Mega to fill secure email gap left by Lavabit

Mega to fill secure email gap left by Lavabit

Summary: Kim Dotcom's privacy company Mega prepares a 'cutting-edge' email encryption service.


Kim Dotcom's "privacy company" Mega is developing secure email services to run on its entirely non-US-based server network as intense pressure from US authorities forces other providers to close.

Last week, Lavabit, which counted NSA leaker Edward Snowden as a user, closed and Silent Circle closed its secure email service. Lavabit's owner, Ladar Levison, said he was shutting it down to avoid becoming "complicit in crimes against the American people".

Last week, Mega chief executive Vikram Kumar told ZDNet that the company was being asked to deliver secure email and voice services. In the wake of the closures, he expanded on his plans.

Kumar said work is in progress, building off the end-to-end encryption and contacts functionality already working for documents in Mega.

"The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side," Kumar said.

"If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That's] not quite impossible, but very, very hard. That's why even Silent Circle didn't go there."

A big issue is handling emails to and from non-encrypted contacts when Mega's core proposition is end-to-end encryption, Kumar said.

"On this and other fronts, Mega is doing some hugely cutting-edge stuff," he said. "There is probably no one in the world who takes the Mega approach of making true crypto work for the masses, our core proposition."

Kumar said Mega is taking theoretic sounding technology such as Bloom filters, and making them work for the masses. Work is also under way to keep Mega secure, even if SSL/TLS is compromised.

"[It's] exciting stuff, but very hard, so I think it will take months more to crack it," he said. "But Mega will never launch anything that undermines its end-to-end encryption core security proposition and doesn't work for the mythical grandmother."

Meanwhile, Kim Dotcom has said that he may have to pull parts of Mega out of New Zealand if new surveillance legislation is passed into law.

Dotcom told TorrentFreak that the US government and the other Five Eyes partners, the UK, Canada, Australia, and New Zealand, are pushing new spy legislation to provide backdoors into internet services.

"The NZ government is currently aggressively looking to extend its powers with the GCSB [Government Computer Services Bureau] and the [Telecommunications Interception Capabilities] Act, which will force service providers with encryption capabilities to give them secret decryption access," Dotcom said.

He added that it might force some relocation of Mega's network to other jurisdictions, such as Iceland.

Dotcom explained that by design, Mega doesn't hold decryption keys to customer accounts and "never will".

Lavabit's Levison said: "This experience has taught me one very important lesson: Without congressional action or a strong judicial precedent, I would — strongly — recommend against anyone trusting their private data to a company with physical ties to the United States."

Kumar on his blog described the closures as "Privacy Seppuku", a form of Japanese ritual suicide aimed to preserve honour.

"These are acts of 'Privacy Seppuku' — honourably and publicly shutting down ('suicide') rather than being forced to comply with laws and courts intent on violating people's privacy," he said.

Topics: Security, Government US, New Zealand

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Privacy Seppuku... I like that analogy :)

    A very honorable and client oriented way to go!
  • Fox guarding the hen house?

    Such a great choice? NOT
  • ISPs and cloud companies

    in this country will lose out on a lot of business. either the government starts respecting our civil liberties or innovation on the internet will be hurting.
  • Dotcom

    MY,my. The US has done Kim Dotcom a great service in making him look more respectable than the US Gov. They even did it for free. I still think he's a bit sketchy, but not as much as they are turning out to be.
    • Correction - Silent Circle hasn't closed

      Silent Circle is still operating. They have only closed their Silent Mail service. They did this because they could not guarantee there were no traces left behind for the feds to ask for, unlike their other secure encrypted phone, video and text services. See here:

      As for Dotcom, not only the US helped him look good... The NZ security and enforcement services did a good job of that too.
  • Whu should i trust kimdotcom?

    We protect our email and documents (specially when on Google drive or DropBox) with a stand-alone message & file encryptor (we use the Provost Cryptex software, which is now called CYPHR ( ) but there are many other programs alike).

    Encrypting your messages and mail before storage or distribution is the only safe and reliable way.

    Encrypted mail services such as kimdotcom's suggested Mega Mail service will remain rogue operations and not fit for professional or official use in any way.
    Martin Beek
  • Secure emails

    Can be dangerous use the Kim Emails.. Kim and the company Megavideo had some problems in the past (I think everybody know it).

    I'm using Mail1Click as Encrypted email service provider, I think it is much better.
  • Internet

    i really wondered how huge the potencial of the internet really is.
    Who thought at the beginning that we would depend so much on that invention. Too bad that the goverment use it the wrong way....