Are small-fry encrypted email ISPs using feds as excuse for closure?

Are small-fry encrypted email ISPs using feds as excuse for closure?

Summary: ISPs and email hosting providers need to be willing to and plan for the need to work with government officials.

SHARE:

Yesterday, it was Lavabit. Today it's Silent Circle. What? You never heard of these companies? Yeah, neither did I. They're getting headlines this week by closing their doors.

Here is, roughly, the story. Lavabit is/was a secured email provider that claimed to also be the service used by Edward Snowden, the NSA secrets thief who ran away from his country and is hiding out in Russia.

Lavabit (which is really a guy named Ladar Levison) claims to have been running his service for ten years, but doesn't want to become "complicit in crimes against the American people" so he shut down his service...all but the PayPal account where he's taking donations for his "legal defense fund".

Silent Circle is a different story. Even though Silent Circle has been around since October and the company hasn't yet made it a year in business, it's got some heavy hitters on its management team. Chief among them is company president Phil Zimmerman, creator of PGP (Pretty Good Privacy), a tool that's been used for email encryption worldwide for years.

If anyone knows about encryption and the legal complications, restrictions, and requirements, it's Zimmerman. That's why it's particularly interesting, as Steven Musil reported on CNET this morning, that Silent Circle is shuttering its email encryption service.

Silent Circle's Web site has been intermittently responsive as I write this, and since they've closed their email service down, it's difficult finding out exactly what service they were offering. But I'll make a few educated guesses.

Email using the Internet's SMTP protocol travels in the open over the Internet. Email is a store and forward protocol, which means a message leaves your account, is stored intermittently on a server, and arrives at a destination account. These days most email clients are Web based, which means the messages aren't downloaded to a PC and deleted, but instead stored on the provider's server.

These messages are generally stored unencrypted, which means an email provider can, at government request, dig through the email store of any given user and read the messages.

PGP, as a tool, as been used as an email client and an add-on to email clients like Outlook, to encrypt an email message from the source computer, send it in encrypted form across the network, and then let the recipient decrypt it using a public key and a private key.

Since PGP has been working like this for decades, it's unlikely this practice is what scared Silent Circle away from the email business. From what I can gather, it seems Silent Circle was storing email messages for clients and keeping them stored in encrypted form.

This would potentially subject them to government intervention, because they might then have to respond to a government request for certain email messages from suspect individuals and organizations.

Now, Silent Circle specifically claims that they "We have not received subpoenas, warrants, security letters, or anything else by any government."

From another group of founders, I would have considered this a spurious excuse, potentially to investors, as a way to get out of an unsuccessful business model. But these guys know this field better than almost anyone.

I do find it odd that people who are so aware of the government's connection to encryption issues would create a service that, from the beginning, could not be responsive to legal government requests. Perhaps they also found it odd, which is why they saw "the writing on the wall" and chose to close their service.

What does this mean for securing your information on the Internet? Well, that depends on who you're trying to secure it from. If you want a simple, secure communication that can't be cracked by criminals or your teenager, you'll continue to find excellent services that provide that capability.

But if you want to hide information that the government may need as part of criminal or counterterrorism investigations, then -- as it should be -- it will be increasingly difficult to do so.

This is not a case of "if you've got nothing to hide." Rather, it's a case of security provided that's also protecting national security. ISPs and email hosting providers need to be willing to and plan for the need to work with government officials.

Most large businesses have relationships with the government in one way or another and have for many, many years. This is not new.

Topics: Security, Government, Government US, Privacy

About

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

67 comments
Log in or register to join the discussion
  • Not accurate.

    You said, "if you want to hide information that the government may need as part of criminal or counterterrorism investigations, then -- as it should be -- it will be increasingly difficult to do so."

    That is simply not accurate. The true statement would be, "If you want your activities to be private from the government, even if you've done and are doing nothing wrong, it will be increasingly difficult to do so."

    It's been clearly demonstrated at this point that the NSA has access to extremely detailed information about whoever they want to monitor - all you need is to be cast in a suspicious light, either by actually being a lawbreaker of some kind, or simply by being incorrectly identified as one (or as associating with one) to be targeted.

    And that's just the stuff we know about. Pure power always corrupts, so in all likelihood, all you need to do is piss off someone at the NSA to be targeted.
    StormyWeathered
    • No kidding. This guy's apology for the American

      government spying on its citizens is reprehensible. What part of the 4th amendment doesn't he get? The state has NO BUSINESS WHATSOEVER in tracking, monitoring or storing ANY information about you unless it can demonstrate PROBABLE CAUSE IN ADVANCE to get a warrant. They DON'T get t play Minority Report.
      baggins_z
      • Hrm...

        Well...the data is in a 3rd party hands in most cases. The real question is did you read the user agreement and does the particular 3rd party have an agreement that allows government observation. Privacy and such doesn't translate to someone you hand your data to unless the agreement with that third party dictates it.
        Rig Perez
  • Not accurate.

