"What happens to your customer's e-mails and data?
Levison: I'm looking into setting up a site where users can download their data and set up a forwarding [e-mail] address, but that may take a week or two to set up. That's all I can do until I feel confident that I can resume the service without having to compromise its integrity.
I will make it clear that I don't plan to use any encryption for that site. [People] should only use it if they feel comfortable with the information being intercepted. And yes, I do plan to have that disclaimer on the site.
Unfortunately, what's become clear is that there's no protections in our current body of law to keep the government from compelling us to provide the information necessary to decrypt those communications in secret.
I'm still looking at seeing if that's even logistically feasible -- there's half a billion messages [sent in the 10 years Lavabit operated]. By shutting down the service, I will be losing the infrastructure that I used to support all those people.
There's stuff that I can't share with my own lawyer. This is going to be a long fight."
It's a secure e-mail service. If you had some sensitive data and thus used a secure e-mail service, wouldn't you prefer your sensitive data to be destroyed or fall in the hands of the government in the country where their servers are?
Good chance he had some clients who'd rather see that data destroyed.
I hope he advised all users to backup regularly, though. :)
If you are willing to leave your security in the hands of some third party like that -- and do not think for a moment that you are doing anything else when you use Lavabit/Hushmail/etc. -- it is probably because you do not want your email to vanish like that (and security comes second to convenience for you). Think of the alternatives:
* Keeping your secret keys on your disc. Now you crash it, format it, etc. and lose all access.
* Smartcards -- better not lose it!
The reason people use Lavabit is that they want to maintain access regardless of the system they connect from. Of course that also means that other people can gain access (your security is now reduced to the strength of your passphrase, a classic bad strategy), but Lavabit users do not really care. Hushmail and Lavabit both had headline-making stories about how they handed plaintexts over to the government and did not lose their customer base over it.
From what I've read I'm under the impression that his paying customers have their mailboxes encrypted. The mailboxes themselves probably aren't deleted, but login has been disabled to protect his customers. There's a point where the password is in an unencrypted state on the web server, and he's probably been ordered to stream these unencrypted passwords off NSA HQ. By shutting down, LL is protecting against passwords being compromised.
Also, if I understand this correctly, his customers most probably had a copy of the emails on their computers so their loss was only the email address (and emails eventually received after the closedown).
his customers most probably had a copy of the emails on their computers
Based on the fact that a number of them are talking about having lost data, I suspect that at least a significant number of customers only used webmail to access their accounts, so they never had a local copy of their data.
It's still showing not encrypted on the screen which allows all sort of possibilities when done on a browser. For example, let's say you're using Chrome, hard to make sure page contents are not being used somehow.
"What happens to your customer's e-mails and data?
Levison: I'm looking into setting up a site where users can download their data and set up a forwarding [e-mail] address, but that may take a week or two to set up. That's all I can do until I feel confident that I can resume the service without having to compromise its integrity.
I will make it clear that I don't plan to use any encryption for that site. [People] should only use it if they feel comfortable with the information being intercepted. And yes, I do plan to have that disclaimer on the site.
Unfortunately, what's become clear is that there's no protections in our current body of law to keep the government from compelling us to provide the information necessary to decrypt those communications in secret.
I'm still looking at seeing if that's even logistically feasible -- there's half a billion messages [sent in the 10 years Lavabit operated]. By shutting down the service, I will be losing the infrastructure that I used to support all those people.
There's stuff that I can't share with my own lawyer. This is going to be a long fight."