US email providers opt to shut down rather than submit to NSA spying

9 Aug 2013

At least two email providers in the US – Lavabit and Silent Circle – are to close their email services down rather than allow the National Security Agency (NSA) to spy on their servers, it has emerged.

Lavabit, which had been used by whistleblower Edward Snowden, and Silent Circle are to close down in a move that casts a harsh light on US-based cloud businesses.

Lavabit was a Gmail-like email service that guaranteed its users that it would not scan their messages for keywords to support advertising.

Silent Circle similarly promised its users the ability to avoid surveillance and operates similar services such as Silent Phone and Silent Text, which is used by celebrities, journalists, human rights groups and special operations groups around the world.

Is the writing on the wall for cloud privacy?

Writing on the homepage of his now defunct website founder Ladar Levison wrote: “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations.

“I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on–the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.

“What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.

“This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States,” Levison warned.

For similar reasons, before the “men in suits” come knocking, Silent Circle took the decision to shut down its Silent Mail service because as well the revelations about surveillance in the US, email as we know it with SMTP, POP3, and IMAP cannot be secure, and it could not guarantee the privacy it once promised its users.

“We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now,” wrote CEO Michael Janke. “We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.

“We’ve been debating this for weeks, and had changes planned starting next Monday. We’d considered phasing the service out, continuing service for existing customers, and a variety of other things up until today. It is always better to be safe than sorry, and with your safety we decided that the worst decision is always no decision.

“Silent Phone and Silent Text, along with their cousin Silent Eyes are end-to-end secure. We don’t have the encrypted data and we don’t collect metadata about your conversations. They’re continuing as they have been. We are still working on innovative ways to do truly secure communications. Silent Mail was a good idea at the time, and that time is past.

“We apologise for any inconvenience, and hope you understand that if we dithered, it could be more inconvenient,” Janke said.

Security image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years