In August 2013, Ladar Levison, the owner of operator of encrypted email service Lavabit, decided to shut down his service after the U.S. government requested information from him that would put his clients at risk. A year later, Levison is now building out a new technology platform that aims to provide email security and privacy that won’t be violated by anyone.
Levison discussed his Lavabit experiences and his new plan for email in a standing-room-only session Aug. 8 at the Defcon security conference. Levison had originally intended to call the new secure email system Dark Mail, but instead, he is calling it DIME—the Dark Internet Mail Environment.
The goal behind DIME is to achieve message confidentially, author validation and deployment flexibility. The DIME system is comprised of two protocols as a well as a management and configuration system. The Dark Mail protocol provides inter-domain message transfer and secure key lookups. There is also the Dark Mail access protocol, which handles persistent access to messages, synchronization of cache and key information.
DIME will use a format he referred to as Signet, Levison said. “The Signet is a signing and encryption key along with a collection of attributes in the signature,” he said.
There is also a Dark Mail message format, which breaks up the traditional MIME (or Multipurpose Internet Mail Extensions) message format into independent chunks that are encrypted with different cryptographic keys. Magma is the name of the server implementation of DIME, while Volcano is the client. Volcano will have a thick client implementation that is a fork of the open-source Mozilla Thunderbird email project.
The need for DIME has been brought on by recent disclosures from National Security Agency whistleblower Edward Snowden as well as the government actions that forced Levison to close Lavabit, he said.
“As a service provider, I’m beholden to my customers; those are the people I serve and without them the business does not exist,” Levison said. “And here’s this entity that comes along with a bunch of guns and a piece of paper that says you have to betray the people that are funding your business.”
Levison said that the only way to provide privacy is with end-to-end encryption that is easy to use and automatic. He added that providing secure email in a manner that preserves privacy while still being easy to use is a difficult technical challenge.
While the challenge of building DIME is nontrivial, Levison is also confident there is both demand and opportunity for the platform.
“The last time I checked there were about 3 billion email users on the planet,” Levison said. “It’s the reason why I got into the business. I knew there would never be a shortage of potential customers.”
Business potential alone is not the driving factor for Levison; anger over his experience at Lavabit is also pushing him forward.
“I’m not upset that I got railroaded and had to shut down my business,” Levison said. “I’m upset because we need a mil-spec cryptographic mail system for the entire planet, just to be able to talk to friends and family without any fear of government surveillance.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
