It’s For Your Own Protection

Two small email service providers seemingly committed harakiri rather than comply with US government requests demands  (the term request implies a choice) for information about the contents of their customers data.   Well, actually one of the companies didn’t get a request, but “saw the handwriting on the wall,” and decided to proactively destroy its systems.

According to this NY Times article,

Lavabit, a Texas-based service that was reportedly used by Edward J. Snowden, the leaker who had worked as a National Security Agency contractor, announced the suspension of its service Thursday afternoon. In a blog post, the company’s owner, Ladar Levison, suggested — though did not say explicitly — that he had received a secret search order, and was choosing to shut the service to avoid being “complicit in crimes against the American people.”

Within hours, a fast-growing Maryland-based start-up called Silent Circle also closed its e-mail service and destroyed its e-mail servers. The company said it saw the writing on the wall — while also making it plain that it had not yet received any court orders soliciting user data.

But what caught this reader’s eye was this statement by Bruce Schneider, identified as a cryptographer in the story,

Bruce Schneier, a cryptographer, applauded Lavabit’s decision, pointing out that its self-destruction was made possible because it had no shareholders to answer to.

“Could you imagine what would happen if Mark Zuckerberg or Larry Page decided to shut down Facebook or Google rather than answer National Security Letters? They couldn’t. They would be fired,” Mr. Schneier wrote on his blog. “When the small companies can no longer operate, it’s another step in the consolidation of the surveillance society.”  Emphasis WWTFT

He makes a good point.  While it’s hard to feel sorry for poor little helpless Google, even massive companies like the search giant have to consider the power wielded by the US government.

Not only are these companies between a rock and a hard place, they are even forbidden from discussing the extent and nature of the requests  demands being made by the federal government.

This letter from Lavabit’s CEO appears on the company’s website:

My Fellow Users,

I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on–the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.

What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.

Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC

If it were only Lavabit concerned, one might surmise that this were nothing more than a publicity stunt, or a CEO being overly dramatic.

However, several other companies have requested permission from the government to explain to their customers just what is going on with regard to their privacy.

According to this Guardian article:

Several technology companies that participate in the National Security Agency’s surveillance dragnets have filed legal requests to lift the secrecy restrictions that prevent them from explaining to their customers precisely what it is that they provide to the powerful intelligence service – either wittingly or due to a court order. Yahoo has sued for the disclosure of some of those court orders.

The presiding judge of the secret court that issues such orders, known as the Fisa court, has indicated to the Justice Department that he expects declassification in the Yahoo case. The department agreed last week to a review that will last into September about the issues surrounding the release of that information.

There are few internet and telecommunications companies known to have refused compliance with the NSA for its bulk surveillance efforts, which the NSA and the Obama administration assert are vital to protect Americans. One of them is Qwest Communications, whose former CEO Joseph Nacchio – convicted of insider trading – alleged that the government rejected it for lucrative contracts after Qwest became a rare holdout for post-9/11 surveillance.

And it’s not just telecommunications companies, and email service providers.  According to this recent article on techspot,

The internet is a dark place for privacy advocates these days, and the U.S. federal government continues to pick apart any semblance of privacy users may have been holding onto with the revelation that the feds are demanding that major internet companies turn over users’ passwords.

According to two industry sources familiar with the orders, the government has been making direct requests for user passwords, reports CNET, and some of the orders request both a user’s password, the algorithm used to encrypt it, and the password salt.

Reading the headlines over the past weeks brings to mind the words of Benjamin Franklin in a sentiment commonly expressed by many of the founders,

“Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”