Secure Email: No Such Thing?

By Emily Poole

Encrypted email provider Lavabit, founded by Ladar Levison, closed shop last August after being ordered to give the U.S. government the SSL keys to the entire Lavabit website. With the keys, the government—appearing to only be after information regarding whistleblower Edward Snowden, one of Lavabit’s users—simultaneously obtained access to the content of 400,000 other Lavabit email users.

On October 10, 2013, Lavabit filed an appeal in the U.S. Court of Appeals for the Fourth Circuit, arguing that the government’s demand for the SSL keys was unconstitutional and in violation of the Fourth Amendment. The Department of Justice is meant to file a response brief later this month.

The case has garnered the attention and concern of numerous privacy advocate groups, including the EFF and ACLU. The outcome of the case could set a new standard for Internet privacy. If Lavabit loses, and the court finds the government’s sweeping demands for information—information that encompasses data far beyond that related to a criminal investigation—constitutional, then Internet service providers will need to devise a new technological method for protecting users’ privacy. Lavabit and Silent Circle are already responding to such a task—even turning to Kickstarter to get funds for the creation of a more secure email system. The new system, which they’re calling the Dark Mail Alliance, is being designed to provide end-to-end encryption of both the content of the message and email while in transit. While Dark Mail could be the future of secure email, it is yet to be seen how the government would respond to the creation of such a system.

Read more: