How does the NSA get the private crypto keys that allow it to bulk eavesdrop on some email providers and social networking sites? It’s one of the mysteries yet unanswered by the Edward Snowden leaks. But we know that so-called SSL keys are prized by the NSA – understandably, since one tiny 256 byte key can expose millions of people to intelligence collection. And we know that the agency has a specialized group that collects such keys by hook or by crook. That’s about it.

Which is why the appellate court challenge pitting encrypted email provider Lavabit against the Justice Department is so important: It’s the only publicly documented case where a district judge has ordered an internet company to hand over its SSL key to the U.S. government — in this case, the FBI.

If the practice — which may well have happened in secret before — is given the imprimatur of the U.S. 4th Circuit Court of Appeals, it opens a new avenue for U.S. spies to expand their surveillance against users of U.S. internet services like Gmail and Dropbox. Since the FBI is known to work hand in hand with intelligence agencies, it potentially turns the judiciary into an arm of the NSA’s Key Recovery Service. Call it COURTINT.

Oral arguments in the Lavabit appeal were heard by a three-judge panel in Richmond, Virginia last week. The audio (.mp3) is available online (and PC World covered it from the courtroom). It’s clear that the judges weren’t much interested in the full implications of Lavabit’s crypto key breach, which one of the judges termed “a red herring.”

“My fear is that they won’t address the substantive argument about whether the government can get these keys,” Lavabit founder Ladar Levison told WIRED after the hearing.

The case began in June, when Texas-based Lavabit was served with a “pen register” order requiring it to give the government a live feed of the email activity on a particular account. The feed would include metadata like the “from” and “to” lines on every message, and the IP addresses used to access the mailbox.

Because pen register orders provide only metadata, they can be obtained without probable cause that the target has committed a crime. But in this case the court filings suggest strongly that the target was indicted NSA-leaker Edward Snowden, Lavabit’s most famous user.

Levison resisted the order on the grounds that he couldn’t comply without reprogramming the elaborate encryption system he’d built to protect his users’ privacy. He eventually relented and offered to gather up the email metadata and transmit it to the government after 60 days. Later he offered to engineer a faster solution. But by then, weeks had passed, and the FBI was determined to get what it wanted directly and in real time.

So in July it served Levison with a search warrant striking at the Achilles heel of his system: the private SSL key that would allow the FBI to decrypt traffic to and from the site, and collect Snowden’s metadata directly. The government promised it wouldn’t use the key to spy on Lavabit’s other 400,000 users, which the key would technically enable them to do.

The FBI attached a Carnivore-like monitoring system at Lavabit’s upstream provider in anticipation of getting the key, but Levison continued to resist, and even flew from Texas to Virginia to unsuccessfully challenge the order before U.S. District Judge Claude Hilton.

Levison turned over the keys as a nearly illegible computer printout in 4-point type. In early August, Hilton – who once served on the top-secret FISA court – ordered Levison again to provide them in the industry-standard electronic format, and began fining him $5,000 a day for noncompliance. After two days, Levison complied, but then immediately shuttered Lavabit altogether. Levison is appealing the contempt order.

The SSL key is a small file of inestimable importance for the integrity of a website and the privacy of its users. In the wrong hands, it would allow malefactors to impersonate a website, or, more relevantly in this case, permit snoops to eavesdrop on traffic to and from the site. Levison says he was concerned that once the government had his SSL key, it would obtain more secret warrants to spy on his users, and he would have no opportunity to review or potentially challenge those warrants.

“The problem I had is that the government’s interpretation of what’s legal and what isn’t is currently at its apex, in terms of authority and scope,” Levison says. “My concern is that they could get a warrant – maybe a classified warrant – that I wouldn’t even have knowledge of, much less the opportunity to object to … My responsibility was to ensure that everybody else’s privacy was protected.”

That was Levison’s thinking even before Snowden’s revelations showed us how pervasive and ambitious the NSA’s internet monitoring has become.

