Monday, April 21, 2014

Lavabit, Encryption and Contempt


This post examines an opinion the U.S. Court of Appeals for the 4th Circuit recently issued in a case involving a criminal investigation and the imposition of sanctions for contempt:  In re Under Seal, 2014 WL 1465749 (2014).  The judge who wrote the opinion for the court begins by outlining how the case arose:

Lavabit LLC is a limited liability company that provided email service. Ladar Levison is the company's sole and managing member.  

In 2013, the United States sought to obtain certain information about a target in a criminal investigation. To further that goal, the Government obtained court orders under both the Pen/Trap Statute, 18 U.S. Code §§ 3123 - 3137, and the Stored Communications Act, 18 U.S. Code §§ 2701 - 2712 requiring Lavabit to turn over particular information related to the target. When Lavabit and Levison failed to comply with those orders, the district court held them in contempt and imposed monetary sanctions. Lavabit and Levison now appeal the sanctions.

In re Under Seal, supra.  In a footnote, the judge explains that “[b]ecause of the underlying criminal investigation, portions of the record, including the target’s identity, are sealed.”  In re Under Seal, supra. 

The judge then explains that the case concerns the encryption processes Lavabit

used while providing its email service. Encryption describes the process through which readable data, often called `plaintext,’ is converted into `ciphertext,’ an unreadable jumble of letters and numbers. Decryption describes the reverse process of changing ciphertext back into plaintext. Both processes employ mathematical algorithms involving `keys,’ which facilitate the change of plaintext into ciphertext and back again.

Lavabit employed two stages of encryption for its paid subscribers: storage encryption and transport encryption. Storage encryption protects emails and other data that rests on Lavabit's servers. Theoretically, no person other than the email user could access the data once it was so encrypted. By using storage encryption, Lavabit held a unique market position in the email industry, as many providers do not encrypt stored data.

Although Lavabit's use of storage encryption was novel, this case primarily concerns Lavabit's second stage of encryption, transport encryption. This more common form of encryption protects data as it moves in transit between the client and the server, creating a protected transmission channel for internet communications. Transport encryption protects not just email contents, but also usernames, passwords, and other sensitive information as it moves. Without this type of encryption, internet communications move exposed en route to their destination, allowing outsiders to `listen in.’ Transport encryption also authenticates-that is, it helps ensure that email clients and servers are who they say they are, which in turn prevents unauthorized parties from exploiting the data channel.

Like many online companies, Lavabit used an industry-standard protocol called SSL (short for `Secure Sockets Layer’) to encrypt and decrypt its transmitted data. SSL relies on public-key or asymmetric encryption, in which two separate but related keys are used to encrypt and decrypt the protected data. One key is made public, while the other remains private. In Lavabit's process, email users would have access to Lavabit's public keys, but Lavabit would retain its protected, private keys. This technology relies on complex algorithms, but the basic idea is akin to a self-locking padlock: if Alice wants to send a secured box to Bob, she can lock the box with a padlock (the public key) and Bob will open it with his own key (the private key). Anyone can lock the padlock, but only the key-holder can unlock it.

The security advantage that SSL offers disappears if a third party comes to possess the private key. . . . [A] third party holding a private key could read the encrypted communications tied to that key as they were transmitted. In some circumstances, a third party might also use the key to decrypt past communications (although some available technologies can thwart that ability). And, with the private key in hand, the third party could impersonate the server and launch a man-in-the-middle attack.

When a private key becomes anything less than private, more than one user may be compromised. Like some other email providers, Lavabit used a single set of SSL keys for all its various subscribers for technological and financial reasons. Lavabit in particular employed only five key-pairs, one for each of the mail protocols it supported. As a result, exposing one key-pair could affect all of Lavabit's estimated 400,000–plus email users.

In re Under Seal, supra. 

That brings us to the case itself.  The opinion explains that on June 28, 2013, the

Government sought and obtained an order (`the Pen/Trap Order’) from a magistrate judge authorizing the placement of a pen register and trace-and-trap device on Lavabit's system. This `pen/trap’ device is intended to allow the Government to collect certain information, on a real-time basis, related to the specific investigatory target's Lavabit email account. In accordance with the Pen/Trap Statute, . . .  the Pen/Trap Order permitted the Government to `capture all non-content dialing, routing, addressing, and signaling information . . . sent from or sent to’ the target's account. . . . 

In other words, the Pen/Trap Order authorized the Government to collect metadata relating to the target's account, but did not allow the capture of the contents of the target's emails. The Pen/Trap Order further required Lavabit to `furnish [to the Government] . . . all information, facilities, and technical assistance necessary to accomplish the installation and use of the pen/trap device unobtrusively and with minimum interference.’ . . .

