Safe Harbor, Lavabit & The Future Of Cloud Security

Grazed from InformationWeek. Author: Elad Yoran.

The ongoing case of the federal government versus Lavabit was a hot topic of discussion at RSA — not just regarding the merits of the case, but because it demonstrates how the increasingly stringent safe harbor provisions in the European Union can impact US companies doing business in the cloud.

For those who didn’t follow the story, Lavabit, an organization that offered encrypted email as a service, shut down last August without explanation. Under a gag order, Lavabit CEO Ladar Levinson was prohibited from disclosing any information relating to the shuttering of the business, as well as the details leading to the termination of Lavabit…

After court documents were unsealed, it emerged that Levison was resisting a government order to provide Lavabit’s encryption key to authorities. The nature of the Lavabit email service was that a single key was shared for encrypting all client email. The government insisted on acquiring the key, so that it could access one client’s email account — ex-National Security Agency contractor Edward Snowden. Lavabit objected to handing over the encryption key, since it would not only decrypt one client’s email, but it would also provide access to the company’s few hundred thousand customers’ data in the clear…

Read more from the source @ http://www.informationweek.com/security/cloud-security/safe-harbor-lavabit-and-the-future-of-cloud-security/d/d-id/1127721

Subscribe to the CloudCow bi-monthly newsletter @ http://eepurl.com/smZeb