One way to get around a search warrant for a private SSL Key

October 2nd, 2013

Wired and the Times report on efforts of the federal government to obtain Lavabit’s private SSL key. Edward Snowden used Lavabit for private email. Lavabit resisted, as this would give the government access to all their customers’ encrypted emails. So, in a quasi-effort to comply, Lavabit provided the government with the key. Kind of.

In an interesting work-around, Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type. The government, not unreasonably, called the printout “illegible.”

“To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors wrote.

The court ordered Levison to provide a more useful electronic copy. By August 5, Lavabit was still resisting the order, and the judge ordered that Levison would be fined $5,000 a day beginning August 6 until he handed over electronic copies of the keys.

I should note that Lavabit is represented by a fellow George Mason School of Law ’09 graduate, Jesse Binnall.