ADVERTISEMENT
  About the SA Blog Network













Observations

Observations


Opinion, arguments & analyses from the editors of Scientific American
Observations HomeAboutContact

Secure E-Mail Services Shuttered over Fears of Government PRISM Reprisals

The views expressed are those of the author and are not necessarily those of Scientific American.


Email   PrintPrint



security,privacy,email,nsa

Image courtesy of Bev Sykes, via Flickr

Revelations of the U.S. National Security Agency’s PRISM program continue to have worldwide ripple effects. Nearly two months after U.S. federal prosecutors charged NSA whistleblower Edward Snowden with espionage and theft of government property for blowing the lid off of the clandestine surveillance program, the company that secured Snowden’s electronic communications with journalists and international officials has shut down its encrypted e-mail services.

Texas-based Lavabit LLC announced August 8 that it was suspending operations due to unspecified legal pressures. The move prompted another company, Silent Circle, to likewise drop its own encrypted e-mail service on August 9 before becoming the target of similar legal scrutiny. Meanwhile, concerns over the NSA’s snooping have prompted the opposite reaction in Germany, where two of that country’s biggest Internet service providers—Deutsche Telekom AG and United Internet AG—say they will now encrypt customers’ emails by default.

In a note posted to Lavabit’s homepage, owner and operator Ladar Levison suggested that a long, secretive turn of events led to his decision to scuttle the service. “As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests,” the site says. He also notes that, a “favorable decision” by the Fourth Circuit Court of Appeals would allow him to “resurrect Lavabit as an American company.”

Levison launched Lavabit in 2004 under the name Nerdshack. By 2009 the site boasted 140,000 registered users with more than 260,000 email addresses. Most of those accounts belonged to individual users, although the company did provide corporate e-mail services to about 70 companies.

Lavabit developed its secure e-mail platform around asymmetric encryption. This means that incoming e-mail messages were encrypted before being saved on the company’s servers and could be decrypted only by someone with a password for that e-mail account.

Most e-mail programs support encryption via Secure Sockets Layer (SSL) protocol, developed in the mid-1990s as a cryptographic tool to encode communications over TCP/IP networks. SSL uses a cryptographic system with two keys—a public key to encrypt the data and a private key, known only to a message’s recipient, to decipher it. SSL encrypts messages sent from the user’s machine to their ISP. As messages move through the core of the Internet, they are usually unencrypted, however. “Unless somebody is doing something intentionally to put encryption on the messages, the messages are decrypted at each hop along the way and are visible there,” cryptographer Paul Kocher, president and chief scientist of Cryptography Research, recently told Scientific American.

Silent Circle posted a note to its homepage Friday implying the company has shut down its secure Silent Mail service—which encrypts messages sent between Silent Circle customers—before being forced to comply with any government subpoenas, warrants, security letters or other legal demands for customer information. Phil Zimmermann, creator of the Pretty Good Privacy (PGP) program to encrypt and decrypt e-mail messages, co-founded the Washington, D.C., company, which claims to have its network located in Canada.

Silent Circle points out in the same note that its “end-to-end” cryptography meant that it had “nil” exposure to customer data. Yet the company’s FAQ states that, if the company is managing a client’s encryption keys (the other option would be for customers to manage their own keys), then Silent Circle can hand over client messages to law enforcement when legally compelled to do so. Silent Circle will continue to offer secure voice and text services because it has control over the infrastructure supporting them and can guarantee that messages were not intercepted or tampered with en route, the BBC reported Friday.

Zimmerman’s company apparently anticipated run-ins with the law. A Web page recounting Silent Circle’s history states: “We believe in honest transparency, and protecting individual and business privacy. We will post the requests we get from Government, Law Enforcement and worldwide legal entities for users data.” It goes on to declare: “We know that we’ll have a target painted on us from day one.”

The NSA crafted PRISM as a means for collecting data on people suspected of plotting terrorist attacks, spying or other forms of malfeasance. The government claims that information gathered via PRISM has disrupted dozens of potential terrorist attacks. Yet the program’s legacy is having other, likely unintended consequences on electronics communication. Lavabit’s Levison notes that, unless changes are made to current U.S. surveillance policies, “I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.”

