Phil Zimmerman, who is the creator of the PGP (Pretty Good Privacy) encryption algorithm and the head of Silent Circle, the other encrypted global communication company that shut down along with Lavabit, has explained in an open letter why he took this action. He says that unlike the other services that his company provides for phone, video, and text services, where his company retains no data that it can be forced to provide to third parties and is thus secure from end-to-end, the nature of email is such that he could not provide that level of guarantee.
Because they have not received any demands from the government yet, he can speak openly. He says he shut his email service Silent Mail down pre-emptively and destroyed its archives rather than being forced to accede or be silent about the government’s secret demands that he felt were inevitably coming.
We designed our phone, video, and text services (Silent Phone and Silent Text) to be completely end-to-end secure with all cryptography done on the clients and our exposure to your data to be nil. The reasons are obvious — the less of your information we have, the better it is for you and for us.
Silent Mail has thus always been something of a quandary for us. Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has.
…
Silent Mail has similar security guarantees to other secure email systems, and with full disclosure, we thought it would be valuable.However, we have reconsidered this position. We’ve been thinking about this for some time, whether it was a good idea at all. Today, another secure email provider, Lavabit, shut down their system lest they “be complicit in crimes against the American people.” We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.
President Obama had a press conference today. USA Today has a live blog. It looks like he did his usual song-and-dance about these surveillance measures being purely to fight terrorism and has promised some reforms but they seem to be mostly cosmetic and I doubt that anything significant will happen. Obama has long ceased to have any credibility on civil liberties. This is just to give his supporters something they can use to defend him.
Jason Ditz reports that Obama was testy during the press conference. It must be really galling for an authoritarian like him to be forced to defend himself because a young person whom he and the government-media-military establishment considered to be a nobody had the courage to decide that people need to know what their government is snooping on them in secret.
“Jason Ditz reports that Obama was testy during the press conference. It must be really galling for an authoritarian like him…”
I supported Mr Obama over Ms Clinton in the 2008 primary largely because I thought she would maintain and expand the executive overreach of the Bush administration, while he might rein it in. I was wrong about the second part.
I like Senator Obama more than President Obama. But then again, I like President Obama more than President McCain and President Romney. Sad that they were the only real choices. On the other hand, at least the Republicans didn’t give us the choice of President Santorum (or Cain, Perry, or Gingrich--I would have preferred Romney to those guys).
The headline is misleading. Silent Circle is not shutting down. Only Silent Mail is being shut down.
You are right. I have corrected it.
For those who forget or don’t know the history, Zimmerman first came to prominence with PGP because the US government considered it a “danger” and tried to ban its sale. PGP was labelled a “munition”, as if it were a bomb, because people could send messages that the government could not read, and exporting it was considered a criminal act.
Funny how things never change.
PGP was labelled a “munition”
It’s a little more complicated than that. All encryption products were regulated under ITAR (international traffic in arms regulation) which was intended as a bureaucratic hurdle to control exports. You had to apply, fill out paperwork, and possibly get pressure to build a backdoor into your product…. In 1992 (I think it was) AT&T prototyped a simple inline phone encryptor (with some fantastically clever features!) and the NSA went batshit. In response they cooked up this absolutely absurd idea for “key escrow” and proposed the infamous “clipper” chip. I’m happy to say I had my own small share in the sinking of the clipper, when I suggested to some financial companies’ tech people that I knew, that they should raise the question of technical support -- ask the NSA about its history of providing commercial product support… Apparently that happened at a rather important meeting and the NSA guys were slack-jawed with no answer. Good times.
Anyhow, Zimmerman published the code for PGP well before much of this happened. But because of ITAR a lot of the big file sites refused to carry the source code. Then, some of the cypherpunks realized there was a flaw in the regulations: ITAR did not cover paper publications in technical literature so a bunch of clever fellows at MIT printed the source for PGP and a DES library, using a font that was optimized for OCR. They then published that bundle in a special issue of the proceedings of Crypto journal, then a bunch of fellows in Finland scanned, OCR’d, ported and tested it and made it available worldwide in source form. Suddenly clipper was holed below the waterline, though there was about 5 years in which US companies that imported European crypto code couldn’t export their products. This particularly bit my ass because at the time I was tech lead on a firewall/VPN product I designed that relied on a DES card from CE Infosys in Germany. We’d buy the cards, put them in a computer, and not be allowed to export them. So, of course, we just shipped it without the card and told our European customers where to buy them. It was a great time, watching that particular cat creep out of the bag.
Today’s internet community ought to be retaliating to NSA spying, but they are not. There are simple and straightforward things we could do that would make life hellish for NSA -- such as developing a new version of SSL that does selfsigned certs at both sides and doesn’t have a backdoored certificate heirarchy. Someone also needs to start a kickstarter for a plug-in crypto layer that offers perfect forward secrecy that can drop under Skype and facetime and a few others. And, of course, someone needs to offer a file sharing service with forward secrecy… Kim Dotcom was apparently planning to do that and coincidentally the US DOJ conspired illegally with New Zealand’s police to do military-style raid against him and imprison him. Coincidence is pretty amazing, huh? Why aren’t we retaliating? Propaganda works. It’s that simple.
More trivia: they were terrified of the AT&T 2600 encryptor because it couldn’t be backdoored. It did a diffie-hellman key exchange and displayed a modulus of the key on a little LCD panel on the front. When you made the call you’d immediately ask the person on the other side what the number on the LCD was, and if it didn’t match you knew someone had tried to do a man-in-the-middle attack. That, plus the fact that the device could be plugged inline for any phone and was very portable, meant that they’d completely lose control of voice encryption. So the technology was suppressed and -- of course -- the government’s lackeys at the big cell phone companies built an infrastructure that was designed to make it backdoorable. Indeed, it was designed from the get-go to collect the kind of “metadata” that the liars in washington are so busy lying about, under a “business records” exemption.