18 Comments

Summary:

Silent Circle, co-founded by email security guru Phil Zimmermann, has pulled out of the secure email business. It was a pre-emptive measure inspired by Lavabit’s self-shuttering, and a worrying sign for the U.S.-hosted secure communications industry.

Silent Mail logo

Silent Circle, the provider of a range of secure communications services, has pre-emptively closed its Silent Mail email service in order to stop U.S. authorities from spying on its customers. That makes it the second U.S.-based secure email provider to shutter operations on Thursday, following the closure of Lavabit.

The closures strongly suggest that secure hosted email services cannot be sited in the U.S. without being compelled to compromise users’ privacy if asked to do so by the authorities there. When Lavabit shut down, founder Ladar Levison said: “Without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”

Pre-emptive measure

Levison appeared to be under some kind of gagging order, but one must assume that his “experiences over the last six weeks” included a visit or communications from U.S. law enforcement agencies. The National Harbor, M.D.-based Silent Circle team said in their blog post that no-one had contacted them in this way, but they could “see the writing on the wall”.

Silent Circle’s remaining services include secure phone, video and text facilities, largely aimed at enterprise mobile users, that can boast full end-to-end encryption. Unless someone has managed to break this encryption — unlikely albeit not impossible — these are genuinely secure services that leave no traces for the FBI or NSA to requisition. The authorities can’t even go after the encryption keys, because these are stored on the users’ devices.

The company’s email service, on the other hand, was more of a mixed bag. Silent Mail came in two modes: with end-to-end encryption, where users were responsible for managing their own keys and certificates (a chore); and as a managed-encryption service, where Silent Circle handled the keys and certificates on the users’ behalf. This effectively meant users had to choose between fully-secure-but-hard-to-use and mostly-secure, and it seems Silent Circle realized mostly-secure wasn’t going to be good enough.

Bearing in mind that one of Silent Circle’s founders was Phil Zimmermann, the guy who created the widely-used Pretty Good Privacy (PGP) email encryption software, it’s worth reading what that blog post had to say on the matter of email security in general:

“Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure. And yet, many people wanted it. Silent Mail has similar security guarantees to other secure email systems, and with full disclosure, we thought it would be valuable.

“However, we have reconsidered this position. We’ve been thinking about this for some time, whether it was a good idea at all. Today, another secure email provider, Lavabit, shut down their system lest they ‘be complicit in crimes against the American people.’ We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail now.”

In short, Silent Circle was worried that the authorities would get their hands on users’ email metadata, informing them who was emailing who and when, along with other tagging information.

No easy answers

So what should people do if they want to use encrypted email? As I explained in a guide to basic online security and privacy on Thursday, setting up your own secure email server and client is workable, but not for the average person. Hosted email is far more convenient, but that means finding a jurisdiction where authorities don’t try to demand access to data or metadata.

There, we have the problem that, in all likelihood, many governments are in on this surveillance thing together. If I had to pick the country that’s most likely to offer a genuinely privacy-friendly jurisdiction for hosted communications right now, it would probably be Switzerland. But even then, the British Tempora scheme allegedly sucks up internet traffic en masse, meaning metadata could be captured from any emails, no matter how secure, as long as the authorities know what they’re looking for.

In the end, with email it’s a matter of risk mitigation rather than inviolable security. And if Silent Circle decided it was best to pull out of the email business altogether, that’s a pretty worrying sign.

PS – It should probably go without saying that Kim Dotcom says he has the answer:

You’re subscribed! If you like, you can update your settings

  1. Another solution is to use a similar service, not hosted in the US.
    Gith (www.gith-systems.com) has been released recently and is fully hosted in France !

    1. There is still the problem of the receiving end, If for example they wanted to tap communication lines and look for certain data such as e-mail headers and save all that data into a searchable database the only thing thats going to help you is to have encryption on the actual message. Even then if your encrypting the message to your host with PGP or something similar the person your e-mail also needs to have encryption to and from their host and have to have a trusted host, lastly the e-mail is always sent between hosts unencrypted.

