Ladar Levison founded secure e-mail service Lavabit in 2004. His company garnered international attention when it was revealed to be the preferred provider for Edward Snowden, a former NSA contractor and whistleblower now living in exile in Russia. In July 2013, the American government ordered Lavabit to hand over the SSL keys to the entire website, which would have allowed them to read every single user’s e-mail—not just Snowden’s. Levison complied with the order by printing the keys on paper in a tiny font, which gave him enough time to shut down the service.

He is actively fighting the government in court, and he recently joined forces with another related company, Silent Circle, to create the forthcoming Dark Mail Alliance. Lavabit was designed to protect the privacy of e-mail by allowing users to encrypt messages stored on the Lavabit servers. Once encrypted, an e-mail could only be decrypted with a user’s password.

The system was made to protect messages on Lavabit’s servers from prying eyes. Quite simply, the goal was to remove Lavabit from the surveillance equation. In response to the recently announced Dark Mail Alliance, famed security researcher Moxie Marlinspike penned an op-ed in which he makes a number of interesting points. His arguments are well-reasoned and his contributions to the community are worthy of note, so I feel compelled to respond to his critique of Lavabit’s design. 9     

Leave a Reply