The truth about why Silent Circle silenced their secure email service

The truth about why Silent Circle silenced their secure email service

Summary: David Gewirtz interviews Silent Circle CEO Michael Janke to discover the inside story about why one of the most respected secure communications providers killed their encrypted email service in light of NSA surveillance concerns.

SHARE:

On Friday, I wrote Are small-fry encrypted email ISPs using feds as excuse for closure? The discussion was about secure email providers Lavabit and Silent Circle shuttering their secure email services.

"[He] was prosecuted by the U.S. government in the 90s and won. That's how the world has encryption now."
—Janke, of Zimmerman

Not a lot of you agreed with me that companies need to work with the government for the benefit of security. However, Michael Janke, CEO of Silent Circle reached out to me saying, "I liked your article and the questions you raise are different than most coverage I have seen. I would like to answer some of your in depth questions if you are interested."

I was, and he did. At the end of this article is the complete, unedited video interview with Michael. Before you watch that fascinating 34-minute piece, I'd like to share with you some of the highlights. First, the statement that resonated most with me:

About the right of privacy: "Whether you're in Tibet, Toledo, or Tunisia, [it is] the natural born right of every citizen to have a private conversation, to share a private picture or document; we feel is an innate right of the world."

Shuttering the email service

We talked at length about the reasons the company shut down their private email service.

About Silent Circle: "We're a mixture of some of the worlds' top cryptographers and security people from around the world."

Why they killed their email encryption service: "We knew that metadata was just as dangerous as email content regardless of if the contents of an email are encrypted. Who, when, where, why, the message header, your ISP, what operating system you're using, geolocating, and who you're communicating with are all very dangerous bits of data to retain."

About keeping up with growth: "Silent Mail was a stopgap measure... Unfortunately, we got a little too big, a little too popular around the world and the amount of users rose so fast that we had to shutter it before we were able to find a replacement."

About unexpected factors: "We understood inherently the dangers going into it, but we thought we had a little more time," and "We were literally sitting on a treasure trove of data that was highly valuable to many, many nations and intelligence agencies of the world. We made the pre-emptive decision to just scorched-earth it."

About future email products: "Our team has been working on a true peer-to-peer email app that looks, feels, acts like normal email, but it's not."

Why secure peer-to-peer is safe from governments: "We built our architecture -- legally -- so that we did not log IP addresses, we don't have metadata." They say the only information they have on customers (other than Slient Mail) is a user name, a phone number Silent Circle assigns, and password.

Why their other services aren't being shut down: "All our other products are peer-to-peer encrypted. There are no keys on a server. There is no metadata we collect," and "Anything is subjects to whatever governments want to do, however there's nothing for them to get (talking about the peer-to-peer stuff). You can't turn anything over if you don't have anything to give."

Global privacy concerns

We took the conversation to a more global level. First, here's an amazing (and pretty much true) claim about Silent Circle co-founder Phil Zimmerman, creator of PGP: "[He] was prosecuted by the U.S. government in the 90s and won. That's how the world has encryption now." I wouldn't say it's the only reason there is encryption, but Phil's fight was instrumental in making it available to users worldwide.

About government surveillance: "It's not just a US problem. It's a global issue," and "Most countries around the world, the minute you turn your phone on, you are being logged, tracked, recorded, collected."

About a bigger picture than PRISM: "I want to stress, a lot of press has been around PRISM and what happens here in the United States, but this is a global phenomenon. it is not relegated to our shores. This happens in Europe, South America, the Balkans, Asia, on a daily basis. Companies with equipment, people, and data in those countries done with secret courts and gag orders."

About American practices vs. other nations: "In some countries, it's not as nice as it is here," and "Unfortunately, that's most of the world. And unfortunately, they don't have near the amount of freedoms and luxuries and First and Fourth Amendment rights that we hold dear in North America and Europe."

About the NSA: "We understand and want the NSA to protect our citizens. But that conversation has to also take into account the freedom of speech, the privacy rights of indiviuduals, and the rights of companies to protect their intellectual property."

Now, watch the interview, complete and uncut. It will be well worth your 34 minutes:

Disclosure: It turns out I went to engineering school with one of Silent Circle's lead engineers. I didn't know that before I wrote Friday's article.

Thanks to my ZDNet colleagues Ed Bott, Zack Whittaker, Larry Seltzer, Denise Amrich, and Steven J. Vaughan-Nichols who helped me prepare for this interview.

