August 9, 2013

"We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now."

"We knew USG would come after us," says CEO Michael Janke.
It hadn’t been told to provide data to the government, but after Lavabit shut down today rather than be “complicit” with NSA spying, Silent Circle told customers it has killed off Silent Mail rather than risk their privacy....

Silent Circle reportedly had revenue increase 400% month-over-month in July after corporate enterprise customers switched to its services in hopes of avoiding surveillance. The company giddily told Forbes it planned to nearly double staff and significantly increase revenue this year in part thanks to the NSA’s practices coming to light.
I'm sure there's lots of money that could be collected for providing services that are impossible to provide, but that's the catch: The service is impossible to provide.

31 comments:

sykes.1 said...

The slow motion coup d'etat continues. Leviathan feeds, and we are the krill.

traditionalguy said...

Best comment on the article was, "When exposing a crime is treated as a crime, then you are governed by criminals." That about sums it up.

Rit said...

Impossible? Well yes, when we are governed by those who believe they have the right to snoop into our every utterance and have the full force of government to impose their will on those who'd object.

Encryption folks. There is some excellent encryption software available and by using it properly you can pretty much guarantee that only those you intend are reading your email.

PB said...

VPNs are next, folks.

Robert Cook said...

Haven't you heard? When the gubment finds that people are using encryption software, they double down in their scrutiny, assuming those people have something to hide, (i.e., are criminals or--bom bom bom--terrorists!).

BTW, the coup d'etat is hardly slow motion, and is virtually a fait accompli.

MarkW said...

It's not an impossible service -- just an impossible service to operate inside the U.S. I won't be surprised to see services like this relocating to (or popping up in) Iceland:

http://articles.latimes.com/2011/apr/02/world/la-fg-iceland-free-speech-20110403

David-2 said...

Rit said...

Encryption folks. There is some excellent encryption software available and by using it properly you can pretty much guarantee that only those you intend are reading your email.

The issue (according to their blog post) wasn't encryption of the body of the email. It was that they were offering an email service using standard internet protocols (e.g., SMTP) which leave metadata (e.g., email to/from addresses) in the clear. Which would then be available to the NSA (or others) for signal/traffic analysis.

Their other services are strictly peer-to-peer (i.e., they don't go through any servers) using end-to-end encryption and (they claim) aren't subject to that problem (visible metadata).

However: With recent disclosure that the FBI (and presumably other government agencies) are able to push software onto your Android phones without your permission, I question whether their security model still holds: Client-side encryption is worthless if your client device is compromised.

Richard Dolan said...

"I'm sure there's lots of money that could be collected for providing services that are impossible to provide, but that's the catch: The service is impossible to provide."

Well, perhaps impossible to provide here, but there are many places beyond US jurisdiction. There is always the risk that other jurisdictions might be doing the same thing, of course. None of it matters if, as David-2 notes, the Govt can push software onto your devices that capture content before encryption.

Anonymous said...

The service is impossible to provide.

It's impossible to provide an encrypted email service? Is this a serious statement?

How did you make it through law school and become a professor at a high ranking university if you believe such a statement?

Anonymous said...

The service is impossible to provide.

It's impossible to provide an encrypted email service? Is this a serious statement?

How did you make it through law school and become a professor at a high ranking university if you believe such a statement?

Anonymous said...

The service is impossible to provide.

It's impossible to provide an encrypted email service? Is this a serious statement?

How did you make it through law school and become a professor at a high ranking university if you believe such a statement?

Anonymous said...

Technologically it is hard enough to provide this service because of just how much stuff a user has to know or trust to work correctly. Politically, at least now, and probably always, it is completely infeasible to provide this service. For better or worse we cannot hide from our government(s). Deal with it.

David-2 said...

Ken said:

The service is impossible to provide.

It's impossible to provide an encrypted email service? Is this a serious statement?

How did you make it through law school and become a professor at a high ranking university if you believe such a statement?


Maybe she made it through law school and became a professor at a high ranking university because she developed a skill known as "reading comprehension" - as she herself often explains on this blog.

The article linked to - if you had read it - clearly explains that the service which is impossible to provide is 100% privacy secure email using standard internet protocols, e.g., SMTP, which by their nature leak data (e.g., to/from addresses). You can encrypt the body of your email, but not the metadata.

You know, metadata. What we've been talking about the last month since Snowdon.

Swen said...

It's all a big conspiracy to prop up the Post Office by forcing people who value their privacy to send snail mail. :D

Beth Donovan said...

I don't know about the rest of you, but I find this incredibly disturbing.

No trial? Just a demand by the Obama Administration?

Is there no one in DC on either side of the aisle with balls to stand up and say enough and then do something?

Beth Donovan said...
This comment has been removed by the author.
Beth Donovan said...

I don't know about the rest of you, but I find this incredibly disturbing.

No trial? Just a demand by the Obama Administration?

Is there no one in DC on either side of the aisle with balls to stand up and say enough and then do something?

Edward said...

http://en.wikipedia.org/wiki/Clarke%27s_three_laws

Paraphrasing: There is no such thing
as 'technologically impossible' or
even 'impractical'; Engineers will
find a way, and governments will try
to suppress it, and them, probably
by making it illegal. They will fail.

htom said...

Ken, when the operating system itself is compromised, adding encryption on top of that compromised system is ineffective in concealing the encrypted content from those who've compromised the operating system -- they had access to both the plaintext and the keys. Game over.

Tibore said...

David-2 said...

The issue (according to their blog post) wasn't encryption of the body of the email. It was that they were offering an email service using standard internet protocols (e.g., SMTP) which leave metadata (e.g., email to/from addresses) in the clear. Which would then be available to the NSA (or others) for signal/traffic analysis.


Yes, this, exactly. It's a problem for any mail service, not just Silent Mail, and that was noted in the article. They were obviously not getting out of the game because of being forced to compromise their encryption, but rather because all the other information that is necessary for email flow can be obtained easily because it's not encrypted.

Email is not entirely encapsulated when things like PGP are used. It's only the payload i.e. the message contents that get encrypted. Anything in the To:, Cc:, Bcc:, and Subject: lines are open, and ditto any of the header information revealing what server a message originated from and what path it took to its destination. And a lot can be learned from the "To:" lines in a sampling of emails.

Tibore said...

Folks, I think you're reading too much into the Professor's comment. I did not read her as meaning that encrypted email is impossible to provide, but that end-to-end, point-to-point, non-broadcast and anonymous messaging is. That, after all, is the whole point of discussing encryption as it pertains to email. Encryption is not difficult to apply and use, and you don't need an email service to do it for you. But as noted earlier, that doesn't cover the header data. You'd need either a new protocol for how things work, or some way to transfer data without the co-payload of such metadata. Right now, that doesn't exist as an established, universally agreed upon email-type service. So your message may stay protected, but anyone who tries can still get the header data and know what email address(es) you were sending to.

Of course, anonymous message services are available, and always have been. But that's not what's being discussed here. And as a side note: It's also why I feel government has shot itself in the foot with heavy-handedness towards email snooping: It's not too difficult to simply exchange messages on, for example, Usenet (yeah, remember that? It's still around). You can even "encrypt" it and have people download and decrypt it as a binary file. My point here is that it's damn near trivial to avoid having to use email for things you don't want the government to know about, and that makes government not only look bad for snooping but also have to suffer the point that the efforts will only catch the dummies who stubbornly stick with email.

David-2 said...

I read a sci-fi story once - can't remember the title or author, darn it - that proposed a secure email system using a broadcast technology, as follows:

Suppose you had a forum somewhere (i.e., a web server) that would let you post any kind of message whatsoever. And it provided just a big list of those messages to anyone who asked for it.

You could communicate like this, using a public/private key system: Sender encrypts using your public key, publishes encrypted message with NO metadata. Receiver then downloads ALL messages on board and tries to decrypt all of them. Any that can be decrypted using his private key is for him!

