Just how secure was Lavabit’s encryption mechanism? Are there any better alternatives that could actually prevent eavesdropping in light of the NSA scandal?
The Snowden saga
Lavabit received media attention in July 2013 when it was revealed that Edward Snowden was using the encrypted email service with the firstname.lastname@example.org address to invite the media, human rights lawyers and activists to his press conference when he was stuck at Sheremetyevo airport in Moscow for 39 days.
The day after Snowden had revealed his identity as the whistleblower to the world, the US government served a court order demanding information on a “customer that was unnamed” under the 1994 amendment, 18 U.S. Code Chapter 121 2703(d) of the Stored Communications Act.
Lavabit’s owner, Ladar Levison, was found in contempt of court after he refused to comply with authorities to hand over encryption keys in an investigation to this unnamed customer, who is thought to be none other than Snowden himself. Levison closed down its service on August 8, 2013.
Contempt of court
Mr. Levison told the news website Ars Technica: "I haven't read the court's opinion, nor sought advice from lawyers on any possible legal strategy, so that is still pending.” Levison could also appeal this latest decision in a higher court.
The contempt ruling was initially issued because the government told Lavabit to hand over the private SSL keys in typical industry standard electronic format within three days. Levison complied but handed over 11 printed pages listing keys that were in a tiny font, which were practically unreadable.
Afterwards, Levison was given a new deadline of three days to provide the keys in an acceptable industry standard electronic format, to which he also complied but appealed the contempt of court charge.
Back in January, Levison stated that he was working on a new secure email service:
"I just feel that the ability for individual law-abiding citizens to communicate privately without a fear of government surveillance is so important, and the courts and the politicians so naive, that the only way to ensure that we retain this ability to communicate privately is to come up with a long-term technical solution,” he said.
Was Lavabit really secure?
Interestingly enough, some cryptographic experts have debated whether the Lavabit service was secure at all. For example, Moxie Marlinspike, a well-known expert in the world of cryptography, argues that Lavabit’s security was a facade and published a critique of Lavabit's architecture on his personal blog.
“The system relied on SSL for security in transit between the user and server, but once at the server the email and password were in the clear. The cryptography was nothing more than a lot of overhead and some shorthand for a promise not to peek. Even though they advertised that they 'can't' read your email, what they meant was that they would choose not to.”
Marlinspike also shed light to why the feds wanted Levison to hand over the private SSL keys:
“The NSA had probably already collected the encrypted traffic from the site and needed the keys to decrypt it after the fact. If this is true, then they would still be interested in the keys even if the site were shut down. I haven't heard that Levison surrendered the keys (except once as an unreadable printout in a tiny font), so something there still doesn't add up.”
To sum up, the ciphertext, keys, and passwords are stored on a server that is completely controlled by it without the client having the ability to verify them. Hence, there is no possible way of proving or disproving that the information was being encrypted, although that might not even matter at this point.
Paging Mr. Snowden