Original URL: http://www.theregister.co.uk/2013/08/12/secure_webmail_analysis/

The secure mail dilemma: If it's useable, it's probably insecure

'The writing's on the wall' – PGP daddy's crypto firm

By John Leyden

Posted in Security, 12th August 2013 12:54 GMT

Analysis The sudden closure of two secure email services may cause many privacy-conscious people to begin looking for alternatives. However, security experts warn that any service provider may be put under pressure to comply with authorities, and this might kill off secure mail as we know it.

Lavabit's Levison: No more palaver, I'm lathered over {redacted}

The issue has become even more of a hot topic among infosec professionals since Texas-based Lavabit – reportedly NSA whistleblower Edward Snowden's preferred email provider – announced it was going to roll down the shutter on services on Thursday.

Ladar Levison, the owner of Lavabit, said the firm had "decided to suspend operations" in the face of US legal pressure over recent weeks as an unpalatable but better alternative to becoming “complicit in crimes against the American people”.

I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations.

I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on – the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.

Levison is careful not to say this directly, but the implication is that he was either served with a court order from the Foreign Intelligence Surveillance Court or a National Security Letter. Both legal documents come with compulsory gag orders. You can see an interview with Nicholas Merrill, one of the few people to win the right to talk about a National Security Letter he was served with, here.)

Man-in-the-middle attack likely only way to get around encryption

Lavabit encrypts stored messages using public key cryptography as well as encrypting the contents of email in transit to guard against eavesdropping. This means that without a customer's private key nobody - not even Levison – can unscramble message.

This is a marked difference from bigger webmail providers such as Google's Gmail or Microsoft's Outlook.com, which hold the keys that would allow them to unscramble messages and turn them over to the authorities, if compelled.

Email stored on Lavabit's servers was encrypted using asymmetric elliptical curve cryptography, as explained in documents about its architecture. This service was only available to holders of premium accounts (among them, reportedly, Edward Snowden, who was said to have maintained the somewhat prosaic address edsnowden@lavabit.com).

The Feds might be seeking to intercept communications in transit between Levabit and its customers using some form of man in-the-middle attack or even seeking to plant government-sanctioned malware, El Reg's security desk speculates. If Snowden was the intended target then all sorts of exotic zero-day exploits might have been brought into play.

This is all complete guesswork on our part and all we know for sure is that Lavabit shut itself down to avoid complying with something it found intolerable while it takes its case to the Fourth Circuit Court of Appeals.

The owner of the boutique email service provider said he hoped to relaunch Lavabit in the US providing its pending appeals court case goes its way. It has begun soliciting donations for a legal defence fund.

Levison said the whole experience had taught him a "very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States," he said.

PGP daddy shuts down new secure email service

Hours later PGP daddy Phil Zimmerman's Silent Circle said it was shutting down its recently inaugurated email service rather than having to face the possibility of receiving a secret court order in future.

The firm is continuing with its core business of supplying secure messaging and encrypted voice apps for smartphones. But Silent Circle said it had unplugged and wiped its email service even in absence of any search or seizure order from government.

"We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now," Jon Calls, Silent Circle's CTO, explains in a blog post. "We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now."

Silent Circle runs its servers in Canada and has plans to expand to Switzerland. For the time being, though, it only has offices in the US and UK. However, despite having a presence outside the US, the owners still decided they wouldn't able to continue Silent Mail in good conscience.

Any UK firm offering similar services to Lavabit and Silent circle would have to comply with RIPA and any other future local law, such as the Snoopers' Charter, if it is ever reanimated.

And any service provider in the EU would be obliged to adhere to the Data Retention Directive, which specifies (among other things) that

each [member state's] authority shall in particular be endowed with investigative powers, such as powers of access to data forming the subject-matter of processing operations and powers to collect all the information necessary for the performance of its supervisory duties.

Setting up a secure ISP in an EU state means living with a regime little more friendly than that which exists in the US.

"All EU member states have to comply with the Data Retention Directive," Brian Honan, of BH Consulting and founder of Ireland's CSIRT told El Reg. "Each EU member state will implement the directive differently and will also have their own local laws too."

Honan said the only secure alternative is a DIY approach using encryption tools such as PGP. And even that approach won't always work – either due to a failure to use the technology properly or malware infection.

"Use PGP on the desktop as only you have access to your private key. For extra protection keep private key separate from PC," Honan told El Reg

Mail providers must choose: Silent compliance or shutdown

Lavabit boasts en estimated 400,000 users. Many of its users were left frustrated by the speed of unfolding events, with some using its official Facebook page to ask for the re-opening of its servers to recover data while many more (not necessarily customers) express support for the decision.

Lavabit and Silent Circle's actions reveal the stark choice with which service providers are faced: silent compliance to secret government orders or oblivion. In a statement, the Electronic Frontier Foundation (EFF) urged service providers of all sizes the push back against overly broad US government surveillance and interception requests.

The EFF said in a blog post.