Receiver can't be pinpointed because he isn't selective about which messages he downloads: He downloads them all. No addresses are used: the ability to decrypt is all you need.

Sender is a bit more difficult to hide; you have to assume VPN or some other method of anonymizing; although you could obscure by, as a sender, posting something to the board every single minute of every single day - most of those posts would simple be random numbers. Or you don't bother to hide sender at all: You still don't know what's in the message or who he's communicating with.

Today's internet where storage is cheap, bandwidth is cheap, and connectivity world-wide is high, could provide the ideal environment for such a system.

Question is: What legal tactics could be used to stop it?

Carl said...

They're not really providing secure communications, and they never were, NSA notwithstanding. If you're using SMTP and sending it off on the Internet, there are all kinds of places that could read the envelope other than the NSA. TCP/IP is kind of built on the idea that you don't have much to hide. It wasn't designed to be secure.

What they were providing is a feel-good service, I think. The illusion of security to people with a taste for it, but whose actual needs for it are insufficient to justify the considerably higher expense of genuinely secure communication. It's like selling 4WD SUVs to suburban SoCal housewives ("What if it rains a really, really, really lot? What if there's some kind of mudslide on the way to drop off the kids at school??!") Or selling self-defense pistols to people in gated community with a murder rate of 0.1 per 100,000 per century. Or selling to small businesses a network password program that makes everyone change his password twice a year, and include a capital letter and number each time. Security theater, is what Bruce Schneier calls it. They were selling security theater.

I agree with Tibore, though. The really irritating thing here is the extreme clumsiness of the Obama Administration, which will have no useful effect other than warning the stupid criminals to do something a little more secure, which will make it harder to nail them. What a bunch clownish morons. I am certain Presidents right back to Eisenhower did the same, or worse, but all of them were considerably more competent about handling it, and its public perception.

What is it about the Chicago Amateur Hour, even after nearly 5 years? Do they use up all their time studying how to snark effectively about Republicans? Counting their corrupt cash? How can they still be such n00bs about competent governance?

Robert Cook said...

"The really irritating thing here is the extreme clumsiness of the Obama Administration, which will have no useful effect other than warning the stupid criminals to do something a little more secure, which will make it harder to nail them."

You know, who cares about the criminals? Dumb criminals will always find ways to get themselves caught. I'm far more concerned, as everyone should be, at our loss of privacy and presumed innocence, at the violence done to our civil liberties--to the constitution--by such black shirt tactics. The longer this continues without change, the more it will become accepted as "just the way things are." A populace who does not value its privacy, who seems unaware of the great danger to its liberty of living under the constant surveillance of the state--or who just becomes inured to it--is a populace who has already surrendered to the state's power, and who can never recover what they shrugged off.

David-2 said...

Carl said:

They were selling security theater.

Nice rant, overall, but you're being too hard on the company, Silent Circle. They have three other products that are end-to-end secure, doing encryption on the clients, and peer-to-peer communication, such that there is no data leakage, and their own servers neither receive nor store any data. (The only analysis possible would be traffic analysis of captured raw IP packets making up the connection between clients/peers.)

Their Silent Email product was different: It had less security (of necessity) but they also didn't claim it had the security of their other products. It was offered because their customers wanted the convenience of it.

Except now, the Silent Circle people decided that because of US laws and policies, including FISA orders and National Security Letters that include gag orders that prevent the service/carrier/ISP from informing the customer of the government's interest, they can no longer afford to offer that email service because for that one service they do have data that could be turned over.

(I'm not an expert on their products, nor a user of them: the claims in the previous paragraphs come straight from their blog posts on the subject.)

The point being: Your scorn for their "security theater" is somewhat off target. For this product they didn't claim 100% privacy, and now that they can't even meet the privacy claims they did have for it, they're stopping it. Their other products are more secure by design and they're still offering them.

Kirk Parker said...

"Or selling self-defense pistols to people in gated community with a murder rate of 0.1 per 100,000 per century."

Ummm, Carl: is it really true that people who live in such places never leave them to interact with the outside world?



David-2,

Some shortcomings or flaws:

1. The service is obviously more useful the more users it has--in both senses of having more people to communicate with, and better hiding of who you're hearing from--BUT generates an exponentially-increasing aggregate bandwidth as users are added.

2. The fact that you receive data from such a service at all will be used to put you under suspicion.

Carl said...

They have three other products that are end-to-end secure...

Sorry, but I don't see how that's possible as long as we're talking about IP packets. They go from your home computer to your ISP's host, and from there through whatever chain of hosts your ISP decides gets them to their destination best. SC doesn't even know the intervening hosts who've received and retransmitted the packet. There are large number of opportunities along the way for someone in control of one host or another to read the addressing -- all the "metadata" about which we're talking here.

Sure, you can always encrypt the contents -- but you can already do that with GMail. You simply can't encrypt the headers, because no hosts along the route will cooperate.

Now if SC offered a genuinely secure pathway, e.g. your packets go down copper or fiber they own (rather than the telco or cable TV company), and are switched only in hosts they own (rather than backbone operators), and never leave that path until they get to the destination, ok. But I haven't heard that this is what SC offers. So all I am really hearing is that they offer to not reassemble the packets themselves into a complete file. Given that it has already passed through 10-20 hosts over which you and they have no control already, I'm underwhelmed.

There are certainly ways to do genuine peer-to-peer communication. The most obvious is the old-fashioned one: radio. I can send my packets spread-spectrum over 20 meters or something, encrypting everything, and I can be pretty damn sure nobody can read the content or the "metadata", and can't even locate the "to" address without an exhaustive and difficult RDF search (and of course the receiving address is undiscoverable even in principal). We'll skip over the pain in the ass of running up a 20m antenna, or me carrying around a transceiver. This just means I can't do my "secure" communications from my nearest Internet cafe.

So, yeah, security theater. If I was running a serious black operation, and I wasn't an expendable one-time-use operative, the whole idea of sending packets over the public Internet at all, if I thought the metadata could be used to nail me, would be ludicrous. As if I planned on sending my secret plans through the mail, and as long as I wrote DO NOT OPEN! on the envelope figured everything would be safe from the FBI. The best proof of this is that no government secure communication service -- e.g. the military's secure stuff -- runs over the Internet. That's not because they're stupid and haven't thought of SC's approach, and would much rather spend umpty $millions on a completely separate set of wires or radio links.

I'm not saying there aren't areas between "Hey mom how's it going?" and "I'll have the warhead plans for you Tuesday at 6am" where medium levels of security aren't of use. But for those cases I'd just encrypt the contents. If you're in a situation where even the metadata compromises you, you are no longer in a medium-security situation, and you need much more expensive and serious methods. If you're not willing to take them, it means, conversely, you're not really in a high-security situation.

Carl said...

is it really true that people who live in such places never leave them to interact with the outside world?

That's a CCW issue. You want to carry in public, your hurdle is much higher and completely different from going to the gun store and picking out an appropriate tool. Not in all jurisdictions, I guess. But I live in California.

Carl said...

Dumb criminals will always find ways to get themselves caught.

Of course. But how fast? It matters. I don't want to be the victim of the "extra" criminal events it takes to catch the dumb crook.

Kirk Parker said...

Carl,

Sorry, but concealed carry is precisely one of the reasons why someone living in a "safe" gated community might want to buy a handgun (the very thing you were mocking.)

And sorry again, but I live in America, not California, and getting a permit to carry a concealed weapon isn't much more complicated here than buying a handgun in the first place. I sure wish you guys would do something about the terrible anti-gun situation in CA.

Robert Cook said...

"'Dumb criminals will always find ways to get themselves caught.'

"Of course. But how fast? It matters. I don't want to be the victim of the 'extra' criminal events it takes to catch the dumb crook."

8/10/13, 6:12 PM

You're more in danger from your own lawless government then you are from dumb criminals.