On the same day the Pen/Trap Order issued, FBI agents met with Levison, who indicated he did not intend to comply with the order. Levison informed the agents he could not provide the requested information because the target-user `had enabled Lavabit's encryption services,’ presumably referring to Lavabit's storage encryption. . . . But, at the same time, Levison led the Government to believe he `had the technical capability to decrypt the [target's] information.’ . . . Nevertheless, Levison insisted he would not exercise that ability because `Lavabit did not want to “defeat [its] own system. . . . ”’

[T]he Government obtained an additional order that day compelling Lavabit to comply with the Pen/Trap Order. This `June 28 Order,’ again issued by a magistrate judge, instructed Lavabit to `provide the [FBI] with unencrypted data pursuant to the [Pen/Trap] Order’ and reiterated that Lavabit was to provide `any information, facilities, or technical assistance . . . under the control of Lavabit . . .  [that was] needed to provide the FBI with the unencrypted data.’ . . . Further, the June 28 Order put Lavabit and Levison on notice that any `[f]ailure to comply’ could result in `any penalty within the power of the Court, including the possibility of criminal contempt of Court.’ . . .

In re Under Seal, supra. 

The opinion says that “[o]ver the next eleven days, the Government attempted to talk with Levison about implementing the Pen/Trap Order”, but Levison “ignored the FBI's repeated requests to confer and did not give the Government the unencrypted data the June 28 Order required.” In re Under Seal, supra.  As each day passed, the Government lost forever the ability to collect the target-related data for that day.” In re Under Seal, supra.  Because Lavabit refused to comply with the prior orders,” the

Government obtained an order to show cause from the district court on July 9. The show cause order directed Lavabit and Levison, individually, to appear and `show cause why Lavabit LLC ha[d] failed to comply with the orders entered June 28, 2013[ ] in this matter and why [the] Court should not hold Mr. Levison and Lavabit LLC in contempt for its disobedience and resist[a]nce to these lawful orders.’ . . .

Entry of the show cause order spurred a conference call between Levison, his counsel, and representatives from the Government on July 10. During that call, the parties discussed how the Government could install the pen/trap device, what information the device could capture, and how the Government could view and preserve that information. In addition, the Government asked whether Levison would provide the keys necessary to decrypt the target's encrypted information. Although the Government again stressed that it was permitted to collect only non-content data, neither Levison nor his counsel indicated whether Lavabit would allow the Government to install and use the pen/trap device.

On July 13, 2013, four days after the show cause order issued, Levison contacted the Government with his own proposal as to how he would comply with the court's orders. In particular, Levison suggested that Lavabit would itself collect the Government's requested data:

I now believe it would be possible to capture the required data ourselves and provide it to the FBI. Specifically the information we'd collect is the login and subsequent logout date and time, the IP address used to connect to the subject email account and [several] non-content headers . . . from any future emails sent or received using the subject account. . . .Note that additional header fields could be captured if provided in advance of my implementation effort.

. . . Levison conditioned his proposal with a requirement that the Government pay him $2,000 for his services. More importantly, [he] intended to provide the data only `at the conclusion of the 60[-]day period required by the [Pen/Trap] Order . . . [ or] intermittently . . . as [ his] schedule allow[ed].’ If the Government wanted daily updates, Levison demanded an additional $1,500.

The Government rejected Levison's proposal, explaining that it needed `real-time transmission of results.’ . . . Moreover, the Government would have no means to verify the accuracy of the information Lavabit proposed to provide -- a concerning limit given Lavabit's apparent hostility toward the Government. Levison responded by insisting that the Pen/Trap Order did not require real-time access, but did not otherwise attempt to comply with the Pen/Trap Order or the June 28 Order.

In re Under Seal, supra. 

On July 26, Levison “appeared [for the show cause hearing] before the district court pro se, on behalf of himself and Lavabit”. In re Under Seal, supra.  When he was asked if he intended to “comply with the Pen/Trap Order,” Levison said “he had `always agreed to the installation of the pen register device.’” In re Under Seal, supra.  But he “objected to turning over his private SSL encryption keys `because that would compromise all of the secure communications in and out of [his] network, including [his] own administrative traffic.’” ” In re Under Seal, supra. He also “maintained [t]here was never an explicit demand [from the Government] that [he] turn over the keys.’” In re Under Seal, supra. 

After the show cause hearing, Lavabit did permit the Government to install a pen/trap device. But, without the encryption keys, much of the information transmitted to and from Lavabit's servers remained encrypted, indecipherable, and useless. The pen/trap device was therefore unable to identify what data within the encrypted data stream was target-related and properly collectable.

In re Under Seal, supra. 

