Now we know why Lavabit founder Ladar Levison decided to shut down his secure email service, used by Edward Snowden. At the time, all Levison would say was that he didn't want to "become complicit in crimes against American people." According to court documents unsealed on Wednesday, Levison was ordered to turn over the virtual keys to the communications of every single one of the service's users, so that the NSA could monitor the emails of one of his customers, presumed to be Snowden himself.
According to the New York Times, the story begins with the business card of an FBI agent, left on his doorstep, almost immediately after the NSA leaks began to roll out:
When Mr. Levison called the F.B.I. agent who had left the business card, the agent seemed interested in learning how Lavabit worked and what tools would be necessary to eavesdrop on an encrypted e-mail account
The FBI, it turns out, was interested in collecting as much as possible on a single user of his service. That person is without a doubt Edward Snowden, although his name has been redacted from all of the court documents released today. While Levison has complied with orders concerning specific users in the past, the Snowden request was different. The FBI's demands only escalated as Levision began to fight the orders.
The order that eventually prompted Levison to shutter his decade-old company came in the form of a July search warrant. That warrant was itself the result of series of proceedings in which Lavabit was ordered to hand over and decrypt the metadata of Snowden's account, even though the key to do so was known only by Snowden himself. Snowden, as you might have expected, paid extra to obtain an extra secure email account, meaning that not even Lavabit could access his communications. Meeting resistance, the court threatened to hold Leviston in contempt. Then the government asked for everything: “all information necessary to decrypt communications sent to or from the Lavabit e-mail account [redacted] including encryption keys and SSL keys.” That information would give the government access to all of the company's 400,000 users, all for the metadata of one single user.
After unsuccessfully fighting that request in court, Levison complied, but not in a way that would make it easy for the government to use the information: he sent the government a printed-out version of the encryption keys, in 4-point font. He took care to choose a font that was nearly impossible to scan, too. Here's what that document looked like, once scanned:
In other words, the FBI would have to manually type in each numeral from the 2,560-character document by hand. That prompted the government to demand an electronic copy of the keys.
Because that order came with a $5,000 daily fine for non-compliance, Levison did it. And then, simultaneously, he shuttered his site.