. You need to use full encryption in your email, communicator and your file storage to build proper layers of security.
If you need any advice – email me or twitt @szewczykrobert
Could it be that there is room for a new private snail mail service dropped in by drones? Although carrier pigeons might be better for the really high level secure mail.
Since this is what they were letting us know about more than three years ago, I wonder if USG/NSA is more amicable now to Lavabit/Ladar Levison because they have easier ways to crack encryption.
~
As Nobel Laureate (in that line of research), David Wineland, points out:
… you can work around the physical and algorithmic constrains of this feasible quantum computer to factorize almost instantaneously very large prime numbers …
// __ UC Berkeley Events (Nov 18, 2013): The Emilio Segre Lecture: Superposition, Entanglement, and Raising Schroedinger’s Cat
youtube.com/watch?v=ZmFC95_qIJw&t=2470
~
No, it wasn’t
What could they possibly mean?
I am yet to see any device that can’t be hacked. Any computer algorithm is a hack anyway
RCL
Great to hear. But I’ve moved on to ProtonMail and am happy with it.
This is an interesting and good news story.
Protonmail.com is better, the servers are in Switzerland. :)
Cept lava bit was a vpn and nor an email service. And lava bit turned it’s encryption keys over by court order. It’s almost like you did no research at all before writing your story. Starting to be the norm out of the intercept
“Paranoid mode”
That sounds like me.
Thanks, Kim , I hope all goes well for the principled Lavabit. I also won’t be surprised when Trumpublicans try creating new anti-constitutional law – prohibiting encryption for everyone but empire’s insiders. Train’s off the rails now.
It is highly unlikely that any people will use it after what happened last time. As long as this is going to be an American company, it is not safe. ProtonMail seems better in many ways. There is a free tier in PM, but not on lavabit. It’s dead, Jim! It’s dead. Lavabit is dead years ago. This is just an attempt to kickstart it again. I’d be glad if it don’t end again. But the end of it is inevitable!
Betchya Lavars legal advisors built a constitutional trap door special made for future NSL requests.
This is indeed good news. (And you can sign up for an account when it is released.)
There is no promise on timing so signing up could be viewed as encouraging the project.
(The creation of a system like this with few involved in creating the specification and coding is a very hard task. Congratulations to all those making this happen.)
Nothing to do with that Islamo-Communist POTUS POS being out of office, I imagine.
One correction to this story: “But Levison and his team have made the code for their server open source, so users can see how it’s designed and verify the architecture prevents the company from learning their passwords.” is not true.
It’s great that Lavabit software will be available for others, hopefully under a free software license that allows everyone to run, share, inspect, and modify the software (software freedom). When that software is published this contribution to our collective software freedom will be worth celebrating in and of itself. This choice should, as the story says, allow users to set up their own system based on this software.
However this won’t allow Lavabit users to “verify [that] the architecture prevents the company from learning their passwords” because there’s no way for Lavabit users to verify that Lavabit is running the software Lavabit publishes. People have reason to trust Lavabit because of Levison’s wise and appropriate choice to shutdown the original Lavabit in light of the pressure he faced, and because of the design choices Levison made for this version of Lavabit. We can choose to take Levison’s word for it, assuming that he’s not lying to us now because he’s never lied to us before and because he appears to be making difficult choices which favor our privacy. But we should recognize that if we believe Lavabit runs the free software they publish is an unprovable assumption on our part.
All cards on the table: I’m a happy contributor to Levison’s legal defense fund.
thank you and as you say: “nullius in verba” is as relevant a guiding principle as ever!
RCL
You would be on the paranoid level I would assume. Still skepticism is a healthy practice these days of the Deep State Fascist Governance.
I can think of one other plus for Lavabit: It isn’t owned by pro regime change (Ukraine for example) billionaire Pierre Omidyar, whose very hands on approach to managing First Look and The Intercept (Jeremy Scahill), otherwise known as allowing full editorial independence for it’s writers (Glen Greenwald) is a plus, evidently, for First Lookers who have opted to stay on with PM despite all of this. Pando Daily has some interesting things to say about this. Google for Ken Silverstein’s opinion as well.
