Silent Circle, co-founded by email security guru Phil Zimmermann, has pulled out of the secure email business. It was a pre-emptive measure inspired by Lavabit’s self-shuttering, and a worrying sign for the U.S.-hosted secure communications industry.
The closures strongly suggest that secure hosted email services cannot be sited in the U.S. without being compelled to compromise users’ privacy if asked to do so by the authorities there. When Lavabit shut down, founder Ladar Levison said: “Without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
Levison appeared to be under some kind of gagging order, but one must assume that his “experiences over the last six weeks” included a visit or communications from U.S. law enforcement agencies. The National Harbor, M.D.-based Silent Circle team said in their blog post that no-one had contacted them in this way, but they could “see the writing on the wall”.
Silent Circle’s remaining services include secure phone, video and text facilities, largely aimed at enterprise mobile users, that can boast full end-to-end encryption. Unless someone has managed to break this encryption — unlikely albeit not impossible — these are genuinely secure services that leave no traces for the FBI or NSA to requisition. The authorities can’t even go after the encryption keys, because these are stored on the users’ devices.
The company’s email service, on the other hand, was more of a mixed bag. Silent Mail came in two modes: with end-to-end encryption, where users were responsible for managing their own keys and certificates (a chore); and as a managed-encryption service, where Silent Circle handled the keys and certificates on the users’ behalf. This effectively meant users had to choose between fully-secure-but-hard-to-use and mostly-secure, and it seems Silent Circle realized mostly-secure wasn’t going to be good enough.
Bearing in mind that one of Silent Circle’s founders was Phil Zimmermann, the guy who created the widely-used Pretty Good Privacy (PGP) email encryption software, it’s worth reading what that blog post had to say on the matter of email security in general:
“Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure. And yet, many people wanted it. Silent Mail has similar security guarantees to other secure email systems, and with full disclosure, we thought it would be valuable.
“However, we have reconsidered this position. We’ve been thinking about this for some time, whether it was a good idea at all. Today, another secure email provider, Lavabit, shut down their system lest they ‘be complicit in crimes against the American people.’ We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail now.”
In short, Silent Circle was worried that the authorities would get their hands on users’ email metadata, informing them who was emailing who and when, along with other tagging information.
No easy answers
So what should people do if they want to use encrypted email? As I explained in a guide to basic online security and privacy on Thursday, setting up your own secure email server and client is workable, but not for the average person. Hosted email is far more convenient, but that means finding a jurisdiction where authorities don’t try to demand access to data or metadata.
There, we have the problem that, in all likelihood, many governments are in on this surveillance thing together. If I had to pick the country that’s most likely to offer a genuinely privacy-friendly jurisdiction for hosted communications right now, it would probably be Switzerland. But even then, the British Tempora scheme allegedly sucks up internet traffic en masse, meaning metadata could be captured from any emails, no matter how secure, as long as the authorities know what they’re looking for.
In the end, with email it’s a matter of risk mitigation rather than inviolable security. And if Silent Circle decided it was best to pull out of the email business altogether, that’s a pretty worrying sign.