An Ethics Analysis of the Lavabit Shutdown

Thomas Williams
9/7/2014
12329326

















2

When considering ethical concerns in computer science, it is easy to point out what one
should or shouldnt do in a hypothetical situation. But when a conflict presents itself in reality,
adherence to a code of ethics can become a burden and in some cases can lead to great sacrifice.
One such situation arouse around Lavabit founder Ladar Levison. Lavabit LLC was an encrypted
email service whose primary priority was the security and privacy of its users. Following
evidence that NSA whistleblower Edward Snowden was using the service in 2012, Levison was
ordered to install trackers and turn over the companys SSL key to the NSA, effectively
betraying the trust of its 410,000 users. Ladar Levisons decision to abruptly end Lavabit
services instead of violating his users privacy was the only way that he could adhere to his
personal ethical code and the ACM Code of Ethics regarding the security and trust of his users.
In 2004 Levison founded Lavabit as a response to his concerns over internet privacy
stemming from the Patriot Act. The system relied on both a public key and a private security key
generated by a users password. Without both keys, it would be impossible to decrypt a users
messages. The point of this system was that in the event data was requested from Lavabit, they
would not have the ability to immediately retrieve the information.
On the eighth of August 2013, the Lavabit website was abruptly taken down, leaving only
an open letter from Ladar Levison. In the post Levison states I have been forced to make a
difficult decision: to become complicit in crimes against the American people or walk away from
nearly ten years of hard work by shutting down Lavabit. It was several months before Lavabit
could legally discuss the events leading up to the shutdown. In a press release issued on
Facebook, Levison detailed an ongoing battle between Lavabit and the United States Justice
System. It began when Levison was asked to install a pen/trap tracking device on the account
of Edward Snowden (Farivar, 2013). These devices are typically issued to collect information
3

such as email headers, recipients, and IP addresses. Lavabit had a history of complying with
these requests as the device could not decrypt the data without the necessary keys and under the
Patriot Act a warrant is not required to place the device. The tipping point for Levison occurred
when he was served a search warrant for the private key to the account as well as the public key
used by Lavabit itself. Levison was placed into a situation where he was compelled to give the
federal government unfettered access to all communications and a copy of the Lavabit
encryption keys used to secure web, instant messaging, and email traffic.(Levison, 2013)
Lavabits attempt to overturn the subpoena was denied and they were levied with a $5000 fine
for each day of noncompliance. In this way the court forced Levison to give over the encryption
keys (albeit begrudgingly; the pages he handed over had the keys typed in 4 point font.) Shortly
after, the decision was made to simply shut down the service. This action effectively deleted the
accounts and email history of all Lavabit users without warning. Levison had decided that the
privacy and trust of his users was more important than keeping the company alive.
Comparing Levisons actions to the Association for Computing Machinerys Code of
Ethics highlights their importance and necessity, but also some gray areas where he may have
violated the code in other ways. In protecting the privacy of some users he permanently deleted
the accounts of many more users unexpectedly. Aspects of the Code of Ethics that support
Levison include contribution to society and human wellbeing(1.1), be honest and
trustworthy(1.3), respect the privacy of others(1.7), and know and respect existing laws
pertaining to professional work(2.3).
Lavabits contribution to society and human wellbeing in its decision to shut down
consists of how they were filling an apparent need in providing a secure method of sending
private messages, and when they could no longer fulfill that need they stepped aside to make
4

way for more secure systems to take hold. At the time of shutting down, Levison was under a
gag-order. He could not publically speak about the legal processes occurring and the risk that
they posed to the security of the system. By simply offering a brief warning and stopping all
activity, he made the users aware of the issues and made it necessary for them to find more
secure services. If he had maintained the company image as a pillar of internet security while
allowing the same tracking and access to the accounts, it would have stifled further security
innovation. By shutting down Lavabit, Levison was fulfilled his obligations to protect
fundamental human rights and ensure that the products of their efforts will be used in socially
responsible ways as stated in section 1.1 of the ACM code.
When the site was still running, the Lavabit landing page stated it was so secure that
even our administrators cant read your email. With this bold slogan a case can be easily made
that it would be dishonest for Lavabit to continue to sell secure email while giving the NSA
the keys to everyones account. The ACM code pertaining to honesty states The honest
computing professional will not make deliberately false or deceptive claims about a system or
system design, but will instead provide full disclosure of all pertinent system limitations and
problems. If Levison had maintained a faade of privacy while not addressing the likelihood of
full NSA access, even under gag order, it could be seen as maliciously selling a snake oil-esque
product. Closing the site was the only option available to Levison that allowed him to be honest
with his customers.
Section 1.7 of the ACM Code of Ethics pertains to the necessity of protecting the privacy
of your users. Though the code mentions the information must be disclosed only to proper
authority, it leaves the interpretation of proper authorities to a later section. When served with
the subpoena for the security keys which would lead to the vulnerability of all accounts on his
5

