If the moron who wrote this article had bothered to spend 2 seconds to scan over the whitepaper (and other security details that have been published since) he would realize that the email files were stored in encrypted form in the Lavabit database, and decrypting those records would require the password for the relevant account. Lavabit DID provide the FBI with a dump of the records they requested, but without Snowdens personal password the records were useless. To retrieve his password they would need to snarf it of the wire as he logged in, which would require specific code written by the server administrator or access to the SSL keys and a listening device installed between the router and server. Ladar offered to do the former, the FBI refused to pay him for his work and demanded his SSL keys instead.
I don't know what this guy is talking about SMTP archiving, that has nothing to do with any of this.
Apparently this freaking guy thinks that when the FBI calls, that a person ought to drop anything else they're doing and heel to their demands, AND do it cheap. Bespoke on-demand short-term contract work costs money, especially if one has to put another job on hold. I wonder if he has any idea what AT&T and Verizon et al get for this kind of service?
I guess he thinks Ladar installed some off the shelf SMTP software and didn't bother to configure it correctly? Really weird.
The decision to shut down lavabit was purely financial. He bet that he would make more money (via donations) by shutting down the service than he would if he kept it running. So he shut it down. It was always about the money.
Why does this feel like a personal attack?
I don't think anyone, the FBI, Lavabit, the NSA, or the non-technical public, is under any illusion that it's fairly simple to route around the at-rest encryption. We all KNOW Levison was just stalling with his 'technical reasons' arguments.
He didn't want to give information over to the NSA, and bluffed for as long as he could, then finally shut the service down in protest. That's obvious right? The author of the article doesn't seem to have figured that out.
He also seems to accept government intrusion into private email as a fact of life, and doesn't seem to comprehend why that might be a bad thing. I can't tell if he's just trying to make a point, or he genuinely doesn't understand people's outrage.
The first would be relatively easy, in that the post is correct. But what the warrants actually requested was the stored data of an account. Lavabit provided these, but they were encrypted (as per design of the service). The FBI then wanted the keys for the stored account data. And for that Lavabit asked for 3500USD which is reasonable, because there is no off the shelf software to grab the POP3 or IMAP password in the handshake. Especially as the TLS endpoint and the software decrypting the stored account data with the POP3 or IMAP password was probably the same, so there is no plain TCP traffic in the internal network containing the key.
You can see that the FBI asked for (2) and not (1) in the transcript of the court hearing, page 50 of the cited pdf http://cryptome.org/2013/10/lavabit-orders.pdf . It is a really entertaining read btw.: The FBI agent and the judge bicker about whether or not Levison should be asked right there in court if he would comply with a warrant (about the TLS key) they haven't even served him yet.
> THE COURT: I don't know, Mr. Trump. I don't think I want to get involved in asking him. You can talk with him and see whether he's going to produce them or not and let him tell you. But I don't think I ought to go asking what he's going to do and what he's not going to do because I can't take any action about it anyway. If he does not comply with the subpoena, there are remedies for that one way or another.