    You said, "if you want to hide information that the government may need as part of criminal or counterterrorism investigations, then -- as it should be -- it will be increasingly difficult to do so."

    That is simply not accurate. The true statement would be, "If you want your activities to be private from the government, even if you've done and are doing nothing wrong, it will be increasingly difficult to do so."

    It's been clearly demonstrated at this point that the NSA has access to extremely detailed information about whoever they want to monitor - all you need is to be cast in a suspicious light, either by actually being a lawbreaker of some kind, or simply by being incorrectly identified as one (or as associating with one) to be targeted.

    And that's just the stuff we know about. Pure power always corrupts, so in all likelihood, all you need to do is piss off someone at the NSA to be targeted.
    StormyWeathered
    • LOL - God help you if you

      go to another country. People seem to think our Gov't is the only ones doing this. We are learning from other countries that have been doing this for years. My brother works for the FBI, and the stuff that comes across his desk people would pee themselves. Bottom line the bad guys are using the network to do bad things, period, thus the Good Guys need to find out and stop them period. Funny when there is no disaster and everyone feels safe it's - you are invading my privacy man. But the minute one of the low intelligent scum bags blows up something and hurts people you guys say "why didn't you do anything to stop this!" Well you can't have your cake without knowing the ingredients. If you do not acknowledge that then you need to go "Kaczynski" and disappear and get off the net.
      ScanBack
      • The Statist mind-benders

        always come up with this argument. The premises being:

        - better have safety than freedom (see the commies 100% job security)
        - only the government can provide you with safety
        - the price for your beloved gov't keeping you safe is to give up all your freedom and privacy

        Of course, the gov't does NOT ask the people whether they agree to give up their privacy in exchange for government-provided safety. People never voted to give away their freedom and privacy. In fact it's all done in absolute secrecy and those who dare disclose what's actually going on are labelled 'traitors' and hunted down.

        When it comes to terrorists attacking government targets or symbols of government power, the gov't makes sure that there is a little discussion as possible on the topic of 'why' it's 'us' the target and not the Swiss or the Dominicans. Somehow, they hate us 'for our freedoms' which of course we lost but such attacks have nothing to do with 'us' orchestrating coups of governments that aren't sufficiently servile to ours, sending troops and establishing bases in other countries, invading and occupying foreign lands, droning children and their grand mothers to death or supporting other states such as Israel's aggressive and apartheid-like policies.

        I do not need the government to read my emails or to keep track of my travel and expenses and, I assure you, if there is another terrorist attack I will not be upset because the government didn't read my emails or my neighbor's emails thoroughly enough.

        You seem to be a government-serving agent of influence, attempting to advance the idea that 'we are better off' in a surveillance-police state than 'on our own' as proud and free citizens of a free country.
        avrwc2
        • The Statist mind-benders

          Ditto what he said!
          NerdKool
      • Good cops, bad cops game.

        Both cops get their retirements paid by U$.
        Cuntspicuous
      • Let's not get into fantasy here ...

        there is no God to help you. And there are no Good Guys. There are Bad Guys and Worse Guys. The Bad Guys are criminals, using the Internet for criminal enterprises. The Worse Guys are governments, using anything and everything available for any purpose they choose. They make the laws, they don't obey them. They stop the "bad guys" only when it suits their purpose - mainly if they feel they are going to be hurt. If the bad guys' activities are aimed at another country with whom they are not friendly, they will ignore them.
        As for everyone feeling safe, that's a fantasy too. Nobody is safe - ever. Some people are safer than others, depending on location, money, and time of day. But there are always risks - that's life. The government uses the "safety" excuse to herd their sheep in the direction they want them to go. Those who tell us that Privacy must be sacrificed for Safety are either part of the sheep or shepherds, working for the government and telling the sheep what to think.
        Unusual1
      • Quid pro quo

        Scan back,

        If there was truth in what you say then transparency would not be a problem. After all _knowing_ about the monitoring etc would enhance its deter factor, and they could trace the spam and Trojans back to scourge to reduce the real eThreat to the public.

        People like Snowden would be irrelevant as everyone would know that stuff is stored and monitored. Why is there such a need for the government to keep such things secret....by your reasoning and their own claims...only criminal activity would need to be afraid of transparency!!
        mist42nz
    • [AI] is watching U$

      You are Power, or you are its enemy, and only Power readily understands that. Struggles for Power kill the present owners,
      as soon as they loose. IT has always has been about Power’s survival, and IT always will be. Providers compete for cost plus contract prizes, to prove [AI] watching U$ builds OBEY Power.
      Cuntspicuous
  • Malarki

    There is good reason to have encrypted services that hide information from everyone - including the government, even in "national security" issues. There is no reason the Federal government should have any domain over private business in the matter, considering their intervention into the private lives of law abiding and non-law abiding citizens or aliens directly reflects their disrespect and breaking of the 4th Amendment of the Bill of Rights. Regardless of whether or not our "representatives" ushered in stronger FISA courts through the USA PATRIOT Act, in lieu of Constitutional and well calculated response to the "terrorist" attacks of 9/11, it still violates the supreme law of the land and de facto isn't inherently legal - other than to the effect the Federal government usurps the Power of the People, creating an air or legality which stomps what our founding fathers fought for and provided for the Good People of the United States of America.
    Jacob Wahlgren
    • The nothing to hide idea fails the test of history..

      The framers of the Constitution DID NOT assume that the citizens always had nothing to hide.

      They assumed that government was always tyrannical.

      The goal of the Constitution and the Bill of Rights the Citizens of the States demanded was to severely limit the power of the Federal Government in the hope that before it could become so tyrannical that the only recourse for the citizens was armed revolt, ("But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government,") that the citizens could through the ballot box carry out an unarmed revolt.

      Because the press and essentially all politicians of all parties have chosen to ignore the clear intent of the 4th Amendment, we have now lost the right to the 1st Amendment guarantees of freedom of speech (government has claimed the right to collect and store records of ALL communications) and freedom of association (by having all the communications records they can know all associations). Without these it will be impossible to organize an armed revolt.

      So, absent the rise of a TRUE CONSTITUTIONALIST political movement, a movement that supports ALL of the Constitution, including the separation of church and state in the 1st 16 words of the 1st Amendment, we are doomed to absolute despotism.
      No such party currently exists. This was what the Republican Party was before 1964.
      CutRightSharpening
      • The last time I checked the framers of the

        Constitution did not have people trying to blow up citizens of the country nor had the ability to become citizens or green card holders with the intent of harming US citizens. Nor did they have the ability to hide and communicate such actions via the internet. You can still march you large rear down to your local Gov't and protest all you want, that right is still there. But last time I checked I don't think you have the right to plan to kill 100's/1000's of people or destroy the country of America. The problem is the bad guys know our laws and rules and play in that area. That creates a hell of a tough time for the law enforcement officials and Gov't to track them. I pretty sure you can still defame the country all you want and have that right. However, if you are part of known terrorist group and are doing that or are suspected because of your buying patterns, that would be a different group all together.
        ScanBack
        • Of course they did.

          They had explosives and terrorists, even then. And the ability to become a citizen was much easier at that time - all you really had to do was get here on a ship. There were no green cards. There was no Internet - they easily had the ability to hide and communicate their actions secretly. It certainly took longer to communicate across distances, but it was done. Ever hear of carrier pigeons? The founders were familiar with all of these things. They were also familiar with tyrannical government, being at the time in a struggle to free themselves from the control of the British government - including it's army and navy. So you're either ignorant or deliberately spewing false information.
          The problem is not the bad guys. The problem is that the government, in the name of protecting people from the bad guys, will eventually see everyone as a bad guy, including its own citizens. They will then do anything necessary to protect themselves - not the people of the country, but the government of the country. They do this by spying on everyone. Yes, it violates the constitution and their own laws. But self-preservation has always been considered the highest law. And if they're caught, they just apologize, pin it on a scapegoat, and promise to never do it again. Then they keep right on doing the same old thing.
          Unusual1
      • improbable but not impossible

        Ghandi style revolt is possible. John Lennon, assassinated peace leader said, "When it gets down to having to use violence, then you are playing the system's game. The establishment will irritate you: pull your beard, flick your face to make you fight. Because once they've got you violent, then they know how to handle you. The only thing they don't know how to handle is non-violence and humor."
        Human livestock lives are ordered, to compete for a chance to gratefully serve [hire] beings. Our firepower is useless against contaminated food. The PLANNED revolution is near to fruition, PSYOPS propaganda has divided U$ up into small minded factions, unable to resist our own animosity.
        Cuntspicuous
    • FLEXIBLE, by design.

      'the supreme law of the land', is what the swing vote on the Supreme Court decides that it is; FLEXIBLE, by design. 'the "terrorist" attacks of 9/11' were conceived by Al CIA duh. In exchange for removing Saddam from power, to ignite wars between Shiite and Sunni Muslims; Israeli Mossad provided tall building demolition. No asbestos removal permits required.
      Cuntspicuous
  • Others beat me to the punch - this article is non-sense.

    I see others beat me to it - this article is true non-sense. Written by an NSA employee and posted on behalf of a zdnet writer? I don't know, but it's literally complete non-sense.

    The reality is servers can and will be hacked. Let's say I want to store all of my passwords and delicate information for all my accounts (and SSN, etc etc) somewhere online - because that's highly convenient. Without encryption in which I the user am the only one with the key - doing this simple and *obvious* activity would be stupid.

    There are many other examples.

    I suppose all we can do is keep telling ourselves they're benevolent and just trying to be a good nanny.
    Aaron Greenhill
  • Apologist for government intrusion

    I shouldn't be surprised that a "member of the National Press Club" and a "national policy advisor" would come out defending the government's stance that it should have access to any and all personal, private communication, but damn. How far we've fallen.

    Your position is an affront to American principles.
    catch223
  • Governments have killed millions more than criminals ever will

    Mr. Gee-wiz your naiveté is dangerous.
    hg7x2cs02