Skip to main content

Amid the ongoing saga of the NSA and our government's never-ending disregard for our privacy and liberty, yet another incredible set of events are occurring.

On August 9, a small email provider, Lavabit, abruptly shut down its service rather than comply with an NSA request to monitor any and all of their customer's accounts. Lavabit provided encrypted email without any logging, meaning that requests for users' data could not be fulfilled as such data did not exist - or it was encrypted in such a way as to be unreadable. Days later, Lavabit's founder has been threatened with criminal charges for shuttering his business rather than comply with domestic spying.

The same day, another email provider, Silent Circle, decided without warning to delete all their users' email from their own servers and discontinue all email services. This was done to prevent government reading email headers and gathering information about users, their location and their personal correspondence. For Silent Circle CEO Mike Janke, the writing was on the wall:

Janke says that news triggered an emergency conversation with Phil Zimmermann, a Silent Circle founder who in 1991 created the e-mail encryption protocol known as PGP for “pretty good privacy” (see “An App Keeps Spies Away from Your iPhone”). “Once we saw what happened with Lavabit, we realized it wasn’t days, it was hours that we had to make a decision,” Janke says. But he adds that he never did receive [an NSA] request.

About Email


Before proceeding with the story, we should take a step back and consider email itself. It is true that email can be encrypted in a way that's uncrackable, even by the NSA. Several email providers, ISPs and VPN providers around the world encrypt their data in the same manner that the NSA encrypts their own, Top Secret data.

However, that doesn't stop the NSA and other government worker bees from simply stealing your information much the same way a hacker might - by unleashing viruses and malware to infect services and users' own systems. These attacks steal header information as well as the famed "meta data." They also likely store encrypted information in vast warehouses for cracking in the future at some point, when technology exists to crack it.

[E]ven if an e-mail service encrypts messages for secrecy, as Lavabit and Silent Circle did, the e-mail headers and routing protocols reveal who the senders and receivers are, and that information can be valuable in its own right. And second, the passcodes used as keys to decrypt messages can be requested by the government (if held by the e-mail company) or simply stolen by sophisticated malware.
Since the security community at large is aware of government encryption methods, its safe to say that when the NSA changes their own encryption methods, these private services will change as well. Why would private services change as well? Because if the NSA changes their own encryption methods, it likely means they've found a way to crack it. As a result, using strongly encrypted services should be considered safe and effective, so long as your service provider is attentive and competent.




Resistance is Futile


Lavabit was a service used by none-other than Edward Snowden, as well as at least 350,000 other people. The small business was run by the founder out of his apartment in Dallas, TX.

At any rate, the founder of Lavabit, Ladar Levison, has previously complied with NSA requests for user information. The most recent requests that resulted in the shuttering of his livelihood sought access to all users without restraint. You see, previous NSA requests were for specific users.

Levison stressed that he has complied with "upwards of two dozen court orders" for information in the past that were targeted at "specific users" and that "I never had a problem with that." But without disclosing details, he suggested that the order he received more recently was markedly different, requiring him to cooperate in broadly based surveillance that would scoop up information about all the users of his service. He likened the demands to a requirement to install a tap on his telephone.

Incredibly, only days later the NSA responds to Levison's decision to close his business by threatening legal action against him personally. Evidently, in the eyes of our government, closing his business is itself a violation of the NSA's request for data.

[A] source familiar with the matter told NBC News that James Trump, a senior litigation counsel in the U.S. attorney’s office in Alexandria, Va., sent an email to Levison's lawyer last Thursday – the day Lavabit was shuttered -- stating that Levison may have "violated the court order," a statement that was interpreted as a possible threat to charge Levison with contempt of court.
When the NSA shows up at your door, resistance is futile. In our latest twist in this saga, closing a tech business can itself illegal. Presumably the reason is one cannot provide data from a company that no longer exists, in their eyes violating a court order to provide data.




You must change


Unequivocally speaking, any service you're using that is based in the United States is tapped, compromised and leaking like a sieve. The service providers may be complicit, or they may be hacked, it does not matter. Should the service be ordered to provide data, they cannot simply close its doors without continual government harassment.

You cannot stick your head in the sand. The Obama administration directly authorized the NSA to bulk collect all email routed through, an order that required renewal every 90 days since its inception. Therefore this cannot be considered a "fluke," one-time action that flew under the radar.

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States. -- Ladar Levison, Owner and Operator, Lavabit LLC
Instead, you should switch to an offshore business. Why? The EU has a data retention law that requires ISPs to collect data about its users, but business that provide other services are not required to comply. In fact, in many countries they already have in place laws to protect your electronic data specifically. Regardless of this fact, most companies outright ignore requests from the NSA or American organizations (like the MPAA). Instead, they wait to see if an order will come from their own government, which is not likely to happen to any ordinary, law abiding person.

Email Providers


Most EU and European email providers should be safe, so long as they are not also ISPs. Here is a brief list:





Industry is changing


In response to government intrusion, many in the industry are changing the concept of email. Rather than serve messages over traditional email protocols, they aim to change messaging to other technologies. For example, making messages function and look like email, but actually rely on protocols typically used for instant messaging.
Meanwhile, Silent Circle is working on replacing its defunct e-mail service with a system that doesn’t rely on traditional e-mail protocols and keeps no messages or metadata within the company’s grasp. It is based on a protocol often used for instant messages and other applications. Janke says the goal is for this to not be e-mail, but “for all intents and purposes it looks, feels, and acts like e-mail.”




Update


I should note, as eltee did below, that your traffic is still collected if you have an email address of any kind, and you're within any of the so called "Five Eyes" countries. My traffic is always routed through a VPN, and I neglected to mention that while writing this article. VPN access is quite trivial to setup nowadays, and should be used regardless of NSA spying - as a simple means to protect yourself. In general it should not matter too much where the VPN is located, since your traffic is encrypted end-to-end. Therefore your collected data can't be analyzed (yet). Here are some good providers:
EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site