      This is the entire problem with E-mail it was designed not to be a secure form of communication, but rather an easy one and is inherently not secure in its design, PGP/SMIME is just a bandaid to make it secure from line tapping and does not help when the government or businesses are the ones who want the e-mail or breach your privacy, the only thing you can do is to encrypt the message contents themselves, but you have to set that up ahead of time with your friend but even this does not stop them from seeing who you send the e-mail to and the subject and a few other things.

      1. The Email is encrypted at the device sending it, it remains encrypted during transmission to the email servers, stays encrypted on the server. Stays encrypted on the way to it’s intended recipient. Stays encrypted at the recipients computer until the recipient enters the proper keys. Once the receiving device has acknowledge that it did receive encrypted message it is automatically scrubbed and permanently deleted from the server. The senders and the receivers are responsible for maintaining their own copies and back ups. The senders and receivers are responsible for sharing their public keys with each other through what ever secure need they deem acceptable for the sensitivity of the information they are passing. ie face to face meeting, mail service, phone call, direct connections between to randomly picked computers and exchanging the keys that way. Through onion services, or torrent services. The easiest would be to mail a thumb drive that is encrypted and the data has an expiration date. There are thumb drives out there that are extremely secure have their own power supply and will destroy data if they are tampered with.

  2. One time self-made crypto pads shared only with the communicators; separate randomly scrambled pads, one-time-use for EACH message

  3. I can see many more businesses pulling out of the U.S. over the same NSL and FISA. It will soon start to hurt someones local economy and the local fuss will become a state fuss and the state fuss will become a national fuss.

  4. A great irony here is that Phil Zimmerman created the Pretty Good Privacy (PGP) system in order for human rights workers to communicate safely when they are working within a country and being monitored by an oppressive government. Although it probably leaves some users in a bad situation, shutting down Silent Circle is consistent with putting the security of the user first. This says a lot of good things about Phil’s principles and priorities.

    What now? Dust off your PGP manuals and go back to do-it-yourself encryption I suppose. Or, learn how to use steganography: http://en.wikipedia.org/wiki/Steganography_tools

  5. Removed my stored data from Mozy and Dropbox, reduced the number of saved documents on Google Plus. While I have nothing to hide, but last thing I want is another country’s government playing the big brother and accessing my data!

  6. John R. Harvan Friday, August 9, 2013

    This is not my country anymore. Born here. Served in the military and now kicked in the guts by some sleazy politician who could care less for the US constitution and what it once stood for welcome to NAZI AMERIKA

  7. Whose country it is, is a matter of semantics. That it has been stolen, is clear.

  8. Ralph Haygood Friday, August 9, 2013

    “If I had to pick the country that’s most likely to offer a genuinely privacy-friendly jurisdiction for hosted communications right now, it would probably be Switzerland.”: I suspect I’m far from the only GigaOM reader who would welcome elaboration, and not just with respect to email – some of us run web services too. I’d welcome a series of posts outlining, for Switzerland and several other countries, (1) local policies regarding privacy and surveillance and (2) local attitudes toward requests from foreign governments, such as the United States government, for information held by companies based in the country. (For example, Norway has fairly attractive local policies, but they’ve been pushovers for Uncle Sam; e.g., http://bit.ly/15yD76k, http://bit.ly/15G1RJW, and http://bit.ly/12CqNEp.)

  9. Ralph Haygood Friday, August 9, 2013

    Oh, and as for Kim Dotcom: Tell us where your servers will be, Kim, and we’ll have a pretty good idea how secure your services can be.

    1. Iceland. Don’t you know how to search?

  10. My smart lawyer friend informed me there government has a new law that says if one of these companies (eg. Google, Lavabit etc) is asked by a citizen if the government has asked them for information the correct answer is “no”. A “yes” gets them as having violated this new law.

    I think he’s correct as this fits whenever I read the goings on ….they seem to have been “shut up”.

Comments have been disabled for this post