The encrypted email provider Lavabit was forced to close its business after having been ordered by a court to hand over its secret code to federal agents

Code protecting emails against spying to be made public

A programming code that makes emails shut down when they are at risk of being intercepted will be released to the public to improve communication security.

Ladar Levison, the founder of the Lavabit encrypted email service, has announced the decision after being forced by a US court to turn over the company’s cryptographic keys to federal agents.

Levison said he would work with former rivals and newcomers on an open email system designed to protect ordinary users' privacy from law enforcement, as well as insider corruption and hacking.

Lavabit and civil-liberties groups have asked an appeals court to reverse the decision favouring the federal agents, who are believed to have been seeking information about former National Security Agency contractor and Labavit user Edward Snowden.

However, Levison said he was concerned about the mass surveillance conducted by US intelligence services and didn’t want to wait for the appeals court decision.

"They've effectively violated the public's trust and as a result, we've decided as a community that it's time to develop a technical solution," Levison said. "Maybe there can be 100 Lavabits if I turn over the code."

Levison and other companies, such as Silent Circle, are now developing security keys that could be implemented by individual users.

Plans of the Darkmail Alliance, formed by Levison and his co-workers, is only one example of the popular opposition against the practices of government intelligence-gathering methods, revealed in documents leaked by Snowden.

Yesterday it was revealed NSA, together with British digital surveillance agency GCHQ were spying on massive internal traffic at Google and Yahoo to monitor movements of emails and other traffic among international data centres owned by those companies.

Google has said it is now trying to encrypt such internal transmissions to improve security and privacy.

Several technology standards-setting groups and cryptography experts are also working to tighten security procedures and avoid formulas that were devised with help from the NSA.

The fact that most Internet systems rely on a rather limited number of companies providing crucial hardware and software was revealed as one of the major weaknesses in data protection.

US intelligence agencies can read at least everything by non-Americans that is relevant to international politics, while many other countries and freelance hackers have no restrictions and myriad opportunities to penetrate those multilayered and complex systems.

"It really creates a situation where you can't have a trusted third party," Levison said. "If they are compromised, the entire system of trust breaks down."

The issue closest to the front line is secure email. Though Snowden has said that email sent using cryptography based on the Pretty Good Privacy standard is fairly safe from prying eyes, it is too cumbersome for most people.

Lavabit's case shows that even very sophisticated providers that do the hard work on behalf of the users can't guarantee protection from court orders. After Levison shut his company down at least two other privacy-oriented email services, from Silent Circle and CryptoSeal, also stopped accepting customers.

Because the U.S. Justice Department's logic in the Lavabit case would allow it to access all traffic, not just one targeted user, "if it stands, it will cripple the cloud computing and software-as-a-service industries in the U.S.," said CryptoSeal co-founder Ryan Lackey.

That's because the lower court judge directed Lavabit to hand over the keys to its Secure Sockets Layer encryption, which would allow the government to see everything that the company sees.

Lavabit has appealed to the Fourth U.S. Circuit Court of Appeals in Richmond, Virginia, and last week the American Civil Liberties Union and the Electronic Frontier Foundation filed separate friend-of-the-court briefs arguing that exposing 400,000 users to possible surveillance was unreasonably burdensome, an invasion of privacy, and unconstitutionally broad.

Though federal authorities have said they would only look at the data of specific users, privacy advocates are sceptical. Previous reports based on Snowden documents showed that the NSA has amassed a stockpiles of SSL keys, some of which may have been obtained in pursuit of one target but remain on hand for other users of the same service.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them