Lavabit was a secure email service promising users total privacy. Emails were encrypted on Lavabit’s servers, and the site’s owners couldn’t read the contents or share them with authorities, even if they wanted to. Edward Snowden was a customer.
Last week, Lavabit suddenly ceased operations. Owner Ladar Levison wrote this on the site’s homepage:
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations.
Yesterday on the program Democracy Now!, host Amy Goodman asked Levison, who was flanked by his lawyer, to explain the details of his “difficult decision.” He said:
I can’t talk about that. I would like to, believe me. I think if the American public knew what our government was doing, they wouldn’t be allowed to do it anymore.
Right after Lavabit pulled its own plug, Silent Circle, a company offering a similar service, also killed its encrypted email, explaining the decision thusly:
We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.
Missives soon began appearing in The Atlantic and The Guardian, shoving these principled decisions under the noses of behemoths including Google and Facebook. The message: it’s time to stand up for your users; when the NSA comes knocking, fight back any way you can. Edward Snowden took the same opportunity, relaying this message through his interlocutor, journalist Glenn Greenwald:
“Employees and leaders at Google, Facebook, Microsoft, Yahoo, Apple, and the rest of our Internet titans must ask themselves why they aren’t fighting for our interests the same way small businesses are. The defense they have offered to this point is that they were compelled by laws they do not agree with, but one day of downtime for the coalition of their services could achieve what a hundred Lavabits could not.”
The argument is that while capitulating to government surveillance requests may be easier for companies in the short-term, the fact is that intelligence agencies like the NSA don’t truly care about a company’s bottom line and can’t secure their own data. They’ll promise Internet companies total secrecy, but eventually a whistleblower like Snowden will leak word of the backroom deals. Or worse, the next whistleblower might leak the user data itself. After all, who’s better at securing user data: Google or a government bureaucracy? Ultimately, the logic goes, companies will be damaged more by an inevitable loss of public trust than they will be by wrangling with the NSA right now.
Of course for this to be true, it will need to be backed up by a clear and sustained user backlash. We know that the tide of public sentiment is turning against mass surveillance. A Washington Post poll conducted in July found that 74 per cent of Americans felt that the NSA had violated their privacy rights. We know that both President Barack Obama and Congress are feeling the pressure from constituents to reign in the NSA.
What we haven’t seen yet are significant commercial consequences for companies who agree to sell out their users, or commercial rewards for those who refuse to. That may be just what it takes.
Follow Jesse on Twitter @JesseBrown