Widely unrecognized in the other discussions on HN is that:
"During an investigation into several Lavabit user accounts, the federal government demanded both unfettered access to all user communications and a copy of the Lavabit encryption keys used to secure web, instant message and email traffic."
Note that the initial court order although appearing to target the specific user demanded explicitly that Lavabit "shall furnish agents from the Federal Bureau of Investigation, forthwith, all information, facilities, and technical assistance necessary to accomplish the installation and use of the pen/trap device." (http://s3.documentcloud.org/documents/801182/redacted-pleadi...)
Then defying the initial order was definitely not Lavabit protecting one (famous) person as some wanted to present this case, as the goal of FBI as stated in this announcement was unfettered "access to the Lavabit network without (Lavabit) being able to audit the information being collected."
For the first time in history the general public can actually see the most of the documents related to such kind of orders. Up to now the people receiving such orders weren't allow to tell anybody even that they received them.
And quite frightening. It makes you think how many more companies are out there where the owners just decided to give in and allow them access and have remained quiet.
I think these secret (or gag) orders should be illegal. Having the ability to subpoena info with the correct court procedures and transparency is fine (and important ability to fight crime with), but these court orders needs to be completely public, and under scrutiny from watch dogs and civil liberties groups. Because power corrupts, and given such absolute power, it will surely corrupt absolutely.
In the particular case where the business subject to the orders is trying to provide privacy or secure communications services, the secret orders to enable spying on all the users also violates the 5th amendment.
In such a case, the order commands the operator to destroy the basis of his business. This is a "taking" without compensation in direct violation of the 5th amendment. It takes all the goodwill the business has built up and the ability to continue in the line of business, removing all the value the owner has invested in.
I recall though, in the past that Earthlink was the only ISP who refused to install a Carnivore device on their network... but that was only because the Church of Scientology, who owned/started Earthlink, was already monitoring all traffic.
No; Lavabit had the means to provide metadata on individual users, had done so in the past, and ultimately offered the same wrt the target of the current orders (unnamed in the documents, but we all know who it is).
The device intercepts a copy of the whole datastream and then sorts thru it.
This is sufficient to monitor all the users if the connection is unencrypted, or if the Feds can MITM it with help from a CA. If PFS or a private cert setup is in use, then such an interception device cannot get any plaintext unless the spies also obtain the secret keys from the server owner. That is what the FBI demanded from Leveson.
For all I know, trap device could be FBI speak for USB hard drive. He needs to plug in the hard drive so he can copy the data on to it. (I am aware the FBI has other, much more capable network intercept devices. I suspect the term pen/trap device is standard jargon for anything that gets installed on site regardless of capability.)
Your suspicion is incorrect. "Pen/trap device" refers to a "pen register" or "trap and trace device" as defined by 18 USC §3127(3-4):
(3) the term “pen register” means a device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, provided, however, that such information shall not include the contents of any communication, [...]
(4) the term “trap and trace device” means a device or process which captures the incoming electronic or other impulses which identify the originating number or other dialing, routing, addressing, and signaling information reasonably likely to identify the source of a wire or electronic communication, provided, however, that such information shall not include the contents of any communication;
Wouldn't a hard drive onto which addressing information is recorded be a pen register?
Clarification: point being the language of the law doesn't permit the FBI to give you a hard drive. They have to call it a pen register, then they can give it to you.
The initial request states "pen/trap device" not just "pen register" so your insistence on only pen part is irrelevant. The initial secret court order demanded more.
The initial order was to provide metadata for all traffic involving a single account. It was only when Lavabit said they couldn't do this without disclosing their SSL private key that the FBI asked for the key.
Wasn't the initial order to let them and help them install their device in his network? Please quote your information and source, I've quoted mine in the top comment of this thread.
The initial order was for the installation of a "pen-trap" to collect metadata on one account. According to the document, this is typically implemented by the provider without installing any FBI hardware.
"In this case, the SSL keys are 'information ... necessary to accomplish the installation and use of the [pen-trap]' because all other options for installing the pen-trap have failed. In a typical case, a provider is capable of implementing a pen-trap by using its own software or device, or by using a technical solution provided by the investigating agency; when such a solution is possible, a provider need not disclose its key."
Lavabit could install the device, but it was obviously the FBI owned and controlled device which was to have access to everything traversing the network. And he was to help them to reach that goal.
