'I used to think US best country for privacy and freedom' - Lavabit founder
Our guest today calls himself a strict constitutionalist. His business suffered in the wake of the NSA leaks scandal because the service he provided was used by the person now most wanted in the US - Edward Snowden. We talk to Ladar Levison, founder and owner of encrypted email service Lavabit.com, who says all he cares for is the privacy and the trust of his clients.
Sophie Shevardnadze:Our guest today is Ladar Levison, founder, owner and operator of the Lavabit encrypted mail service. Good morning to you, but good evening from us, great to have you on this show today. Your service was barely known before the scandal with Edward Snowden. Do you appreciate the public attention now that it allows you to put some of your ideas forward, or would you rather never have had to deal with it?
Lavabit: I think I would have rather never deal with this. I was quite happy running a small business. We were successful enough so we didn’t have to worry about survivability anymore, my primary concern at the beginning of this summer was upgrading the systems, modernizing our servers, deploying a new version of our domain – the problems that businesses like mine would normally face. And now, all of the work that I’ve put into my system over the last 10 years is for naught. The only thing I can hope is that something positive will come out of all of this.
SS:But like you’ve said, your business is small, so for those who may not know it yet – in simple words, what is Lavabit?
LL: We were an email service that was focused on privacy and security and we tended to cater towards heavy e-mail users. We were one of the first services to offer POP-access, one of the first services to offer IMAP-access, and by that I mean free POP and free IMAP access, we never had very strong webmail offering, so we really catered to people who like to do email on their desktop with an application like Thunderbird Outlook.
SS:It’s widely known that the authorities were looking for Snowden’s email on Lavabit. Did you have any contact with your client before or after the case started?
LL: Well, I didn’t have any contact with him after the case started. That would’ve been illegal.
SS:But what was before?
LL: I believe I did send him one email several years back as the result of a support inquiry. But of course, I didn’t know him personally.
SS: But right now, because Snowden’s name is so huge, do you like the fact that your name is linked with Snowden’s story.
LL: I don’t dislike it. Honestly, I don’t really have an opinion on that, it is what it is. Neither of us can do anything about it, we’re just reacting to the world around us.
SS:Ladar, could you ever have imagined that ten years of your work would be ruined once you would refuse to cooperate with the Feds?
LL: No. I didn’t think it would ever come to something like this, I thought if there was any country in the world that a free, secure and private email service could operate without interference from the government, it would be the U.S. And I was, of course, sorely disappointed, when I started interacting with federal agents, and started listening to what they wanted to do.
SS:You chose to shutdown Lavabit, not to compromise your customer’s date. How safe is it now from government getting its hands on it?
LL: It is as safe now as it was when the company was operating. Users who had encrypted storage – their data can’t be accessed without their password. Of course, most of our free users didn’t have that. If the Feds came along and demanded the data on the specific account, there’s nothing I can do but turn over the data for that specific account. The issue that I had was what the government wanted to do was monitor everyone on the system, not just one or two or three people.
SS:So it wasn’t just Snowden, they wanted everyone’s data?
L: They wanted access to everyone’s information and that was the problem I had.
SS:But why? Did they ever explain themselves? I mean, it’s obvious why they would want Snowden’s information; he’s in hiding, but why would they want access to everybody’s information?
LL: Because that the only way they could get access to the accounts that were under investigation was by demanding the SSL keys, unwrapping the encryption that was protecting all of the connections coming into this system, and, in theory, isolating the ones of interest. But what was interesting about this whole process is that they were completely unwilling to provide any transparency back to me. They were completely unwilling to prove that they were only going to be collecting information on a handful of accounts. So, all I’m left to do is to assume that what they really wanted to do was collect information on everyone’s accounts.
SS:But what exactly did they tell you?
LL: They told me that they would be collecting metadata, content, passwords and any other information of interest to their investigation.
SS:I was going to ask you – wasn’t it just easier to give access to the one account instead of shutting down the whole thing, but now I’m realizing they wanted the whole thing, right?
LL: That’s precisely the problem. If they have been able to tailor their request to the specific account, I wouldn’t have any problem with it. The issue is – the way my system is designed, I couldn’t access the account that they wanted to access, so they decided to break open the entire system, and compromise its security just so they could access – in theory – a handful of accounts.
SS:So, are you saying that even if you wanted to hand down Snowden’s account information, you couldn’t, because you couldn’t access it yourself anymore?
LL: That was the way the system was designed. Once the data was on the server, it was secured by the user’s password.
SS:So then it means you really had nothing to offer?
LL: That’s what I thought, and I didn’t have anything to offer on the accounts that were under investigation. So, what they decided to do was to demand these SSL private keys, which belonged to my business, not the user, and use them to decrypt all the information coming in and out of my network, regardless of whom it belonged to.
SS:Did you give them the keys?
LL: I was forced to. But I also shut down my business, when I was forced to do that.
