Spy or Die

Can corporate suicide stop the NSA?

When the U.S. government orders a communications company to give up its data, the firm has two basic choices: resist, and risk its leaders going to jail, or comply, and break faith with its customers. On Thursday, Aug. 8, however, two privacy-minded businesses chose a third and unprecedented option: They committed corporate suicide rather than bend to the surveillance state's wishes.

It could just be the opening battles in a new front of the surveillance war.

In a move that blocks governmental monitoring of private email accounts, two secure email providers closed shop on Thursday rather than divulge information about their users to the authorities. The first Dallas-based Lavabit -- which reportedly counts among its users NSA-leaker Edward Snowden -- stopped operations after apparently fighting a losing battle to resist a federal surveillance order. (Snowden called the decision "inspiring" in a note to the Guardian's Glenn Greenwald.) A few hours later, Silent Circle, headquartered outside Washington, D.C., announced it was suspending its encrypted email service as a preemptive measure before ever receiving a command from the government to spy on its users.

The companies' extreme actions put them in an exclusive club. Security and legal experts said they could not recall a company preventing government access to its customers' information by shutting down its business. Some companies have appealed surveillance orders in the courts or attempted to force more public disclosure about the secretive intelligence-gathering process, but they have remained functioning. Refusing to comply with an order also means the government is cut off from potentially valuable information that it may have no other means of obtaining.

Ladar Levison, the owner and operator of Lavabit, said in a cryptic public message to his users that he had "been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit."

Levison didn't say precisely what events had led to his decision, but his letter strongly suggests that he had refused to comply with an official order to hand over Lavabit users' emails and give the government ongoing, prospective access to the company's systems. In the letter, Levison said he was forbidden from discussing "the events that led to my decision." Recipients of secretly issued government surveillance orders are often prohibited from disclosing or discussing them publicly.

Silent Circle, in a letter to its customers, cited Lavabit's decision. "We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail [its encrypted email service] now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now."

The company also acknowledged that its email service didn't have protections as strong as those for its phone and text services, which can delete communications entirely, as well any corresponding metadata records. Email leaves a digital trail that can be recovered and therefore forcibly disclosed by the authorities.

"Tough decision but we couldn't wait for the inevitable risking member security," Vic Hyder, the company's chief operations officer, wrote on Twitter.

"We huddled this afternoon and saw no other choice," Jon Callas, Silent Circle's chief technology officer and a noted computer security expert, wrote on his Twitter feed.

Companies that receive surveillance demands find themselves in an unenviable position. Some, such as Yahoo!, Microsoft, and Google, have either fought surveillance orders in court or petitioned the government to let them disclose more information about what the authorities are asking about the companies' users. But until now, these companies and others, including Internet mainstays such as Facebook that have hundreds of millions of users, have complied with the orders and helped form the backbone of official surveillance.

Companies also know they cooperate at the risk of undermining their reputation and their business. Take the encrypted email service Hushmail, a Canadian company that like Lavabit had marketed itself as a secure system. In 2007, the firm gave over information on three customers as part of a U.S. federal investigation into illegal steroids. Although Hushmail was complying with a court order and a legal assistance treaty between the United States and Canada, its reputation was significantly damaged among its product's core users.

Closing a company is certainly not illegal. But evading an official demand is. What penalties or charges Levison might face depends on what the government is seeking. He could face a contempt proceeding, which could include jail time, if he refused to comply with a court order, said Albert Gidari, a lawyer with the firm Perkins Coie who represents companies on surveillance and communications law.

But the government might also be looking for ongoing or prospective surveillance of Lavabit's customers and access to the company's systems. Given Levison's drastic actions, that is likely the case. Shuttering the company would do little to stop the authorities from gaining access to Snowden's or any other customer's old emails. But going out of business would mean Lavabit couldn't comply with any future surveillance.

"It may be that by shutting down the service, he can't comply, and so it's doubtful he would be held in contempt," Gidari said. But "shutting down the service could be viewed as obstruction of justice, so he isn't necessarily out of the woods yet."

Levison faced two bad options. That helps explain why Silent Circle's executives may have decided to avoid the quandary altogether.

Levison's decision was greeted by some as a heroic act of protest. A fund was set up to help pay for his legal expenses. "We've already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals," he wrote.

But Silent Circle's decision added a new wrinkle. The company appeared to be making a business decision, rather than a legal or ideological one. It had not been served with a government order. Indeed, the company, which was founded by an ex-Navy SEAL and the inventor of the first widely distributed commercial encryption software, says it counts intelligence agency employees and special operations forces as its most loyal customers. Silent Circle has billed its encrypted email service as a way for people with secretive jobs to communicate securely, not as an end run around federal surveillance. (The firm has been known to help privacy-minded journalists stay beneath government radars.) By preemptively shutting down its email service -- and purging all data related to it -- Silent Circle preserves its reputation as a secret-keeper. It will continue to sell its secure phone, text-messaging, and video services.

