Followers of the NSA spying stories will remember Lavabit, the encrypted email service created by Ladar Levison. Its claim to fame is two-fold. One is that it was the service used by Edward Snowden. The other is that in 2013 Levinson chose to shut down the service entirely rather than hand over the encryption keys of the emails of his clients to the US government. I have written about this story before, as have many others.
Levison has announced that he is re-starting the service with a new end-to-end encryption system that will make him unable to comply with any future government requests for backdoor entrance. Kim Zetter provides more details.
“The SSL key was our biggest threat,” he says.
On Friday, he’s relaunching Lavabit with a new architecture that fixes the SSL problem and includes other privacy-enhancing features as well, such as one that obscures the metadata on emails to prevent government agencies like the NSA and FBI from being able to find out with whom Lavabit users communicate. He’s also announcing plans to roll out end-to-end encryption later this year, which would give users an even more secure way to send email.
The new service addresses what has become a major fault line between tech companies and the government: the ability to demand backdoor access to customer data.
With the new architecture, Lavabit will no longer be able to hand over its SSL key, because the key is now stored in a hardware security module — a tamper-resistant device that provides a secure enclave for storing keys and performing sensitive functions, like encryption and decryption. Lavabit generates a long passphrase blindly so the company doesn’t know what it is; Lavabit then inserts the key into the device and destroys the passphrase.
“Once it’s in there we cannot pull that SSL key back out,” says Sean, a Lavabit developer who asked to be identified only by his first name. (Many of Lavabit’s coders and engineers are volunteers who work for employers who might not like them helping build a system that thwarts government surveillance.)
If anyone does try to extract the key, it will trigger a mechanism that causes the key to self-destruct.
The hardware security module is a temporary solution, however, until end-to-end encryption is available, which will encrypt email on the user’s device and make the SSL encryption less critical.
Snowden has said that he plans on reactivating his Lavabit account once it relaunches to show his support for Lavabit but that showing that it is truly secure will have to await until later, only after it is launched.
Other companies are also creating end-to-end encryption systems so that I suspect that it is only a matter of time before it becomes routinely available even to the least tech-savvy users. We can thank Snowden for providing some of the impetus for these moves.