SS:So there is no way they could actually access the accounts even if they had the keys right now?
LL: In theory, that’s correct. What we don’t know is whether or not they were recording the encrypted information that was coming in and out of the network before I shut down. If that was the case, then they could have gone back and retroactively access that information once they had the keys.
SS: Now, with the shutdown of Lavabit, did you warn your customers, did they have the chance to do something about their accounts? Or have they basically lost any control over whatever they had?
SS:Did any of your customers try to contact you?
LL: Yes, several customers tried to contact me both before I shut down and directly afterwards.
SS:I was speaking to John McAfee recently and he told me that if he were Google, he would do exactly the same thing. Do you blame Google and others for selling out, what would you do?
LL: I think Google has a very different situation, they have shareholders to answer to, they have a board of directors to answer to, and they’ve got hundreds of millions of customers. Shutting down their service would take a lot more than simply the decision of one or two people. And, unfortunately, I don’t think they can build the necessary consensus to shut down their service. One of the decisions I made very early on in my business is not go out and seek venture capital. I didn’t want to have to give up controlling interest in the company, because I didn’t want somebody else to come in and decide that I should sacrifice the philosophy of the company in order to make a profit. And it was because I made that decision and decided to grow the business the hard way, to grow it organically, that when the time came I was able to make the decision to shut down.
SS:My guess is “No”, but I’ve got to ask – do you trust your personal information to the un-encrypted services, any of them?
LL: I don’t trust my personal information to encrypted services, if I don’t have to, let alone un-encrypted ones.
SS:Your note on the shutdown website reads: «defending the constitution is expensive». You know, it’s kind of ironic that you fight a case for justice in a country that prides itself over its justice system.
LL: There is a great deal of irony here. You have to remember that the people on the other side of the courtroom from me all swore an oath to uphold the constitution. And, yet, here I’m trying to remind them of their wrong duties.
SS:But where you’re at in your court case right now?
LL: We’ve filed the opening brief in our appeal, and we’re currently awaiting the government response which we expect to come in about a week.
SS:You have set up an encrypted service, it’s now suspended and you have to face the legal system. Is that what awaits every encrypted system in the country? Is this a war on privacy?
LL: Yes, that’s precisely what it is. And it’s not necessarily a war on privacy, it’s a war between security and privacy, it’s a war between law enforcement agencies that have a need to conduct surveillance in an effort to stop and catch criminals - against an industry that is trying to make secure products, products that protect people’s private information from criminals.
SS:So, do you feel like all encrypted services will be shut down?
LL: No, I don’t think all of them will be shutdown but I think that number of them have faced and will continue to face the same type of pressure that my company faced. It’s a question of who in our country is willing to sacrifice their business rather than compromise its principles. It’s kind of a disturbing issue because this entire battle over which companies are being forced to do what, and precisely what they being forced to do, is taking place in secret. So, we don’t even know as a society what companies have been asked and whether or not they’ve been able to stave off the demands of the government in court.
SS: Ladar, do you feel threatened, because, hey, you are wrestling with the big guys?
LL: I definitely felt threatened when I was in the midst of trying to prevent them from getting a hold of my SSL-keys, I was threatened with arrest, I had to go to extremes; I have a small dog that lives with me, I had to send her over to a friend’s house because I was afraid they would break down my door and arrest me, and there would have been nobody to take care of her. You know, I was losing sleep at night; it was certainly very stressful position to be in. I think the issue has changed a little bit at this point, I no longer have a running service, so I’m not longer of interest to the government, and coupled with the fact that all of the media attention has given me a certain measure of protection as well.
SS:Well, I have two questions. First of all, you don’t fear anymore being arrested, right, from what I understand?
LL: Not at the moment, as long as I don’t do something incredibly stupid.
SS:And as far as the media attention goes, do you feel like you’ve got enough coverage in the mainstream media?
LL: I think the issue of privacy, the issue of surveillance hasn’t gotten enough coverage in the mainstream media. I think the majority of Americans don’t know what’s going on, don’t understand the significance of what has come out this summer. I don’t think it’s necessarily that they need to hear about me and my story because Lavabit is one small piece of a much larger puzzle. But what I do think mainstream America needs to hear about and understand is just to what lengths our government is going to conduct surveillance, just how much information they are actually collecting and storing in some cases for years. You know, these are very significant problems; these are the types of issues that can doom a democracy like ours. And I just hope that some of the information that has come out this summer will prompt the necessary changes to prevent that from happening.
SS:You really think an average American doesn’t understand at this point that everyone is being listened to. I mean, I don’t know about American coverage, but the NSA leaks have been the top news story all over Europe, Russia and the entire world - you really think an American person doesn’t understand the importance, the significance of the NSA leaks?
