UK Secure Email Provider Shut Down His Service In January To Prevent GCHQ From Obtaining Encryption Keys
from the the-fallout-before-the-fallout dept
Shutting down secure email services because of surveillance agency interference apparently isn't just a local phenomenon. Lavabit, Snowden's email provider, shut down earlier this year to prevent being forced by the NSA to sabotage its own encryption. Silent Circle, another secure communications service, shut down its email product only hours later (but not its main messaging product). Silent Circle hadn't yet been pressured by the government, but obviously felt it was only a matter of time.
International Business Times is reporting a similar incident occurred in the UK earlier this year.
PrivateSky was shut down at the beginning of the year after introducing a web-based version in beta and for Outlook and had "tens of thousands of heavily active users".Even before the leaks made the Five Eyes' covert surveillance programs public, PrivateSky got an inside peek at the intelligence community's thirst for data. Unfortunately for Spector and his company, complying with GCHQ's request would mean destroying the security it promised to its customers.
Brian Spector, CEO of CertiVox, told IT Security Guru: "Towards the end of 2012, we heard from the National Technical Assistance Centre (NTAC), a division of GCHQ and a liaison with the Home Office, [that] they wanted the keys to decrypt the customer data. We did it before Lavabit and Silent Circle and it was before Snowden happened.
[W]e had the choice to make - either architect the world's most secure encryption system on the planet, so secure that CertiVox cannot see your data, or spend £500,000 building a backdoor into the system to mainline data to GCHQ so they can mainline it over to the NSA.I suppose GCHQ is satisfied either way. While having the encryption key would have been nice, it's just as simple to gather up communications and metadata from less secure services -- services some of PrivateSky's customers would have resorted to instead. National intelligence agencies seem all too willing to deploy scorched earth policies that destroy companies that don't immediately cave in to their demands. And why not? It does no harm to the government to force secure services out of business. The users of these services have to go somewhere and many of the available options have been compromised already.
"It would be anti-ethical to the values and message we are selling our customers in the first place."
Spector hasn't completely given up on the thought of offering a secure email service. He says PrivateSky is still up and running but is currently only used internally by CertiVox. But he does have a plan for another secure email offering based on the internal PrivateSky service.
He said that from the technology it has implemented a split of the root key in the M-Pin technology so it has one half and the user has the other.This could throw up some obstacles for intelligence agencies, the sort of thing they do everything in their power to avoid. The path of least resistance is also the one most frequently traveled. These agencies hate being told "no" almost as much as they hate being inconvenienced. PrivateSky's split key will do both. It should be interesting to see GCHQ's response if Spector takes the service live again.
"So as far as I know we are the first to do that so if the NSA or GCHQ says 'hand it over' we can comply as they cannot do anything with it until they have the other half, where the customer has control of it."
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: email, encryption, gchq, secure email, shutting down, surveillance
Companies: certivox, lavabit, silent circle
Reader Comments
Subscribe: RSS
View by: Time | Thread
I mean there has to be a way to make it at least significantly harder for the inteli morons, no?
[ link to this | view in chronology ]
Re:
Note this works with GMail etc, though to hide the meta-data requires that people have a mail server and exchange messages via TOR, or similar encrypted multihop links.
The 'problem' with doing this is that it is not as convenient as current web-0mail systems, but that is a price that has to be paid to secure communications. Any more convenient system relies to a greater or lessor extent on a third part, and could therefore be compromised by compromising them.
This of course assumes that the user operating system has not been compromised. For the really paranoid, 32-bit arm development boards are available, along with SPI connected Ethernet cards. Attach a keyboard, and a text-mode display, and storage via SD cards, and a highly secure text only email system can be set-up. Note, in this approach, the development board has control over what it sends and receives via the Ethernet card, which can go via a router to the Internet. Any flaw in the network stack is limited to seeing what is handled by the Ethernet card, and cannot get at the development system, which is where all encryption, and decryption is done. It is assumed that the SD card is only used to store encrypted messages, and an encrypted key-store. Note that the storage should not be used in a normal computer just in case it has been compromised, although is set up properly it would only expose encrypted data.
[ link to this | view in chronology ]
Re: Re:
I figured it would be a problem. Thanks for the explanation!
[ link to this | view in chronology ]
Re: Re: Re:
If, however, you get the key directly from the person you want to with (and not via the internet), then you can have a very high trust level in it. In those cases, there is no problem.
[ link to this | view in chronology ]
Re: Re:
Why would this make any difference?
You still have to load a TCP stack, most likely a GNU/Linux stack so why not just use a PC with GNU/Linux (especially as you will be using GPG anyway)?
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
The propose system uses minimum software, running from flash memory. Further its security is not dependent on the provided TCP/IP stack running on the Ethernet card, as it can be assumed that all Internet traffic is available to an attacker. Apart from an optional interrupt to allow the network card to demand attention, the ARM processor initiates all actions and data transfers with the network card, and does so over SPI, which is a simple serial interface. The network card only runs a TCP/IP stack, and the arm processor would only run the software required to manage input, display and encryption.decryption of text only emails. Nether processor is running an operating system or any other code than that required to carry out its task. This makes such a system effectively immune from external attack, especially where the system require physical access to reprogram.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Hell, Intel's newest processors support microcode updates, basically applying a patch to the processor. Exploiting the processor's microcode updates would be in undetectable for normal people. Oh the updates are signed with an encryption key only Intel has, but in light of the NSA disclosures, is there any reason to trust them not to hand it over?
[ link to this | view in chronology ]
Cyanogen mod coming soon
I'd like that baked into Thunderbird, but haven't had a moment to code it myself yet.
I'd like to also see domain to domain encryption public key in the MX record, but wouldn't trust any standards body at this point (e.g. NIST).
The per-session key, it's not possible, but you could insist your email provider *require* TLS. That would give an extra layer of encryption on the Sendmail to Sendmail link, but TLS is known to be partly compromised.
PGP is way too techy for users I think, on the other hand if that Cyanogen mod works, and the code checks out, that might be the solution.
I'm also keen to ditch Google for privacy reasons and so that Cyanogen mod looks very very promising.
I might give everyone in my family and friends a Cyanogen mod smartphone, especially the friends who campaign and stand for elections.
Take a look a Thailand to see how easily you can lose a democracy to a thug.
[ link to this | view in chronology ]
Re: Cyanogen mod coming soon
(The Mozilla attitudes towards add-on functionality vs. core functionality are an entirely separate ranty topic, but I can see the argument in many cases, including this one.)
On the other hand, aside from a few quirks related to format=flowed support and rewrapping (especially quote rewrapping), Enigmail itself works quite well...
[ link to this | view in chronology ]
Re: Cyanogen mod coming soon
It'd be impossible to trust this even if the NIST was 100% trustworthy. We already have a lot of problems with DNS cache poisoning.
I'm not sure what you mean by "if Cyanogenmod works". I use Cyanogenmod. It works. :)
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Response to: Ninja on Dec 13th, 2013 @ 4:30am
[ link to this | view in chronology ]
Idea
/s
[ link to this | view in chronology ]
Re: Idea
[ link to this | view in chronology ]
Re: Re: Idea
[ link to this | view in chronology ]
Re: Re: Idea
[ link to this | view in chronology ]
Re: Idea
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Not only are they illegally (and amorally) spying on their populaces, not only are they actively removing all public support for the idea of "fighting terrorism" by using terrorism as a standing excuse to spy on everyone year after year, but by treating the general populace as terrorists, they prompt the public to move to protect itself, which unfortunately must necessarily mean that actual terrorists become better protected as well.
Nobody will listen to them if they cry "terrorist" now, even in the unlikely event that there is an actual threat. The countries in question are more vulnerable, and it's entirely the fault of their blundering, overreaching spy agencies.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
That's why they named it RIPA: Disclose our doings and we gonna RIPA you a new one!
[ link to this | view in chronology ]
Simple solution
The orders normally include a command not to reveal the spying to the subject person, but a ban does not do that - any user can be banned for any reason.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Keep the populace under the thumb!
[ link to this | view in chronology ]
Easy way to get customer half
[ link to this | view in chronology ]
Re: Easy way to get customer half
[ link to this | view in chronology ]
Private Email
[ link to this | view in chronology ]