Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Encrypted email vendor: Don't trust private data to companies with physical ties to the U.S.

Tim Greene | Aug. 12, 2013
Lavabit, Silent Circle shut down secure email operations in no-win faceoff with federal law.

Silent Circle's other businesses — Silent Phone, Silent Text and Silent Eyes — feature communications that are secure end-to-end and that don't entail Silent Circle retaining content of any customer communication. "We don't have the encrypted data and we don't collect metadata about your conversations," the company says. If it doesn't have it, it can't be compelled to turn it over.

The headline on the statement reads "Silent Circle has preemptively discontinued Silent Mail service to prevent spying", indicating it considers the seizure of private customer data to be spying.

Silent Circle says it had qualms about setting up Silent Mail in the first place because the protocols involved in Internet email are inherently insecure.

"There are far too many leaks of information and metadata intrinsically in the email protocols themselves," the statement says. But customers wanted such a service, so Silent Circle provided it along with disclosures about its possible weaknesses. "Silent Mail was a good idea at the time, and that time has passed."

We designed our phone, video, and text services (Silent Phone, Text and Eyes) to be completely end-to-end secure with all cryptography done on the clients and our exposure to your data to be nil. The reasons are obvious — the less of your information we have, the better it is for you and for us.

Silent Mail has thus always been something of a quandary for us. Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure.

And yet, many people wanted it. Silent Mail has similar security guarantees to other secure email systems, and with full disclosure, we thought it would be valuable.

However, we have reconsidered this position. We've been thinking about this for some time, whether it was a good idea at all. Yesterday, another secure email provider, Lavabit, shut down their system less they "be complicit in crimes against the American people." We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.

We've been debating this for weeks, and had changes planned starting next Monday. We'd considered phasing the service out, continuing service for existing customers, and a variety of other things up until today. It is always better to be safe than sorry, and with your safety we decided that in this case the worst decision is no decision.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.