I think the attack vector (getting ssl/tls keys) the government was going after was a surprise. I had thought they would have requested access to the servers.
Either they had captured packets from Lavabit that they wanted to decrypt, or they wanted to be able to decrypt all traffic to/from Lavabit.
With how much traffic the NSA was collecting and archiving during that time, it is very likely that they had captured traffic that they thought might contain messages to/from Snowden.
