Under Seal United States v. Lavabit, LLC.

• Decision Date: 16 April 2014
• Docket Number: Nos. 13–4625,13–4626.,s. 13–4625
• Citation: 749 F.3d 276
• Parties: In re UNDER SEAL United States of America, Plaintiff–Appellee, v. Lavabit, LLC.; Ladar Levison, Parties–in–Interest–Appellants. American Civil Liberties Union; American Civil Liberties Union of Virginia; Empeopled, LLC.; Electronic Frontier Foundation, Amici Supporting Appellants. In re Grand Jury Proceedings United States of America, Plaintiff–Appellee, v. Lavabit, LLC.; Ladar Levison, Parties–in–Interest–Appellants. American Civil Liberties Union; American Civil Liberties Union of Virginia; Empeopled, LLC.; Electronic Frontier Foundation, Amici Supporting Appellants.
• Court: U.S. Court of Appeals — Fourth Circuit

749 F.3d 276

In re UNDER SEAL

United States of America, Plaintiff–Appellee,

v.Lavabit, LLC.; Ladar Levison, Parties–in–Interest–Appellants.

American Civil Liberties Union; American Civil Liberties Union of Virginia; Empeopled, LLC.; Electronic Frontier Foundation, Amici Supporting Appellants.

In re Grand Jury Proceedings

United States of America, Plaintiff–Appellee,

v.Lavabit, LLC.; Ladar Levison, Parties–in–Interest–Appellants.

American Civil Liberties Union; American Civil Liberties Union of Virginia; Empeopled, LLC.; Electronic Frontier Foundation, Amici Supporting Appellants.

Nos. 13–4625, 13–4626.

United States Court of Appeals,

Fourth Circuit.

Argued: Jan. 28, 2014.

Decided: April 16, 2014.

ARGUED:Ian James Samuel, New York, New York, for Appellants. Andrew Peterson, Office of the United States Attorney, Alexandria, Virginia, for Appellee. ON BRIEF:Jesse R. Binnall, Bronley & Binnall, PLLC, Fairfax, Virginia; Marcia Hofmann, Law Office of Marcia Hofmann, San Francisco, California; David Warrington, Laurin Mills, LeClairRyan, Alexandria, Virginia, for Appellants. Mythili Raman, Acting Assistant Attorney General, Criminal Division, Nathan Judish, Josh Goldfoot, Benjamin Fitzpatrick, Brandon Van Grack, United States Department of Justice, Washington, D.C.; Dana J. Boente, Acting United States Attorney, Michael Ben'Ary, James L. Trump, Office of the United States Attorney, Alexandria, Virginia, for Appellee. Alexander A. Abdo, Brian M. Hauss, Catherine Crump, Nathan F. Wessler, Ben Wizner, American Civil Liberties Union Foundation, New York, New York; Rebecca K. Glenberg, American Civil Liberties Union of Virginia Foundation, Inc., Richmond, Virginia, for Amici American Civil Liberties Union and ACLU of Virginia. Kurt Opsahl, Jennifer Lynch, Hanni Fakhoury, Electronic Frontier Foundation, San Francisco, California, for Amicus Electronic Frontier Foundation. Richard M. Martinez, Mahesha P. Subbaraman, Robins, Kaplan, Miller & Ciresi, L.L.P., Minneapolis, Minnesota, for Amicus Empeopled, LLC.

Before NIEMEYER, GREGORY, and AGEE, Circuit Judges.

Affirmed by published opinion. Judge AGEE wrote the opinion, in which Judge NIEMEYER and Judge GREGORY joined.

AGEE, Circuit Judge:

Lavabit LLC is a limited liability company that provided email service. Ladar Levison is the company's sole and managing member.¹

In 2013, the United States sought to obtain certain information about a target ² in a criminal investigation. To further that goal, the Government obtained court orders under both the Pen/Trap Statute, 18 U.S.C. §§ 3123– 27, and the Stored Communications Act, 18 U.S.C. §§ 2701– 12, requiring Lavabit to turn over particular information related to the target. When Lavabit and Levison failed to comply with those orders, the district court held them in contempt and imposed monetary sanctions. Lavabit and Levison now appeal the sanctions.

For the reasons below, we affirm the judgment of the district court.

I.

A.

This case concerns the encryption processes that Lavabit used while providing its email service. Encryption describes the process through which readable data, often called “plaintext,” is converted into “ciphertext,” an unreadable jumble of letters and numbers. Decryption describes the reverse process of changing ciphertext back into plaintext. Both processes employ mathematical algorithms involving “keys,” which facilitate the change of plaintext into ciphertext and back again.

Lavabit employed two stages of encryption for its paid subscribers: storage encryption and transport encryption. Storage encryption protects emails and other data that rests on Lavabit's servers. Theoretically, no person other than the email user could access the data once it was so encrypted. By using storage encryption, Lavabit held a unique market position in the email industry, as many providers do not encrypt stored data.