About the Author: Larry is the associate editor of technology for Scientific American, covering a variety of tech-related topics, including biotech, computers, military tech, nanotech and robots. Follow on Twitter @lggreenemeier.

The views expressed are those of the author and are not necessarily those of Scientific American.





Rights & Permissions

Comments 16 Comments

Add Comment
  1. 1. SigmaEyes 9:19 pm 08/9/2013

    This is so upsetting. If the govt was only collecting meta data, they would not need the keys for de-coding. They have other programs beside Echelon and Prism. They do in fact read content of phone and electronic messages. Regardless if it is a computer AI program or human spying, it is still spying without warrant or probable cause.

    To say it is for anti-terrorism is also fallacy. It has served to give this or that company a competitive advantage internationally, and I suspect, given past history, to make domestic companies winers or losers. One shining example is of Lucent technologies making an encoded chip to go into early cell phones. Govt agencies demanded Lucent give them the de-cryption codes, and Lucent denied them because the govt could then intercept and monitor every single users communication without asking Lucent or a cell provider for the data (via satelite transmission interception). Lucent resisted repeated pressure and intimidation, and they were destroyed as a company – broken apart, stock value plummeted to 1/10 of former value. And this was long before the supposed war on terrorism. In the 1990′s

    These electronic communications have been monitored and used illegally for decades. And the US is not the only govt that does it. And the public should know the truth.

    Link to this
  2. 2. SoftLanding 9:13 am 08/10/2013

    I wonder what the author means by “Government PRISM Reprisals”.

    Once upon a time, reprisal was used to describe a reaction to something. I wonder what the companies did to the Government that would bring on reprisals.

    Link to this
  3. 3. NewGatsby 1:02 pm 08/10/2013

    @4. SoftLanding

    They did nothing. The author knows that, and is attempting to portray the Federal Government as a predatory entity which attacks without provocation.

    It’s just another example of the politicization of SciAm.

    Link to this
  4. 4. Dragonfall 1:18 pm 08/10/2013

    Just encrypt it locally if you don’t want the NSA reading your emails.

    Link to this
  5. 5. NewGatsby 2:21 pm 08/10/2013

    Too true – but they won’t!

    Link to this
  6. 6. JPGumby 3:18 pm 08/10/2013

    Legally, e-mails have no presumption of privacy, since once sent, the contents are scattered all over the internet. A lawyer will tell you to never send anything by e-mail – the contents fall outside of lawyer/client privilege (unlike snail mail).

    In general, don’t send anything unencrypted unless you don’t care if everyone from mafiosi to federal prosecutors to jihadi knows the contents.

    Link to this
  7. 7. onapthanh 10:08 am 08/11/2013

    I also agree that Govt agencies demanded Lucent give them the de-cryption codes, and Lucent denied them because the govt could then intercept and monitor every single users communication without asking Lucent or a cell provider for the data@ on ap

    Link to this
  8. 8. onapthanh 10:09 am 08/11/2013

    I suspect, given past history, to make domestic companies winers or losers. One shining example is of Lucent technologies making an encoded chip to go into early cell phones on ap

    Link to this
  9. 9. Eggnogstic 6:21 pm 08/11/2013

    I’m happy Sciam is finally posting pieces critical of our current US government regarding this matter. They ignored the Snowden affair for a week, then trotted out articles by minimizers and administration apologists for a quite a while, before ignoring the matter again.

    Link to this
  10. 10. aberr 10:46 pm 08/11/2013

    Speaking of government spying….People are allowing electric utility companies to install “smart” meters, which are basically two-way wireless transmitters. New appliances will have zigbee chips in them…which will allow for 24/7 spying on your habits and activities… and remote wireless control of your appliances…to turn the power up, down, off, on… this is far more invasive and intrusive spying than anything in the past…. Our government has made this happen .. by giving the utility companies billions of our tax payers money for the sole reason of forcing these spy meters on every home in American. A nice side effect of greatly increasing the wireless radiation in our homes and our cities. is it will cause us to die right about retirement age…a lot like asbestos and cigarettes… and Cisco, and GE and those giant international corporations will increase their profits greatly… and it just goes on and on…because we’ll be forced to purchase “smart” meters again and again every 10 years or so…. I guess this is all doings of the president’s psychopathic boss, John Holdren. It’s just embarrassing to be American any more. Other countries are using fiber optic to spy on their citizens.

