Two encrypted email services have shut down because they feel threatened about having to turn over customer information to the government.
Lavabit and Silent Circle both offered encrypted email services, but both have decided to discontinue them so they aren’t put in the position of having to turn over what customers thought would be kept private.
A note from Lavabit owner Ladar Levison says he has suspended operations of the business, but because he is muzzled by federal laws, he cannot fully explain why.
Lavabit was the encrypted email service NSA leaker Edward Snowden used to communicate with journalists.
“I wish that I could legally share with you the events that led to my decision,” Levison writes. “I cannot. I feel you deserve to know what’s going on – the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise.”
National Security Letters can be written by US investigatory agencies compelling recipients to turn over information the agencies want and preventing them from discussing even that they had received such letters.
The bottom line for customers, Levison says, is this: “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
The company is challenging in federal court whatever demands it is facing, and considers the fight a defence of the US Constitution. It is seeking donations to help the fight. “Defending the constitution is expensive! Help us by donating to the Lavabit Legal Defence Fund here.”
In the wake of Lavabit’s shuttering of its doors, Silent Circle has also halted its encrypted email service, Silent Mail, although the company’s other services remain active.
The written explanation on Silent Circle’s Web site notes that Lavabit shut down in order to avoid being “complicit in crimes against the American people.”
“We see the writing on the wall,” the Silent Circle message says, “and we have decided that it is best for us to shut down Silent Mail. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.”
Keeping the service active would mean Silent Circle would possess customer data, and even though it was encrypted, it would not be secure, the statement says. The company decided it was better for customers’ privacy if it stopped accepting the data, and so cut the service.
“We’d considered phasing the service out, continuing service for existing customers, and a variety of other things up until today,” the message says. “It is always better to be safe than sorry, and with your safety we decided that in this case the worst decision is no decision.”
Silent Circle’s other businesses – Silent Phone, Silent Text and Silent Eyes – feature communications that are secure end-to-end and that don’t entail Silent Circle retaining content of any customer communication. “We don’t have the encrypted data and we don’t collect metadata about your conversations,” the company says. If it doesn’t have it, it can’t be compelled to turn it over.
The headline on the statement reads “Silent Circle has preemptively discontinued Silent Mail service to prevent spying”, indicating it considers the seizure of private customer data to be spying.
Silent Circle says it had qualms about setting up Silent Mail in the first place because the protocols involved in Internet email are inherently insecure.
“There are far too many leaks of information and metadata intrinsically in the email protocols themselves,” the statement says. But customers wanted such a service, so Silent Circle provided it along with disclosures about its possible weaknesses. “Silent Mail was a good idea at the time, and that time has passed.”