LL: Well, just to touch on your question about American coverage. It has been an important story here in the US, but it’s the type of the story that will be on the front pages for a day, and then fall off to the back pages and quickly be forgotten. Some of that has to do with the job that the White House is doing in terms of spin control and deflecting attention on other issues like the debt crisis, and the budget, and Syria. So, I definitely don’t think it’s been on the consciousness of mainstream America the way it has in countries like Russia or Germany. In terms of mainstream Americans understanding the issue, I think there is a divide and it has a lot to do with age. I think people under the age of thirty here in the US generally understand what’s going on and understand the significance. I think people over thirty, you have a much smaller percentage that seem to get the significance of what’s going on. The only thing I can posit is that it could be the Facebook generation conducts far more of their life online and therefore understands just how much information is collected. So, they realize the significance far better as to what’s going on and why it’s wrong. It’s unfortunate, because most of the people in control, most of the people in power are over thirty, and those are the people we need to convince if we want the system to change.
SS:But it’s kind of crazy because I remember living in America during 09-11 and I remember the drastic changes in the life of Americans before and after - because everything was, you know, about security – being scanned, being, you know, listened to, tapped, but they were ok with it then because there was a terrorist threat, right? So, one would think that after the NSA leaks there would be a ‘before’ and ‘after’ as well, but from what you’re saying not much has changed in a life of an average American after these leaks, right?
LL: Yes, to my knowledge nothing has changed, it’s still business as usual at the FBI and the NSA.
SS:I’ve heard in one of your lectures you said that the government officers that you had to deal with were offended by your distrust of them. So, you described them as people fully confident in the trust of the American people, but what if they are right and they do have to trust of most of Americans?
LL: Sophie, what I think is very important to remember is that our Founding Fathers realized that even if we trust the people in power now we shouldn’t be forced to trust the people in power tomorrow. Our system of government was designed specifically so that we wouldn’t have to trust our government that a government would govern with the consent of the people. Well, how can we as people consent to activities that we don’t know about. That’s why the issue of transparency and the issue of secrecy is so important. It would be a very different story if we knew this type of surveillance was going on and we as the society decided to accept it, but we haven’t. In fact, we’ve done the exact opposite, every time the issue has come up we’ve decided as a country that it is far more important for us to have privacy and our freedom to associate than it is for government to conduct surveillance and as result what’s happened is law enforcement and the National Security Agency has gone behind a collective backs and try to accomplish this using the courts in secret. And that’s truly what the issue is. They’ve broken whatever trust and violated whatever trust we may have had, and that’s a real issue. And they are going to have to earn that back the hard way.
SS:Ladar, I know that you’re collecting money. How much money have you managed to get at this point for your legal case? And is this money enough or do you have to raise more?
LL: We’ve raised over $250,000 for the fight and we’ve spent a pretty good portion of that – at least, well, over $100,000 on it, just on this first round of appeals. So, the real question is how far will we have to take this fight? If we have to end up going to the Supreme Court and I truly think that we will, then we certainly will have to raise more money.
SS:How much more money are we talking about?
LL: Well, my legal team tells me a Supreme Court case typically costs between 250,000 and 500,000 dollars to litigate.
SS:Do you know the people who gave the money to this cause?
LL: I know handful of them but most of the donations have been small - between 5-10 and 25 dollars. We’re literally talking tens of thousands of people have stepped up and donated whatever they could, not because they know me personally, not because they feel sorry about my business while at least some of them do, but because they believe in what I am fighting for, and they realize just how important it is. And they want to make sure that my team has the resources it needs to win. This is one of those battles that just too important to give up on, and dare I say too important to lose.
SS:Now here is a question that I picked up from online: why don’t you use bitcoin for fundraising?
LL: You know, that has been suggested, I just didn’t use bitcoin before I shut down so I haven’t really gone through the process of setting up a bitcoin wallet and going through that process, but I think it’s an excellent idea. You know, if I shut down my service again I probably would post a bitcoin link.
SS:Are you planning to resume the work on the Internet after the case is closed?
LL: If I’m victorious I plan to resume the Lavabit service and continue working in information technology. If I lose I will probably turn the business over to somebody who lives in a country that still respects freedom and privacy, and wash my hands of it. Maybe trying become a farmer or an actor, switch to a business that doesn’t involve computers and technology.
SS:Do you have any countries in mind?
LL: Yes, my legal team looked into moving the system to Iceland, or Switzerland, or even in the Bahamas. We decided against it in the end, because if I want to continue running the service as an American, I could still be subject to US jurisdiction, and I could end up being put in the very difficult position of having the choose between breaking US law and breaking the laws of the country where the system is hosted. So, I felt in that situation the best thing I could do would be to keep the service shut down and open source the code, because if there can’t be a Lavabit, hopefully there can be a hundred Lavabit-like services for people to choose from.
SS:Ladar, thank you very much, hopefully you will win, so you don’t have to turn to acting or farming and just stick to something that you love doing and you’re very good at. That’s it for today, folks. Thanks for watching, that was Ladar Levison, founder and owner of Lavabit. And we will see you on the next edition of Sophie&Co.