Encrypted Email Services Shut Down: Should You Be Worried?
The chill that Americans continue to feel from the fallout over revelations related to National Security Agency surveillance of online activities is extending down the spine today as not one, but two encrypted email services are shutting down.
Lavabit, an encrypted email service that allegedly counted NSA leaker Ed Snowden among its userbase, is suspending its U.S.-based operations. Lavabit owner and operator Ladar Levison is being very blunt in his assessment of why he can't continue to operate.
"I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit," Levinson wrote.
Levinson added that he isn't legally allowed to share all of the reasons why he feels this way, even though he has requested the right to do so. I'll assume here that U.S. government agencies (NSA, FBI, etc.) have made some form of request(s) that have forced him to release information on users and their messages, which would be contrary to the whole purpose of why Lavabit exists.
Levinson also has a very stern warning for everyone else who is currently attempting to store private data in the U.S.
"This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States," he wrote.
That's harsh. But it's a message that others apparently are listening to.
Global encrypted communications service Silent Circle is also shutting down—for the same reason as Lavabit.
"We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail now," Silent Circle's co-founder and CTO Jon Callas wrote. "We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now."
OK, so to recap, we've got two encrypted email providers shutting down due to the fact that it has now become very difficult (if not impossible) for them to guarantee the privacy of their customers. Yes, it's a worrisome situation, but it shouldn't be all that surprising—or should it?
Think about your phone for a minute. If the authorities (let's say the FBI) want to tap your phone, they get a warrant and are then legally allowed to do lawful intercept. That's not something that NSA PRISM invented—it has been around a long time. These new government requests can be seen in the same sort of light—that is, if they are all backed by proper judicial orders, overseen by a court of law on a case-by-case basis.
However, if in fact the various demands from U.S. agencies to Lavabit (and others) are not backed by the law, then, yeah, we should all be very worried. I was 10 feet away from NSA Director General Keith Alexander last week at the Black Hat USA conference, and I could feel the conviction in his voice when he explained that his job was about defending the United States.
Terrorists should not be able to hide behind encrypted email systems. Perhaps even more importantly, Americans (and hey, let's face it, all freedom-loving people) also have a right to privacy.
Can we have privacy in a world where encrypted email services feel the need to shut down rather than be "... complicit in crimes against the American people ..."? I don't know, but it's a debate that needs to happen in the U.S. and elsewhere. For now, I suspect that American online services will be the big losers as privacy-loving people will flock to perceived safe havens outside of U.S. jurisdiction.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.