How do you go from "In a typical case, a provider is capable of implementing a pen-trap by using its own software or device" to "obviously the FBI owned and controlled device"?
You intentionally omit "by using a technical solution provided by the investigating agency." Moreover you completely ignore the initial order where they don't mention that they will accept what Lavabit can provide them but expect help in installing the device.
EDIT: somehow I ended up in the wrong HN topic so my comment was not directly related to this topic. I have not read the press release from Lavabit that this topic links to. My bad.
And you're omitting "In fact the FBI agents even admitted their intention to collect passwords in transit so they could access emails protected by Lavabit’s encrypted storage feature."
Regardless of the legal rationale, the FBI was demanding measures that would have given them access to everything, and they intended to use it.
So, given that the whole rationale for Lavabit's service was protection against this kind of wholesale intrusion, the answer to your question is "no".
My bad. I thought we were talking about what was written in the court order that Lavabit defied. I wasn't interested in talking about admissions made after the fact.
Oddly... I'm not even sure how I got into this HN topic. I replied to a comment in another topic and ended up here. Thinking I was in the other topic about a different story, I commented based on that story. I have no idea where this FBI admission is. I didn't see it.
If you haven't got time to read the whole thing, consider these sentences:
In fact the FBI agents even admitted their intention to collect passwords in transit so they could access emails protected by Lavabit’s encrypted storage feature. This was in stark contrast the DOJ attornies who maintained that only the metadata authorized by the court order would be collected.
Levison was running a business. A privacy business. After years of peaceful co-operation with federal authorities, the FBI suddenly told him he was about to not be in the privacy business anymore, that the business he'd poured ten years of his life into would now shamble forward as a living lie, a thrall of the surveillance state it was conceived to oppose in the first place.
And the motive for this dramatic move? An attempt to find the guy who broke the news about how much spying the government's been doing.
That is, the FBI's instinct about how to handle a scandal about unprecedented levels of domestic surveillance was to increase their level of domestic surveillance.
More important is that the collection was initially already demanded to be via the FBI's own device (that they referred to as a "pen/trap device") that they were to install and control effectively providing them unwarranted access to all the traffic and all the content of it of all users. Nobody actually gave FBI the warrant to access everything but they were to effectively have the access. Later on they also demanded the SSL keys which have more or less the same effect. There's a major difference between collecting the data of the specific individual under investigation and accessing the data of everybody. And this is the first time such secret orders are accessible to the public.
In the court transcript the judge says something to the effect of "lavabit is an email provider and email providers in the US are required to comply with US laws. The government has requested information which it is legally entitled to. The fact that you designed your system in such a way to make that difficult does not take precedence over the fact that they are legally entitled to this information."
So basically, due to design decisions, the only way for the government to get access to the data they are entitled to, was to hand over the master private key. If lavabit had designed in such a way as to have one key per customer, then the government would have only been legally able to request the single key for that customer.
I'm not saying that lavabit should have had an SSL cert per customer, just that the designed in a way which didn't mesh well with US law and they paid the price.
No. Lavabit complied with earlier demands for the data of specific users. Only this time the request was effectively for unwarranted access to everything, direcly against the business of Lavabit.
"Only this time the request was effectively for unwarranted access to everything"
Yes it was. Access to everything _for that user_. Which they are explicitly allowed to request with a warrant (which they had) under US law. Just because Lavabit could not provide the information for that user without giving away everyone eles's information does not mean that the government can't have the information for that one user.
Either Lavabit's founder is lying or this Wired article is wrong[0].
Per the wired article, the government asserts that “The representative of Lavabit indicated that Lavabit had the technical capability to decrypt the information, but that Lavabit did not want to ‘defeat [its] own system,’"
Itis only after Lavabit refused to just decrypt Snowden's email, that the FBI demanded everything and the judge makes that assertion.
Of course, the Wired article might be wrong. However, I cannot think of a single legitimate technical reason why Lavabit could not break their own encryption for a single use. The encryption and decryption was done server side. This means they can pull the key out of memory. Worst case, they can grab Snowden's password/key when it goes to the server.
He's only received $50,000 so far, which seems pretty low to me for such an important case like this. If you can't/won't participate in protests against the mass surveillance and privacy abuses of the government, then at least consider supporting those that fight for our 1st Amendment, 4th Amendment, and human right to privacy, like Ladar Levinson does:
This is a real opportunity to fight for user privacy and support the only company that openly defied the government's unconstitutional demands. A virtue we all longed for just a couple of months ago at the height of the NSA scandal. But here it is now and instead we see comments picking on Lavabit and questioning their moral qualities...
