Friday, August 9, 2013

Internet Providers shut down email services
because of privacy concerns

A screenshot of the Silent Circle
 mobile app; image via Silent Circle
What's interesting about these companies is they store and process data on a backend server which opens them up to these national security letters about the data stored on the servers... standard Internet TCP/IP SMTP/IMAP/POP email services in REQUIRE a back end centralized server. 

Project XIII doesn't use a back end server for any storage of data other than to send a notification that a customer has data waiting for another customer.  Nothing is stored permanently on a central server.  -AK

Encryption App Silent Circle Shuts Down E-Mail Service 'To Prevent Spying'
Parmy Olson
Forbes Staff

The business of protecting consumers from prying, government eyes has suddenly become a pre-emptive one for Silent Circle. The communications encryptions firm said Friday that it was shutting down its e-mail service to prevent spying, a day after competitor Lavabit shut down its core email service. Lavabit’s founder had suggested in a letter to customers that he had been the subject of a U.S. government investigation and gag order.

Silent Circle, which has seen a 400% revenue jump in recent months as a result of the Snowden furore and concerns over government surveillance, does not rely solely on e-mail hosting as Lavabit does. It also encrypts phone calls, text messages and video conferencing with a suite of iOS and Android apps.

Co-founder and CTO Jon Callas said in a blog post Friday that Silent Circle’s e-mail service had “always been something of a quandary for us.” This, in spite of the fact that one of Silent Circle’s other co-founder is Phil Zimmermann, inventor of the popular e-mail encryption software PGP.

Electronic mail uses standard internet protocols that cannot have the same security guarantees that real-time communication has, Callas said. “Email as we know it with SMTP, POP3, and IMAP cannot be secure.”

Since many of its customers wanted an email service, Silent Circle offered it anyway with full disclosure of the risks. “However, we have reconsidered this position,” Callas said.

“We’ve been thinking about this for some time, whether it was a good idea at all. Yesterday, another secure email provider, Lavabit, shut down their system lest they ‘be complicit in crimes against the American people.’ We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail.”

Last month it came to light that NSA whistleblower Edward Snowden had probably used the Lavabit email service after an observer at his recent Moscow airport briefing posted the email address on Facebook. Lavabit’s founder, Ladar Levinson, said Thursday that he would suspend operations at his his e-mail hosting company rather than “become complicit in crimes against the American people.” He added that he was legally prevented from talking about the events that had led to his decision.

Callas said Silent Circle had not received subpoenas, warrants or anything other similar request from any government. The company had been debating what to do about its email service for weeks, and up until Friday was ready to phase the service out so that it would continue for existing customers. “It is always better to be safe than sorry,” Callas said.

Kashmir Hill, Forbes Staff
Welcome to The Not-So Private Parts where technology & privacy collide
Follow (1,432)
TECH | 8/08/2013 @ 3:45PM |41,668 views

Email Company Used By Edward Snowden Shuts Down Rather Than Hand Data Over To Feds

 When Edward Snowden emailed journalists and activists in July to invite them to a briefing at the Moscow airport during his long stay there, he used the email account “” according to one of the invitees. Texas-based Lavabit came into being in 2004 as an alternative to Google’s Gmail, as an email provider that wouldn’t scan users’ email for keywords. Being identified as the provider of choice for the country’s most famous NSA whistleblower led to a flurry of attention for Lavabit and its encrypted email services, from journalists, and also, apparently, from government investigators. Lavabit founder Ladar Levison announced Thursday that he’s shutting down the company rather than cooperating with a government investigation (presumably into Snowden).

Lavabit’s website now displays a message about the shutdown, available in full below, along with a request for help paying the legal bill to fight the government in court.

“I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit,” writes Levison. “After significant soul searching, I have decided to suspend operations.”

Kashmir Hill - Forbes Staff

Andy Greenberg - Forbes Staff

Kashmir Hill - Forbes Staff

It’s unclear whether the government has already seized the company’s servers. Levison says that he’s under a gag order and thus can’t discuss the government investigation that he’s been fighting over the last six weeks. Gag orders like that often come with information requests in national security investigations. Nick Merrill of the Calyx Institute famously spent six years fighting off one of those requests — though the fame only came after the six years were up when he reached a settlement with the government releasing him partially from the gag.

It’s amazing how much the climate in the U.S. has changed that someone like Levison actually feels empowered to write a letter like this one. Merrill feared being sent to prison if he spoke out publicly about what he felt was an unconstitutional request for a customer’s data.

“I can relate to the difficult choice Mr. Levison is being forced to make, as I made a similar choice in 2004 after I received a National Security Letter demanding information on a client of my ISP, and then spent the better part of a decade challenging the constitutionality of warrantless surveillance in federal court,” says Nick Merrill by email. “It would be one thing if dragnet surveillance was in compliance with the 4th amendment and bedrock American values, and it would be another thing if it was proven to keep us safer. But unfortunately, neither of those is true.”

Update (8/9/13): Another encryption-providing company Silent Circle announced late Thursday that it is preemptively shutting down its email service, saying they “see the writing the wall.”

Presumably, the government is seeking access to Edward Snowden’s email, email metadata, passwords or encryption keys. And presumably, Levison doesn’t want to grant that access.

“I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States,” writes Levison, based on his experience. This message seems to be a loud and clear one. Washington, D.C.-based think tank Information Technology and Innovation Foundation predicts that U.S. cloud companies will lose from $21.5 to $35 billion over the next three years. They admit that it is a “rough guess” based on surveys about the chilling effects of the NSA leaks on U.S.-based cloud businesses.

Update (8/9/13): Edward Snowden drew attention to other American companies in the Guardian, telling Glenn Greenwald that they should take a page from the Lavabit book to protect their users: “Employees and leaders at Google, Facebook, Microsoft, Yahoo, Apple, and the rest of our internet titans must ask themselves why they aren’t fighting for our interests the same way small businesses are. The defense they have offered to this point is that they were compelled by laws they do not agree with, but one day of downtime for the coalition of their services could achieve what a hundred Lavabits could not.”

Meanwhile, Lavabit’s users are not so pleased with the shutdown. Judging from complaints on the Lavabit Facebook wall — e.g., “Shutting down service with no warning and no chance to migrate is complete BULLSH**.” — they care more about service than principles.

Here’s Levison’s full letter:

My Fellow Users,

 I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on–the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.

What’s going to happen now? We've already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.


Ladar Levison
Owner and Operator, Lavabit LLC

Defending the constitution is expensive! Help us by donating to the Lavabit Legal Defense Fund here.

This blog is supported by ads and donations. If you enjoy this blog please consider supporting it with a contribution via PayPal.