The judges in last week’s 4th Circuit hearing, though, weren’t interested in hearing about encryption keys. At one point, Judge Paul Niemeyer apologetically interrupted Levison’s attorney as soon as raised the subject, and made it clear that he accepted the government’s position that the FBI was only going to use the key to spy on the user targeted by the pen register order.

“The encryption key comes in only after your client is refusing to give them the unencrypted data,” Niemeyer said. “They don’t want the key as an object. They want this data with respect to a target that they’re investigating. And it seems to me that that’s all this case is about and its been blown out of proportion by all these contentions that the government is seeking keys to access others people’s data and so forth.”

“There was never an order to provide keys until later on, when [Levison] resisted,” Niemeyer added later in the hearing. “Even then, the government was authorized to use the key only with respect to a particular target.”

On that last point, Judge Niemeyer is mistaken. Neither the July 16 search warrant nor the August 5 order imposing sanctions placed any restrictions on what the government could do with the key. Without such a protective order, there are no barriers to the FBI handing the key over to the NSA, says a former senior Justice Department attorney, speaking to WIRED on condition of anonymity.

“You sometimes see limitations, or what’s referred to as minimization procedures: The government can only use this for the following purpose. There’s nothing like that here,” says the former official. “I’d say this is a very broad order. Nothing in it would prevent the government from sharing that key with intelligence services.”

The FBI’s relationship with the NSA is close – the FBI receives 1,000 tips a year from the NSA’s bulk telephone metadata collection; the bureau’s Data Intercept Technology Unit in Quantico, Virginia channels PRISM data to NSA headquarters in Ft. Meade from Silicon Valley. Presumably the two agencies are even closer on the matter that brought the FBI to Lavabit.

By shutting down Lavabit, Levison obviously thwarted prospective surveillance efforts. But we know – again, thanks to Snowden – that the agency sometimes collects encrypted data that it can’t crack, in the hope of getting the key later.

“We know from the minimization rules that are out that if they collect encrypted information they’re allowed to keep it indefinitely,” says Jennifer Granick, Director of Civil Liberties at the Stanford Center for Internet and Society. “That’s exactly why the Lavabit case is so important.”

If NSA did collect Lavabit traffic, users who checked their email using Safari or Internet Explorer are theoretically compromised now. That’s because Lavabit failed to preference the full suite of encryption algorithms that provide “perfect forward secrecy,” which generates a temporary key for every session, making both passive eavesdropping and retrospective cryptanalysis unlikely. Firefox and Chrome users should not be similarly vulnerable.

If it wasn’t collecting Lavabit traffic already, it’s safe to assume the NSA began doing so when Snowden revealed himself as the NSA leaker in early June.

The NSA could not legally target U.S. citizens or legal residents without first getting a specific warrant from the Foreign Intelligence Surveillance Court. But non-U.S. Lavabit users would be fair game.

Levison flew back to Texas on Friday to await the 4th Circuit’s ruling and continue work on his new initiative: a surveillance-resistant email infrastructure called Dark Mail. He notes that one possible – even likely – outcome of the case is that the appeals court rules against him on a technicality. Some of his lawyer’s arguments weren’t clearly raised below in front of Judge Hilton. The court could find that those arguments are forfeit now, and leave the substantive issues undecided.

Pragmatically, that could be the best outcome, given the panel’s hostility to the encryption question and its faith in the government’s honesty. But Levison would prefer to lose on the substantive issue and continue the fight all the way to the Supreme Court. If the 4th Circuit doesn’t decide one way or the other, other U.S. internet companies won’t know where they stand when the government comes for their keys. The cloud of distrust that’s gathered over U.S. companies in the contrail of the NSA revelations will grow even darker.

“It’ll leave this issue completely in limbo, with no end in sight,” Levison says. “So how is the industry going to handle that? They’ll have to wait years for somebody else to come along who’s willing to stand up and say, ‘no,’ and take the government back to court.”