Article brought to you by: Catholic Online (www.catholic.org)

Lavabit, Secret Circle suspend email operations over concerns over user privacy

By Catholic Online (NEWS CONSORTIUM)
August 19th, 2013
Catholic Online (www.catholic.org)

Fearing that their users' privacy would be compromised - two super-secret email services, Lavabit and Secret Circle have shut down their operations, taking their customers' email conversations with them. Both providers say they fear interference from the National Security Administration.

LOS ANGELES, CA (Catholic Online) - Mike Janke, CEO of Silent Circle, was adamant that the gesture was a necessary one. "There are far too many leaks of information and metadata intrinsically in the e-mail protocols themselves." Janke noted that Silent Circles' customers included people in companies and government agencies with secrets to protect.

"It doesn't matter what you try to do with e-mail, there are these inherent weaknesses. So we got rid of Silent Mail [the company's e-mail service]. We deleted all of it, burned it, and threw it in the ocean with locks and chains on it. People lost all their e-mail, but the response went from 'Why would you do this?' to 'Thanks for doing this.'" 

Lavabit founder Ladar Levison also added to the growing chorus of privacy concerns. "Without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States," Levison said.

In the meantime, Silent Circle's remaining services include secure phone, video and text facilities, largely aimed at enterprise mobile users, which has full end-to-end encryption. Unless someone has managed to break this - while not impossible, these are genuinely secure services that leave no traces for the FBI or NSA to requisition. The authorities can't even go after the encryption keys, because these are stored on the users' devices.

Silent Circle remains in business, because fewer than five percent of its customers were using the now-deleted mail service.

Others point to the fact that there cannot be truly private email. Silent Circle founder Phil Zimmermann, the guy who created the widely-used Pretty Good Privacy (PGP) wrote in a BlogSpot: "Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves.

"Email as we know it with SMTP, POP3, and IMAP cannot be secure. And yet, many people wanted it . Today, another secure email provider, Lavabit, shut down their system lest they 'be complicit in crimes against the American people.' We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail now."

Silent Circle was concerned that the authorities would get their hands on users' email metadata, informing them who was emailing who and when, along with other tagging information.

Essentially, setting up an individual secure email server and client is doable -- but not for the average person. Hosted email is far more convenient, but that means finding a jurisdiction where authorities don't try to demand access to data or metadata.

Analysts point out that he closure of two "ultra-private" e-mail services shows just how weak the system really is.

Article brought to you by: Catholic Online (www.catholic.org)