SECURITY STATES OCTOBER 16, 2013
Ladar Levison, owner of the now-defunct encrypted email site Lavabit, made headlines back in August when he shut the service down to avoid “becom[ing] complicit in crimes against the American people.” But the Lavabit saga is far from over. Levison is currently appealing a July 16 court order commanding him to turn over the site’s private SSL (Secure Socket Layer) keys. The keys would enable the government to decrypt the emails of some 400,000 Lavabit users, in addition to the communications of the only actual target (who is assumed to be Edward Snowden). Court documents unsealed earlier this month show that Lavabit initially resorted to creatively resisting compliance with production requests, going so far as to provide the government the five requested keys in unreadable 4-point font.
To win its appeal, Lavabit must successfully challenge four legal authorities compelling production of the keys: first, an order issued under the Pen Register Statute, which requires Levison to install a pen-trap device to capture information coming in and out of the targeted email account and to hand over the encryption keys that render the information readable; second, a related compliance order; third, a grand jury subpoena; and fourth, a warrant issued under the Stored Communications Act.
In a recent interview with Democracy Now, Levison made clear that—contrary to what some media reports have implied—he is not seeking to protect Snowden’s emails. Rather, Levison protests what he perceives as the government’s attempt to gain indiscriminate access to all his users’ emails. As Levison explained, the government “wanted to peel back the encryption on everyone’s information as they were connecting to my server, just so that they could listen to this one user. But yet, at the same time, they wouldn’t provide any kind of transparency back to me to assure me that they were only collecting information on one user. And I had a real problem with that.” Along this vein, in its newly filed Fourth Circuit brief, Lavabit challenges the government’s demand for the keys as a wholesale violation of user privacy: “It is unthinkable that Congress would have given the government the authority to seize keys that would make it possible to intercept all of Lavabit’s communications with all of its customers . . . .”
The government, meanwhile, has pushed back against Lavabit’s focus on the sweeping nature of the government’s requested decryption powers by emphasizing the precautions it intends to take in handling the data. In its response to Lavabit’s motion to quash both the subpoena and the search-and-seizure warrant on Fourth Amendment grounds, the government argued to the district court that existing federal statutes “will continue to limit sharply the government's authority to collect any data on any Lavabit user—except for the one Lavabit user whose account is currently the subject of the Pen-Trap Order.” The government added, “It cannot be that a search warrant is ‘general’ merely because it gives the government a tool that, if abused contrary to law, could constitute a general search.”
At trial, the government offered some technical details as to how it would prevent such abuse. According to Wired, Prosecutor James Trump was able to convince Senior Judge Claude M. Hilton that “while the metadata stream would be captured by a device, the device does not download, does not store, no one looks at it. It filters everything, and at the back end of the filter, we get what we're required to get under the order. So there's [sic] no agents looking through the 400,000 other bits of information, customers, whatever.”
In essence, Lavabit’s focus on data access issues is butting up against the government’s focus on data use. Sound familiar? It should. It is a split we have seen before. Most notably, after news of the National Security Agency’s collection of bulk telephony metadata under Section 215 of the Foreign Intelligence Surveillance Act (FISA) hit the press in June, the government faced charges of indiscriminate data interception and questions as to whether it was exceeding its collection authority under Section 215’s “relevance” provision. The government responded to concerns about the enormous and undiscriminating data haul it was acquiring from telecommunications service providers by emphasizing the systematic limitations placed on its use of that data: “it is critical to understand the program in the context of the restrictions imposed by the court,” declared the Justice Department in a letter to Representative James Sensenbrenner (R-Calif.). As far as the government was concerned, those restrictions went to the heart of the relevance question: NSA is justified in obtaining the whole from which it culls target-specific parts, as long as there are strong back-end protections against misuse of the data.
Others have argued that this is not the most convincing reading of “relevance” under the FISA. Nor would it be an intuitive reading of the relevance provisions of the statutes at play in the Lavabit suit.
But rather than focusing on the government’s approach in relation to the specific language of these particular statutes, consider instead the underlying legal policy logic—the practical intuition guiding the government’s argument for why it should be allowed to collect or decrypt in bulk data for the purpose of using only a tiny fraction of that material. We might call that intuition the “sieve theory”: the idea is that the filtration techniques the government applies to extract certain pieces of data should have implications for the legality of the initial acquisition of a much larger dataset to which the government would not otherwise be entitled.
The sieve theory is kind of the converse of a much-better-understood theory of the Fourth Amendment. The “mosaic theory,” as Fourth Amendment scholar Orin Kerr has dubbed it, has attracted a good deal of attention from scholars interested in the implications of the ever-decreasing costs of perpetual surveillance. That theory posits that many otherwise-insignificant and disparate data points can be combined to yield a highly revealing—and unconstitutionally invasive—composite. For example, in their concurring opinions in the 2012 Supreme Court decision in United States v. Jones, Justices Samuel Alito and Sonia Sotomayor lent credence to the mosaic theory by voicing tentative support for the idea that long-term GPS tracking of a vehicle traveling on public roads could constitute a search, even though the individual units of data were trivial and their acquisition did not meet the traditional definition of a search under Fourth Amendment law.
Like the mosaic theory, the sieve theory is built on the idea that constitutional protections do not attach to information per se but rather hinge on how that information gets processed and used. Just as privacy proponents use the mosaic theory to argue that bits of information not individually entitled to constitutional protections might be entitled to protections when aggregated, the government is effectively using the sieve theory in both the Lavabit and Section 215 contexts to argue that a large data set comprising information to which it might normally not be entitled should be produced anyway where the government both establishes its necessity and institutes satisfactory filters to prevent its misuse.
Put more simply, the mosaic theory has been used to argue the unconstitutionality of certain types of government data collection. Conversely, the sieve theory is being used to argue the lawfulness of carefully conducted government data filtration.
That the mosaic theory remains a hot legal topic is unsurprising, given that information synergy is conventionally understood as the sine qua non of intelligence gathering. But in a world of ever-bigger Big Data, there is a strong argument to be made that information differentiation should be seen as having equally critical legal implications. In the case of Lavabit, the problem (at least according to Levison) seems to be that the government has espoused sieve-theory-based logic without guaranteeing truly compelling limitations on its use of the demanded encryption and SSL keys. The underlying point is an important one moving forward: if the government wants the sieve theory to be taken seriously, it will have to avoid ever treating the filters in question as an abstraction or an aside. Sweeping requests for data access should be contingent on first designing and proposing enforceable limits on data use.