People just can't get past character debate. Bickering while their rights are gradually stripped off under their noses.
While I agree he needs more money, it's not like he's going to have to pay $800/hr to get the world's best lawyers on his team. Since he appears to be the poster child for a test case on this, I think the money will mostly only need to be spent on expenses (travel, etc.), vs. lawyer time, and there will probably be in-kind donations of services.
Lader is the kind of person you want to bring to a case before SCOTUS, not weev.
Yes, but the top lawyers in the field can do this pro bono, because it's a good case (or it could be paid directly by other organizations, using staff attorneys).
For all of Google's talk of "don't be evil" - it's pretty amazing to me that this one tiny player has more balls to stand up for his principles & users than some monolithic organization like Google.
Note that Lavabit's battle was fought in silence; the first we heard about it was the announcement that Lavabit would be shutting down.
Assuming similar warrants to other companies would also come with gag orders, there is no way to know whether Google has tried to fight. The only way we would know is if Larry Page announced they was closing up shop tomorrow.
Similar arguments apply to every tech company. I am certain that {Google,Yahoo,Microsoft,Facebook,Twitter} has received similar warrants, and has filed objections, and has been given the choice of compliance or corporate death.
I'm wondering what could have happened if these corporations didn't comply? It's hard to imagine a headlines like "US Government shuts down Microsoft because of refused total surveillance order".
China is probably instructive. There have been cases where Google has directly defied orders from the Chinese government. The result was that Google ceased doing business in the PRC, followed by a cat & mouse game where Google routed all Chinese searches through Hong Kong, which has a different legal system.
People like to make a lot of noise about the power of multinational corporations, but historically, when a corporation has defied a government the government usually wins. The only exception is when there is a wide disparity in power between the corporation's home country and the government it's in dispute with, and the corporation's own government backs it. (Eg. the British East India company vs. China, Google + Facebook + Twitter vs. Egypt.)
The reason for this is that business requires a stable legal system to work. Without the government's backing, a business's customers could simply run off with its goods & services and the business would have no legal recourse. It becomes impossible to conduct trade when the organization with a monopoly on physical force says "It's open season on Google." (Indeed, relations between Google and China had been frosty for several years before the shut-down because the Chinese government overtly favored Baidu, and the legal system in China is such that you can't conduct any significant business without some bureaucrat's say-so.)
Publicly held organizations cannot choose to close shop. They don't own the shop. Something I quote from Bruce Schneier was that if Google or Facebook were in the same position and the CEO refused to cooperate, the shareholders would just fire the existing CEO and get a less moral one!
Founders are not the sole owners of organizations. They do have a lot of shares but they did go through funding rounds and an IPO and already don't own a chunk of their businesses.
Like the trust and business of their users, both domestic and international? They had to assume that people would find out eventually, so why capitulate?
It's like giving in to extortion, you're just delaying the long-term inevitable while damaging yourself in the short-run as well.
Personally speaking, my trust in Google hasn't changed.
I don't trust sensitive data there because of other agencies, but if the world changes because of Snowden, I will happily continue to use (most of) Google's services.
yea they do have more resources to fight, but from a profit perspective, its unlikely to net any gains, and the gains cannot be only for google (fighting for public good is never profitable). Therefore, its much better to just comply, and take the risk that the users might find out later. Who knows, users might not care, or might not be able to move off google at all...
No they don't. This man has given up his livelihood. Google could shut down their (free) e-mail service, probably without having to fire a single employee.
Yes the amount of intelligence they could gather on each of their users would undoubtedly suffer, and so their ad revenue might eventually lose a bit of growth, but life (and business) would go on for Google.
they don't have much to lose. If they're careful, they have backup servers in multiple places. If they can launder their money through offshore places, they can move their servers.
Yahoo! did much the same, and, like Lavabit, did much of the fighting in secret. Well, except for the "shutting down" part -- although I think you can defensibly argue that the harm to privacy done by Yahoo! effectively sending its users to other random webmail services would be worse than the harm to privacy from keeping operating. Lavabit's users have more capability to fend for themselves or just stop using electronic communications.
That judge is kind of a pushover. Hes not happy the government would have to trust Lavabit with their solution, but he doesn't even begin to question the governments proposal to just MITM all the traffic through a box with unknown software operated by whoever with certainly no tamper-safe logs of any kind.
