Lavabit relaunches secure email service, encrypted mail goes open-source

The service shut down in 2013 after refusing to hand over encryption keys which would compromise user privacy.
Written by Charlie Osborne, Contributing Writer
ZDNet/CBS Interactive, file photo

Lavabit has resurrected itself from the ashes to once again provide secure email services in a post-Snowden world.

Ladar Levison, CEO and owner of Lavabit, chose the US Inauguration Day to announce the firm's relaunch, saying in a statement to users that the email service will once again become available in order to protect "freedom, justice, and liberty," as secured by the US Constitution.

The executive says that not much has changed in our world since former US National Security Agency contractor Edward Snowden leaked the NSA's mass-spying activities to the world, but the need for secure and private communication systems still exists.

In 2013, the popular email service shut down without warning. It later emerged that the US government had pushed through a court order which forced Levison to hand over SSL keys required to track a specific Lavabit account -- which likely belonged to Snowden -- and to give law enforcement access to communication routed through Lavabit systems.

An unsealed court order revealed the demand, which at the time Levison was unable to confirm legally. However, rather than bow to the pressure, Levison shut down the service, rendering the court order useless.

Email, now a prime form of communication for the general public and businesses alike, remains open to surveillance, pillaging by government agencies or cyberattack, with few secure options available for privacy-conscious users.

However, Levison hopes that Lavabit can once again make a difference.

In 2014, Levison began development of the Dark Internet Mail Environment (DIME), an end-to-end encrypted global standard together with Magma, an open-source mail server system which supported DIME.

Both DIME and Magma have now been released to the public, with Lavabit users able to restore their historical accounts and utilize varying levels of security depending on their preferences.

"DIME [...] is radically different from any other encrypted platform, solving security problems others neglect," Levison says. "DIME is the only automated, federated, encryption standard designed to work with different service providers while minimizing the leakage of metadata without a centralized authority."

"DIME is end-to-end secure, yet flexible enough to allow users to continue using their email without a Ph.D. in cryptology," he added.

Former Lavabit users will soon be able to access their old accounts, which are currently being migrated to the new protocols. Users will be able to adopt DIME in what Lavabit calls "trustful" mode, which permits the server to handle encryption and security on their behalf. DIME also supports "cautious" and "paranoid" modes, which offer greater security but will restrict certain levels of functionality.

New users interested in the service can also pre-register their interest for the new, upcoming release. If users sign up now, they can expected a discounted sign-up fee of $15 for 5GB storage per year, or $30 for 20GB storage.

Domain operators will also be able to deploy Magma or implement their own DIME-supporting servers.

"Today, the democratic power we transfer to keep identities safe is our own," Levison says. "With your continued patronage, we will restore privacy and make end-to-end encryption an automatic, ubiquitous and open source reality."

2017: Must-have laptops for business users

Editorial standards