Topics: Privacy, Government, Government US, Security

About

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

22 comments
Log in or register to join the discussion
  • Name and Photo is a Folder in Every Country? Maybe...

    Hate to say it, but what is discussed here is not a surprising matter, but a matter of disappointment. An interesting follow up topic would be to show how a person in the U.S. can file an Freedom of Information Act (FOIA) request on themselves, and if there are similar processes for people living in Canada, Japan, Europe, and elsewhere, to see how 'deep the rabbit hole' goes.
    Matthew A. Sawtell
  • To little info to really extrapolate

    For such a potentially implosive topic, there is too little information for the layman on the significance and impact to the everyday user. Thanks for the article and interview. To bad there is no way with the current mindset to get users to really look at, think and understand this.
    rhonin
  • Maybe You Should Have Done This Interview First...

    ...before shooting your mouth off about "excuses for closure".
    ldo17
  • It is interesting how this all came about, and about ...

    ... Silent Circle's approach. My guess is that all this metadata that ISPs collect was probably originally intended for targeted marketing. It's usefulness to the NSA was probably not on anyone's radar until the Patriot Act was created.

    Silent Circle does not store metadata so has nothing to turn over to anyone. I wonder if the U.S. Government will start REQUIRING all ISPs to collect metadata sometime in the future.
    M Wagner
    • If you think about the underlying email sytem for a minute.

      If you consider that email was never meant to be completely private. The system was invented to be legal and trackable. It was meant to provide proof and back up what people did and said.

      Using any existing email system for privacy, is like shouting gibberish through bullhorns from rooftop to rooftop, and hoping no one will understand what you are saying.
      Kieron Seymour-Howell
  • Data integrity

    The problem that I see it is not that Silent Circle decided to discontinue Silent Mail which it had every right to do. No, it's deleting customer data suddenly without warning. When I signed up for Silent Mail, the risks were clearly outlined and never thought in my wildest dreams that my data would be yanked suddenly just because the outlined risks became imminent. Indeed, I cannot think of any scenario which justified this action. Even if they got a letter demanding that their entire database with keys be turned over, that does not justify the destruction of customer data without warning.
    TechieJohn2
    • I am forced to educate that common sense is not always used.

      Unfortunately, you are ultimately responsible for your own data. If you choose to store your personal data on computers owned by others, you have no rights to complain when it disappears or when the data is breached and read by others.

      No doubt they had some sort of reason for acting how they did. It is standard action in the intelligence service to destroy all systems and data if you suspect an imminent threat, everyone knows this. The alternative is the risk of disclosure. Sorry, but if you want to play with their toys, you have to play by their rules. It is not their fault if you did not understand this. Ignorance can so rarely be used as a defence. In my opinion it just proves you should have never been using the service in the first place..

      You should have used the system and ALWAYS maintained a local and controllable backup. Not doing so, is not the fault of the service, but a shortcoming on the part of the user.
      Kieron Seymour-Howell
    • There is an answer

      ForHisGlory.PrivacyAbroad.com - Check it out. Great online privacy services based in Switzerland for data security. Let's stand up for our 4th Amendment Rights!
      OldGlory13
      • Switzerland No Longer Safe

        The U.S. of Obama recently forced Swiss banks to drop their pants and squeal on their confidential clients. If the legendary and formerly reliable Swiss banking industry has been compromised, why would you think that a Swiss email address would hold up against the paranoid and aggressive nation we have become today?
        TerrifiedCitizen
  • the realm of privacy includes plans for government

    Not only is it "the natural born right of every citizen to have a private conversation, to share a private picture or document", I would insist that it is the natural born right of every human being to discuss with others how they are governed and to plan ways to make changes in that government. That is why this is a really tough issue. People have a natural right to do what a particular government might not want them doing. Can any government be trusted with the power to know all that its citizens are doing, including their plans for government?

    A government that can stop all terrorism can also stop all political change.
    rjf@...
  • ouch this sucks.

    First, your commenting system sucks, and your data-mining efforts just so we can join the conversation suck too.

    I had a point 10 minutes ago. Hmm...

    Ok--these countries are mostly buying spying software from somebody. We need to target these companies with action, legislation, etc. Pressure from all sides.

    That comment wasn't worth the signup process.
    ccrystle
    • Target them with whom?

      Ask yourself, who you know, who has the resources and security to manipulate governments and the companies who do their bidding? I do not know anyone, and I seriously doubt you do also.

      You are a mouse contemplating the control of a pride of lions, which is either very brave, or very foolish.

      Governments see normal everyday people as the new threat, not terrorists. History demonstrates that common people have repeatedly risen up and overthrown their overlords. The Internet is a method of communication. Communication imparts knowledge to the common person. Knowledge conveys power. Power scares those who already hold the reigns of control. So, watching and monitoring everyone closely is exactly what large corporations and most governments crave. Unless you have the resources, no one is going to stop this, it is basic human nature.
      Kieron Seymour-Howell
    • You're Right

      Your comment was worth saying, but alas, we have a new generation in America, one that favors open borders and lots of free stuff instead of any individual rights. The recent presidential election has revealed that America has changed forever. You no longer have a majority that is capable of a vision beyond their monthly govt check in the mail.
      TerrifiedCitizen
  • Me worry?

    I have heard many people stating they have nothing to hide and think that all the hullabaloo is just hot air. What they don't get is that there are many other folks who do care, want to return our country to the freedoms guaranteed by our Constitution, and stop this movement to a more centralized federal government usurping States rights. It doesn't mean they would be promoting any violence or treason against the government but rather changing it legally according to the Constitution. But...And that's a big BUT, if the executive department of our government thinks otherwise it could very easily thwart these goals. Just look at the Tea Party vs. the IRS scandal. Highly doubtful this organization of mostly older Americans would be plotting something illegal to change the direction of the country. As someone has mentioned here, it is an innate right that we should expect a certain degree of privacy in our personal thoughts expressed to others via electronic or other means. The whole idea of the any government eavesdropping on these private legal conversations should be repulsive to all.
    jerry@...
    • You must consider how humans and society work.

      Most people who are skillful at manipulation and control have sociopathic leanings. Perhaps not clinically diagnoseable, but they would certainly have the personality traits awarded them genetically to control and manipulate large groups of people. If you look into how this personality type thinks, they see other people as resources or commodities. No farmer will accept that his livestock have equal say in how the farm is run, it just takes too much time and energy to talk things through when it is much faster to dictate and implement a system without anyone starting a discussion.

      The types of people who crave power and control, are the same types of people who do NOT have the best interests of others at heart; basic human psychology. The normal person who likes life and enjoys minding their own business have no aspiration to attain a power position in society. So, you are left with control freaks who need to justify themselves through the control of others. It is all about balance. You need those types of people who have the confidence and charisma to effect influence over others and make them work together, but you are playing with a double edged sword. The same people you need for control, may run out of control because they crave power and hate to be challenged. Eventually these people get rid of all the lesser or weaker people in the system. Then the system, unless it contains a negative feedback loop, runs out of control and you end up with a dictatorship or social type of government where entire groups of sociopaths compete with each other for control. After awhile, the system collapses, normal people rise up and pull down the system and the process starts again. Humans are selfish closed minded petty controlling animals who do not trust or even generally like one another. You will never obtain any sort of Utopian system until people change at the subconscious level.
      Kieron Seymour-Howell
      • RE: You must consider how humans and society work.

        Democracy is a journey, not a destination.
        gdstark13
  • what about non-US based encrypted email?

    It would be interesting to see how this Lavabit and Silent Circle meltdown relates to non-US based email encryption services that don't collect meta data such as http://salusafe.com and if we could expect similar abrupt shutdowns of offshore servers?
    freddyku
    • Security Abroad

      Servers based in the US must follow US law, especially the Patriot Act. Servers based in Switzerland are the most secure in the world. Check out ForHisGlory.PrivacyAbroad.com for details.
      OldGlory13
    • RE: hat about non-US based encrypted email?

      As the article says, the ONLY encryption that really matters is peer-to-peer. With that sort of system, it doesn't matter where it's based. In fact, it's not really based anywhere.
      gdstark13
    • Other Nations Merely Subserviant

      Offshore help is unrealistic. Washington used foreign govt's to collect personal communications on their own citizens before they decided to pass laws impinging natural and constitutional rights using various violent events as justification.
      After all, why do you think we send billions of dollars overseas to people who hate us when that tax money is so desperately needed at home?
      TerrifiedCitizen