'Dark mail' debut will open door for Lavabit's return, says Ladar Levison

The end-to-end encrypted protocol that secures email may land as soon as this month.
Written by Zack Whittaker, Contributor
Lavabit.com as it stands today, November 2015.
(Image: ZDNet/CBS Interactive, file photo)

Lavabit, the privacy-centric email provider Edward Snowden reportedly used, is set to make a comeback.

Ladar Levison made headlines two years ago when he unexpectedly shut down the encrypted email service that he built from the ground up over a decade, after federal agents demanded he turn over his master encryption keys. The feds were likely after one user -- thought to be Snowden, the former NSA contractor turned whistleblower -- but this has never been formally confirmed as the case remains under seal. Concerned that the feds would go beyond the scope of the warrant, he shut down the site to prevent them "conducting surveillance on everyone," he said.

For two years, Levison has been working on his latest endeavor -- "dark mail" -- which aims to reinvent email for the modern age, making it encrypted and easy-to-use.

"It's moving," Levison explained in a late-July phone call, "but slower than what I'd like."

For the past few months, he and a group of developers have been working full-steam on bringing dark mail to life.

Dark mail aims to reinvent traditional email by making it private, secure, and surveillance-proof. Levison and his development team realized early on that the only way to do this was to rewrite the software and protocols from the ground up, allowing messages to be end-to-end encrypted on multiple levels to mitigate any potential data breach from an attacker. The final product, known as the Dark Internet Mail Environment (DIME), will plug in to existing email servers and services, allowing encrypted and private emails to be sent through its various dark mail protocols.

Levison said one of the DIME three protocols will debut first.

The so-called "trustful mode server" works in a similar but more secure way to how Lavabit once operated and how most encrypted email services work today, by allowing the server to handle the encryption and security for the user.

Dark mail could land as a preview as early as Thanksgiving, or by the end of the year at the latest, he said.

That leaves open the possibility that Lavabit could soon return as a dark mail provider.

"The short answer is yes," said Levison. But there is a catch.

Lavabit may not be the first provider capable of running dark mail, he said. Because so much time has been dedicated to developing the dark mail protocols, someone else may have better luck taking the open-source code and getting the first dark mail email provider up and running.

But his priorities are working on the dark mail protocol, first and foremost, which he said "would solve the problems that led me to shut down [Lavabit] in the first place."

"It's important to me that this technology does get developed and this problem is solved in an open and secure manner," said Levison.

DIME also has two other modes: the mid-level "cautious mode server" reduces how much trust is required in a server by placing more responsibility in a desktop or mobile client, while the most secure "paranoid mode server" gives users the greatest security but at the expense of features and functionality.

The project, which has support from Silent Circle's Jon Callas and Mike Janke, and PGP creator Phil Zimmermann, will continue to evolve over time. With dark mail's debut not far off, Levison said fully-built desktop clients will arrive early next year, and mobile apps are a "long term goal."

But for now, Levison said one of his top priorities is for dark mail to "be up, and stay up, and be reliable for those who use it."

Editorial standards