The founder of an encrypted e-mail service reportedly used by former government contractor and National Security Agency whistleblower Edward Snowden says federal agents installed surveillance equipment on his company’s servers shortly after the Snowden leaks began.
In his first public statement, Lavabit founder Ladar Levison says two government agents showed up at his house within days of the Snowden leaks with a court order “requiring the installation of surveillance equipment on my company’s network.”
The equipment, Levison wrote, granted the government unfettered access to the activity of Lavabit’s 410,000 users, including “access to all of the messages — to and from all of my customers — as they travelled between their email accounts other providers on the Internet.”
“I had no choice but to consent to the installation of their device,” Levison wrote.
The account, which Levison wrote for The Guardian this week, offers a rare glimpse into the turbulent relationship between an American tech company and federal agencies at the center of clandestine surveillance programs that gather billions of Internet, e-mail and telephone records on citizens around the world.
The unauthorized disclosure of thousands of classified documents by Snowden last summer revealed secret programs operated by the NSA in which American phone companies had been forced to hand over the phone records of every American citizen for years. Another program, called PRISM, revealed how the same agency had worked with nine American technology companies — Apple, AOL, Facebook, Google, Microsoft, Paltalk, Yahoo and others — to gather mass amounts of customer information, including data related to e-mail and instant messages.
The American technology giants went on the defensive last year, refuting claims that federal authorities had unfettered, direct access to their data servers. Many of the companies claimed to only hand over customer information pursuant to a warrant or other court order.
Levison’s story reveals how federal authorities are able to — at least in his case — obtain a court order that allows the indiscriminate collection of all Internet traffic from a company. Levison doesn’t say what the surveillance equipment was, nor did he acknowledge whether agents actually installed the device.
Levison complied with the court order until federal agents asserted that the order required him to turn over the private encryption keys for his service. The encryption keys, Levison wrote, would allow federal agents to read in plain text e-mail messages that were otherwise scrambled when they were sent from one user to another.
Levison sought the advice of an attorney, found one who would be willing to represent him and challenged the issue in court. He eventually handed over the encrypted keys to the government on several pieces of paper in which the keys were printed in tiny letters. He also decided to shut down Lavabit instead of subjecting his 410,000 customers to government surveillance.
“What ensued was a flurry of legal proceedings that would last 38 days, ending not only my startup but also destroying, bit by bit, the very principle upon which I founded it — that we all have a right to personal privacy,” Levison wrote.
Media reports suggest that the feds’ targeting of Lavabit was intended to monitor e-mails sent to and from Snowden, who is now living in Russia under political asylum. Levison has never acknowledged that Snowden was the target or that the whistleblower ever used the service.