Lavabit was hosted webmail, and therefore inherently dependent on the host not being evil. It is not possible to construct a hosted webmail service that is safe against a malicious/compromised host.
The phrase "user information" is vague; it could include timestamps of all requests from a particular IP, for example. Given that he was willing to shut down his sole source of income on principle, I'm willing to believe that he had reasonable crypto in place to protect user data at rest.
Cryptography was just a side show, just like with
Hushmail, because Lavabit could get the plaintexts
whenever someone working there wanted (or whenever they
were compelled to do so by a government, criminal
organization, etc.).
Assuming good faith and a reasonable storage implementation, it is possible that Lavabit is not capable of providing plaintext messages on demand. I heard somewhere that messages were stored with a key derived from the user's password; if true, then a warrant for johndoe@lavabit.com might not be fulfillable until after the next successful login from johndoe@.
"I heard somewhere that messages were stored with a key derived from the user's password; if true, then a warrant for johndoe@lavabit.com might not be fulfillable until after the next successful login from johndoe@."
...or to try brute forcing the password offline, which has a reasonable probability of working. Either way, it is not any different than the situation with Hushmail, and I would put both squarely in the "snake oil" category.
> ...or to try brute forcing the password offline, which has a reasonable probability of working. Either way, it is not any different than the situation with Hushmail, and I would put both squarely in the "snake oil" category.
You have an awfully high standard of what you define as "snake oil" cryptography. If a brute force effort to derive the secret key constitutes snake oil, I have bad news for you regarding the state of crypto.
First of all, brute forcing the password is not needed unless the user fails to log in. The system is designed for the user to send the most important secret, on which the rest of the system's security depends, to a third party.
That being said, brute forcing a password is not the same thing as brute forcing a secret key. The distribution of passwords that people can remember is not even remotely uniform, and the distribution of passwords that people actually use is even more heavily biased.
Compare to GnuPG: the attacker needs access to your computer before he can even attempt to brute force your password or try to capture it.
Lavabit had two account types. The no-cost one stored the messages unencrypted and the for-fee one stored the messages encrypted.
You have not established that that warrant was for accounts of the second type.
You have not established that the contents of the DVD were readable by the authorities.
You have not established that the type of person who would have a Lavabit account would be the type of person who would choose a password which has "a reasonable probability" of being brute-forced in under a decade.
The phrase "user information" is vague; it could include timestamps of all requests from a particular IP, for example. Given that he was willing to shut down his sole source of income on principle, I'm willing to believe that he had reasonable crypto in place to protect user data at rest.
Assuming good faith and a reasonable storage implementation, it is possible that Lavabit is not capable of providing plaintext messages on demand. I heard somewhere that messages were stored with a key derived from the user's password; if true, then a warrant for johndoe@lavabit.com might not be fulfillable until after the next successful login from johndoe@.