It's likely because his level of technical competence barely suffices to turn a computer on, but yet he gets to decide on these cases, and the gov lawyer happily aids in his ignorance by supplying factually wrong technical sounding terms (the 'metadata stream') and analogues from an analog world (a 'filter').
That is a bad reason, yes. However, the prosecutor also objected to Levison's proposal to supply metadata, where he would wait until the 60 days were up, decrypt the stored messages (from which, to my knowledge, he could only read the headers unencrypted - the body is encrypted with PGP, I think), strip the "Subject" headers (per the legal standards on pen/trap orders) and then deliver that data to the FBI, via SCP, in bulk.
One reason that this was rejected, then, was that it did not fulfill the requirements of the 'trap/trace' part of the order, which require the metadata to be provided in real time or close to real time.
I'm reading/skimming through this now, and most of the beginning exhibits repeat a lot of stuff. Also, IANAL, so I may be interpreting some of this incorrectly.
On the PDF's page 51, there begins a record of a court proceeding, deliberating what, exactly, the government is looking for in these proceedings. They discuss the coverage that the FBI thinks its pen register needs. Of note is that Levison was not opposed to the pen register (which, to my understanding, would provide the FBI with all encrypted traffic going through Lavabit's servers), he was opposed only to providing the encryption keys, which Levison asserts would provide the FBI the ability to decrypt all traffic, and not just the traffic of the aforementioned SUBJECT, (read: probably Snowden).
The judge appears to not be a rubber-stamp entity, which is nice, as shown on pages 58-59.
Page 60, Levison states that all the gov needed to do to install the pen register, was set up an appointment with him. But, again, he would not provide any keys.
Ha. On page 61, the court explicitly says that all requests for oversight and monitoring will be denied:
MR. LEVISON : I guess while I'm here in regards to the pen register,
would it be possible to request some sort of external audit to
ensure that your orders are followed to the letter in terms of
the information collected and preserved?
THE COURT : No. The law provides for those things, and any other
additional or extra monitoring you might want or think is
appropriate will be denied, if that's what you' re requesting.
On page 100, Levison states that he can manage to get the information the FBI is looking for, without providing the FBI with Lavabit's encryption keys. Someone (AUSA[censored]) says that the proposed solution does not satisfy the subpoenas and court orders, because it would not provide real-time access to the data.
On page 107-108, the court has this to say about a loss of trust from Lavabit's customers, in the event that Lavabit hands over its SSL keys: "Any resulting loss of customer "trust" is not an "unreasonable" burden"
Starting on page 121, there is a court discussion about "a motion to quash the requirement of Lavabit to produce its encryption keys and the motion to unseal and lift the nondisclosure requirements of Mr. Levison."
Page 126, the court on the government's "right to information". Within the bounds of a criminal investigation, this position seems correct, but they are still requesting a key that would decrypt the communications of about 400,000 customers. Within that context, it seems like overreach.
THE COURT : I can understand why the system was set up,
but I think the government is -- government's clearly entitled
to the information that they're seeking, and just because
you-all have set up a system that makes that difficult, that
doesn't in any way lessen the government's right to receive that
information just as they would from any telephone company or any
other e-mail source that could provide it easily. Whether
it's -- in other words, the difficulty or the ease in obtaining
the information doesn't have anything to do with whether or not
the government's lawfully entitled to the information.
Man, read page 128 and 129. The judge basically says that because it's a criminal case, the 4th Amendment doesn't apply to the data they are requesting (Lavabit's SSL key, which is very emphatically NOT Snowden's data (or, sorry, THE SUBJECT's data)).
What appears to be the now infamous 11 page of 4-point key starts at page 145, as Attachment A. I can't actually verify, from this PDF, that it is text. With the image's resolution, it looks like lines of visual noise. Zooming in, there also appear to be visual artifacts reminiscent of JPG compression.
>On page 107-108, the court has this to say about a loss of trust from Lavabit's customers, in the event that Lavabit hands over its SSL keys: "Any resulting loss of customer "trust" is not an "unreasonable" burden"
This is one of the reasons why I have literally no respect for the US court, USG's supposed authority. They are all corrupt, lying, authoritarian asshats.
According to one of Sibel Edmonds recent sources, the majority of them are selected largely based on their corruptibility (if they are clean, they are removed from the selection pool).
