After shutting down to protect user privacy, Lavabit rises from the dead

In 2013, Lavabit -- famous for being the privacy-oriented email service chosen by Edward Snowden to make contact with journalists while he was contracting for the NSA -- shut down under mysterious, abrupt circumstances, leaving 410,000 users wondering what had just happened to their email addresses.

In the weeks that followed, a fragmentary narrative emerged. Founder Ladar Levinson announced that while he couldn't say why he'd shut down his business, that he had stopped using email altogether and "If you knew what I know, you might not use it either."

Within months, though, the story became clear: a secret warrant was unsealed, confirming that the US government had sought to retrieve Lavabit's cryptographic keys so that they could eavesdrop on its users (specifically Edward Snowden), in a process that made Kafka look like an optimist.

Now, Levinson has announced that he's reviving his company, and that he has rearchitected the way it will deliver email privacy so that he can't eavesdrop on his users, even if ordered to do so.

Snowden told The Intercept that he plans on reactivating his Lavabit account once it relaunches, “if only to show support for their courage.” But he says he can’t speak for the security of the revamped Lavabit before the service is available.

Today’s launch is only for existing users to reinstate their old accounts under the new architecture so they will work with the end-to-end encryption client software when it’s rolled out. Lavabit is asking account holders to log in over IMAP or POP, so their encrypted passwords, usernames, and keys can be regenerated under the new architecture.

Although Lavabit has some 50 million encrypted email messages on its servers belonging to these users, account holders won’t be able to access their old correspondence. Levison isn’t sure if they will migrate old emails to the new platform, since they’re stored in a different data format.

With the new architecture, Lavabit will no longer be able to hand over its SSL key, because the key is now stored in a hardware security module — a tamper-resistant device that provides a secure enclave for storing keys and performing sensitive functions, like encryption and decryption. Lavabit generates a long passphrase blindly so the company doesn’t know what it is; Lavabit then inserts the key into the device and destroys the passphrase.


(Image: Gage Skidmore, CC-BY-SA)