It has been tough week for those who love secure email clients and platforms. First, Lavabit, an asymmetric encrypted email service abruptly shut down on Thursday and was soon followed by Silent Circle, which preemptively shuttered its own client, Silent Mail. The presence (or potential presence) of government involvement, lawsuits, gag orders and the possibility of turning over information were all contributing factors to the shutdowns. That prompted us to wonder — is there anyone left who can pick up the slack left by the exit of these two players?
While there are many ways to secure email away from prying eyes, including browser extensions, one-off encryption websites and even building your own server, there are only a handful of standalone email services that offer encrypting features for private messaging.
The Canada-based private email service offers both business and personal email accounts, including an extra HIPAA-compliant client for hospitals. Mail sent between Hushmail users is automatically encrypted and decrypted, while outgoing messages sent to users on other platforms like Gmail can be opened via a secure passphrase. While the U.S. cannot directly request data from Hushmail, the company states in its FAQ that it is obligated to comply with Canadian law.
Run by the Swiss KolabSystems, MyKolab is a secure mail service that can also be downloaded for native desktop use. In addition to calendar features and a handy sync with mobile, MyKolab offers users the benefits of Swiss privacy policies on data storage and conforms to unique domain names to boot. However, it’s important to note that while the service can facilitate secure messages, it doesn’t actually provide encryption. In order to do so, there’s some extra finagling with a native email client like Kontact.
An anonymous collective devoted to privacy and social change, RiseUP offers a bare-bones mail service that encrypts all traffic on the site. The collective won’t store any sensitive data, including IP address, and utilizes StartTLS symmetrical encryption. For best use, the collective recommends pairing RiseUp with another client, like the open source Thunderbird. RiseUp is based in the U.S., so it remains at-risk for government shutdowns.
This longstanding email service may look a bit archaic, but still offers plenty of encryption for messaging needs. S-Mail utilizes encryption and SSL to send secure mail to other S-Mail addresses, keeping message and meta-data safe. But, it lacks end-to-end encryption in emails sent to addresses outside of the S-Mail system, so there’s a chance that emails can be intercepted on the recipient’s end. Also, while the website doesn’t list any specific contact information or address, a WHO.IS lookup indicates that the site is registered to an address in Scottsdale, Arizona. It’s highly likely that it is an American service, and so it remains at risk.
This is a short list, but one that may expand or contract within the coming weeks. As it stands, per the PATRIOT Act, the government can only request the data of U.S.-based companies. Whether more companies capitulate, or even rise up in defiance, to the government’s orders, the landscape of encrypted mail is turbulent at best and endangered at worst.