[geofft]

Because the service provider receives the unencrypted email and can choose to save a copy, encrypt it to a different key, etc. This was the scam Lavabit pulled, and the government called them on their bluff and asked for a copy of the key and Lavabit had no legal ability to refuse.

If the threat model does not include a government with the ability to use legal process, it needs to be defined more precisely. In general the US government can use legal process in the US and just straight-up hack into things elsewhere (who's going to raise a diplomatic incident over it? Russia is literally poisoning people, nobody cares, and their military is less powerful than the US's). If your threat model is other governments or just unrelated attackers like advertisers, there are more straightforward approaches.

[SturgeonsLaw]

Calling Lavabit a scam is a bit of a stretch. They, by all appearances, genuinely tried to offer email as secure as it could be, given the limitations of the protocol, and when pressured to give up the keys chose instead to inform their users and fold the business.

[geofft]

They made promises that they should have known were impossible to keep. In my books, that's a scam. Sure, they tried very hard to keep them, but that doesn't change the fact that they could not deliver on their promises and anyone could have told them that.

Also, no, they did not inform their users. They handed over the key and waited for users to notice court documents.

See my previous comment: https://news.ycombinator.com/item?id=13447340#13448609