More important is that the collection was initially already demanded to be via the FBI's own device (that they referred to as a "pen/trap device") that they were to install and control effectively providing them unwarranted access to all the traffic and all the content of it of all users. Nobody actually gave FBI the warrant to access everything but they were to effectively have the access. Later on they also demanded the SSL keys which have more or less the same effect. There's a major difference between collecting the data of the specific individual under investigation and accessing the data of everybody. And this is the first time such secret orders are accessible to the public.
In the court transcript the judge says something to the effect of "lavabit is an email provider and email providers in the US are required to comply with US laws. The government has requested information which it is legally entitled to. The fact that you designed your system in such a way to make that difficult does not take precedence over the fact that they are legally entitled to this information."
So basically, due to design decisions, the only way for the government to get access to the data they are entitled to, was to hand over the master private key. If lavabit had designed in such a way as to have one key per customer, then the government would have only been legally able to request the single key for that customer.
I'm not saying that lavabit should have had an SSL cert per customer, just that the designed in a way which didn't mesh well with US law and they paid the price.
No. Lavabit complied with earlier demands for the data of specific users. Only this time the request was effectively for unwarranted access to everything, direcly against the business of Lavabit.
"Only this time the request was effectively for unwarranted access to everything"
Yes it was. Access to everything _for that user_. Which they are explicitly allowed to request with a warrant (which they had) under US law. Just because Lavabit could not provide the information for that user without giving away everyone eles's information does not mean that the government can't have the information for that one user.
Either Lavabit's founder is lying or this Wired article is wrong[0].
Per the wired article, the government asserts that “The representative of Lavabit indicated that Lavabit had the technical capability to decrypt the information, but that Lavabit did not want to ‘defeat [its] own system,’"
Itis only after Lavabit refused to just decrypt Snowden's email, that the FBI demanded everything and the judge makes that assertion.
Of course, the Wired article might be wrong. However, I cannot think of a single legitimate technical reason why Lavabit could not break their own encryption for a single use. The encryption and decryption was done server side. This means they can pull the key out of memory. Worst case, they can grab Snowden's password/key when it goes to the server.
