The way Lavabit designed the system was still in a way that the SSL master key was able to decrypt "something". If the system would have been designed in a way that even the master key does't get you anything the court can order all day long. Its like a court order to person A that as of tomorrow the sky will be light pink instead of blue. Just because the court or the FEDS want something to happen doesn't mean it is going to happen if there is no way technically this is going to work.
Granted, if Lavabit's system would have been designed in such a way the court could have ordered that they create a new software version which then allows them to see certain things, but even that can be made impossible with the correct software design. Its "just" a question how far you want to push your design and how much self protection you want to build into your design. Until 2013 everyone, or almost everyone was under the impression that SSL was reasonably safe. 2013 is the year when that changed and a prediction is that one will see many products springing up that do not have those problems any more (e.g. BitMessage)
Bingo! If you have the need or wish to encrypt you NEED to do it yourself. Each and every email client worth something is able to encrypt/decrypt. And the ones that are not I'd let go as fast as I let go of a hot coal.
At the same time you cannot be hit by a 'quiet' discovery, you know that each employee has their own key, and so on. if you NEED encrypotion there is just no good reason to have encryption farmed out.
Slashdot Mirror
The way Lavabit designed the system was still in a way that the SSL master key was able to decrypt "something". If the system would have been designed in a way that even the master key does't get you anything the court can order all day long. Its like a court order to person A that as of tomorrow the sky will be light pink instead of blue. Just because the court or the FEDS want something to happen doesn't mean it is going to happen if there is no way technically this is going to work. Granted, if Lavabit's system would have been designed in such a way the court could have ordered that they create a new software version which then allows them to see certain things, but even that can be made impossible with the correct software design. Its "just" a question how far you want to push your design and how much self protection you want to build into your design. Until 2013 everyone, or almost everyone was under the impression that SSL was reasonably safe. 2013 is the year when that changed and a prediction is that one will see many products springing up that do not have those problems any more (e.g. BitMessage)
Bingo! If you have the need or wish to encrypt you NEED to do it yourself. Each and every email client worth something is able to encrypt/decrypt. And the ones that are not I'd let go as fast as I let go of a hot coal. At the same time you cannot be hit by a 'quiet' discovery, you know that each employee has their own key, and so on. if you NEED encrypotion there is just no good reason to have encryption farmed out.