Even after obtaining the encryption keys from secure email provider Lavabit through a court, the government was prevented by the court order and various laws from accessing other Lavabit users' accounts, the U.S. Department of Justice said Tuesday in a filing in an appeal by Lavabit.
The government said in the filing in the U.S. Court of Appeals for the Fourth Circuit that the information it wanted from a single unnamed account was user log-in information and the date, time, and duration of the email transmissions, and dismissed Lavabit's "parade of hypotheticals" regarding unlawful actions the government could take. "Were a government officer to do as Lavabit fears and 'rummage' through other users' communications without authorization, that would be a crime," DOJ wrote.
[ Also on InfoWorld: How secure was Lavabit's 'secure' email? Not very, says researcher. | Also: Silent Circle, Lavabit unite for 'Dark Mail' encrypted email project. | For a quick, smart take on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. ]
Lavabit shut down in August citing an ongoing legal battle it was not allowed to discuss at the point. Founder Ladar Levison said he was shutting down the secure email service rather than become "complicit in crimes against the American people." The government is said to have been looking for email information of former NSA contractor Edward Snowden, who since June disclosed through newspapers certain documents about surveillance programs by the U.S. National Security Agency. The target user name has been redacted in the Lavabit records.
After a majority of the court records in the Lavabit dispute were made public following an appeal by the email provider against the order of a District Court, Levison wrote in October on Facebook that the U.S. government demanded from Lavabit access to all user communications and a copy of the encryption keys used to secure Web, instant messages, and email traffic.
Just as a business cannot prevent the execution of a search warrant by locking its front gate, a provider of email cannot block court-ordered surveillance by refusing to provide necessary information, including encryption keys, DOJ said in the filing.
"That other information not subject to the warrant was encrypted using the same set of keys is irrelevant," the DOJ said in apparent reference to Levison's claim that providing the encryption keys would expose other users' accounts to government surveillance. "All other data would be filtered electronically, without reaching any human eye," the government said in its filing.
"Nothing in the search warrant required Lavabit to shut down," according to the DOJ filing. Nor did the email provider defraud users by complying with the law. Lavabit publicly advised its users that it would comply with valid legal process, according to the court filing.
Lavabit is appealing an order by Judge Claude Hilton of the U.S. District Court for the Eastern District of Virginia, which denied Lavabit's motion to quash the search warrant and later issued a $5,000 per day contempt of court citation, which eventually forced Lavabit to surrender its encryption keys, Levison said.
The Lavabit lawsuit comes in the wake of reports of dragnet surveillance by the NSA of phone records of people in the U.S. and its alleged tapping into the servers of large Internet companies for real-time user content.
The government argues that providing the encryption keys was included under the assistance provisions of the Pen Register and Trap and Trace Device statute which required Lavabit to provide "all additional information, facilities and technical assistance including installation and operation" of the trap-and-trace device.