The business of protecting consumers from prying, government eyes has suddenly become a pre-emptive one for Silent Circle. The communications encryptions firm said Friday that it was shutting down its e-mail service to prevent spying, a day after competitor Lavabit shut down its core email service. Lavabit’s founder had suggested in a letter to customers that he had been the subject of a U.S. government investigation and gag order.
Silent Circle, which has seen a 400% revenue jump in recent months as a result of the Snowden furore and concerns over government surveillance, does not rely solely on e-mail hosting as Lavabit does. It also encrypts phone calls, text messages and video conferencing with a suite of iOS and Android apps.
Co-founder and CTO Jon Callas said in a blog post Friday that Silent Circle’s e-mail service had “always been something of a quandary for us.” This, in spite of the fact that one of Silent Circle’s other co-founder is Phil Zimmermann, inventor of the popular e-mail encryption software PGP.
Electronic mail uses standard internet protocols that cannot have the same security guarantees that real-time communication has, Callas said. “Email as we know it with SMTP, POP3, and IMAP cannot be secure.”
Since many of its customers wanted an email service, Silent Circle offered it anyway with full disclosure of the risks. “However, we have reconsidered this position,” Callas said.
“We’ve been thinking about this for some time, whether it was a good idea at all. Yesterday, another secure email provider, Lavabit, shut down their system lest they ‘be complicit in crimes against the American people.’ We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail.”
Last month it came to light that NSA whistleblower Edward Snowden had probably used the Lavabit email service after an observer at his recent Moscow airport briefing posted the email address firstname.lastname@example.org on Facebook. Lavabit’s founder, Ladar Levinson, said Thursday that he would suspend operations at his his e-mail hosting company rather than “become complicit in crimes against the American people.” He added that he was legally prevented from talking about the events that had led to his decision.
Callas said Silent Circle had not received subpoenas, warrants or anything other similar request from any government. The company had been debating what to do about its email service for weeks, and up until Friday was ready to phase the service out so that it would continue for existing customers. “It is always better to be safe than sorry,” Callas said.
Kashmir Hill, Forbes Staff
Welcome to The Not-So Private Parts where technology & privacy collide
TECH | 8/08/2013 @ 3:45PM |41,668 views
Email Company Used By Edward Snowden Shuts Down Rather Than Hand Data Over To Feds
When Edward Snowden emailed journalists and activists in July to invite them to a briefing at the Moscow airport during his long stay there, he used the email account “email@example.com” according to one of the invitees. Texas-based Lavabit came into being in 2004 as an alternative to Google’s Gmail, as an email provider that wouldn’t scan users’ email for keywords. Being identified as the provider of choice for the country’s most famous NSA whistleblower led to a flurry of attention for Lavabit and its encrypted email services, from journalists, and also, apparently, from government investigators. Lavabit founder Ladar Levison announced Thursday that he’s shutting down the company rather than cooperating with a government investigation (presumably into Snowden).
Lavabit’s website now displays a message about the shutdown, available in full below, along with a request for help paying the legal bill to fight the government in court.
“I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit,” writes Levison. “After significant soul searching, I have decided to suspend operations.”
Apple, Skype, Verizon, Other Firms Flunk Privacy Report Card
Andy Greenberg – Forbes Staff
Kashmir Hill – Forbes Staff
It’s unclear whether the government has already seized the company’s servers. Levison says that he’s under a gag order and thus can’t discuss the government investigation that he’s been fighting over the last six weeks. Gag orders like that often come with information requests in national security investigations. Nick Merrill of the Calyx Institute famously spent six years fighting off one of those requests — though the fame only came after the six years were up when he reached a settlement with the government releasing him partially from the gag.
It’s amazing how much the climate in the U.S. has changed that someone like Levison actually feels empowered to write a letter like this one. Merrill feared being sent to prison if he spoke out publicly about what he felt was an unconstitutional request for a customer’s data.
