> But surely we can all agree there exist circumstances under which some lawful intercepts are justified: child pornographers, terrorists actively planning murders, missing persons, etc. The problem is Lavabit was not designed to facilitate intercepts under any circumstances.
That's not true, though. Levison could and did help the government with intercepts before, and offered to provide the same service again; this time, the government was not satisfied with the offer (from the New Yorker, emphasis mine):
"The documents, and Levison’s comments to us, suggest that although he is a skeptic, he was willing to work with the government: he offered to write intercept code himself to capture their target’s metadata, and acknowledged that the government might have a right to the person’s information. He was willing to turn that information over, as he did in a case involving child pornography; Lavabit’s archived site in fact explicitly states that one of the reasons its most secure services are available to paying customers only is so that if an account “is used for illegal purposes that money trail can be used to track down the account owner.” But the government refused Levison’s offer. It wanted the keys to everything, so he gave it nothing."
Well, it actually is true that the asymmetric encryption feature of the premium Lavabit service is designed to make intercepts impossible. Only the account holder can decrypt it.
Handing over account payment information in response to lawful requests is quite a different matter from defeating asymmetric encryption. Account info is unencrypted records that Lavabit has access to in accordance with their TOS. They can turn those over, in accordance to their TOS.
Faking out their own service to defeat their own encryption, which they specifically advertised as being only decryptable by the account holder and not Lavabit, is a whole different ballgame.
I noted exactly what you stated, that Lavabit offered to help the government implement something like that -- only after being threatened with the "nuclear option" of key seizure.
You've got to concede that there's room for some doubt as to whether Lavabit could be trusted to comply with something as extraordinary as that. It would be trusting them to reneg on a specific promise made to all customers about the security of their service, namely that it is impossible for Lavabit to snoop on encrypted communications.
That's not true, though. Levison could and did help the government with intercepts before, and offered to provide the same service again; this time, the government was not satisfied with the offer (from the New Yorker, emphasis mine):
"The documents, and Levison’s comments to us, suggest that although he is a skeptic, he was willing to work with the government: he offered to write intercept code himself to capture their target’s metadata, and acknowledged that the government might have a right to the person’s information. He was willing to turn that information over, as he did in a case involving child pornography; Lavabit’s archived site in fact explicitly states that one of the reasons its most secure services are available to paying customers only is so that if an account “is used for illegal purposes that money trail can be used to track down the account owner.” But the government refused Levison’s offer. It wanted the keys to everything, so he gave it nothing."