Lavabit, the now-shuttered secure email provider that has become something of a rallying point for privacy advocates and security experts in the ongoing NSA surveillance saga, is giving its former users until Thursday night to change their passwords on the service. They will then have a short window to download their email archives and get to their account data.

Ladar Levison, the founder of Lavabit, in August decided to make the dramatic move of shutting down the service rather than giving the government broad access to his users’ data. The FBI, in the wake of the Edward Snowden leaks of NSA surveillance methods, went to Levison with a court order demanding the SSL keys for the company’s service. Rather than comply, which Levison said would have spelled death for the Lavabit service anyway, he decided to shut down the secure email system. The Department of Justice was not pleased, to say the least, but Levison has held out and recently filed an appeal of the court order.

In the meantime, Levison secured a new certificate for the Lavabit site, and has notified users that they have until Thursday at 7 p.m. CDT to go to the new site and change their passwords. After that, they then will have a few days to go in and download their archived emails and other data.

“Due to concerns about the continued integrity of customers’ passwords, we are offering a short window of five days in which users can change their password before we allow anyone to download an archive of their stored emails,” a statement on the new Lavabit site says.

“Since the SSL certificates formerly used to protect access to Lavabit have been compromised, we recommend manually validating the serial number and fingerprint your computer received before using this website.”

Levison said that the shutdown of Lavabit has affected him, as well, as he was a user of the service himself and had spent years building the company.

“This comes in the wake of the abrupt shutdown of Lavabit this past August, wherein many were left without a way to access their sensitive data. For those who used Lavabit’s email service, they were left without a way to access information after the shutdown. When asked about how his users felt about the loss of personal data, Mr. Levison said ‘I’m in the same boat as them. I used my Lavabit email account for 10 years. It was my only email account’,” the statement said.

Image from Flickr photos of Richard-G

 

Categories: Cryptography, Government, Privacy