Secure mail providers close up shop to prevent govt spying
Posted on 09 August 2013.
Texas-based secure webmail service Lavabit has unexpectedly closed up shop on Thursday, and the explanation given by owner and operator Ladar Levison is the following:


I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know whatís going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.

Whatís going to happen now? Weíve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.

His inability to share information about the circumstances that lead to this decision has people speculating that the company has been on the receiving end of a National Security Letter or a search / electronic wiretapping warrant accompanied with a gag order.

Its 350,000 users have been left unable to access their accounts or migrate them to others, and some have taken to Twitter and Facebook to complain about it, but most are congratulating Levison on the decision.

Among its users is also NSA whistleblower Edward Snowden, who used his Lavabit email address to send out press and meeting invitations while in Russia.

In the meantime, Washington-based Silent Circle has also preemptively shut down Silent Mail, its encrypted email offering.

In a blog post addressed to its customers, the company has explained that they "have not received subpoenas, warrants, security letters, or anything else by any government", but that Lavabit's shutdown made them realize that such requests are inevitably coming.

They pointed out that while their phone, video, and text services (Silent Phone and Silent Text) are completely end-to-end secure because the cryptography is done by the client software and nothing of the exchanged content and no metadata is stored by or accessible to the company, the same cannot be said for Silent Mail.

"Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure," they wrote, and said that while they initially considered phasing the service out bit by bit, Lavabit's notice made them realize that the sooner it was done, the better.

While many security experts are applauding both Lavabit's and Silent Circle's decision, I can't help but notice that for the US government this is still a win. If this continues, companies that comply with government surveillance requests will be the only ones left.

"Itís rare to see an email provider choose to go out of business rather than compromise its values. It must have been a hard decision for Ladar Levison, but he remained true to his promise to put privacy before profits. It was also hard on the users, some of whom lost access to email not available elsewhere," commented EFF's Kurt Opsahl.

"Lavabitís post indicates that there was a gag order, and that there is an ongoing appeal before the Fourth Circuit. We call on the government and the courts to unseal enough of the docket to allow, at a minimum, the public to know the legal authority asserted, both for the gag and the substance, and give Lavabit the breathing room to participate in the vibrant and critical public debates on the extent of email privacy in an age of warrantless bulk surveillance by the NSA."

Bit by bit, the revelations about the governments surveillance efforts and their actions following the disclosures are taking a toll on the US economy.

US President Barack Obama has called in the executives of a number of the biggest tech and telecom companies and civil liberties leaders to apparently discuss how to marry liberty and security, but I'm sure they will touch upon the question of loss of trust and revenue for the companies as well.

In the meantime, individuals valuing their privacy are advised to check out Prism-break.org and look into using one of the alternative secure services listed by the site.









Spotlight

Hackers indicted for stealing Apache helicopter training software

Posted on 1 October 2014.  |  Members of a computer hacking ring have been charged with breaking into computer networks of prominent technology companies and the US Army and stealing more than $100 million in intellectual property and other proprietary data.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //