Tuesday, August 13, 2013 - 00:47

Lavabit and Silent Circle terminate their secure email services

Unfortunately for many Lavabit and Silent Circle terminated their email services last week. While inconvenient for many users with accounts there it's a logical step. And an honest one.

Even though Lavabit was Ladar Levison's only apparent source of income he decided to terminate his service based on concerns about the security of his customers. A move that deserves respect.

The problem is easy to explain. You can effectively encrypt the content of an email, using PGP, S/MIME or whatever floats your boat. This encryption only affects the content. Not the meta data and the subject. While the latter isn't important the former is. The meta data contains information like who is communicating with who, when did it happen and what servers were involved in the communication. It's pretty much the same as meta data with phones. While this is not a total breach meta data quite often is asĀ  revealing as the actual content. Like with a phone call this cannot be overcome without changing the underlying network quite drastically. While it's theoretically very possible to conceive such a system it's impractical at the current time.

What these services did was that they locally encrypted everything on the server. So meta data wasn't easy to extract. However. This assumption is false if the government is involved. They can force the service to deploy systems to capture it before or after it was encrypted. There's no way around that since the meta data will always be unencrypted during transfer no matter who is encrypting what. It's simply a requirement imposed by the protocol.