Companies may also find resisting NSA surveillance a losing battle. Recently disclosed documents show that the agency has the legal authority to collect and store any electronic communication that uses encryption. And if companies are storing email in servers within the government's jurisdiction, they may not be able to make good on promises to users that their communications are absolutely private and secure. In his letter, Levison said, "I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States."

The government has given no indication that it will back down from using surveillance orders to demand all kinds of customer records, from Internet searches to phone logs to email metadata and content. But what Lavabit and Silent Circle have done may mark the beginning of a resistance.

The truth is that for all the government's extraordinary powers under surveillance law and the NSA's global reach, the U.S. intelligence community is largely at the mercy of companies to help it monitor the world's networks. Indeed, current surveillance law was modified a few years ago to give telecom companies that assisted the NSA with warrantless wiretapping legal immunity from prosecution. Officials feared that without those protections, the companies would do everything in their power not to help the government.

If enough companies were to take the drastic step of shutting down, the government would find itself in the dark on potentially crucial intelligence. The likelihood of this happening is still remote. But the fact that two companies would take such drastic measures to preserve their independence and keep the government out of their business may speak to a dawning awareness: While the government may hold the legal power, it is not all-powerful.

SAUL LOEB/AFP/Getty Images


Soldier of Misfortune

David Bax helped save 35 aid workers in a Mogadishu firefight. So why did they turn against him?

The tip came early in the day on June 19. Islamist militants had breached the inner sanctum of the United Nations' humanitarian compound in downtown Mogadishu -- and they were trying to slaughter the relief workers inside.

It wasn't David Bax's job to respond to such an attack; the former South African soldier was hired by the U.N. simply to defuse explosives in and around the restive city.

But Bax wasn't about to sit on his hands while a massacre went down. Within 30 minutes, Bax had mobilized his convoy, consisting of Burundian soldiers, U.N. explosives specialists, and foreign security contractors, into a rescue party.

While the firefight between al-Shabab militants and Somali guards raged inside the U.N. facility, Bax led his team to the outer wall and waited for a lull in the shooting. When the pause came, they rushed into the compound and began loading the terrified U.N. survivors onto Bax's Casspir armored personnel vehicles. Once the vehicles were full, Bax's team sped off and delivered the survivors to safety at the secure U.N. compound at Mogadishu's airport. In the end, one U.N. staffer, two South African contractors, four Somali security guards, a Somali electrician, and several Somali civilians were dead. As many as seven al-Shabab fighters were also killed in the operation. Most of the fighting was carried out by Somali security guards, who suffered the largest number of casualties. While Bax's team didn't engage in the firefight, there was little doubt that he and his team had risked their lives.

But the United Nations didn't award Bax a commendation for his bravery. In fact, days after the attack, Bax, the program manager for the U.N. Mine Action Service (UNMAS) in Somalia, came under fire from some of the very people he tried to save, and his U.N. career may now be on the line. His detractors say he repeatedly overstepped the bounds of his authority and propriety, propositioning female colleagues and exercising undue control over vital necessities for humanitarian workers like a Chicago alderman. Others say that Bax's rescue mission, while noble, may have only put U.N. employees -- and the U.N. mission in Somalia -- in further jeopardy. Bax had no authority to mount a risky extraction operation, some of his U.N. colleagues charge, and the appearance of a U.N.-led convoy -- made up of Western security contractors and armed Burundian soldiers at war with al-Shabab -- might have only reinforced the Somali public's perception of the United Nations as a partisan in the conflict. The appearance of evenhandedness, so necessary for humanitarian work, could be shattered.

The dispute over Bax's actions speaks to a deeper conflict over the U.N.'s global identity today. Is it an impartial humanitarian organization tending to the needs of civilians, regardless of political preferences? Or is it an ally with the world's great powers in the international struggle against militant Islamist extremism?

"The lines can get pretty blurred," said Matthew Bryden, who once headed the U.N. Monitoring Group on Somalia and Eritrea (SEMG), a U.N. Security Council panel that investigates threats to Somalia's democratic transition.

The United Nations, Bryden, explained, is like "a very broad church" whose myriad strains and tendencies can frequently come into conflict in the field. The U.N. humanitarian aid agencies insist that the United Nations must be perceived as "a neutral actor" in order for them to safely carry out their lifesaving work. "The humanitarian agencies don't like to talk to the SEMG or provide it with information because they don't want to be seen collaborating with what they see as an intelligence arm of the United Nations." For people like Bax, whose mandate places him closer to the conflict's front line, "claiming to be neutral when al-Shabab has already decided the U.N. is a target doesn't make sense."

