LavaBit Relaunches

LavabitFriends, back in 2013, we told you about how Ladar Levison, founder of the encrypted email service Lavabit, took the defiant step of shutting down the company’s service rather than comply with a federal law enforcement request that could compromise its customers’ communications.  The FBI had sought access to the email account of one of Lavabit’s most prominent users — Edward Snowden. Levison had custody of his service’s SSL encryption key that could help the government obtain Snowden’s password. And though the feds insisted they were only after Snowden’s account, the key would have helped them obtain the credentials for other users as well.  Rather than undermine the trust and privacy of his users, Levison ended the company’s email service entirely, preventing the feds from getting access to emails stored on his servers. But the company’s users lost access to their accounts as well.  Levison, who became a hero of the privacy community for his tough stance, has spent the last three years trying to ensure he’ll never have to help the feds break into customer accounts again.

Lavabit is relaunching with a new architecture that fixes the SSL problem and includes other privacy-enhancing features as well, such as one that obscures the metadata on emails to prevent government agencies like the NSA and FBI from being able to find out with whom Lavabit users communicate. He’s also announcing plans to roll out end-to-end encryption later this year, which would give users an even more secure way to send email.  The new service addresses what has become a major fault line between tech companies and the government: the ability to demand backdoor access to customer data. Last year when the FBI sought access to an iPhone used by the San Bernardino shooter, Apple couldn’t get into the phone because the security scheme the company built in to the device prevented it from unlocking the phone without the shooter’s password. (Eventually, the FBI found another way to access the phone’s data, ending the dispute with Apple.)

SOURCE – The Intercept

LavaBit & Silent Circle launch Kickstarter initiative…

dark_mailLavabit founder Ladar Levison and Silent Circle recently began a Kickstarter initiative to help fund the development and roll out of the first Dark Mail clients.

“The Summer of Snowden may have taken the Lavabit email service offline,” the project’s Kickstarter page says, referring to National Security Agency leaker Edward Snowden, “But the lifeblood of the service is still alive and relevant to Dark Mail.”

Dark Mail is a newly proposed email protocol from Levison and Silent Circle that promises to encrypt not only the body of messages, as is the norm with today’s email encryption, but also protect the “header” metadata accompanying every message, such as the subject line, sender, recipient, and so on.  The plan is to turn Dark Mail into an open source protocol so that any email provider or client app maker can make their services Dark Mail compatible.

Metadata is one of the big weakpoints of secure email communciations , since you cannot hide it from a third-party observing Internet traffic—a fact highlighted this summer when leaks about the National Security Agency’s surveillance activities started coming to light.  The core Dark Mail ideal is that even if law enforcement forced a service provider to hand over its users’ communications, all the company could hand over would be unintelligible junk. Like other encryption schemes, only the recipient with the proper decryption keys would be able to read the message.  Levison and Silent Circle also hope that open-sourcing the Dark Mail protocol would encourage software providers to build Dark Mail capabilities into email clients, and that in turn will make using encrypted communication as seamless as using Gmail or Outlook.com is now. Current efforts to encrypt the body of email messages requires at least a modicum of technical knowledge and a willingness to troubleshoot potential set-up problems.

The Dark Mail Kickstarter campaign hopes to raise $196,608 to clean up the Lavabit secure webmail source code and build in the Dark Mail protocol. The campaign would also fund development of the first Dark Mail clients for numerous platforms, including Windows, OS X, Linux, iOS, and Android. Pledges for the campaign start at $25, which will give you access to the project’s official binary package for the apps and the Lavabit webmail code.  Pledges of $1,000 and up also give you access to the binaries in addition to technical assistance and a limited edition polo shirt.

Lavabit fights the good fight…

The U.S. government in July obtained a search warrant demanding that Edward Snowden’s e-mail provider, Lavabit, turn over the private SSL keys that protected all web traffic to the site, according to to newly unsealed documents.  The July 16 order came after Texas-based Lavabit refused to circumvent its own security systems to comply with earlier orders intended to monitor a particular Lavabit user’s metadata, defined as “information about each communication sent or received by the account, including the date and time of the communication, the method of communication, and the source and destination of the communication.”  lavabitThe records in the case, which is now being argued at the 4th U.S. Circuit Court of Appeals, were unsealed by a federal judge in Alexandria, Virginia. They confirm much of what had been suspected about the conflict between the pro-privacy e-mail company and the federal government, which led to Lavabit voluntarily closing in August rather than compromise the security it promised users.  The filings show that Lavabit was served on June 28 with a so-called “pen register” order requiring it to record, and provide the government with, the e-mail “from” and “to” lines on every e-mail, as well as the IP address used to access the mailbox. Because they provide only metadata, pen register orders can be obtained without “probable cause” that the target has committed a crime.

