Secure email providers Lavabit and Silent Circle have formed a partnership they call the Dark Mail Alliance, with the intention of creating a secure email service that can thwart government surveillance.
According to security news site Threatpost, the new email service – which should be ready for use next year – will use existing protocols and cloud storage as a way to evade surveillance.
Both Lavabit and Silent Circle shut down their previous secure email services in response to the current US National Security Agency (NSA) surveillance scandal, where former NSA contractor Edward Snowden released documents revealing that the US and UK governments, among others, are involved in mass electronic surveillance projects of their (and each others’) citizens.
Lavabit elected to close its service rather than comply with a US Federal Bureau of Investigation request for its encryption keys. Fearing the same request would come its way, Silent Circle shut its offering down shortly afterwards.
The idea behind the new collaboration, according to Jon Callas, co-founder of Silent Circle, will be to send a short routing message to the intended recipient of the email over a protocol like XMPP. That will link to the actual message which will be held in encrypted form in cloud storage. The encryption key will be included in the routing message.
“It separates the routing and addressing from the actual content of the email,” said Callas. “It makes it so an email, which could be anything from ten characters to a few megabytes, doesn’t have to be pushed all the way down the line and transferred from server to server and make sure everything is safe.
“This resembles, in a lot of ways, things that were done in the pre-Internet days. SMTP has served us well for many years, but it was not designed to be secure at all,” Callas said.
“That means there’s all sorts of metadata that can’t be encrypted and sticks around forever. That data ought to be in a log somewhere, not in the email. It’s really trivial for people to pick it up and do metadata analysis on it.”
He continued: “This is going forward into the past. We want to go back to using things that were used on LANs and update it using crypto.
This is going to be an open offering for the Internet. Why not just open it up for everybody?
“We all decide that it’s better for the world to have an open, non-SMTP way to do email and those of us who are in the email business can offer whatever services we want on that infrastructure. Email was originally done with no security at all and we’ve been dialing it up ever since. Why not start over with high levels of security and let people dial it down if they want?”