by Alex Hern
August 15, 2013 (TSR) – On Thursday afternoon, Ladar Levison, the owner and operator of Lavabit, an email service that prides itself on privacy and security, abruptly closed his website, posting a short message to his former users. “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit,” he wrote. “After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot.”
Levison might be gagged by the law, but it’s not hard to guess at least part of the reason why his site is having legal troubles. In early July, journalists and human rights activists received an email from [email protected], inviting them to a press conference in Moscow’s Sheremetyevo airport. Given the NSA leaker’s understandable desire for security, it is not surprising that Edward Snowden would use a service designed for keeping messages out of prying hands. But knowing the American government’s desire to go to extraordinary lengths (such as grounding the Bolivian president’s plane) necessary to recapture him, it was perhaps a given that Lavabit would be a target once Snowden’s use of the service was public.
Assuming the former infrastructure analyst’s justified paranoia was put to good use, even a fully co-operative Lavabit wouldn’t be able to provide the US government with much help. One of the site’s biggest selling points against more popular email services such as Gmail is its full support for public-key encryption.
This is a form of encryption which uses two numerical “keys” to encode a message. One, the public key, is given out freely. Anyone wanting to send a message to Snowden would know his public key, encrypt the message with it, and send the now-garbled text. Snowden would then use his private key to decrypt it.
This practice is also known as “asymmetric encryption”, because of the most important factor in it: the public key cannot be used to decrypt the messages it has encrypted. Only the private key can do that. And, while the technological details are far too complex to get in to here (it’s basically magic maths, involving extremely large prime numbers), based on everything we know about the intelligence services, even they can’t break that sort of encryption. If they don’t have the key, they don’t have the data.
Unfortunately, as we know from the Verizon leaks that started this whole thing off, you can find out a huge amount about people without ever looking at their actual data. The metadata they leave behind – data about their data – is just as valuable. In Lavabit’s case, that almost certainly includes who Snowden has been emailing, and when. Depending on how much data the site stores, and how careful Snowden was when accessing it (he may have taken measures such as accessing the site through anonymisers like Tor, which would limit the damage), they could have details such as when he checked his inbox, what IP address he was checking from, and which browser he was using.
Levison promises he will fight “for the constitution” in the courts, but the odds are stacked against him. Bigger companies with better legal resources than Lavabit have been forced to submit to the national security apparatus. Eventually any metadata the site does hold is likely to end up in the hands of the government. It’s not hard to sense the desperation in Levison’s voice when he writes that “without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States”, but it’s also admirable honesty. From a security point of view, cloud computing in the US is dead on its feet.
Alex Hern is the New Statesman’s economics reporter. As well as stories with numbers in, he also covers technology, the internet and geek culture.
NOTE from the Chief Visionary Founder & Owner: CLOUD COMPUTING was a Luciferian propaganda to lure people into this. We are happy to report that MJS Global Group/The Santos Republic is NOT in cloud computing. We have a different standard because I saw this coming. When the mainstream media makes so much fuss over how cool something is, there’s always an underlying agenda. This is why we have all this delay in releasing our new mobile/iPad friendly website. Our vision, goal and mission is to fill the need. Though, our media platform is humble in many ways, we are at least ahead than many companies which gives us the ability to offer secure services to our clients worldwide. Just because we are not publishing a lot lately, that doesn’t mean we are not doing anything. We have been overwhelmed. What has happened now with the two small American secured email providers Lavabit and Silent Circle’s company suicides this week is what we have foreseen months ago. Hence, we had to make some critical decisions and priorities. Look forward to what we got in store for all of you, PEACE WARRIORS. – Lady MJ Santos