How the Owner of the Company That Handled Edward Snowden's Encrypted Emails Courageously Stood Up to the Feds' Massive Investigation
The whirlwind that turned Ladar Levison’s life upside down, gave him a possibly pivotal role in the Edward Snowden affair, and has since made him a hero to civil libertarians, began innocently enough in early June.
On June 6, U.K. Guardian reporter Glenn Greenwald unmasked the U.S. government’s secret spying on Internet users by first reporting that the National Security Agency was collecting phone records of millions of Verizon’s customers, despite NSA denials in Congress. On June 7, the Guardian and the Washington Post reported the NSA had an unknown program that tapped Internet giants including Google and Facebook, allowing it to collect data streams including emails, live chats and search histories.
The next day, President Obama defended the surveillance, but then the world met the whistleblower behind the largest expose of American spying in decades. On June 9, speaking from Hong Kong, Edward Snowden, 29, went public and said the NSA had gone too far. The U.S. government, meanwhile, went after Snowden, who disappeared the very next day, June 10—the same day Ladar Levison appeared in the FBI’s bulls eye.
For the next two months, Levison, a 32-year-old Texan who built a small, ultra-encrypted e-mail business called Lavabit, fought an isolated one-man battle with the government to protect his clients’ online privacy, including Snowden's. On June 10, a federal court secretly ordered Lavabit to give the FBI access to everything about Snowden’s email accounts—except, they said, the content of messages—to track and go after Snowden and his team. Levison kept the FBI at bay until early August, just released secret court documents reveal, long after Snowden landed in Moscow and got asylum.
The documents reveal a David and Goliath fight. The underdog—Levison—loses in the end, but not after illustrating the very point that Snowden’s whistleblowing warned about: that the U.S. government could spy on almost anyone via a digital dragnet. “You don’t need to bug an entire city to bug one guy’s phone calls,” Levison told the Times. “They wanted to break open the entire box just to get to one connection.”
Tracking Snowden’s Email
Lavabit was a small email company known inside the technology world for asymmetric encryption, which it claimed could not be cracked by spy agencies. People logging onto accounts had to use a series of public and private keys—alpha-numeric sequences only known to each party. Wired.com reported that Snowden used a Lavabit email account to communicate with electronic privacy activists and journalists.
On June 10, Snowden went underground in Hong Kong after the FBI was rumored to have opened an investigation on him, the media reported at the time. It wasn’t a rumor. That day, in a sealed decision, the U.S. District Court for Eastern District of Virginia, ordered Lavabit to give the FBI all relevant information for an ongoing investigation. It sealed the court order because not doing so would give “targets an opportunity to flee or continue flight from prosecution, destroy or tamper with evidence, change patterns of behavior or notify confederates.”
The FBI apparently knew Snowden had a heavily encrypted email account at Lavabit, although the court documents don’t say how they knew that. The information the first of court orders sought, listed everything they could think of: names, addresses (electronic, residential, business), all phone records, session times and durations, Internet protocol (IP) addresses, phone and computer identifiers, and means of payment. In addition, the FBI wanted user activity records and identifying data for everyone he contacted.
At first, Levison ignored the court order. On June 23, Snowden surfaced in Moscow’s Sheremetyevo airport. Secretary of State John Kerry called him a fugitive and demanded his return. At the FBI, the agents tracking Snowden still wanted access to his emails.