
Two Providers of Secure E-Mail Shut Down - jrochkind1
http://bits.blogs.nytimes.com/2013/08/08/two-providers-of-encrypted-e-mail-shut-down
======
jacquesm
" Mike Janke, Silent Circle’s chief executive, said in a telephone interview
late Thursday that his company had destroyed its server. “Gone. Can’t get it
back. Nobody can,” he said. “We thought it was better to take flak from
customers than be forced to turn it over.”

That guy has brass balls. It may very well be that this will be interpreted as
obstruction of justice, there is a specific element in there about destroying
evidence.

[http://en.wikipedia.org/wiki/Obstruction_of_justice](http://en.wikipedia.org/wiki/Obstruction_of_justice)

~~~
filipmaertens
What he did was equally an act of heroism (in face of Internet history) and
stupidity (in face of his own life). Perhaps, he should just have wiped and
destroyed the disks, and have it "seemed like a system crash at a bad timing"
caused it :)

~~~
StavrosK
Isn't it fucked up when someone suggests that someone's life might be at risk
because of some data he had (and completely had the right to delete) and it
doesn't sound utterly ridiculous?

This is now the world we live in.

~~~
mhurron
People 'suggest' the government is going to kill people all the time, it
doesn't make it true. That is the world you live in. You do not live in a
James Bond film.

This guy didn't risk his life. His livelihood perhaps, but not his life.

~~~
tbomb
he risked his life in in the way that he may be placed in jail for a while. I
don't think anyone is suggesting that he may be killed over a destroyed
server.

~~~
SODaniel
I would probably argue that being imprisoned for an undetermined time is
fairly comparable to "losing your life" for most people.

------
guard-of-terra
This is officially Iran level of government-busdiness interaction guys.

US seems to have state religion now, that is State Security. Sin and get
destroyed. Reminds me of USSR in that regard.

~~~
shiven
"State Security" as defined by a handful of war-mongers living in the past and
bent upon visiting its ghosts on the present, and sadly, the future
generation.

~~~
MWil
Related but I just checked the USPTO, and the trademark for "State Secrets" is
available.

------
eliasmacpherson
A slashdot commenter put this up a few weeks ago, it's worthwhile viewing for
an hour - you can get an idea of what the providers are going through. There's
a good interview with an archive.org employee around who also received one,
and tried to resist in his capacity as a librarian.

[https://www.youtube.com/watch?v=C25EkdWLU1k](https://www.youtube.com/watch?v=C25EkdWLU1k)

~~~
mtgx
I remember that guy. I think he was the first to fight an NSL, and to make it
so you can tell your lawyer about NSL's.

He also tried to crowdfund a very privacy-oriented ISP a while ago, but he
could only do it on IndieGoGo, and it was very new at the time, and I don't
think he completed the goal.

[http://news.cnet.com/8301-31921_3-57412225-281/this-
internet...](http://news.cnet.com/8301-31921_3-57412225-281/this-internet-
provider-pledges-to-put-your-privacy-first-always/)

~~~
eliasmacpherson
The archive.org guy:
[http://www.newyorker.com/online/blogs/elements/2013/06/what-...](http://www.newyorker.com/online/blogs/elements/2013/06/what-
its-like-to-get-a-national-security-letter.html)

------
philip1209
In response to these email shutdowns, I propose a PGP key signing party in
SOMA tomorrow.

------
sker
Reminds me of when they took Megaupload down. There was a domino effect where
a lot of torrent and file sharing sites decided to pack their things and go
home.

First the file sharers, then the secure emails. I wonder who's going to be
next? The reddits? The HNs?

~~~
philip1209
I think it's just going to lead to decentralization. More, smaller fish.

~~~
filipmaertens
I think you're absolutely right. The only effect that NSA/... (and let's be
honest, any other country is just jealous they don't have the capabilities of
an NSA :p) has on the Internet community is going to be a wider and further
proliferation of darknets, P2P and F2F services.

------
bredren
How did Silent Circle become a "major secure email service provider?" Lavabit
launched in 2004. Silent Circle launched "Silent Mail" four months ago.

I don't see how SC's action belongs in the same sentence as what Lavabit was
forced to do.

~~~
SODaniel
Lavabit was a much more "under the radar" provider. Silent circle has gained
huge traction since they started and provide secure Phone, SMS and mail
services. They may not be "equal" but silent circle is certainly more of a
high profile target.

~~~
bredren
What evidence is there of the huge traction? Have they announced actual
numbers?

------
shocks
This is why I setup my own email server...

Here is a great guide for anyone interested:
[https://www.exratione.com/2012/05/a-mailserver-on-
ubuntu-120...](https://www.exratione.com/2012/05/a-mailserver-on-
ubuntu-1204-postfix-dovecot-mysql/)

I set mine up on CentOS 5 using this guide. I would recommend you also look at
DKIM signing and SPF records to improve deliverability! :)

~~~
rgbrenner
email is not encrypted... they'll just have your hosting provider or ISP copy
your email when it's received/sent

~~~
techsupporter
My e-mail system is set to prefer TLS wherever possible. Spot-checks of
headers incoming from other sources show that, at the minimum, a TLS session
is successfully negotiated approximately 85% of the time so messages from
those sources are presumed to be encrypted while in transit. All clients must
connect using TLS (either IMAP-S or HTTPS). Yes, unencrypted copies likely
exist on the sending side (the data storage disks for my e-mail servers are
encrypted) and the client storage for some of my users is in the clear but
it's not possible for my ISP to read the bits in flight.

