Will Apple Go the Way of Lavabit?
According to a report in Friday’s New York Times, some of Apple’s top encryption engineers have threatened to resist—or even to quit—rather than comply with a court order to disable the iPhone security system they created.
That’s a game that doesn’t end well. Just ask Ladar Levison.
Levison is the creator of Lavabit, a private e-mail service that was designed to make it impossible for outsiders—hackers or governments—to spy on its users’ communications. He offered NSA-quality encryption and made a point of not logging the messages that passed through his system. That way if slapped with a subpoena he could honestly say—as Apple does today—that he didn’t have anything to give up.
Then in 2013 the FBI asked Levison for something he did have.
Edward Snowden, the whistleblowing spy, had been using Lavabit to e-mail reporters, and the FBI wanted real-time access to Snowden’s metadata—with whom he was communicating, when, and from where. A federal court ordered Levison to start logging Snowden’s communications. Then, figuring that Snowden was savvy enough to use encryption that couldn’t be cracked by brute force, the government also demanded that Levison hand over Lavabit’s private encryption key—something the Justice Department has threatened to demand of Apple (AAPL) as well.
Subscribe to Data Sheet, Fortune’s daily tech newsletter.
With Lavabit’s key in hand, the FBI could intercept messages sent not just by Snowden, but by any of the service’s 400,000 users.
Levison objected. “The whole concept of the Internet was built on the idea that companies can keep their own keys,” he said. But prosecutors assured the court that they weren’t interested in 400,000 users, just Snowden, and Levison was ordered to comply.
When he realized he had no choice, Levison handed in the key—a long string of random numbers—printed out in type too tiny to be read or scanned.
Prosecutors were not amused, and neither was the court. Judge Claude H. Hilton slapped Levison with a $5,000-a-day fine until he turned over the key in digital form.
Two days and $10,000 later, Levison complied—in a manner of speaking. He gave up his digital key and at the same time shut down his business. That double maneuver, a prosecutor later told his lawyer, nearly landed Levison in jail.
For more on Apple vs. FBI, watch:
The Levison case has come up twice in the standoff between Apple and the FBI: Once, when Levison filed a friend-of-the-court brief in support of Apple. And a second time in the now-infamous Footnote Nine, copied below, in which Department of Justice lawyers cite Levison (In re Under Seal…) as precedent for seizing Apple’s source code and its private electronic signature.
9. For the reasons discussed above, the FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers. See In re Under Seal 749 F.3d 276, 281-83 (4th Cir. 2014) (affirming contempt sanctions imposed for failure to comply with order requiring the company to assist law enforcement with effecting a pen register on encrypted e-mail content which included producing private SSL encryption key).
Would the world’s most valuable company, if ordered by the Supreme Court to hand over its crown jewels, comply and then go out of business? That seems ludicrous. But make no mistake about it. If you follow the government’s logic, that’s where this case is headed.