In the wake of the 9/11 attacks, the U.N. Security Council required states to write anti-terrorism laws, and it expanded its black list of suspected Islamist terrorists with links to al Qaeda and the group's affiliates. (Indeed, confronting Islamist extremists is one of a handful of issues that has united the council's five major powers: Britain, China, France, Russia, and the United States.) More recently, the Security Council has thrown its weight behind military missions crafted to thwart the ambitions of Islamist militants across Africa.

In Somalia, the United Nations is on a traditional humanitarian mission: feeding and caring for destitute Somali civilians. But it's also supplying crucial logistical support to the African Union forces who kicked al-Shabab out of Mogadishu -- and it's helping Somalia's new rulers stabilize the country in order to prevent the militants from staging a comeback.

Bax, a lumbering, 6-foot-5-inch former military engineer, has emerged as the embodiment of the hard edge of the United Nations. Bax is operating under a Security Council mandate to train American-backed peacekeepers on how to evade al-Shabab's bombs. That places him squarely on one side of the war there.

But though the U.N. is by no means neutral in Somalia, it is not supposed to be an active combatant. Bax's internal critics say he has crossed that line. His cooperation with American authorities, in particular, has raised eyebrows within the U.N.'s humanitarian's ranks.


Bax's troubles began days after the June 19 attack on the U.N. humanitarian compound. Infuriated by Bax's actions, an anonymous source in Mogadishu filed a complaint to Hervé Ladsous, the U.N. undersecretary-general for peacekeeping operations. The source, who also leaked copies of the complaint to Foreign Policy and Inner City Press, suggested that Bax's heroics had actually endangered U.N. personnel by reinforcing al-Shabab's contention that the U.N. is merely an agent of American aims.

"Our colleagues are dead and this is why?" said the anonymous source's complaint, pointing out that Somali authorities and the U.N.-sanctioned African Union peacekeeping force, not the United Nations, bear responsibility for security in Mogadishu. "Why is this HIS job? Why does he have an armed response squad and a convoy as the head of the mine action service.???… Don't we work for the UN? Aren't we neutral? Are we humanitarians or soldiers? He is completely rogue and not in the chain of command."

In response to the complaint, Bax's employer, the U.N. Office for Project Services, dispatched a fact-finding team last week to Nairobi, Kenya to establish whether there is sufficient evidence to launch a full-fledged investigation into wrongdoing, with the team expected to subsequently travel to Mogadishu. Bax was transferred out of Mogadishu after the complaint -- purportedly for his own safety. The investigators, who have already questioned Bax, are likely to clear him of charges of improperly collaborating with American authorities. As of Aug. 4, the investigators had not yet reached out to several women who were identified in the anonymous complaint as having information about alleged sexual harassment. (Bax declined to be interviewed for this article.)

Whatever the investigation's outcome, the case has turned a spotlight on a man who has left an oversized impression on U.N. life in Mogadishu.


A 17-year veteran of U.N. peacekeeping missions, Bax arrived in Mogadishu nearly four years ago, a time when al-Shabab held sway over much of the capital and the city was deemed even too dangerous for U.N. peacekeepers to operate.

Bax carved out a swath of land at Mogadishu's airport, inside a broader security compound operated by the African Union Mission in Somalia (AMISOM), which had been established two years earlier to defend the country's Western-backed transitional government in its war with al-Shabab.

Bax's unit organized the construction of a network of secure housing units and offices that would accommodate the return of foreign diplomats, U.N. political officers, and relief workers. He organized his own armed convoy, protected by Burundian soldiers, who roamed freely around Mogadishu in a fleet of armored Casspir vehicles. He built a drinking establishment called Little Kruger in a thatched tukul at the heart of the compound. In a city where serving liquor can be a death sentence, Little Kruger -- named in honor of Nols Kruger, a South African diesel mechanic who was killed in a 2011 roadside ambush by al-Shabab -- was one of the rare spots where an expatriate could have a drink of imported Kenyan Tusker beer and relax with friends. It was also one of the city's safest spots.

Bax and his team quickly made common cause with Bancroft Global Development, a private security contractor that provided military training to African Union peacekeepers. Bax's agency hired the American firm to train Somali police and African Union peacekeepers in the handling of explosives. Two Bancroft employees, including an American national, were in Bax's convoy during the June 19 attack. The efforts by Bax's team and Bancroft helped the African peacekeepers improve their fighting skills and their defensive capabilities against al-Shabab.

Bax made other alliances as well.

Following a July 2010 attack by al-Shabab and its allies against Ugandan World Cup viewers, Bax established a relationship with the FBI to provide the Somalis with expertise on maintaining the integrity of the chain of evidence when handling bomb material.

On behalf of Somalia's police, Bax's unit collected fragments of explosives, swabs of blood, and chunks of mobile phones that were possibly used as detonators. The evidence was transferred by a Ugandan military flight to Kampala, the Ugandan capital, where an FBI field agent conducted tests at a local lab or in some cases sent the information back to Washington for further examination.

