Wow. Even for The Guardian, that's an amazingly misleading lede (can I trademark 'mislede'?) What he did was propose a way that he could comply with the legal order that he was given in a way that would minimize the exposure of his clients, rather than the absurdly broad fishing expedition that was demanded. He also noted that in order to comply with the order, he would need to do extra work and that he should be compensated for that work (and $3500 for a custom coding job is hardly extravagant).
The Guardian (quite consciously) implies that he was instead selling his clients' secrets on the open market, which is pretty much exactly the opposite of what really happened.
I donated to the Levison pledge drive thing. But can I sound a note of caution about the rush to hero worship here?
What seems to have happened is, Levison got screwed by the DOJ when he refused a request for information about Snowden's account, after having established a track record of cooperation in the past. The original demand was for targeted metadata. After Levison refused, the DOJ upped the ante, declared Levison untrustworthy, and demanded keys.
It seems clear to me that Levison was the victim of an injustice, and, once that injustice was inflicted on him, he followed through with the only ethical option available to him. I have no trouble seeing why he's deserving of support.
But Levison did cooperate with law enforcement. When he decided not to, it seemed to have been in support of his own politics. When his politics became too expensive, he seems to have backed down from them.
You make it sound like he sold out, but what you mean is that under the extortionist threat of financial ruin and bankruptcy, he acceded to the government's demand.
As a point of reference, here is http://en.wikipedia.org/wiki/Kathy_Kelly, whose principles are not open for compromise, despite the threat of repeated incarceration.
I agree with your point about Levison's own politics for refusing the initial limited request getting him in this situation. I also think he could be considerably more honest that this is what happened. But even by that standard, the headline is still very inaccurate.
He may have been willing and needed to log everyone's meta-data to get what the FBI wanted(assuming he wasn't doing so already), but the FBI only wanted the data on Snowden and that's all he probably was going to handover after extracting it from the logs. Certainly it's all he was originally required to hand over.
Fundamentally, the headline makes it seem like Levison was willing to sell out everyone for money and that FBI explicitly wanted everyone's data. Neither of these are the case. The FBI just used a very large sledge hammer to get data for one account because they felt Levison was jerking them around in part because of his demands for writing code to get that limited data.
> the headline makes it seem like Levison was willing to sell out everyone for money and that FBI explicitly wanted everyone's data. Neither of these are the case. The FBI just used a very large sledge hammer to get data for one account
Levison made an interesting claim that in fact the FBI systematically collects encryption keys to expand the US intelligence agencies' wiretapping capabilities:
> We know now that the N.S.A. has been systematically cracking encryption across the Web, and it has built a database of encryption keys that automatically decode messages ... Levison suggests that his case also illustrates one of the ways in which it collects them: by secretly compelling companies to turn them over.
I took that to mean his case revealed the FBI could get SSL keys under gag order, not that that was their objective in his case from the onset. (though given that they got them, the keys probably would end up in that database, hence why he closed down)
Remember, the FBI originally got an order for data on Snowden's account. Data that any other mail provider could easily hand over on at least a daily basis. Why would the FBI think that was a decent pretext for SSL keys?
As far as I can tell, the only reason the FBI got a federal judge to sign of on the SSL order was that Lavabit pissed off the Judge by not cooperating with the Feds on the original order to the Judge's satisfaction. Absent that, it's not the least bit clear they could have gotten an order for it.
The original order[0]( see Appedix A of Exhibit one on Page 4) wasn't even for everyone's data, just data(mainly envelope information and IP addresses) on one account(likely Snowden's). So yes, thats incredibly bad reporting on the Guardian's part.
The Guardian (quite consciously) implies that he was instead selling his clients' secrets on the open market, which is pretty much exactly the opposite of what really happened.