Alliance aims to develop spy-proof email
Connecting state and local government leaders
Three months after shuttering their respective encrypted email services, Silent Circle and Lavabit announced an industry coalition to develop an open-source protocol for truly secure email.
Three months after shuttering their respective encrypted e-mail services, Silent Circle and Lavabit have formed an industry coalition to develop an open-source protocol and architecture for truly secure email.
The goal of the Dark Mail Alliance, announced Oct. 30 at the Inbox Love conference in Mountain View, Calif., is to enable a scheme for email that goes beyond encrypting content to secure anonymity and privacy by protecting metadata as well.
It is a moral crusade as well as a business venture and will build on work already begun by the two companies, said Silent Circle CEO and co-founder Mike Janke. “We have working prototypes now that we are using,” Janke said. “It works great. The next steps are SMTP bolt-ins and then desktop clients.”
Silent Circle is a Maryland-based provider of secure communications, including end-to-end encrypted phone service, text and video conferencing. These peer-to-peer services do not generate the vulnerable metadata that current email protocols do. Janke called email today “broken,” and said it cannot guarantee security. Even when the contents of an email are encrypted, metadata generated in email protocols remains vulnerable to security breaches and government action, both here and abroad.
Recently leaked documents indicate that the National Security Agency is gathering this type of metadata. Both Silent Circle and Lavabit shut down their email services in August in the wake of revelations of NSA activities by former NSA contractor Edward Snowden. At the time, Silent Circle officials said the ability of governments to get at that information could pose a risk to its U.S. government customers overseas.
In a statement on its website, Silent Circle in August said it saw “the writing on the wall” when Lavabit shuttered its service saying that it was shutting down to avoid becoming complicit “in crimes against the American people.” The statement does not specify details other than to say it would “continue to fight for the Constitution in the Fourth Circuit Court of Appeals.” This is an apparent reference to a Foreign Intelligence Surveillance Act court subpoena and gag order related to the case of Snowden, who was known to have had a Lavabit email account.
Silent Circle’s encrypted email service had been intended only as a stop-gap until a more secure service could be developed. The company and Lavabit now want the development to be an industry effort. “Our goal is to open-source the protocol and architecture and help others implement this new technology to address the privacy concerns over surveillance and back door threats of any kind,” the companies said in their joint announcement.
The scheme is being built on Version 2 of the Silent Circle Instant Message Protocol engine, which enables secure messaging and file transfers to individuals or groups. A mailbox-like user interface is being added to it and it will use Lavabit’s Simple Mail Transfer Protocol engineering.
The alliance will seek other corporate members. Janke said the goal is to have a worldwide impact rather than serving smaller customer bases with proprietary technology. “We realized we had developed the next generation of the world’s e-mail architecture and that this was bigger and more important than just our two companies.”
Phil Zimmermann, creator of PGP (Pretty Good Privacy) encryption and a co-founder of Silent Circle, showed the impact an open security and privacy tool could have when he released PGP, Janke said.
“Our average age is 42, and we view things differently now,” he said “This is an opportunity for us to have a major global impact by making privacy the default characteristic of email. It's more important than any revenue number. It's now a calling and a duty we owe our children.”