[tptacek]

The US didn't kill Lavabit, so much as Lavabit decided to start an untenable business: one in which they vouchsafed secrecy to their customers but retained the ability to compromise that secrecy.

To understand how dumb that is, consider that AOL(!) runs a popular messaging service on which thousands of people exchange secure messages using OTR-enabled clients, and AOL could not be "killed" the way Lavabit was: the DOJ can't coerce AOL into betraying OTR-protected users, because AOL simply doesn't have that ability.

The reason Lavabit did have that ability is that getting users to install software is inconvenient and drastically harms adoption. Lavabit took a shortcut, and their users shared the resulting pain.

If you review the list of countries preceding the US on the Forbes list posted upthread, you won't find too many that wouldn't have left Lavabit similarly exposed.

[shmerl]

Yes, Lavabit made a serious mistake of leaving a technical ability to compromise their users. However it doesn't change the fact that US killed it since the government wanted to have access to all users' data without any restrictions and warrants. Lavabit's mistake doesn't in any way reduce the abusive nature and unconstitutionality of that move.

[tptacek]

I'm assuming it doesn't change your mind at all that Levison cooperated with a series of unrelated preceding warrants, handing over user information, and that (as I understand it) the DOJ only demanded their expansive intrusion after Levison refused to comply in a similar fashion to a warrant apparently related to Snowden, with whose politics Levison agreed.

[shmerl]

He cooperated with warrants targeted at specific suspects. That's rather normal. He refused to cooperate with request to give them access to all users. They couldn't possibly have such warrant by considering them all suspects at once. They just told him, hand us over the keys or else. I'm not aware that he refused a targeted warrant on Snowden alone specifically. Or may be I missed that being reported somewhere.

[tptacek]

I don't think that's accurate. My understanding is that Levison was confronted with a pen/trap (metadata-only) order for mail related to the Snowden account, refused it, and was then subjected to an escalating series of demands once the DOJ had "lost faith" in his cooperation.

Orin Kerr, who is one of Andrew Aurenheimer's attorneys in his appeal of felony CFAA charges, has a good starting point for what happened in the case, here:

http://www.volokh.com/2013/11/14/thoughts-doj-brief-lavabits...

[shmerl]

So why did he refuse the targeted request first? His reasons given later applied to his refusal to bulk data collection not to the targeted one.

[tptacek]

I don't know what this question has to do with anything I've said.

[pvg]

Not somewhere, pretty much everywhere.

http://www.newyorker.com/online/blogs/elements/2013/10/how-l...

I think your idea of how the case developed is fairly inaccurate.

[shmerl]

This article doesn't explain why he refused what they called

> The order, issued under the Stored Communications Act, required Lavabit to turn over to the F.B.I. retrospective information about one account, widely presumed to be that of Snowden.

[pvg]

Sure, but you can make some reasonable guesses from other available sources, including his own statements. But his motivation is not really the issue we were discussing - it was whether the government just up and destroyed Lavabit on a whim. You said "it doesn't change the fact that US killed it since the government wanted to have access to all users' data without any restrictions and warrants." It doesn't change the fact because the fact is not a fact.

However you want to interpret his actions, there's little doubt that Lavabit's grief was entirely self-inflicted.

[Edsnowden]

Totally agree with you shmerl, try using lavaboom.com, end2end encryption, zero knowledge policy and outside US jurisdiction.