I just got back from the 2014 New Hampshire Liberty Forum where I got to attend a number of great talks on privacy and security. One of the cooler parts for me was meeting Ladar Levison. Even though he wasn’t a speaker, he still took time out to speak with a number of us. For those who don’t know who Ladar is, he’s the founder of Lavabit, Edward Snowden’s email provider.
Lavabit made national headlines last year when it became the first technology firm to completely shut down rather than allow the NSA to spy on its customers. At Liberty Forum Ladar provided a little more insight into what the NSA wanted. Basically, they wanted his SSL private key so they could perform a man-in-the-middle attack on his servers. All traffic to the server would be intercepted by the NSA, downloaded, then forwarded along to the destination (with the potential for the NSA to manipulate data in the process). Of course this wouldn’t have just affected Edward Snowden, but all of Lavabit’s customers. Lavabit offered to comply with the order by giving them special access just to Snowden’s emails, but naturally that wasn’t good enough for the NSA as they wanted to spy on everyone. So Ladar made the heroic decision to shut down rather than allow his customer’s rights to be violated.
Now you can pretty much guarantee that if the NSA was demanding MITM access to Lavabit, they basically have that access for nearly all other services.
Last year Ladar and Lavabit announced a partnership with Silent Circle ― the Dark Mail Alliance. The goal of the Dark Mail project is to provide an end-to-end encrypted email protocol that not only encrypts the body of the message, but also the metadata. One of the problems with traditional encryption tools like PGP, is it can be relatively difficult for people who aren’t tech savvy to use. Studies have shown that about half of users make mistakes when using PGP, even after receiving instruction. Dark Mail doesn’t strive to be another encryption suit, but rather a new email protocol that encrypts messages by default without the user having to even think about it. It strives to be ‘Email 3.0’.
Ladar said he just hired a development team and intends start work on the project next week. He sounded a little frustrated with the Silent Circle team which has delayed release of the whitepaper, but he’s going to move forward with what he can in the meantime.
When it first launches, the Dark Mail protocol will be used by at least six different email providers, including Lavabit. You’ll still be able to communicate with non-Dark Mail email accounts, but it will put up a red banner telling you the message isn’t secure. Of course, getting every email provider to switch to this new protocol is going to be a huge challenge, but the hope is that consumer demand for secure email will drive adoption.
In my opinion this is one of the most exciting advancements in online privacy. I’m really looking forward to signing up for a Lavabit Dark Mail account.
Original content by Chris, copyleft, tips welcome