Lavabit’s Ladar Levison asked the right question, but he did it in the wrong place and way too late.
“How as a small business do you hire the lawyers to appeal this and change public opinion to get the laws changed when Congress doesn’t even know what is going on?” Mr. Levison said.
Now, he’s no longer a bit player in the secure e-mail industry, but a privacy hero, a government target and a guy without a job. Before Edward Snowden became a public enemy, he used Lavabit, a fledgling company that took years to generate enough revenue to let Levison quit his day job.
Mr. Levison, who studied politics and computer science at Southern Methodist University, started Lavabit in April 2004, the same month Google rolled out Gmail. To pay his bills, he worked as a Web consultant, helping develop Web sites for major brands like Dr Pepper, Nokia and Adidas. But by 2010, the e-mail service had attracted enough paying customers to allow Mr. Levison to turn to Lavabit full time.
And then he met the government, which had some “requests” of him. It came out when the requests related to Snowden, but by that time, Levison wasn’t a virgin.
Mr. Levison was willing to allow investigators with a court order to tap Mr. Snowden’s e-mail account; he had complied with similar narrowly targeted requests involving other customers about two dozen times.
But having broken the wall of privacy, the government wanted more. The government always wants more.
But they wanted more, he said: the passwords, encryption keys and computer code that would essentially allow the government untrammeled access to the protected messages of all his customers. That, he said, was too much.
The New York Times reveals as much of the backstory as Levison is now allowed to reveal, and it’s an ugly story all around.
He had been summoned to testify to a grand jury in Virginia; forbidden to discuss his case; held in contempt of court and fined $10,000 for handing over his private encryption keys on paper and not in digital form; and, finally, threatened with arrest for saying too much when he shuttered his business.
It’s not that he refused to hand-over the encryption keys for the secure e-mail accounts in Lavabit’s stable, but he tried to game the government by doing it on paper rather than digitally.
When it was clear Mr. Levison had no choice but to comply, he devised a way to obey the order but make the government’s intrusion more arduous. On Aug 2, he infuriated agents by printing the encryption keys — long strings of seemingly random numbers — on paper in a font he believed would be hard to scan and turn into a usable digital format. Indeed, prosecutors described the file as “largely illegible.”
For this, he was sanctioned $5,000 a day, and he caved in two days. As the quote that starts this post questioned, what else could he do? He was represented by Virginia small business lawyer Jesse Binnall, a 2009 grad of George Mason Law School, who was thrust into one of the most difficult situations possible, defending a client caught between the government’s rock and a hard place. It was a place he shouldn’t have been.
For all the glorious claims of transparency, availability, freedom of information used to justify the worst and lowest use of the internet, Levison’s question is infuriating. How can he, and so many other young, smart and savvy people be so monumentally clueless when it comes to managing the nexus of technology and law?
This matters because they are screwing up the world for the rest of us, for everyone.
Choices being made by the tech-savvy and law ignorant are creating the precedents, while destroying themselves, that form the foundation for computer law going forward. We may be saddled with bad law for decades, forever, because of poor, thoughtless, immature, decisions. This is where the future of internet privacy dies.
The answer to Levison’s question at the top of this post is to start by reaching out to lawyers competent to handle the representation in the first place, and at each subsequent stage as need be. What the hell was he thinking? I will avoid the nearly irresistible compulsion to compare the hundred calls I’ll get this week to find out if I can handle a public urination case in Peoria with Levison’s decision to place his life, and Snowden’s, and potentially the future of secure email communications for everyone on the entire friggin’ internet, in the hands of a kid lawyer who has zero experience dealing with the feds.
We need smarter heroes. We need heroes who won’t squander the opportunity to get something right. If this doesn’t change, fast and hard, it is not going to end well for any of us, as we will be saddled with a state of law where the government runs roughshod over anyone and everything that stands in its virtual way.
And when the tech-savvy grow up and come to realize how they screwed it all up, for themselves and everyone else, we will be facing egregious precedent, fighting again the uphill battle to undo the damage caused by the early targets and the weakest links.