Lavabit Melts Down; Circle Silenced; Individuals Flagged: Welcome To New Secure Amerika! - Granite Grok

Lavabit Melts Down; Circle Silenced; Individuals Flagged: Welcome To New Secure Amerika!

Govt crimping your options
Govt. crimping your secure email options
In case you were tempted to think that the government is not interested in you, and that you can go about your personal business with impunity “Because I’ve done nothing wrong”, even as the surveillance state metastasizes, THINK AGAIN! (And see Obama’s comforting comments here.)

There are lots of reasons to invest in secure communications, most of which have nothing to do with hiding things from government, but the recent revelations that the NSA is Hoovering up all our communications and warehousing them indefinitely has prompted a significant number of Americans to consider at least basic encryption of their email and phone calls.

LavaBitLogoSilentCircleLogo We like to believe that we are entitled to secure our belongings and information “against unreasonable searches and seizures”, but the government has effectively said “Not So Much” this week, as they have pressured one secure email company to close down, and by that chilling effect, have forced another company to exit the secure Email business.

Lavabit (and our liberties) melt down!
Lavabit (and our liberties) melt down!
In a chilling return to the principles employed by the British government prior to our revolution, the Patriot Act and its derivatives effectively create a class of secret search warrants – even if the warrants are obtained pursuant to a court hearing (but just trust them – the hearings are secret!), the target of the warrant is told that he is barred from even mentioning the existence of said warrant to a third party, or he will be automatically guilty of a felony. No recourse, and no justice – can anybody say “4th and 5th”?

In case you think this is wild speculation, let’s take a look at the words of Lavabit and Silent Circle, describing their experiences and choices – First, Lavabit’s Ladar Levison:

I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations.

I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on–the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise……

No Privacy in the American Sector
No Privacy in the American Sector
This experience has taught me one very important lesson: Without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.

 
And second, Silent Circle on their concerns that even encrypted email can leak metadata, and thus cannot be kept completely out of the giant sucking maw of the NSA:

Silent Circle has preemptively discontinued Silent Mail service to prevent spying.

SilentCircleLogoWe designed our phone, video, and text services (Silent Phone, Text and Eyes) to be completely end-to-end secure with all cryptography done on the clients and our exposure to your data to be nil. The reasons are obvious — the less of your information we have, the better it is for you and for us….

[The problem is that even encrypted] email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with [standard mail protocols] SMTP, POP3, and IMAP cannot be secure.

[Even though encrypted email is popular, w]e’ve been thinking about this for some time, whether it was a good idea at all. Yesterday, another secure email provider, Lavabit, shut down their system lest they “be complicit in crimes against the American people.” We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.

In other words, Silent Circle is sticking with ephemeral, end-to-end encrypted communications, such as their text and video messaging, and their encrypted phone service. They don’t want to be anywhere near a service where (A) government is collecting your metadata (who, what, where, when), and (B) government might issue a subpoena for their servers.

So much does Silent Circle value their customers’ privacy, that according to BoingBoing.net, they are not merely turning off the mail servers, but DESTROYING them so that government cannot demand that the user data be made available for cracking in the future. (And the servers were in CANADA!)

See also, these comments by Co-Founder and CEO, Michael Janke, in response to questions about why the email shutdown was so sudden:

We are NOT a US company. Our servers are not in the US, but all of the western [countries] cooperate legally. Sooner or later, someone from some country will legally or politically force any company to turn what it has over– [it’s] the nature of today’s playing field. The ONLY answer is to not have that metadata and ability to decrypt and turn over. Silent Mail by its nature- had that liability and so does every email provider. That is why our global platform is built on Peer to Peer architecture. We have nothing to be forced to turn over.

The danger lies in the fact that we have government customers from many nations-in addition to private citizens and business from over 100 countries. Therefore-we would have been giving Governments a heads up and time to serve us with a National Security letter – if we would have alerted everyone before shutting it down. We felt we had hours, not days to do this.

SnowdenWhat was the catalyst for this sudden crackdown on secure email services? It turns out that Edward Snowden was communicating over Lavabit’s mail service, as well as using Hushmail, and PGP encryption. Our secretive spymasters are clearly royally ticked off that there is any way for the citizenry subjects to avoid their invasive gaze, and they are determined to make it as difficult as possible for us to find an “Easy” button to escape their grasp.

The government’s desire to be able to monitor all communications goes back a long way, indeed, the same Phil Zimmermann who co-founded Silent Circle, and who has such strong views that he’d rather shut down their email service than let the Feds gain access to your data, was the man that the government prosecuted in 1991 (for inventing and distributing PGP encryption), and who was defended by the Electronic Frontier Foundation. EFF is still defending our digital freedom – look at their comments on the Lavabit situation:

“It’s rare to see an email provider choose to go out of business rather than compromise its values. It must have been a hard decision for Ladar Levison, but he remained true to his promise to put privacy before profits.

Moving forward, we need more transparency so the public can know and understand what led to a ten-year-old business closing its doors and a new start-up abandoning a business opportunity. Hopefully Congress will get concerned, especially when there are American jobs at stake.

Lavabit’s post indicates that there was a gag order, and that there is an ongoing appeal before the Fourth Circuit. We call on the government and the courts to unseal enough of the docket to allow, at a minimum, the public to know the legal authority asserted, both for the gag and the substance, and give Lavabit the breathing room to participate in the vibrant and critical public debates on the extent of email privacy in an age of warrantless bulk surveillance by the NSA.”

Did this man invent the Vacuum Cleaner, or the Security State, and at this point, "What Difference Does It Make??"
Did this man invent the Vacuum Cleaner, or the Security State, and at this point, “What Difference Does It Make??” As the Feds ‘Hoover’ up all communications!
Information Week’s article on the topic contained this little gem:

Furthermore, leaked National Security Agency (NSA) operating guidelines suggest that simply using encryption tools draws extra scrutiny from the agency’s analysts. Encrypted communications, when intercepted, are also exempt from protections afforded to Americans’ regular communications. While ordinary communications can legally only be retained by the NSA for six months, unless they contain evidence of a crime, encrypted communications may be retained indefinitely.

EscapeButton In other words, if you don’t encrypt your communications, the NSA will analyze all of them, and you should be worried about accidentally using a keyword, but it you DO encrypt your communications, the NSA will collect and archive them in case they want to throw computing power at cracking them in the future, AND you’ll be scrutinized more thoroughly full time!

Hmmm – About that Old PGP account I had…….

>