I have to say that while I have been on HN for several years - and it is the best community online. I am farking inspired with how aware and awesomethe community on HN has revealed itself to be in light of the NSA debacle.
Even when we get into debates, like I do with TCPTACEK, the level of sober awareness of the implications of the techno-spy world we live in, the background and historical context (whereby many HNers were already aware of telco spying, Echelon, Carnivore, etc) the userbase has here is certainly terrific.
I am heartened by the fact that seemingly so many HNers are awake, aware and informed on whats really happening around us. I hope we can find a way to affect change together.
Just now saw this comment. I have also been discovering the beauty of individual thinkers blogs, in addition to HN (for example, Bruce Schneier's blog is one of my favorites). I'm a fairly recent daily HN reader who has moved from reddit, and am continually thinking about how communication on the net still has a lot of room to improve quality, but am enjoying the atmosphere here quite a lot.
None of this is shocking: If you run a commercial communications service, it's your responsibility to comply with legitimate wiretap warrants. As the judge said, setting up your system in such as way as to make tailored compliance extremely difficult or impossible doesn't release you from that requirement.
Exactly. The NSA is allowed to listen in when traffic is unencrypted because there is inherently no expectation of privacy in unencrypted traffic. The FBI has probable cause to receive all keys to everyone's encrypted traffic because you're obviously hiding something criminal.
The question I'd love to ask the heads of these various agencies. In what circumstance does the 4th amendment apply? Seems like we always ask 'is this current procedure justified' with some inevitable pretext found.
Yeah no prob. I'm particularly interested in Lavabit's story, because I'm looking to get off of Gmail and get some degree of privacy. But with how this is going, it looks like I'm going to have to wait for a non-USA company to start a similar service (I'm broke and in the USA, so I'm not in a position to start one myself).
I think the US government is engaging in a massive overreach, and I think that other countries have an opportunity to develop sane data protection laws. Normally, when you want data on one person, you get a warrant for data on that person. The US government, however, has decided that the rational move is to demand indiscriminate access to the records and communications of over 400,000 Lavabit customers.
I skimmed these pages as well, and it seems obvious now that you can no longer trust a legal system to protect your privacy. We (hackers) need to combat this with a technical system.
I would also note that it seems incredibly clear that Ladar Levison knew what was at stake: for himself, for Snowden, for his company, and for his users. His decision to shutter his doors was his last option to protect their 4th amendment rights and I'm absolutely amazed he made the right call here.
It is shocking when FBI uses the secret order for one user to demand the installation of the device which has access to everything of every user, especially when your whole business is to provide secure communication unless the user is specifically targeted.
But I understand that you wouldn't worry if your users have no privacy expectations. Your business wouldn't be affected.
They explicitly state in the court proceedings that if it were possible to give a key which only decrypted the data of the unnamed party, then they would accept that instead of the master private key. Unfortunately such a key did not exist because of the design of Lavabit's software.
But that is not what the FBI was doing. They were not seeking a "legitimate wiretap" -- they wanted full access to everything. This certainly releases you from the requirement as this is illegal activity by the LEO.
IANAL, so I don't know what the actual process is called, but that judge needs to be fired.
When confronted with an issue about which the judge knows nothing, the court basically deferred to whatever the government suggested. I'm not reading into it, it's basically how the transcript reads.
I particularly enjoyed this Freudian slip:
MR. BINNALL: I would suggest that the
government -- I 'm sorry -- that the Court
can craft an order to say...
The court here is more marionette than anything else, with the FBI on the strings.
> MR. TRUMP: That's one and the same, Your Honor. Just so the record is clear. We understand from Mr. Levison that the encryption keys were purchased commercially. They're not somehow custom crafted by
Mr. Levison. He buys them from a vendor and then they're installed .
Wrong. You pay to have your public key signed by a commercial entity. The private key was generated by Mr. Levison.
I find it incredibly ironic that in the process of investigating against Snowden's leaks that the NSA is spying on netizens, we see such court orders where feds ask for broad unregulated surveillance where a single targeted tap would have sufficed. The worse is that the judge happily enables this.
He's not trying to protect this information. People are going to be using Facebook regardless of whether he publishes there or not. This is pure pragmatism.
Exactly. They don't need to prove you weren't hacked two or three times: they just need to convince a judge that it's unlikely. And the next step, setting up a regular key-changing scheme, simply results in you have to provide new copies automatically every time the keys change.
