Fed's Encryption Key Request Seen As Posing Major E-Commerce Risk

The federal government's efforts to force email service provider Lavabit to reveal its encryption key poses a risk to just about every form of online commerce, the digital rights group Electronic Frontier Foundation argues in new court papers.

“Encrypted online communications form the backbone of the modern Internet,” the EFF says. “Without an encrypted connection, people would be at risk when they manage finances over the Web, purchase books online, transfer medical information between doctors or send and receive private communications.”

Lavabit was the encrypted email service used by people who wanted extra security, including National Security Agency whistleblower Ed Snowden. After Snowden revealed the NSA's extensive surveillance efforts, the federal authorities tried to force Lavabit to hand over its encryption keys. The feds ultimately obtained a search warrant for the password. In July, company owner Lavar Levison was found to be in contempt of court for refusing to turn over the key.

Levison eventually handed over the information, but also shut down the service, rather than run the risk that its users' privacy would be compromised. He is now appealing the contempt order.

His appeal has drawn the attention of a number of outside groups, including the EFF, which sided with Lavabit in a friend-of-the-court brief filed on Thursday. The EFF argues that the government's request was too broad, given that the password it demanded would have given it access to every message sent and received by all Lavabit users.

“Seizure of the private key would permit the government to obtain the information about the suspect. However, it would also permit the government to obtain the same information on all of Lavabit’s customers, exposing them, in the process, to the potential of recurring government surveillance for as long as the key was valid in the future and as long as it had been valid in the past,” the EFF writes.

The digital rights group adds that forced disclosure of an encryption key “threatens the fundamental premise of HTTPS and the security of the Internet.”

The government is expected to file a response in mid-November.

Next story loading loading..