Two encrypted communication service providers are turning to you for help in building the next-generation of secure email services. Lavabit founder Ladar Levison and Silent Circle recently began a Kickstarter initiative to help fund the development and roll out of the first Dark Mail clients.
"The Summer of Snowden may have taken the Lavabit email service offline," the project's Kickstarter page says, referring to National Security Agency leaker Edward Snowden, "But the lifeblood of the service is still alive and relevant to Dark Mail."
Dark Mail is a newly proposed email protocol from Levison and Silent Circle that promises to encrypt not only the body of messages, as is the norm with today's email encryption, but also protect the "header" metadata accompanying every message, such as the subject line, sender, recipient, and so on.
The plan is to turn Dark Mail into an open source protocol so that any email provider or client app maker can make their services Dark Mail compatible.
Mucking with metadata
Metadata is one of the big weakpoints of secure email communciations , since you cannot hide it from a third-party observing Internet traffic—a fact highlighted this summer when leaks about the National Security Agency's surveillance activities started coming to light.
Lavabit and Silent Circle were not directly affected by the NSA Snowden revelations, but both companies are familiar with the legal issues surrounding U.S. government surveillance.
Lavabit shut down in August in protest after a court order compelled Levison to hand over the service's SSL encryption keys to U.S. law enforcement. Shortly thereafter, Silent Circle decided to shutter its email service rather than face legal challenges similar to Lavabit's. (Silent Circle continues to provide other privacy services such as encrypted voice calls and text messaging.)
The core Dark Mail ideal is that even if law enforcement forced a service provider to hand over its users' communications, all the company could hand over would be unintelligible junk. Like other encryption schemes, only the recipient with the proper decryption keys would be able to read the message.
Making encryption easy
Levison and Silent Circle also hope that open-sourcing the Dark Mail protocol would encourage software providers to build Dark Mail capabilities into email clients, and that in turn will make using encrypted communication as seamless as using Gmail or Outlook.com is now. Current efforts to encrypt the body of email messages requires at least a modicum of technical knowledge and a willingness to troubleshoot potential set-up problems.
The Dark Mail Kickstarter campaign hopes to raise $196,608 to clean up the Lavabit secure webmail source code and build in the Dark Mail protocol. The campaign would also fund development of the first Dark Mail clients for numerous platforms, including Windows, OS X, Linux, iOS, and Android. Pledges for the campaign start at $25, which will give you access to the project's official binary package for the apps and the Lavabit webmail code.
Sign up for CIO Asia eNewsletters.