Lavabit case highlights legal fuzziness around encryption rules

While privacy advocates may see Lavabit as bravely defending U.S. privacy rights in the online world, federal judges hearing its appeal of contempt-of-court charges seem to regard the now defunct encrypted email service as just being tardy in complying with government court orders.

Attorneys from both Lavabit and the U.S. government agreed that the legal issues between them could have been resolved before heading to court, though neither party seemed to have an adequate technical answer of how Lavabit could have successfully passed unencrypted data to a law enforcement agency in order to meet the governments demands.

Three judges from the 4th U.S. Circuit Court of Appeals in Richmond, Virginia, on Tuesday heard Lavabits appeal of a contempt-of-court ruling, which it had incurred for not turning over to the government unencrypted data of a single user, presumably Edward Snowden.

Judges Roger Gregory, Paul Niemeyer and Steven Agee presided over the hearing.

For the proceedings, the judges actively listened to and questioned the arguments of both sides, though they seemed wary of turning the case away from the specifics of why Lavabit did not comply with court orders to turn over data on one of its users, and towards the larger issues that Lavabit raised in its highly publicized defense of what scope the government should have over those parties who hold SSL (secure socket layer) keys to encrypted data.

The case had been blown out of proportion with all these contentions, particularly around the use and possible misuse of the SSL keys, Niemeyer said. Theres such a willingness to believe that the keys will be misused and that the government will spy on everyone, he said.

Gregory had stated that the encryption issue was a red herring, one that drew attention away from Lavabits non-compliance.

The judges had noted that the case revolved around the validity of court orders, rather than the statutes that provide the basis for the court orders.

In June of last year, secure email service Lavabit was issued a court order to set up a U.S. Federal Bureau of Investigation pen trap in order to collect all routing data for one of its customers, thought to be Snowden. Snowden had just come to international attention for leaking classified documents from the U.S. National Security Agency. According to reports, he had used the service to alert the media of a press conference he was about to hold.

A pen trap is software that records all routing, addressing or signalling information between electronic communications, in this case email. Before the judges, Lavabit attorney Ian Samuels argued that Lavabit founder Ladar Levison agreed to set up the pen trap; the company had complied to at least one other similar court order in the past.

Link:
Lavabit case highlights legal fuzziness around encryption rules