Cybersecurity & Tech Executive Branch Intelligence Surveillance & Privacy

Lavabit -- The Government's Response

Paul Rosenzweig
Tuesday, November 12, 2013, 4:48 PM
Earlier, I noted the Lavabit appeal filing in the Fourth Circuit.  Today the government filed its reply brief.  A summary of the argument:
Lavabit appeals a contempt order from the district court. But instead of attempting to justify Lavabit’s contemptuous conduct, Lavabit instead launches a host of new challenges to the underlying orders. Almost none of these challenges were presented to the district court.

Published by The Lawfare Institute
in Cooperation With
Brookings

Earlier, I noted the Lavabit appeal filing in the Fourth Circuit.  Today the government filed its reply brief.  A summary of the argument:
Lavabit appeals a contempt order from the district court. But instead of attempting to justify Lavabit’s contemptuous conduct, Lavabit instead launches a host of new challenges to the underlying orders. Almost none of these challenges were presented to the district court. Lavabit forfeited these new arguments, and this Court should not consider them. Moreover, the pen/trap order and the search warrant issued by the district court were plainly lawful. The information used by Lavabit to encrypt communications on its systems, what has been referred to as SSL or encryption keys, was both necessary to the installation and operation of a lawfully ordered pen register/trap and trace device as well as subject to disclosure pursuant to 18 U.S.C. § 2703. As such, it was within the district court’s power to compel the production of those keys. Just as a business cannot prevent the execution of a search warrant by locking its front gate, an electronic communications service provider cannot thwart court-ordered electronic surveillance by refusing to provide necessary information about its systems. That other information not subject to the warrant by locking its front gate, an electronic communications service provider cannot thwart court-ordered electronic surveillance by refusing to provide necessary information about its systems. That other information not subject to the warrant was encrypted using the same set of keys is irrelevant; the only user data the court permitted the government to obtain was the data described in the pen/trap order and the search warrant. All other data would be filtered electronically, without reaching any human eye. Finally, Lavabit’s belief that the orders here compelled a disclosure that was inconsistent with Lavabit’s “business model” makes no difference. Marketing a business as “secure” does not give one license to ignore a District Court of the United States.
Frankly, the statement of facts is pretty damning for Mr. Levison.

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare