In light of the recent NSA spying revelations, one might feel compelled to switch to an encrypted e-mail service. That might be more difficult than it sounds, though. As the New York Times’ Bits blog reports, two secure e-mail providers based in the United States have shut down this week, and at least one of the closures looks like it was the result of pressure from the U.S. government.
The first service to shut down was Lavabit, which reportedly counted runaway whistleblower Edward Snowden among its users. Lavabit took its service offline on Thursday, and its website now shows only the following message, signed by owner and operator Ladar Levison:
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on–the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.
What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.
Although it doesn’t say so explicitly, Levison’s statement implies that Lavabit was asked to hand over e-mail data and was subject to a gag order. As the Times points out, U.S. law forbids the disclosure of FISA orders or national security letters. 50 USC § 1861 states, "No person shall disclose to any other person that the Federal Bureau of Investigation has sought or obtained tangible things pursuant to an order under this section." Exceptions are made only for attorneys involved in the case, people required to help comply with the order, and people cleared by the Director of the FBI or "the designee of the Director."
Following Lavabit’s closure, another security firm, Silent Circle, decided to shutter its secure e-mail service. A message on that company’s website reads in part, "Silent Circle has preemptively discontinued Silent Mail service to prevent spying." The message says Lavabit’s decision prompted the move. Speaking to the Times’ Bits blog, Silent Circle CEO Mike Janke added that his company took the unusual step of destroying the physical Silent Mail server. "Gone. Can’t get it back. Nobody can," said Janke. "We thought it was better to take flak from customers than be forced to turn it over."
These developments don’t bode well for secure e-mail in the United States. So far, to my knowledge, Lavabit and Silent Circle are the only services to have shut down. However, I wouldn’t be surprised if others followed suit.