system, Levison made an ethical decision in clearing all personal data. The court had ordered
him to disclose information which could be used to access the account of Edward Snowden, but
in compliance he would have allowed the NSA unlimited access to all of the Lavabit accounts.
This would have violated the privacy of over 400,000 people for the sake of one, therefore
Levison would been compelled by the ACM code to remove any information that would have
been accessed without proper authorization.
The most important aspect of the ACM code when considering the situation that
Lavabit was placed into is section 2.3: Know and respect existing laws pertaining to
professional work. In this section the code states that ACM members must follow the law
unless there is a compelling ethical basis not to do so. The motives behind the Lavabit
shutdown are centered entirely behind the idea that the laws used to justify the forcible extraction
of information are unconstitutional. In the Facebook press release, the official position of Lavabit
is that the courts were overstepping their bounds:
The government had no legal basis for demanding its confidential information, namely
passwords, encryption keys and source code. That providing such information to the
federal government would allow investigators to access sensitive information including
passwords, credit card transactions, email messages and instant messages. The
government would have also been able to detect and record IP addresses, thereby
allowing them to track and record the physical location of users as they accessed
Lavabits services. This access far exceeded the authority given to investigators by the
pen trap and trace laws enacted by Congress. (Levison, Press Release, 2013)
It is under this consideration that Levison acted in accordance within the ethical code boundaries
in resisting the attempts to access the user accounts.
6

A counter point to the ethical value of Levisons actions center on section 1.2 of the Code
of Ethics. In deleting all user accounts without notice, Levison took the chance of harming users
who had valuable or irreplaceable information stored in their accounts, which is explicitly a
violation of the ethics code. Though a case could be considered that by removing the information
he was protecting his users from greater harm stemming from unauthorized access to their
accounts.
The debate on how far the Fourth Amendment applies to digital property continues to
constantly evolve. Situations such as those surrounding Lavabit demonstrate the necessity of
having a code of ethics and remaining loyal to it, even at personal sacrifice. Ladar Levison acted
in accordance with the ACM code of ethics by protecting his users personal information at the
cost of his livelihood. By shutting down Lavabit, he contributed to the wellbeing of society by
putting aside a system he knew had been broken, allowing other systems to rise up instead. This
decision was also necessary to respect the trust that had been placed on the company by the users
and to fulfill the promises and expectations of resounding security. By challenging the laws
overreach into the digital world Levison made a stand for personal liberty and in compliance
with the code he faced the consequences. Therefore, Ladar Levisons decision to end Lavabit
was in adherence to the ACM Code of Ethics because it was the only way of preserving the
privacy of his users.




7

References
Association for Computing Machinery. (1992, October 16). Code of Ethics. Retrieved
September 4, 2014.
EFF Surveillance Self-Defense Project. Pen Registers and Trap and Trace Devices.
Retrieved September 4, 2014.
Farivar, C. (2013, October 2). Lavabit got order for Snowden's login info, then gov't
demanded site's SSL key. Retrieved September 4, 2014.
Lavabit Facebook Press Release. (2013, October 2). Retrieved September 4, 2014.
Levison, L. (2014, May 20). Lavabit Open Letter. Retrieved September 4, 2014.
Levison, L. (2014, August 8). Lavabit Open Letter. Retrieved September 4, 2014.
Mullin, J. (2013, August 13). Lavabit founder, under gag order, speaks out about
shutdown decision. Retrieved September 4, 2014.