Email might be on the verge of a radical makeover. And the NSA is not going to like it.
On Wednesday, two American companies with a track record of offering encrypted private communications are set to join forces in an unprecedented bid to counter dragnet Internet spying. Some of the world’s top cryptographers are behind the secure communications provider Silent Circle, and they’ve teamed up with the founder of Lavabit, the email provider used by Edward Snowden, which recentlyshut down in a bid to resist surveillance. They’re calling it the “Dark Mail Alliance.” For months, the team has been quietly working on rebuilding email as we know it—and they claim to have had a breakthrough.
The newly developed technology has been designed to look just like ordinary email, with an interface that includes all the usual folders—inbox, sent mail, and drafts. But where it differs is that it will automatically deploy peer-to-peer encryption, so that users of the Dark Mail technology will be able to communicate securely. The encryption, based on a Silent Circle instant messaging protocol called SCIMP, will apply to both content and metadata of the message and attachments. And the secret keys generated to encrypt the communications will be ephemeral, meaning they are deleted after each exchange of messages.
For the NSA and similar surveillance agencies across the world, it will sound like a nightmare. The technology will thwart attempts to sift emails directly from Internet cables as part of so-called “upstream” collection programs and limit the ability to collect messages directly from Internet companies through court orders. Covertly monitoring encrypted Dark Mail emails would likely have to be done by deploying Trojan spyware on a targeted user. If every email provider in the world adopted this technology for all their users, it would render dragnet interception of email messages and email metadata virtually impossible.
Existing forms of email encryption, like PGP, can be used to encrypt the content of an email. But PGP cannot encrypt the “subject” header or metadata like the “to” and “from” fields, and the average user can find it too complicated to use. Dark Mail promises to address both of these issues in the form of an easy-to-use iOS app and an Android app. There will also be desktop versions for Mac and Windows users. People using the technology will still be able to send emails to friends or colleagues using Gmail and Hotmail—but when sending messages to non-Dark Mail users, a warning will be displayed, making it clear that the communication could be intercepted.
Silent Circle and Lavabit don’t plan to offer the technology exclusively. On the contrary, the source code of the software will be made public for anyone to scrutinize and audit, and the team is hoping that other email providers will be willing to join the Dark Mail Alliance. The more companies that do, the more secure email will become.
“Our vision is three or four years from now that this will become email 3.0—the way the majority of Internet users email,” says Mike Janke, Silent Circle’s CEO. The 45-year-old, a former Navy SEAL sniper, acknowledges that the launch of the service is going to be “politically hot.” Major companies like Google and Microsoft may be unwilling to adopt it because of how controversial it could be, with governments potentially furious that the technology could thwart their attempts to monitor communications and track criminals. But surveillance has gone “completely out of hand,” Janke says, and he believes it’s time to readdress the balance between security and privacy.
Silent Circle, which launched in 2012, boasts a crack team of renowned cryptographers including Phil Zimmermann and Jon Callas, who developed PGP email encryption and Apple’s whole-disk encryption respectively. The service offers encrypted phone apps for secure calls and texts. The company previously operated an email service, but pre-emptively shut it down in August after seeing Lavabit abruptly do the same in response to a sweeping government surveillance order. At the time, Silent Circle said it had to shut its email service because “there are far too many leaks of information and metadata intrinsically in the email protocols themselves.” What the company did not reveal was that it was gearing up to launch a new tool that would address that problem.
With the Dark Mail Alliance technology in place, Silent Circle is planning to resurrect Silent Mail in early 2014. All Dark Mail emails passing over the company’s servers will be encrypted, and it won’t hold the keys to decrypt them. Its servers will be located in Canada and Switzerland. “Any agencies that come down to us have no way to force us to comply [with surveillance] because architecturally it’s impossible,” says Janke. “That’s the beauty of it.”
Ladar Levison, Lavabit’s Texas-based founder, is a natural ally of Silent Circle. He teamed up with the company following his highly publicized face-off with the government, but has been working on implementing secure, privacy-focused communications for the best part of a decade. Levison, who is currently appealing the Justice Department’s attempt to force him to hand over Lavabit’s master encryption keys, plans to work with Silent Circle to help other email providers—large and small—implement the Dark Mail technology on their servers. He is due to formally announce the project during a keynote speech Wednesday at the Inbox Love email conference in California.
When email was first created more than 40 years ago, Levison said in a phone interview Tuesday, it was used on a small scale by researchers who trusted one another and didn’t have to worry about security of the protocols they were using to send messages. But that has drastically changed, as the Snowden disclosures have helped hammer home.
“What we’ve learned is that we need to replace email because it’s just too easy to snoop on,” says Levison. “And if we want to eliminate that from our society, what we need to do is reinvent the protocols from the ground up.”