2 Encrypted Email Services Shut Down to Avoid NSA Snooping

What's This?

By Lorenzo Franceschi-Bicchierai2013-08-09 17:31:31 UTC

Two encrypted email services shut down on Thursday, citing concerns related to NSA surveillance and government requests for user data.

Private communications startup Silent Circle preemptively shut down its encrypted email service on Thursday evening, an unexpected move that came just a few hours after Lavabit, another encrypted email provider, allegedly used by Edward Snowden, decided to close doors rather than comply with a national security-related investigation.

See also: Is It the Dawn of the Encryption App?

"We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail now," wrote Silent Circle's CTO and cryptographer Jon Callas on the company's blog, after explicitly pointing to Lavabit's earlier decision. "We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now."

Silent Circle, a startup founded by former U.S. Navy Seal Mike Janke, and well-known cryptographer Philip Zimmerman (pictured above), provides encrypted phone calls, text messages and video calls for $10 a month.

In a phone interview with Mashable on Friday, Janke said they had been thinking about this decision for a while, but Lavabit's announcement gave them the final push to not only close down the service, but to also wipe the servers and destroy them, removing "every and all traces of email in the entire architecture," he said.

The main reason behind their decision, however, is that even encrypted email isn't completely safe, he said.

"“Email is fundamentally broke," Janke said, explaining that even perfectly encrypted emails leak metadata — the sender's IP address, the subject of the email, the time it was sent and received. "All those things are really, really sensitive information that governments can use to pinpoint and track you, and know who you're communicating with and where you're at and what time."

Janke said that 50% of Silent Circle's total users, though he declined to give a specific number, used the encrypted email service. Most of them, according to Janke, were supportive of the company's decision. And although Janke admits the action was abrupt and without prior warning, it had to be because many Silent Circle users are government employees around the world or people that might have been targets.

"If we send an email saying, 'in 12 hours we're shutting off email,'" Janke said, "it doesn't take but a half hour for a government agency to send you a National Security Letter."

Despite the current service being effectively destroyed, Janke revealed they're working on a fully encrypted and peer-to-peer email service which could be unveiled in the next few months.

A few hours before Silent Circle's decision, Lavabit had announced it was suspending its service.

"I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations," wrote Lavabit's founder Ladar Levison.

The reasons behind Levison's decision are as yet unclear, though his full statement hints that he is under gag order following an unspecified request from the U.S government. (Levison didn't respond to Mashable's requests for comment.)

CNET reporter Declan McCullagh speculated on his Google Plus page that the reason might have been that the FBI served Lavabit with an order to intercept Snowden's, or other users', passwords.

The two companies' surprising decisions do appear to be ideologically motivated, but they are business decisions as well. Both Lavabit's and Silent Circle's business models are built on the promise of private communications and their advertised inability to comply with surveillance orders. Hence, it makes a lot of sense from a business perspective to fight government snooping. "If we turned evil, then you're still covered," Phil Zimmerman told Mashable in a previous interview, alluding to the value of protecting user data at any cost.

"Lavabit and Silent Circle's extraordinary behavior demonstrate not only their principles, but that they understand the business they're in," wrote computer scientist Matt Blaze on Twitter.

CryptoCat, a browser-based encrypted chat service, also announced it would do the same if necessary.

In an email to The Guardian's Glenn Greenwald, Snowden praised Lavabit's decision, and warned about the dangers of forcing companies to shut down to protect their users.

"America cannot succeed as a country where individuals like Mr. Levison have to relocate their businesses abroad to be successful. Employees and leaders at Google, Facebook, Microsoft, Yahoo, Apple, and the rest of our Internet titans must ask themselves why they aren't fighting for our interests the same way small businesses are."

Will other companies have to do the same thing Silent Circle and Lavabit did? In his statement, Levison finished with a dire warning.

"This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States."

Image: Astrid Riecken For The Washington Post via Getty Images

Topics: encryption, NSA, privacy, surveillance, U.S., US & World