Encrypted
email service used by Snowden mysteriously shuts down
The
highly encrypted email service reportedly used by NSA leaker Edward
Snowden has gone offline - and its administrator claims the company
is legally barred from explaining why.
RT,
8
August, 2013
On
Thursday, the homepage of Lavabit.com was changed to a letter from
the company’s owner announcing that the site’s operations have
ceased following a six-week long ordeal that has prompted the company
to take legal action in the Fourth Circuit Court of Appeals.
Now
in the midst of an escalating fight from the federal government aimed
at cracking down on encrypted communications, one of the last free
and secure services has thrown in the towel under mysterious
circumstances.
“I
have been forced to make a difficult decision: to become complicit in
crimes against the American people or walk away from nearly ten years
of hard work by shutting down Lavabit. After significant soul
searching, I have decided to suspend operations,” owner and
operator Ladar Levison of Dallas, Texas wrote in the statement. “I
wish that I could legally share with you the events that led to my
decision. I cannot.”
“I
feel you deserve to know what’s going on--the First Amendment is
supposed to guarantee me the freedom to speak out in situations like
this. Unfortunately, Congress has passed laws that say otherwise,”
wrote Levison. “As things currently stand, I cannot share my
experiences over the last six weeks, even though I have twice made
the appropriate requests.”
Levison’s
statement comes two months after Snowden - a former analyst at
intelligence contractor Booz Allen Hamilton - revealed himself to be
the source of leaked NSA documents disclosing vast surveillance
programs operated by the United States government. A month later, the
Global Post published an article in which a Lavabit.com email address
thought to be registered to Snowden was revealed.
The
Global Post wrote on July 12 that the Sheremetyevo Airport press
conference hosted by Snowden later that day was announced to human
rights groups under the email address "edsnowden@lavabit.com"
and signed by “Edward Joseph Snowden.” Washington Post foreign
affairs blogger Max Fisher and Guardian journalist Glenn Greenwald
have both since reported that Lavabit is indeed Snowden's email
provider.
During
a Q&A session hosted by The Guardian last month, Snowden wrote,
“Encryption works. Properly implemented strong crypto systems are
one of the few things that you can rely on.”
Although
Lavabit’s website is now almost entirely inaccessible, a cached
version hosted by Google provides background on why and how the
service provided highly secure encryption to its users.
“In
an era where Microsoft and Yahoo’s e-mail services sell access past
their spam filters, Google profiles user’s inboxes for targeted
advertising, and AT&T allows the government to tap phone calls
without a court warrant; we decided to take a stand,” one page
reads. “Lavabit has developed a system so secure that it prevents
everyone, including us, from reading the e-mail of the people that
use it.”
By
combining three different encryption schemes with Elliptical Curve
Cryptography, Lavabit provided a service purposely designed to
provide protection against government surveillance.
“The
result is that once a message is stored on our servers in this
fashion, it can’t be recovered without knowing a user's password.
This provides a priceless level of security, particularly for
customers that use e-mail to exchange sensitive information,” the
company wrote.
“The
key element of the PATRIOT Act is that it allows the FBI to issue
National Security Letters (NSLs). NSLs are used to force an Internet
Service Provider, like Lavabit, to surrender all private information
related to a particular user. The problem is that NSLs come without
the oversight of a court and can be issued in secret. Issuing an NSL
in secret effectively denies the accused an opportunity to defend
himself in court. Fortunately, the courts ruled NSLs unconstitutional
in 2005; but not before illustrating the need for a technological
guarantee of privacy,” the cached page reads.
“Lavabit
believes that a civil society depends on the open, free and private
flow of ideas. The type of monitoring promoted by the PATRIOT Act
restricts that flow of ideas because it intimidates those afraid of
retaliation. To counteract this chilling effect, Lavabit developed
its secure e-mail platform. We feel e-mail has evolved into a
critical channel for the communication of ideas in a healthy
democracy. It’s precisely because of e-mail’s importance that we
strive so hard to protect private e-mails from eavesdropping.”
Lavabit
noted that brute force attacks could theoretically allow a
third-party to see password-protected emails but said that such
attacks shouldn't be happening anytime soon.
“In
practice, the key lengths Lavabit has chosen equal enough possible
inputs that a brute-force attack shouldn’t be feasible for a long
time to come.”
According
to Snowden’s Q&A with The Guardian last month, “endpoint
security is so terrifically weak that NSA can frequently find ways
around it.”
Now
as Levison and crew prepare for a fight in appeals court, he suggests
that very few are safe from having even secure emails stolen by the
US government.
“This
experience has taught me one very important lesson: without
congressional action or a strong judicial precedent, I would
_strongly_ recommend against anyone trusting their private data to a
company with physical ties to the United States,” Snowden said in
the statement.
On
a since removed page from Lavabit.com, the company wrote, “Like
insurance, we hope our secure e-mail platform is something you’ll
never need. However, should the issue ever arise, like insurance,
you’ll be glad you have it.”
Earlier
this year, Federal Bureau of Investigation general counsel Andrew
Weismann said the US Justice Department wants to be able to decrypt
all messages sent over the internet in real-time by the end of 2014.
“The
problem with not having [that ability in America] is that we’re
making the ability to intercept communications with a court order
increasingly obsolete,” Weissman said. “Those communications are
being used for criminal conversations, by definition…and so this
huge legal apparatus that many of you know about to prevent crimes,
to prevent terrorist attacks is becoming increasingly hampered and
increasingly marginalized the more we have technology that is not
covered” under current law.
According
to a cached page of the company's history, Lavabit was launched in
2004 and most recently handled service for upwards of 60,000
individuals at a rate of around 200,000 emails a day.
“How
many Lavabit users have just been impacted by the hand of attempted
government oppression in secret?” security researcher Jacob
Appelbaum tweeted on Thursday. “The path chosen by Lavabit is an
honorable choice. It is also horrible that they must now ruin their
company to try to keep their integrity.”
Lavabit
representatives did not immediately return requests for comment
No comments:
Post a Comment
Note: only a member of this blog may post a comment.