Although Lavabit's use of storage encryption was novel, this case primarily concerns Lavabit's second stage of encryption, transport encryption. This more common form of encryption protects data as it moves in transit between the client and the server, creating a protected transmission channel for internet communications. Transport encryption protects not just email contents, but also usernames, passwords, and other sensitive information as it moves. Without this type of encryption, internet communications move exposed en route to their destination, allowing outsiders to “listen in.” Transport encryption also authenticates—that is, it helps ensure that email clients and servers are who they say they are, which in turn prevents unauthorized parties from exploiting the data channel.

Like many online companies, Lavabit used an industry-standard protocol called SSL (short for “Secure Sockets Layer”) to encrypt and decrypt its transmitted data. SSL relies on public-key or asymmetric encryption, in which two separate but related keys are used to encrypt and decrypt the protected data. One key is made public, while the other remains private. In Lavabit's process, email users would have access to Lavabit's public keys, but Lavabit would retain its protected, private keys. This technology relies on complex algorithms, but the basic idea is akin to a self-locking padlock: if Alice wants to send a secured box to Bob, she can lock the box with a padlock (the public key) and Bob will open it with his own key (the private key). Anyone can lock the padlock, but only the key-holder can unlock it.³

The security advantage that SSL offers disappears if a third party comes to possess the private key. For example, a third party holding a private key could read the encrypted communications tied to that key as they were transmitted. In some circumstances, a third party might also use the key to decrypt past communications (although some available technologies can thwart that ability). And, with the private key in hand, the third party could impersonate the server and launch a man-in-the-middle attack.

When a private key becomes anything less than private, more than one user may be compromised. Like some other email providers, Lavabit used a single set of SSL keys for all its various subscribers for technological and financial reasons. Lavabit in particular employed only five key-pairs, one for each of the mail protocols that it supported.⁴ As a result, exposing one key-pair could affect all of Lavabit's estimated 400,000–plus email users.

B.

With this technical background in mind, we turn to the case before us.

1.

On June 28, 2013, the Government sought and obtained an order (“the Pen/Trap Order”) from a magistrate judge authorizing the placement of a pen register and trace-and-trap device on Lavabit's system. This “pen/trap” device is intended to allow the Government to collect certain information, on a real-time basis, related to the specific investigatory target's Lavabit email account.⁵ In accordance with the Pen/Trap Statute, 18 U.S.C. §§ 3121– 27, the Pen/Trap Order permitted the Government to “capture all non-content dialing, routing, addressing, and signaling information ... sent from or sent to” the target's account. (J.A. 10.) In other words, the Pen/Trap Order authorized the Government to collect metadata ⁶ relating to the target's account, but did not allow the capture of the contents of the target's emails. The Pen/Trap Order further required Lavabit to “furnish [to the Government] ... all information, facilities, and technical assistance necessary to accomplish the installation and use of the pen/trap device unobtrusively and with minimum interference.” (J.A. 11.)

On the same day that the Pen/Trap Order issued, FBI agents met with Levison, who indicated that he did not intend to comply with the order. Levison informed the agents that he could not provide the requested information because the target-user “had enabled Lavabit's encryption services,” presumably referring to Lavabit's storage encryption. (J.A. 7.) But, at the same time, Levison led the Government to believe that he “had the technical capability to decrypt the [target's] information.” (J.A. 6.) Nevertheless, Levison insisted that he would not exercise that ability because “Lavabit did not want to ‘defeat [its] own system.’ ” (J.A. 6.)

In view of Levison's response, the Government obtained an additional order that day compelling Lavabit to comply with the Pen/Trap Order. This “June 28 Order,” again issued by a magistrate judge, instructed Lavabit to “provide the [FBI] with unencrypted data pursuant to the [Pen/Trap] Order” and reiterated that Lavabit was to provide “any information, facilities, or technical assistance ... under the control of Lavabit ... [that was] needed to provide the FBI with the unencrypted data.” (J.A. 9.) Further, the June 28 Order put Lavabit and Levison on notice that any “[f]ailure to comply” could result in “any penalty within the power of the Court, including the possibility of criminal contempt of Court.” (J.A. 9.)

2.

Over the next eleven days, the Government attempted to talk with Levison about implementing the Pen/Trap Order. Levison, however, ignored the FBI's repeated requests to confer and did not give the Government the unencrypted data that the June 28 Order required. As each day passed, the Government lost forever the ability to collect the target-related data for that day.

Because Lavabit refused to comply with the prior orders, the Government obtained an order to show cause from the district court on July 9. The show cause order directed both Lavabit and Levison, individually,to appear and “show cause why Lavabit LLC ha[d] failed to comply with the orders entered June 28, 2013[ ] in this matter and why [the] Court should not hold Mr. Levison and Lavabit LLC in contempt for its disobedience and resist[a]nce to these lawful orders.” (J.A. 21.) Entry of the show cause order spurred a conference call between Levison, his counsel, and representatives from the Government on July 10. During that call, the parties...