My colleague David Swan wrote recently about the demise of Lavabit, a publicly accessible encrypted email service, which (it appears) had been used by Ed Snowden.
Founder Ladar Levison announced, "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit."
Given the choice, he shut down Lavabit.
Without actually saying (presumably for legal reasons), Levison made it quite clear that he had refused US Authority's demands for access to specific data (which presumably could not be granted) and was left in an impossible position.
More chillingly, Levison added, "This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States."
And with that, Silent Circle has also shuttered their doors. (Correction: only the email service has been closed, see comment from Mike Janke below)
Over the weekend, Silent Circle has announced the cancellation of Silent Mail.
Along with this blog, the front page of their web site now announces the same message written by Jon Callas.
Silent Circle has preemptively discontinued Silent Mail service to prevent spying.
We designed our phone, video, and text services (Silent Phone, Text and Eyes) to be completely end-to-end secure with all cryptography done on the clients and our exposure to your data to be nil. The reasons are obvious -- the less of your information we have, the better it is for you and for us.
Silent Mail has thus always been something of a quandary for us. Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure.
And yet, many people wanted it. Silent Mail has similar security guarantees to other secure email systems, and with full disclosure, we thought it would be valuable.
However, we have reconsidered this position. We've been thinking about this for some time, whether it was a good idea at all. Yesterday, another secure email provider, Lavabit, shut down their system less they 'be complicit in crimes against the American people.' We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.
We've been debating this for weeks, and had changes planned starting next Monday. We'd considered phasing the service out, continuing service for existing customers, and a variety of other things up until today. It is always better to be safe than sorry, and with your safety we decided that in this case the worst decision is no decision.
Silent Phone and Silent Text, along with their cousin Silent Eyes are end-to-end secure. We don't have the encrypted data and we don't collect metadata about your conversations. They're continuing as they have been. We are still working on innovative ways to improve secure communications. Silent Mail was a good idea at the time, and that time has passed.
We apologize for any inconvenience, and hope you understand that if we dithered, it could be more inconvenient.
Right now, the security experts seem to be running scared of the US government.
That CANNOT be a good thing.