Interestingly, the letter states he's received over 150k in support. The rally.org campaign now states over 50k has been pledged. I'm not finding the campaign for support to be terribly transparent.
When receiving the link to the rally.org campaign yesterday (through pinbord on twitter or gruber) I thought it represented the entire universe of assistance Lavar had received. On top of that, the upper limit of the rally campaign keeps changing. Originally I saw 40k, then last nigth 50k, now this morning 96k.
I'm not saying that they're trying to be misleading, but as someone who is interested in this and is considering a donation, I was disquieted by the moving target at rally.org and the lack of transparency until this morning about how much had truly been raised.
It doesn't matter that you haven't seen some other figure on rally.org (just one of the sources). It doesn't change the fact that Levison will almost certainly need the orders of magnitude more legal funds than what he received up to now.
Even having a case with the copyright trolls costs around a million. You bother about the thousands and about the totals which nobody claimed. And Levison had to shut down his own company.
Absolutely agree. All I'm trying to say is that I find the lack of transparency about the real 'goal' for rally.org and real total (which now we have transparency about) doesn't make me feel great about donating.
So where is it written that rally.org is supposed to publish the totals of funds collected via other channels? Based on what actually have you expected that?
Yea, this response is expected. You can see below I'm grappling with myself, am I just nitpicking as an excuse or do I have actual concerns. It can be hard to tell sometimes.
About your first point: I think that rally.org is not the only source of revenue for the defense fund. There is also a direct Paypal link (linked in the Facebook post).
I'd seen the paypal links, I just assumed that it would be a drop in the bucket compared to what is visible at rally.org, not 2 times what you see there.
Perhaps I'm just nitpicking. I agree the cause is worth supporting.
It helps to make encryption the norm. Better to be using encryption in situations where it is not needed than to fail to use it in situations where it matters.
It will also help if some Treacherous Government complains that "You must have been doing something bad, you used SSL!" and everyone can turn around and say "But loads of things are SSL!"
Lavabit was created so every law-abiding citizen has access to a secure and private email service.
What an intriguing statement. I'm not sure if I should read anything into it, but 'law-abiding' and 'citizen' seem odd in that context.
Edit: Why not just say 'everyone'? Otherwise it sounds as if Lavabit was making a decision as to whether someone was eligible or not, which I don't think is what he means.
I think he said that because he was happy to work with reasonable law enforcement requests for specific individuals that were part of a criminal investigation.
It was just when they were asking for the ability to completely backdoor his system for all users that he started with the civil disobedience.
I think you are reading too much into the statement. It's likely to be a figure of speech so that regular folks i.e. not child pornographers, drug smugglers, terrorists or other ne'er do wells, can feel good about using the service.
Because it's a statement in front of a court. Specifically, in giving the rationale for why handing over the private key is a 4th amendment violation, it's helpful to point out that lawbreakers (for whom specific, particular, narrow warrants have been issued) have no expectation of privacy even on Lavabit's system.
Nothing unexpected from this announcement. It was heavily implied that he was asked to provide the encryption keys to decrypt the communications of all users.
I'm surprised that some academic lawyers aren't helping take on this case for no cost, due to the precedent it may set and the exposure it will get.
Linking is there to avoid repeating the arguments written in much more detail in the linked post. Is it better when everything is written twice instead in one post? Linking also helps concentrating the relevant arguments to the relevant thread. It's not to "myself" it's to the relevant node in the discussion tree which contains a lot of arguments.
If there's anything written where you've found some error you can present your arguments. Attacking persons aren't arguments.
"During an investigation into several Lavabit user accounts, the federal government demanded both unfettered access to all user communications and a copy of the Lavabit encryption keys used to secure web, instant message and email traffic."
Note that the initial court order although appearing to target the specific user demanded explicitly that Lavabit "shall furnish agents from the Federal Bureau of Investigation, forthwith, all information, facilities, and technical assistance necessary to accomplish the installation and use of the pen/trap device." (http://s3.documentcloud.org/documents/801182/redacted-pleadi...)
Then defying the initial order was definitely not Lavabit protecting one (famous) person as some wanted to present this case, as the goal of FBI as stated in this announcement was unfettered "access to the Lavabit network without (Lavabit) being able to audit the information being collected."
For the first time in history the general public can actually see the most of the documents related to such kind of orders. Up to now the people receiving such orders weren't allow to tell anybody even that they received them.
This is unprecedented.