“I can relate to the difficult choice Mr. Levison is being forced to make, as I made a similar choice in 2004 after I received a National Security Letter demanding information on a client of my ISP, and then spent the better part of a decade challenging the constitutionality of warrantless surveillance in federal court,” says Nick Merrill by email. “It would be one thing if dragnet surveillance was in compliance with the 4th amendment and bedrock American values, and it would be another thing if it was proven to keep us safer. But unfortunately, neither of those is true.”
Update (8/9/13): Another encryption-providing company Silent Circle announced late Thursday that it is preemptively shutting down its email service, saying they “see the writing the wall.”
Presumably, the government is seeking access to Edward Snowden’s email, email metadata, passwords or encryption keys. And presumably, Levison doesn’t want to grant that access.
“I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States,” writes Levison, based on his experience. This message seems to be a loud and clear one. Washington, D.C.-based think tank Information Technology and Innovation Foundation predicts that U.S. cloud companies will lose from $21.5 to $35 billion over the next three years. They admit that it is a “rough guess” based on surveys about the chilling effects of the NSA leaks on U.S.-based cloud businesses.
Update (8/9/13): Edward Snowden drew attention to other American companies in the Guardian, telling Glenn Greenwald that they should take a page from the Lavabit book to protect their users: “Employees and leaders at Google, Facebook, Microsoft, Yahoo, Apple, and the rest of our internet titans must ask themselves why they aren’t fighting for our interests the same way small businesses are. The defense they have offered to this point is that they were compelled by laws they do not agree with, but one day of downtime for the coalition of their services could achieve what a hundred Lavabits could not.”
Meanwhile, Lavabit’s users are not so pleased with the shutdown. Judging from complaints on the Lavabit Facebook wall — e.g., “Shutting down service with no warning and no chance to migrate is complete BULLSH**.” — they care more about service than principles.
Here’s Levison’s full letter:
My Fellow Users,I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on–the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.Sincerely,Ladar Levison
Owner and Operator, Lavabit LLC
Feds Threaten To Arrest Lavabit Founder For Shutting Down His Service
from the either-you-help-us-spy-on-people-or-you’re-a-criminal dept
… a source familiar with the matter told NBC News that James Trump, a senior litigation counsel in the U.S. attorney’s office in Alexandria, Va., sent an email to Levison’s lawyer last Thursday – the day Lavabit was shuttered — stating that Levison may have “violated the court order,” a statement that was interpreted as a possible threat to charge Levison with contempt of court.
That same article suggests that the decision to shut down Lavabit was over something much bigger than just looking at one individual’s information — since it appears that Lavabit has cooperated in the past on such cases. Instead, the suggestion now is that the government was seeking a tap on all accounts:
Levison stressed that he has complied with “upwards of two dozen court orders” for information in the past that were targeted at “specific users” and that “I never had a problem with that.” But without disclosing details, he suggested that the order he received more recently was markedly different, requiring him to cooperate in broadly based surveillance that would scoop up information about all the users of his service. He likened the demands to a requirement to install a tap on his telephone.
It sounds like the feds were asking for a full on backdoor on the system, not unlike some previous reports of ISPs who have received surprise visits from the NSA.
Public Concern Over NSA Spying Increasing Rapidly As Congress Discovers Their Constituents Care About This Issue
from the wake-up-congress dept
A July Washington Post-ABC News poll — before the latest disclosures reported by The Post — found fully 70 percent of Democrats and 77 percent of Republicans said the NSA’s phone and Internet surveillance program intrudes on some Americans’ privacy rights. What’s more, Democrats and Republicans who did see intrusions were about equally likely to say they were “not justified:” 51 and 52 percent respectively. Nearly six in 10 political independents who saw intrusions said they are unjustified.
And, while some politicians seemed to believe that it was only the most extreme folks who were interested in this — or, as Michael Hayden claimed “twentysomethings who haven’t talked to the opposite sex in five or six years” — it seems that Representatives from Congress, who are back in their home districts, are discovering that, why yes, massive NSA surveillance does seem to be a major issue their constituents care about. A variety of Representatives have been surprised at various townhalls to discover that many people wanted to discuss the surveillance and what (if anything) their elected officials were going to do about it all.