The arrangement was aimed at helping the Somali police build a case against extremists in the event of future prosecutions.

A senior official at U.N. headquarters insisted that the United Nations does not directly share evidence with the United States or other governments. The Somali government, not the U.N., was responsible for shipping the evidence to Uganda for testing by the FBI, the official claimed. The official also defended Bax's handling of the case, saying his team merely played a supporting role in the transaction. But some U.N. sources said Bax had taken the lead in facilitating the transactions and that in some cases his team had overstepped its authority. These sources, who spoke on the condition of anonymity, said that Bax's team complied with an FBI request for blood samples of suspected foreign extremists who died in suicide bombings. In other words, this U.N. squad became an ally in America's war on terror.


Two years ago, al-Shabab's forces were largely driven from Mogadishu, opening the door to an influx of European diplomats, U.N. political and humanitarian aid officials, and relief agencies. While statistics are hard to come by, the U.N. helped train AMISOM forces in evasion tactics -- for instance, reducing foot patrols in narrow streets and increasing patrols in armored personnel vehicles. (The number of attacks from improvised explosive devices, however, has spiked in more recent months, climbing from 22 in the last three months of 2012 to 34 in the first three months of 2013.)

But Bax's team, composed of former military officials, did not always mix well with the U.N.'s relief workers, who often resented the enormous power Bax wielded over many of their lives.

It was Bax, for instance, who decided whether you slept in a nice room with a private toilet or shower or whether you were required to walk 100 yards in the dark in the middle of the night to find the outhouse. Bax, according to some U.N. officials, played favorites, assigning nicer rooms to friends.

The humanitarians were also weary of being associated with Bax, who traveled around town with his own heavily armed convoy. In fact, Bax once offered the U.N.'s humanitarian agencies a plot of land on the compound at the airport to build their facilities. They declined the offer, saying they needed to be closer to the government and the Somali people. But the humanitarian agencies -- which lack sufficient accommodations -- continued to rely heavily on Bax for housing, travel, and entertainment. The situation bred an atmosphere of resentment, jealousy, and dependency.

Bax's personality -- he has been described as King David, the Lord of Baxland -- has not helped.

One official compared Bax to Clint Eastwood's character in the movie Heartbreak Ridge -- a highly decorated war hero whose hard drinking, rule breaking, and womanizing make him a bad fit for civilian life. A line from the film, according to the official, could apply to Bax: "You should be sealed in a case that reads, 'Break glass only in the event of war.'"

The official added that Bax is the "most action-oriented guy I've ever worked with." But Bax reportedly had personal failings and often behaved inappropriately. Among the accused offenses Bax is now under investigation for: a pattern of allegedly sexually harassing his female colleagues.

"He is very flirtatious, but I just ignored it," said one woman who recalled his advances. "UNMAS has done so much good there, and it would be a shame to see their program, and his career, go down the drain. I think it would be a huge loss for Somalia."

Another woman was less forgiving, saying that Bax frequently made sexually suggestive remarks to women, including her. "He makes constant lewd comments about me when I'm in my running gear," said the woman, a humanitarian worker who frequently stayed in the UNMAS camp. "He made unambiguous sexual advances at most of the women in camp. It's not just that he has a problem with women. I think he has a problem with boundaries of any kind."

A third woman who worked closely with Bax in Mogadishu, however, came to his defense, saying, "Bax is a decent guy." A fourth described him as protective of women in his own staff. "He is far better behaved than a whole raft of people" serving on U.N. missions, one of the women said.

In the end, the U.N. brass in headquarters has rallied behind Bax, saying he was instructed to go to the compound.

"In an extremely difficult and dangerous environment, the UNMAS team contributed to the success of the evacuation of more than 35 staff and allowed important evidence for later inquiry/investigation to be obtained without further casualties from unexploded ordnance," Agnes Marcaillou, director of the U.N. Mine Action Service, said in a statement.

But his position among the rank-and-file humanitarian workers suffered.

Numerous sources said that they resented the fact that Bax had shouted out the name of a particular woman during the rescue operation. That fueled the notion that he had only come to get his own friend out. Later that night, many survivors met at Little Kruger to console one another. Bax, pumped up on adrenaline and sometimes laughing, boisterously regaled his friends with tales of the day's adventure, at one point taking out his smartphone and playing a video he had taken of the siege. Maybe it was a natural act for a man whose job puts him in constant contact with terrorist attacks. But that night, it came across as boorish to some at the bar. "It was pretty bloody insensitive," said one person familiar with the night's events, noting that some survivors were appalled at his glib account of the episode. "If he had not done that I think he would have gotten more credit for his action."

UN Photo/Mark Garten