Have we shut up about the wonderful USAID org and the angelic White Helmets, Intercept? Readers should ask why.
Yeah, but it’s in the US =/
Correction: it’s “Pander Daily”, not Pando.
Nice try tho ;)
Personal privacy is the bedrock of liberty. Congratulations to Levison for pushing this next step forward in technology to secure that liberty.
“Eventually, the FBI found another way to access the phone’s data, ending the dispute with Apple.”
That’s not exactly what happened. The FBI launched a high profile battle with Apple, then waited to see where public opinion would be. It was not on there side. That’s when they “found” another way to access the data, and dropped their case.
Can somebody from the NSA tell me what my old account was? It’s been so long I forget.
The party will start any minute…
LEVISON! LAVABIT! YES!
Wallstreet thieves want to gleen and steal your business information; contracts, employees, strategies, vendors and suppliers, advisors, contacts, etc. This is how thieving wallstreet operates. If you are in business or part of a business that is willing to grow, expand, etc, your email security is as valuable as national security.
anyone who says otherwise is either stupid or a thief.
Targeting business leaders and politicians has always been the goal.
See youtube… Gilliland island episode about his mind reading magic seeds
Hmm, let’s see.
– Based in the US (with Trump just sworn in today)
– No end-to-end encryption at launch
– Past track record of misleading users and faulty tech, e.g. https://moxie.org/blog/lavabit-critique/
– Already engaging in security theater with the hardware security module (so instead of handing over the SSL key to the FBI, Lavabit will now have to hand over the HSM instead, lol)
Tell me again why anybody would use this over ProtonMail?
I wouldn’t go anywhere near this even with a 10 foot pole.
A good encryption system or in this case protocol withstands political pressure.
It is designed so that everyone can use it. Did you read the spec?
A new standard like DIME has to be supported by clients and other servers before you can turn it the paranoid and cautious modes on.
If they hand over the HSM and nobody knows the password, how would the FBI or someone else get the key out without triggering the erase mechanism?
They don’t need to get the key out of the HSM, they can just take the HSM, it’s the same thing.
Detailed discussion and write up about Lavabit 2.0 can be found here:
https://www.reddit.com/r/ProtonMail/comments/5pdxva/lavabit_reloaded_does_a_lavabit_is_relaunch_mean/
This is really garbage reporting, the Intercept didn’t bother to independently fact check ANY of Lavabit’s claims, but instead passed them off as fact.
This puts people at risk. It’s disappointing really, I would have thought the Intercept to be one of the sites that still do honest journalism.
A good protocol design and encryption method works regardless of where you run it. The design was made with protection against third parties in mind.
Did you read the spec for DIME?
A new protocol needs to be supported by clients & other mail servers before that.
In the meantime you can still use pgp.
How should “the FBI” or any other interested party get the key out of the module without triggering the erase method?
DIME is a new standard, so everyone is free to implement it, so the exact mailprovider doesn’t matter.
I use ProtonMail. If my understanding is correct, metadata is still exposed, even on encrypted messages. It was unclear if ProtonMail protects my contact list. And lastly, because it is in Switzerland (overseas), I believe the NSA has authority to capture everything sent to or from. Placing Lavabit’s servers in the US would at least be an entirely domestic transaction, which is [supposed to be] protected by warrant requirement. It also promises to hide metadata. And, even if it did neither of those things, I signed up for $30 just to show my support for Ladar and all the crap he had to endure with gag orders and government pressure.
NERDS!!!
More snakeoil.
They should build an couple of dedicated encryption servers as part of their architecture.
LOL.
What you are talking about is a system based on key escrow.
Key escrow encryption systems is the same unencrypted email — but uses more CPU cycles.
AFAIK, the key itself is encrypted, not in a file, and password unknown as it says. How would you get better than that?
I won’t go into the grueling details here. It requires a thorough understanding of the problem.
But as a consolation… I do have THE solution… and the first mofo to write me a check for 10S of Mills gets it.
I might sell it to trump for a dollar if he promises to purge the commies and paedopiles from the usa. Lol
No. I’m talking about a server loaded up with Teslas or Xeon Phi(s) and dedicated to cryptography.
Something like a bitcoin mining system.
Worthless