Lavabit’s ominous note and the lack of information about this case is especially concerning for users of large communication service providers like Facebook and Google that may well have been subject to similar pressure, and we hope they will continue to fight for the user in the face of government demands, even if not recognized for years.

We need more transparency so the public can know and understand what led to a ten-year-old business closing its doors and a new start-up abandoning a business opportunity. Hopefully Congress will get concerned, especially when there are American jobs at stake.

Meanwhile, sysadmin-in-hiding Snowden told The Guardian's Glenn Greenwald, his chief collaborator in the leak of details of the NSA's controversial and wide-ranging surveillance programmes, that he found Lavabit's stand "inspiring". He told Greenwald:

Ladar Levison and his team suspended the operations of their 10 year old business rather than violate the Constitutional rights of their roughly 400,000 users. The President, Congress, and the Courts have forgotten that the costs of bad policy are always borne by ordinary citizens, and it is our job to remind them that there are limits to what we will pay.

America cannot succeed as a country where individuals like Mr Levison have to relocate their businesses abroad to be successful. Employees and leaders at Google, Facebook, Microsoft, Yahoo, Apple, and the rest of our internet titans must ask themselves why they aren't fighting for our interests the same way small businesses are. The defence they have offered to this point is that they were compelled by laws they do not agree with, but one day of downtime for the coalition of their services could achieve what a hundred Lavabits could not.

When Congress returns to session in September, let us take note of whether the internet industry's statements and lobbyists - which were invisible in the lead-up to the Conyers-Amash vote - emerge on the side of the Free Internet or the NSA and its Intelligence Committees in Congress.

Put it in the cloud... but make your own backups

Antivirus industry expert Paul Ducklin said the suspension of services by Lavabit had broader lessons for uses of cloud services.

"Lots of people seem to think that cloud services remove the need for you to keep your own backups, on the principle that 'you don't buy a dog and bark yourself'," Ducklin said in a post on Sophos's Naked Security blog. "But even if your cloud provider has impeccable credentials in respect of integrity and confidentiality, the availability of your data may be threatened by circumstances outside the control of either of you."

Privacy-conscious users have been left short of choices for secure email alternatives with the suspension of services from Lavabit and Silent Mail.

Hushmail, which offers web-based email service offering PGP-encrypted email and file storage, is based in Canada, but users with long memories will recall that Hush Communications was obliged to turn over clear text copies of email messages associated with several addresses back in 2007. This was the result of a court order under a Mutual Legal Assistance Treaty between Canada and the US, as a part of a drug trafficking investigation.

Hushmail's marketing claims at the time stated that not even its own staff could access encrypted email, but in reality, its server-side encryption option did create a means to recover plain-text versions of scrambled communication. Hushmail updated its terms of service soon after the incident became public knowledge in November 2007 to clarify that encrypted emails sent through the service can still be turned over to law enforcement officials, providing said officials obtain a court order in Canada.

PGP creator Phil Zimmermann, who helped to found the service, defended Hushmail's compliance with court orders at the time, arguing that users who pick web-based products for their ease of use can't expect absolute security.

Long-term collaborator Callas, who first worked with Zimmerman at PGP Corporation, expanded on the reasons for Silent Mail's decision to drop its secure email service, less than four months after its launch in April.

Silent Mail has thus always been something of a quandary for us. Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure.

And yet, many people wanted it. Silent Mail has similar security guarantees to other secure email systems, and with full disclosure, we thought it would be valuable.

Despite these inherent drawbacks, Snowden is rumoured to have used the Hushmail service at least at recently as March 2013, at least according to this investigation of his online footprint.

Several firms produce Firefox extensions that allow users to encrypt Gmail or other webmail, listed in an informative article by Computerworld here. These services might be a good option for some people – however we can't say for sure that they're bulletproof.

So what SHOULD we use?

The best option available to individuals who are concerned about privacy is probably to secure their own email using PGP rather than relying on any web mail service, say the experts.

If you want to go even more secure than that, then secure instant messaging alternatives such as OTR (Off-the-Record Messaging, a secure IM protocol) or Silent Text might be a preferable option.

Infosec and opsec experts on Twitter are coming up with some alternatives but are nowhere near any kind of consensus, while many of them note that losing the usability of email would be a bitter pill to swallow.

Difficult-to-use systems are inherently less secure, not least because it's human nature to look for shortcuts. What's needed might be a secure version of Skype, according to some experts.

Those that still believe in secure email were offered a champion in the larger-than-life shape of Kim Dotcom, who promised to launch a service next year.

"‪#Mega‬'s open encrypted email service outside of ‪#NSA‬ reach will change the way people use email forever. You'll see. Coming 2014," he said in an update on Twitter, before adding, "‪#Mega‬ encrypted services will put an end to mass surveillance. Where politicians fail us & laws won't protect us, innovation will save us."

"‪#Mega‬ plans to move privacy operations away from New Zealand to Iceland if the new ‪#GCSB‬ & ‪#TICS‬ spy laws are becoming reality," he added. ®