~~~
rgbrenner
so the nsa gets a list of IP addresses of mail servers that sent you mail, and
sends a subpoena to each of those providers instead.

~~~
welterde
And if the other side happens to be self-hosted as well or an provider based
outside the US?

~~~
ams6110
The NSA is _primarily concerned_ with communication outside of the US. You
would have less protection with a foreign provider.

~~~
welterde
Given that I am not an US-citizen I would argue that I am better of an
provider outside.. namely myself. Have fun puzzling together a complete
picture from dozens of providers.

------
tghw
It seems like there's an opportunity for a PGP mail forwarder, a service that
encrypts all incoming mail and then forwards it without saving anything in the
process. I'd pay bitcoins for that.

~~~
__alexs
This sounds totally useless as a 3rd party service due to how obvious a target
it would be but a simple encrypting proxy or MTA config would be pretty useful
for self hosted setups.

~~~
tghw
It'd be much less of a target than any encrypted hosted mail since it wouldn't
store anything, just be a pass-through filter.

Yeah, ideally we would all have our own encrypted, self hosted setup, but
that's just not realistic.

------
mknits
It's a victory of NSA-US govt. over the efforts of EFF and similar
organizations. We must continue this fight to safeguard our future.

Here are two free and secure email providers who keep themselves up only by
donations:

1\. [https://openmailbox.org](https://openmailbox.org)

2\. [https://autistici.org](https://autistici.org)

~~~
chadillac83
SSL errors on the 2nd... seems... worrisome.

~~~
pero
I'm but a layman but browser-side SSL verification is essentially 3rd-party
centralized validation of the authenticity of one side of an encryption
mechanism - predetermined vendors tell the browser whether a SSL cert is as
claimed and an SSL cert is only an encryption key.

This service doesn't care whether a browser-maker thinks its cert is real;
they also provide a means to validate that their downloadable cert is as
claimed - the cert is valid encryption between you and them, from anyone not
you and them, despite whatever errors a browser throws up.

------
Spearchucker
Obama is willing to deprive his constituents of their bread and butter to
enforce surveillance. Un. Fucking. Believable.

This is in no way Schadenfreude, but it does provide an opportunity for
countries with more transparency, or less appetite for strong-arming their
people.

------
raverbashing
The question is, why is this "secure email" safer? Apparently, not as safe as
some people assumed.

Focus on security on the ends, not on the middle.

------
camino020
Interesting to see talk about what is legal and what is not. Think about this:
Everything Hitler did in the Nazi Germany was legal.

How about a law that classifies tracking or stalking on the internet is the
same as in person, therefore illegal?

------
jonahx
> Taken together, the closures signal that e-mails, even if they are
> encrypted, can be accessed by government authorities and that the only way
> to prevent turning over the data is to obliterate the servers that the data
> sits on.

Can someone explain to me how this is possible? Or is this inaccurate?

~~~
bhitov
I think it is inaccurate. The concerns of lavabit and silent circle seemed to
be about unencrypted email.

~~~
MagicWishMonkey
Their concerns are not about unencrypted email, they refuse to install
eavesdropping equipment in their server rack.

You can encrypt your email all you want but it's not encrypted in the space
between your load balancer and your app server.

~~~
bhitov
I think in general "encrypted email" refers to end-to-end encrypted email
which of course does not have that problem.

------
kayoone
Hm, i wonder why Silent Circle just went ahead and shutdown their relativly
young and unknown mailservice without any clear reason other than to use the
opportunity to do get some publicity for their other secure services.

Lavabit was alot bigger than Silent Circle and this announcement seems a bit
suspicious to me. I might me totally wrong, but going ahead and shutting down
the service on the same day a popular competitor does without any clear reason
while at the same time embracing their other still running services seems a
bit strange to me.

~~~
eliasmacpherson
I don't think 'any news is good news' applies to secure services providers. It
will not make other offerings more appealing. Why bother with a provider that
has to resort to this kind of behaviour to protect its customers?

------
zem
as someone who (wisely or unwisely) depends on my email account as an online
datastore, the prospect of it just shutting down overnight and my losing
everything is terrifying. which probably means it's time to start some sort of
active backup mechanism, but more to the point i do wonder if any of lavabit's
or silent circle's clients ran into the same predicament.

------
serf
snowden used lavabit?

it shouldn't, but it makes me more confident in my choice of lavabit.

good thing I didnt use webmail.

