Two Email Providers Shut Down Services, Citing Government Intrusion Concerns10:30 AM EST Fri. Aug. 09, 2013
Two U.S.-based email providers that tout strong measures to ensure user privacy have shut down their services, citing concern about government intrusion into their customers' communications.
Lavabit, which reportedly was used by National Security Agency whistleblower Edward Snowden to leak classified documents to reporters, has suspended operations while it appeals a U.S. government demand to cooperate with its request for customer information. Lavabit founder Ladar Levison said in a message on the company's website that it was fighting federal officials in the Fourth Circuit Court of Appeals.
"I wish that I could legally share with you the events that led to my decision," Levison wrote. "This experience has taught me one very important lesson: Without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States."
Meanwhile, Silent Circle, which provides secure communications services and recently launched an encrypted email service, said it would suspend its email offering. The company is maintaining its secure voice, text and VoIP services. In a statement to customers Friday, Jon Callas, co-founder and CTO of Silent Circle, said the company had been debating shutting the service for weeks.
"We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail now," Callas wrote. "We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now."
Both firms are based in Maryland. Silent Circle also has an operations center in London.
The documents leaked by Snowden have raised concern among U.S.-based service providers about NSA surveillance activities, and the public has begun to ask questions about privacy and transparency. Microsoft and Yahoo have filed legal requests to lift the secrecy restrictions set by the so-called National Security Letter requests, which demand information about specific customers and place a gag order on companies, preventing them from disclosing the request.
Google, Microsoft, Yahoo, Apple and other firms have issued reports identifying how many requests they have received from law enforcement for access to customer cloud-based data, such as email, files and chats. The reports also contain general information about the number of National Security Letter demands from federal investigators. A Google report in March indicated that the search engine giant granted access to up to 2,000 user accounts when government agents issued a National Security Letter.
Members of the Cloud Security Alliance have long been addressing cloud computing risks to businesses concerned about the the U.S. Patriot Act and fears that the government could remove sensitive data in cloud-based systems. Some organizations are turning to encryption, which would work if the business holds onto the keys, said Rajiv Gupta, CEO of Skyhigh Networks, a firm that provides access and policy controls and encryption to businesses for cloud-based services.
Skyhigh, PerspecSys and CipherCloud are among the emerging vendors in the cloud computing space called cloud security brokers.
"It's not so much a pullback from using the cloud, but much more of an awareness of the issues when your data is in the cloud," Gupta told CRN. "Businesses are saying they better make sure that the data is protected."
Speaking to white hat hackers at the Black Hat 2013 security conference late last month, Army General Keith Alexander, the director of the NSA and the leader of the U.S. Cyber Command, said data collection and analysis by the NSA saves lives. Alexander said his agency's activities are conducted under strict oversight from Congress, the courts and the current administration.
"We can audit the actions of our people 100 percent in this case and we do that," Alexander told thousands of Black Hat attendees.
Alexander also said he was concerned that the uproar over the publicity of the scope of his agency's surveillance activities could impact technology innovation and U.S. business.
PUBLISHED AUG. 9, 2013