    Link to this
  11. 11. NewGatsby 6:11 am 08/12/2013

    onapthanh = SPAM

    Link to this
  12. 12. BillR 10:18 am 08/12/2013

    And there is no where in the world you can go to get away from this… You do not need to be a prophet to see that this world is doomed to repeat the errors of the past. The dark ages to come will dark indeed but the technology will finally eat itself and, if the human race survives itself, we will be able to come out of our caves and start again.

    So get a head start and trash all that high tech crap and start living a tether free life again. Relate to people one on one instead of through servers. Use the technology only as a tool, defective as it is, and keep your life to yourself.

    Link to this
  13. 13. freddyk 12:46 am 08/13/2013

    It would be interesting to see how this Lavabit meltdown relates to non-US based email encryption services such as http://salusafe.com and if it we could expect similar abrupt shutdowns of offshore servers?

    Link to this
  14. 14. gmperkins 2:52 pm 08/13/2013

    Its bad. This will cripple American innovation because you can’t trust anything except face-to-face communications anymore.

    Link to this
  15. 15. Steven 8:18 pm 08/13/2013

    There was some presumed right to privacy in the constitution.
    The supreme court said so in a case, Griswald vs Connecticut, 381, US, 479 (1965).
    The Supreme Court of the United States ruled the Constitution protects a right to privacy.
    The supreme court invalidated a law which outlawed the use of contraceptives in Connecticut.
    The supreme court invalidated the law on the grounds that it “violated the right to marital privacy”.
    The supreme court also upheld a right to privacy in the Roe vs Wade decision in 1973, since the supreme court ruled that a woman’s decision to have an abortion was a private decision between her and her doctor.
    The Bill of Rights does not specifically mention “privacy”, however the supreme court has ruled that there is a right to privacy.
    It’s hard to say whether this Email, or the PRISM program, which apparently is about everything including phone calls, Email, and social media goes too far as far as privacy is concerned.
    The government, including the President, and members of the congress from both parties have said it is Okay, although congress is certainly not overwhelming in its support of the program.
    There has been a secret court, which apparently is appointed by the Chief Justice of the Supreme Court, which has approved the surveillance program.
    Many members of congress have stated they weren’t fully informed of the contents of the Patriot Act which apparently allowed continuous surveillance of essentially everyone, including both Americans and everyone else with cell phone and internet access.
    I assume land line telephones are also being routinely monitored.
    Certainly the American people expect their government to protect them from terrorism and understand monitoring of electronic, and probably all communications are necessary to some degree, however I think there is going to be further assessment of this program and most likely there is going to be some kind of determination of what is essential and not just overall monitoring of everyone.
    There original premise of the establishment of the Republic was that there would be “limited government”.
    The idea of unlimited government probably goes beyond the limits of what the original program or Patriot Act was about, so most likely we will see some kind of revision.
    Even the President has said the program was being re-evaluated prior to Snowden’s disclosures.

    Link to this
  16. 16. bucketofsquid 5:44 pm 08/15/2013

    @Steven – Just because something flagrantly violates the constitution doesn’t mean it won’t be used anyway. President Lincoln violated the constitution when he preserved the union. FDR violated the constitution when he and congress built concentration camps for the Japanese in America. The Patriot act stripped all citizens of all of their rights including the right to trial and legal representation. Under the original Patriot act you could be shot on the spot simply because someone suspected you of being involved in subversive or terroristic activity. No proof or trial was required.

    Each of these blatant acts of treason were eventually moderated somewhat later but they all happened and were widely accepted and encouraged at the time.

    Link to this

Add a Comment
You must sign in or register as a ScientificAmerican.com member to submit a comment.

More from Scientific American

Scientific American Dinosaurs

Get Total Access to our Digital Anthology

1,200 Articles

Order Now - Just $39! >

X

Email this Article

X