“The privacy of … Lavabit’s users are at stake,” Lavabit attorney Jesse Binnall told Hilton. “We’re not simply speaking of the target of this investigation. We’re talking about over 400,000 individuals and entities that are users of Lavabit who use this service because they believe their communications are secure. By handing over the keys, the encryption keys in this case, they necessarily become less secure.”

I love this next part… Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type!  I love this guy!

“To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors wrote.  The court ordered Levison to provide a more useful electronic copy. By August 5, Lavabit was still resisting the order, and the judge ordered that Levison would be fined $5,000 a day beginning August 6 until he handed over electronic copies of the keys.  On August 8, Levison shuttered Lavabit, making any attempt at surveillance moot. Still under a gag order, he posted an oblique message saying he’d been left with little choice in the matter.

“I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit,” Levison wrote at the time. “After significant soul searching, I have decided to suspend operations.”

Lavabit has raised approximately $30,000 in an online fundraising drive to finance its appeal to the 4th Circuit. Today the appeals court extended the deadline for opening briefs to October 10.  Friends, your absolute right to privacy is under attack.  Spread the word, donate or help out any way you can and helo Lavabit fight the good fight!

SOURCE – Wired

UPDATE – Lavabit to Briefly Reinstate Services for Data Recovery

Encryption App Silent Circle Shuts Down…

The communications encryptions firm ‘Silent Circle’ chose to shut down it’s e-mail service as one if its competitors ‘Lavabit’ recently shut down it’s core email service.  Lavabit cited that he had been the subject of a U.S. government investigation and gag order.  It appears the NSA came knocking and instead of fighting for our disappearing privacy rights, Lavabit decided to fold.  Silent-Circle-screenshot5Co-founder and CTO Jon Callas said in a blog post Friday that Silent Circle’s e-mail service had “always been something of a quandary for us.” This, in spite of the fact that one of Silent Circle’s other co-founder is Phil Zimmermann, inventor of the popular e-mail encryption software PGP.  Electronic mail uses standard internet protocols that cannot have the same security guarantees that real-time communication has, Callas said. “Email as we know it with SMTP, POP3, and IMAP cannot be secure.”

“We’ve been thinking about this for some time, whether it was a good idea at all. Yesterday, another secure email provider, Lavabit, shut down their system lest they ‘be complicit in crimes against the American people.’ We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail.”  Callas said Silent Circle had not received subpoenas, warrants or anything other similar request from any government. The company had been debating what to do about its email service for weeks, and up until Friday was ready to phase the service out so that it would continue for existing customers. “It is always better to be safe than sorry,” Callas said.  What he meant was “…better whipped and submissive than free…”

Friends, this is truly sad.  On a daily basis, I see our rights and liberties evaporating due to the efforts of our government and it’s agencies that LIE to us and SPY on us, all under the banner of Social Reform.  This post show that a society that fears and distrusts it’s own leaders cannot thrive.  Had enough yet?

UPDATE – 08/15/13 – Monterey-based Privato Security sped up the launch of its email service.  “I think it is a golden opportunity for us,” CEO Neal Smith, 68, said Tuesday.  Privato works by sending an email to a cloud server, an Internet-based storage system, where it stays — heavily encrypted — until the recipient downloads it, instantly deleting it from the server.  Check it out.

UPDATE – 08/16/13 – NBC reports that senior US Attorney James Trump sent Lavabit founder Ladar Levison and his lawyer a veiled arrest threat when Levison shut down his private email service (used by NSA leaker Edward Snowden) rather than comply with a secret order to spy on his customers.  More interesting reading on the subject here.

UPDATE – 08/23/13 – Ladar Levison, the owner of the now-shuttered encrypted email service used by Edward Snowden said that he will continue to defend online security free of government surveillance, hopefully with success in courts or a possible move of his company overseas.

UPDATE – 08/29/13 – Usage for Tor doubles in wake of secure email shutdowns.

UPDATE – 09/16/13 – Interesting reading on the subject.

  • Ads