Civil Liberties

Encrypted Email Providers Shutter Services To Protect Users from Government Snoops

|

Lavabit
Democracy Now

Last week, two companies, first Lavabit (as noted by Scott Shackford) and then Silent Circle, shut down their encrypted email services abruptly and with no warning. Lavabit's announcement was both cryptic and frightening, with owner Ladar Levison strongly implying that the move came to avoid submitting to government surveillance demands. Silent Circle  CEO Mike Janke then explicitly stated that his firm was closing the company's email service without warning so the U.S. government would have no opportunity to seize data. Both moves are sad, but commendable, and they stand as scathing indictments of U.S. law and officials. They also suggest that at least one industry, and its related talent and technology, are likely to move off-shore.

Levison's statement reads, in part:

I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what's going on–the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.

In an interview with Democracy Now, Levison added:

I think if the American public knew what our government was doing, they wouldn't be allowed to do it anymore, which is why I'm here in D.C. today speaking to you. My hope is that, you know, the media can uncover what's going on, without my assistance, and, you know, sort of pressure both Congress and our efforts through the court system to, in effect, put a cap on what it is the government is entitled to in terms of our private communications….

[T]here's information that I can't even share with my lawyer, let alone with the American public. So if we're talking about secrecy, you know, it's really been taken to the extreme. And I think it's really being used by the current administration to cover up tactics that they may be ashamed of.

Silent Circle openly acted as a follow-on to Lavabit's move, announcing:

Silent Circle has preemptively discontinued Silent Mail service to prevent spying.

We designed our phone, video, and text services (Silent Phone, Text and Eyes) to be completely end-to-end secure with all cryptography done on the clients and our exposure to your data to be nil. The reasons are obvious—the less of your information we have, the better it is for you and for us.

Silent Mail has thus always been something of a quandary for us. Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure.

And yet, many people wanted it. Silent Mail has similar security guarantees to other secure email systems, and with full disclosure, we thought it would be valuable.

However, we have reconsidered this position. We've been thinking about this for some time, whether it was a good idea at all. Yesterday, another secure email provider, Lavabit, shut down their system less they "be complicit in crimes against the American people." We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.

In an interview with USA Today, Silent Circle's Janke explained why the plug was pulled so quickly:

"If we announced it, it would have given authorities time to file a national security letter (demanding information). We decided to destroy it before we were asked to turn (information) over. We had to do scorched earth."

Silent Circle's other products, including encrypted phone calls and text messaging, remain in place because they leave essentially no information for the company to surrender to government officials.

Levison now recommends "against anyone trusting their private data to a company with physical ties to the United States" and is discussing restarting his service outside the country, though probably not with himself at the helm. That's because he fears coming under legal pressure as a U.S. citizen unless he's willing to follow the example of Edward Snowden (who he praises) and leave the country.

Silent Circle plans to reintroduce encrypted email once it can offer a service that's as opaque to scrutiny, revealing no metadata, as its other offerings.

By then, somebody in a a more-privacy friendly jurisdiction will likely be offering encrypted email products that are legally immune to NSA orders, the FISA court and national security letters, though available worldwide over the Internet. That company, and competitors, will attract talent, develop technology, and accumulate wealth in a way that will leave American firms falling behind. That's not because saints hold office elsewhere, but because at least a few countries must see more of a future in competing with Google than with the NSA.

Check out the video interviews below.

Democracy Now interview with Lavabit's Ladar Levison:

ZDNet interview with Silent Circle's Michael Janke: