Lavabit and its popular alternative, Silent Circle, have both shut down their secure email services. Lavabit won't say why, but it sounds like it was prompted by a secret U.S. government order to disclose user information (included among those users was Edward Snowden). Silent Circle says it's killed its service pre-emptively, in case it too receives such an order.
In IT Blogwatch, bloggers worry about unintended consequences -- not least for the American economy.
Your humble blogwatcher curated these bloggy bits for your entertainment.
Jeremy Kirk comes in peace:
Lavabit, which launched in 2004, specialized in providing a high-security email service that employed advanced encryption. ... Snowden used a Lavabit email address to invite people to a press conference...in Moscow on July 12. [He] remains in Russia after being granted asylum for one year.
Lavabit used three encryption schemes to scramble email based around Elliptical Curve Cryptography [which] means that a message is, in theory, cryptographically impossible to read without a password. ... Lavabit only retains a [hash] of a person's password. The hash, even if it was obtained by investigators...would likely not be of use...to decrypt Snowden's email. MORE
Josh Constine brings more worrying news:
Silent Circle [has] shut down its...encrypted email service [telling] customers it has killed off Silent Mail rather than risk their privacy. ... Silent Circle’s co-founder and president is Phil Zimmermann, the inventor of widely-used email encryption program [PGP].
Silent Circle’s other secure services...will continue to operate as they do all the encryption on the client side. [But] with too many opportunities for information and metadata leaks in...email protocols, the company believes there was no way to live up to its promise of total privacy. [It] says it had been considering a more conservative slow shut-down of Silent Mail...but was inspired to shut down by Lavabit.
The move has bolstered critics who are becoming increasingly vocal about how the U.S. government [is] jeopardizing American technology businesses. ... At this point, the nation’s best hope for reform of spying practices might be making a case that it hurts the economy. MORE
Lavabit LLC's Ladar Levison legally doesn't lie:
I wish that I could legally share with you the events that led to my decision. ...the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. [So] I cannot share my experiences over the last six weeks.
We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. ... I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States. MORE
And Silent Circle's Jon Callas seconds that emotion:
Lavabit, shut down their system lest they “be complicit in crimes against the American people.” We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail. ...this is why we are acting now.
It is always better to be safe than sorry, and with your safety we decided that the worst decision is always no decision. ... We apologize for any inconvenience, and hope you understand that if we dithered, it could be more inconvenient. MORE
But David Meyer critically analyses those thoughts:
The closures strongly suggest that secure hosted email services cannot be sited in the U.S. without being compelled to compromise users’ privacy if asked to do so by the authorities there.
...in all likelihood, many governments are in on this surveillance thing together. If I had to pick the country that’s most likely to offer a genuinely privacy-friendly jurisdiction...it would probably be Switzerland. MORE
Meanwhile, your humble blogwatcher sends posthumous apologies to pastor Martin Niemöller:
First they came for the email services, and I said nothing, because I "had nothing to hide." MORE
Update: Brett Legree is here to help:
I don't have anything to hide in my personal email. But that's because I'm smart enough to realize that these folks are playing hardball, and I do not have a lot of confidence that "we the people" are going to win this one.
Everyone has something that they don't want aired on the evening news - so, just don't put it in an email, even encrypted, don't put it in digital or analog written form, and don't verbally share it with anyone you do not trust.
If that sounds paranoid, well, I work for the government and know a few things about security. MORE