Lavabit Shuts Down For Good
What happens if you have been told by the government to hand over encrypted email information? What if that information is included in the same email service that Edward Snowden used? If your name is Ladar Levinson and you are the owner of Levabit LLC, you shut your service down.
Here's what Levabit had to say when the government came a-knocking:
“I have been forced to make a difficult decision: to become complicit in crimes against the American people, or walk away from nearly 10 years of hard work by shutting down Lavabit.”
That quote comes directly from Reuters this morning, and it is the quote of a man that has stood up against something he felt was very wrong. It's also a quote that few people would have had the courage to give – let alone do. Lavabit was shut down because Levinson did not want to give away user information.
Snowden's Snowball Effect: Lavabit Shuts Down For Good
Aside from the major news coverage that Snowden has received, he has inspired people like Levinson to stand up and say “I'd rather shut down a site I spent my life building than break user trust.” He's also inspired another encrypted email site, Silent Circle's ‘Silent Mail' to shut down.
In a recent Tweet, the CEO of Silent Circle let users know that the encrypted email service would be shut down starting today. He had this to say:
“We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.”
While these companies are making a strong statement by shutting down, they are also letting the world know that there's no fighting the US government. The best course of action, it seems, is to simply shut down encrypted email services.
A Sudden Hush
Could this be the end of encrypted email service? It certainly looks that way. Silent Circle and Levabit may have started a movement. It also begs the question: is it safe to share any kind of information over any service that is based in the United States?
According to Levinson, “this experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
Those are some powerful words. Words powerful enough to cause companies based in other parts of the world to pull contracts from cloud-based hosts, withdraw from using services that are based in the US, and to seek or set up similar services elsewhere. If you own an email encryption service or a cloud hosting company based in the USA, what can you do?
Honesty Is the Best Policy
Really, there are two options here. The first is to shut down your service in order to make a statement. The second is to agree to comply when (and if) the government comes knocking – but don't do so on the sly. Let your users know that you will be divulging information if it is requested. Otherwise, if you are found out, your business will be done for good. A third, perhaps, is to move your operation to another country.
There might be other options, though. Any thoughts on the matter? Let me know in the comments!