On August 1, the U.S. District Court Judge who had the case held another hearing and “entered an order . . . directing Lavabit to turn over its encryption keys” “5:00 pm on August 2, 2013.”  In re Under Seal, supra.  The opinion says Lavabit “dallied and did not comply” with the order until “[j]ust before the 5:00 pm August 2 deadline” when Levison gave “the FBI with an 11–page printout containing largely illegible characters in 4–point type, which he represented to be Lavabit's encryption keys.” In re Under Seal, supra. 

“The Government instructed [him] to provide the keys in an industry-standard electronic format by the morning of August 5” but he “did not respond.”  In re Under Seal, supra.  On August 5, the government moved for sanctions against Levison and Lavabit for their “continuing `failure to comply’” with the judge’s order.  In re Under Seal, supra.  The motion asked the court to award “penalties of $5,000 a day” until Lavabit provided the encryption keys to the Government.  In re Under Seal, supra.  Levison turned over the keys two days later, by which time “six weeks of data regarding the target had been lost.”  In re Under Seal, supra. 

Lavabit and Levison appealed the order to the Court of Appeals for the 4th Circuit, but they lost.  In re Under Seal, supra.  The court began its analysis of their argument on appeal by noting that when they were before the district court judge,

Lavabit failed to challenge the statutory authority for the Pen/Trap Order, or the order itself, in any way. Yet on appeal, Lavabit suggests that the district court's demand for the encryption keys required more assistance from it than the Pen/Trap Statute requires. Lavabit never mentioned or alluded to the Pen/Trap Statute below, much less the district court's authority to act under that statute. In fact, with the possible exception of an undue burden argument directed at the seizure warrant, Lavabit never challenged the district court's authority to act under either the Pen/Trap Statute or the [Stored Communications Act].

In re Under Seal, supra. 

The Court of Appeals then explained that “[o]ur settled rule is simple: `[a]bsent exceptional circumstances, . . . we do not consider issues raised for the first time on appeal.’” In re Under Seal, supra (quoting Robinson v. Equifax Info. Services, LLC, 560 F.3d 234 (U.S. Court of Appeals for the 4th Circuit 2009)).  It noted that it follows this rule because holding that the failure to raise an issue below waives the litigant’s right to raise it on appeal fosters “respect for the lower court”, “avoids unfair surprise to the other party”, and “acknowledges the need for finality in litigation and conservation of judicial resources.”  In re Under Seal, supra.  It also agreed with the U.S. Court of Appeals for the 3rd Circuit, which held that issue waiver rules “`prevent parties from getting two bites at the apple by raising two distinct arguments’” before two different courts.  In re Under Seal, supra (quoting In re Diet Drugs Product Liability Litigation, 706 F.3d 217 (U.S. Court of Appeals for the 3rd Circuit 2013)).

The Court of Appeals for the 4th Circuit also pointed out that

. . . waiver principles apply with equal force to contempt proceedings. . . . If anything, `[t]he axiom that an appellate court will not ordinarily consider issues raised for the first time on appeal takes on added significance in the context of contempt.’ In re Bianchi, 542 F.2d 98 (U.S. Court of Appeals for the 1st Circuit 1976). After all, `[d]enying the court of which [a party] stands in contempt the opportunity to consider the objection or remedy is in itself a contempt of [that court's] authority and an obstruction of its processes.’  In re Bianchi, supra.  

The Court of Appeals therefore rejected Lavabit’s/Levison’s argument that “it preserved an appellate challenge to the Pen/Trap Order when Levison objected to turning over the encryption keys at the initial show cause hearing.”  In re Bianchi, supra.  It noted that

[i]n making his statement against turning over the encryption keys to the Government, Levison offered only a one-sentence remark: `I have only ever objected to turning over the SSL keys because that would compromise all of the secure communications in and out of my network, including my own administrative traffic.’ . . .

This statement -- which we recite here verbatim -- constituted the sum total of the only objection Lavabit ever raised to the turnover of the keys under the Pen/Trap Order.

We cannot refashion this vague statement of personal preference into anything remotely close to the argument that Lavabit now raises on appeal: a statutory-text-based challenge to the district court's fundamental authority under the Pen/Trap Statute. Levison's statement to the district court simply reflected his personal angst over complying with the Pen/Trap Order, not his present appellate argument that questions whether the district court possessed the authority to act at all.

In re Bianchi, supra.  

For these and other reasons, the Court of Appeals held that

[i]n view of Lavabit's waiver of its appellate arguments by failing to raise them in the district court, and its failure to raise the issue of fundamental or plain error review, there is no cognizable basis upon which to challenge the Pen/Trap Order. The district court did not err, then, in finding Lavabit and Levison in contempt once they admittedly violated that order. The judgment of the district court is therefore . . . AFFIRMED.

In re Bianchi, supra.  


As this story notes, Lavabit was Edward Snowden’s email provider.  You can read more about the court’s decision here, and you can find the opinion here.

No comments: