back to article Snowden's secure email provider Lavabit shuts down under gag order

Lavabit, the security-conscious email provider that was the preferred email service of NSA leaker Edward Snowden, has closed its doors, citing US government interference. "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work …

COMMENTS

This topic is closed for new posts.

Page:

  1. Anonymous Coward
    Anonymous Coward

    It's ironic that this happens in the land of the free.

    I predict a large scale exodus of companies hosting in the USA.

    The US Government have really shot themselves in the foot with this move, it's going to fuck up a whole industry.

    1. Yet Another Anonymous coward Silver badge

      But an industry that makes very little in the way of political donations - they need to learn from private prisons, defense and farming how to get Washington to do "the right thing"

      1. grandours
        Trollface

        "...they need to learn from private prisons, defense and farming how to get Washington to do "the right thing."

        and from Apple.

    2. Oninoshiko

      I keep hearing this, and it keeps not happening.

      Damn shame.

      1. asdf

        >I keep hearing this, and it keeps not happening.

        And how many quarterly results have been reported since the Snowden story first broken. Due to contracts and such the lead time will be significant before it happens but by the same token that means they won't be coming back any time soon either.

    3. Yet Another Anonymous coward Silver badge

      It's ironic that this happens in the land of the free.

      Scotland ?

      1. Anonymous Coward
        Anonymous Coward

        Re: It's ironic that this happens in the land of the free.

        Remember when people used flee the Soviet Union and seek political asylum in the United Stated of America?

        1. henrydddd
          Pirate

          Re: It's ironic that this happens in the land of the free.

          I wonder if the word Snowden translates to Solzhenitsyn in Russian

      2. Thorne

        Re: It's ironic that this happens in the land of the free.

        "Scotland ?"

        You may take our mail servers but you'll never take our freedom...........

      3. Andy Gates
        Thumb Up

        Re: It's ironic that this happens in the land of the free.

        Stoneybridge!

      4. Anonymous Coward
        Anonymous Coward

        Re: It's ironic that this happens in the land of the free.

        Scotland? Dont think so, even though they may have fought hard against the English, unfortunately they didnt get their freedom from the Crown. Hopefully this will be rectified with the Independence referendum.

        Now if you had of said the Republic of Ireland, I would agreed more so. (Although us Irish have been known to cosy up to the American Gov so im not sure how far my argument stretches in the case of American security services invading privacy)

    4. Brian Miller

      Exit the US, and then go where? New Zealand? China? Russia?

      Seriously, the only way for something to be "bulletproof" is to be hosted in every single country that can support a data center, and then a shutdown in one country would not result as in a shutdown of the service overall. However, none of this prevents data from being read before it enters the mail servers.

      As for throwing a wrench in Google, Microsoft, Yahoo!, et al, the big guys have already acceded to the NSA's demands, and they aren't moving out of the US. Ballmer threatened to move Microsoft out of the US, but that was over taxes.

      1. andro

        For cloud hosting, host your own. Then you know what it is and where. Hire some skilled staff who can keep it running and keep the data backed up offsite. If your worried about web or email use SSL on your mail server and https in your browser.

        IMHO No business should keep any private data out in the cloud. Its not a question of country.

        1. Danny 14
          Stop

          host your own where? It wont stop them knocking on the door and grabbing your servers due too "unspecified terrorism charges"

          1. Anonymous Coward
            Anonymous Coward

            Host your own server...

            'host your own where? It wont stop them knocking on the door and grabbing your servers due too "unspecified terrorism charges" '

            Host your server somewhere under your physical control. Then, while it won't stop them grabbing it, they can't do so - or take a copy of the data - without you knowing.

            Hosting an email server isn't rocket science, and it doesn't require massive hardware - people have just got lazy over the years and assume everything has to be in the cloud.

          2. RegW
            Trollface

            > host your own [mail server] where? It wont stop them knocking on the door and grabbing your servers due too "unspecified terrorism charges"

            Well Yemen is proving to be popular. The USA only approaches by drone, and when they do - they generally kill the neighbours' kids. So a little money into the benevolent fund that Al-Qaeda runs for the widows and orphans (in lieu of compensation or even apology from the US government) and you should be pretty safe.

        2. Michael Habel

          >Implying that (Insert you warm and cuddly spy agency HERE), can't intercept your Mail before it hits the Server (where ever it may be!), and decode it. Yes even if your on a SSL connection. Which IIRC, was recently reported as not being all that secure actually...

        3. Anonymous Coward
          Anonymous Coward

          "If your worried about web or email use SSL on your mail server and https in your browser."

          Yes, because there are no CA's based in the USA that can issue certificates used, for example, in MITM attacks on any domain if required to do so.

    5. Dave 126

      "In case you haven’t noticed, we are now almost as feared and hated all over the world as the Nazis were."

      - Kurt Vonnegut Junior - http://inthesetimes.com/article/903/i_love_you_madame_librarian

      Remember the shameful blackening of his name Fox News indulged in after his death? We were always taught not to speak ill of the dead.

      "She was a widow, and he stripped himself naked while she went to fetch some of her husband's clothes. But before he could put them on, the police were hammering on the front door with their billy clubs. So the fugitive hid on top of a rafter. When the woman let in the police, though, his oversize testicles hung down in full view."

      Trout paused again.

      "The police asked the woman where the guy was. The woman said she didn't know what guy they were talking about," said Trout. "One of the cops saw the testicles hanging down from a rafter and asked what they were. She said they were Chinese temple bells. He believed her. He said he'd always wanted to hear Chinese temple bells. "He gave them a whack with his billy club, but there was no sound. So he hit them again, a lot harder, a whole lot harder. Do you know what the guy on the rafter shrieked?" Trout asked me. I said I didn't. "He shrieked, 'TING-A-LING, YOU SON OF A BITCH!' " - Timequake, KVJ

    6. Shannon Jacobs
      Holmes

      Freedom of speech is too expensive in today's Amerika

      Hey, if you had a battery of lawyers, maybe you could have survived.

      Privacy in America? Try to intrude on the Kolk brothers or the big dick Cheney. They can afford to break you into small shiny pieces.

      Hey, it could be worse. You could have gotten murdered by your hacked car a la Michael Hastings.

    7. This post has been deleted by its author

    8. Anonymous Coward
      Pint

      @AC

      I predict a large scale exodus of companies hosting in the USA.

      Well, that remains to be seen. Because in general it will be a lot easier for them to simply change their usage policies and be done with it.

      Sure, some will hold their ground based on their moral values, but I can't help wonder how many of the companies which claim to have "moral values" will actually live by them now that its being put to the test?

      In general it's easier said than done.

    9. This post has been deleted by its author

      1. A Twig
        Joke

        Re: No need to predict...

        Big mountains and a pretty shit hot army help as well :)

        1. Chika
          Coat

          Re: No need to predict...

          Big mountains and a...

          Somebody has been watching the Kentucky Fried Movie, methinks!

          We are building an army of extraordinary magnitude. You have our gratitude.

          Or was it Take him to Detroit?

      2. Benjol
        Big Brother

        Re: No need to predict...

        Ha, you don't have a Credit Suisse - backed credit card then?

        I just this week received the updated T&C which pretty much say: "You give us the right to host your data anywhere, to share it with who we want, and have it processed by companies anywhere, including in countries where you don't have any of the protection provided by Swiss law."

        The problem is: do I have the time or motivation to start trawling through competitor's T&Cs to see if I'll be any better protected? Not really, especially given the "everybody else is doing it" mentality amongst these sharks.

        1. Anonymous Coward
          Anonymous Coward

          Re: No need to predict...

          Ha, you don't have a Credit Suisse - backed credit card then?

          I just this week received the updated T&C which pretty much say: "You give us the right to host your data anywhere, to share it with who we want, and have it processed by companies anywhere, including in countries where you don't have any of the protection provided by Swiss law."

          Why don't you give the Swiss Data Protection officials a call?

          As far as I can tell, this borders on a breach of banking laws so I'm sure they will be interested to hear of this, and they can get seriously aggressive if CS is trying to pull a fast one. The guy that runs that department is a good political player so he tends to get results.

          It would be ridiculous for CS to undo all the effort that went into getting a separate card processing centre in Switzerland to protect the privacy of transactions.

          1. Mr F&*king Grumpy

            Re: No need to predict...

            never mind "borders on", it would break Swiss law, full stop. In fact it would be a criminal offence. But only in the card holder is domiciled in Switzerland and the credit card is issued in Switzerland.

          2. Anonymous Coward
            Anonymous Coward

            Swiss banking secrecy: not so much

            The Swiss banks have caved to the U.S. because the big banks, like UBS and CS, have daughter companies (CS Boston, etc.) under U.S. jurisdiction, can be fined, have their licenses revoked, and have their managers and client handlers arrested and sent to jail.

            The banks which are not present in the U.S. can still have their arms twisted by the U.S. (or EU) threatening to cut off their access to international services of one sort or another (SWIFT, etc.).

            Even the banks which are present only in Switzerland, such as the Kantonal banks, are not immune, as they have large sums of money they need to invest somewhere, and don't want to be prevented from buying and selling U.S. securities or investing in funds which do. Also, if the U.S. authorities get the names of (not entirely innocent) Swiss bank managers or client handlers by squeezing them out of tax cheats who have been arrested in the U.S., then they can put those people's names on a (secret) list and arrest them for aiding and abetting the tax cheating, should they ever make the mistake of going on vacation via a route which takes them through a U.S. airport.

            Under those conditions, the banks are trying to protect themselves and their employees by not only complying with laws regarding money laundering (which was rather belatedly made criminal under Swiss law in response to pressure from countries mainly trying to fight the international drug trade, and only later also funding of terrorism), and getting rid of numbered bank accounts, but also by simply refusing to do business with any customers subject to U.S. tax laws, regardless of their citizenship.

            U.S. citizens living in Switzerland (or anywhere in the world) still have to file U.S. tax returns and are subject to U.S. taxes on their world-wide income, even if not a penny was earned in the U.S. Some of them are having trouble finding a place to have a bank account any more. I'm not talking about rich people here, just normal people working a 9-5 job who happen to be ex-pats.

            Swiss citizens living in Switzerland, but who earn money on investments in the U.S. are also subject to U.S. as well as Swiss taxation on the U.S. income.

            Therefore, if you open up a bank account in Switzerland now, in all likelihood you will be asked to sign a form in which you either assure the bank that you are not a U.S. citizen and also have no dealings which would create a U.S. tax liability, or else you voluntarily waive your right to privacy and explicitly permit the bank to share your information with U.S. authorities. This also applies for simply getting a safe deposit box.

            Furthermore, the mechanism by which this is being done is not that the U.S authorities send a letter requesting your details if they suspect you of tax cheating, and then some bank employee gets them from the bank's secure computer system, prints them out and mails them to the U.S. authorities. No, the U.S. demands that they have direct access to the Swiss bank's computer systems so that they can pull the data whenever they want.

            How the information on Swiss citizens, which is subject to Swiss banking secrecy laws (the few shreds that remain) is protected I have no idea. I go on the assumption that the NSA, CIA, DHS, etc. have either hacked into everything they weren't already given access to, or have sources planted in the various banks. So the only protection you really have, is that they are mainly interested in the big tax cheats and terrorists and would be unlikely to go after some average person for a trivial offense, because they'd have to explain how they got the data and reveal the extent of their penetration of the banking systems.

            There was an article in a Swiss newspaper a few days ago about the number of CHF 1,000 bills now making up 60% of the total CHF currency in circulation. By way of comparison, the EUR 500 note makes up about 30% of the total value of EUR in circulation.

            AC for the obvious reason.

            1. Anonymous Coward
              Anonymous Coward

              Re: Swiss banking secrecy: not so much

              "they are mainly interested in the big tax cheats "

              Don't think so. But the rest of the post is pretty spot on.

              "they'd have to explain how they got the data"

              First option: It was on a CD we bought, honest guv (or local equivalent).

              http://www.spiegel.de/international/business/germany-raids-200-suspected-tax-evaders-in-nationwide-hunt-a-894693.html (16 Apr 2013) starts

              "German tax authorities have bought a new CD containing bank account details of thousands of alleged tax evaders with accounts in Switzerland. They conducted 200 raids on Tuesday and expect to recoup more than half a billion euros in lost tax revenues.

              German tax investigators conducted 200 raids on alleged tax evaders with bank accounts in Switzerland on Tuesday, prosecutors said"

              1. Anonymous Coward
                Anonymous Coward

                Re: Swiss banking secrecy: not so much

                "German tax authorities have bought a new CD containing bank account details of thousands of alleged tax evaders with accounts in Switzerland. They conducted 200 raids on Tuesday and expect to recoup more than half a billion euros in lost tax revenues.

                Are those the same tax authorities for which now an arrest warrant has been issued in Switzerland? They cannot set a foot in Switzerland without being arrested. Someone in Bern seems to have at last seen sense.

      3. Ralph B

        Re: No need to predict...

        > it is forbidden for a company to send/handle Swiss customer data outside of Switzerland

        Ah, so that's why we have no access to Netflix, LOVEFiLM, et al in Switzerland, is it?

      4. Anonymous Coward
        Anonymous Coward

        Re: No need to predict...

        Here in Switzerland, demand for hosting services has skyrocketed as clients have been dumping US and UK-based providers, and turning to Swiss data centres that enjoy strong client data protection law.

        Marco van Beek referred to this earlier:

        "Companies that do not want to fall foul of privacy regulations have a problem: the legislative anti-terror backdoors installed post 9/11 offer authorities easy access, but provide for little transparency in how those rights are used or what happens to the data afterwards, and they exist in European law too.

        In the UK alone, fairly public events have shown that not only such legislation will be abused, even more so when those who are supposed to guard against abuse are in collusion with those who break the law."

        That was written before Snowden and Co. provided the actual evidence. It appears the author was *way* ahead of the game, so you heard it on The Register first :-).

      5. This post has been deleted by its author

      6. Anonymous Coward
        Anonymous Coward

        Re: No need to predict...

        Migrating to Swiss providers, that's exactly what I just did, very nice and smooth and more importantly far more secure and respectful of confidentiality. Now just wait for the US / UK / EU fascists to turn their guns onto Switzerland in yet another retaliation of the most democractic country in the world.

    10. Anonymous Coward
      Anonymous Coward

      Maybe not exodus but.....

      I work for an American owned IT company and although I haven't seen customers asking for stuff to be moved from our US hosting, new solutions certainly aren't going there. Customers have insisted their new solutions are not in the US

      1. Andy Gates

        Re: Maybe not exodus but.....

        It's an effort to move provider - so the first impact will for sure be in a fall of new contracts.

        Moving when the contract next comes up for renewal - when the Board are asking "do we want to keep our stuff here?" - that's when the existing customers will start to go.

    11. Anonymous Coward
      Anonymous Coward

      Yet again proof that privacy is not a TECHNICAL problem

      If you don't start with the right legal framework you can throw whatever technology at the problem - you will eventually have to make a choice protecting your client of following the law. Most people I know don't go into business to become martyrs.

      This is why we develop global privacy strategies: you can actually make the law work for you if you reside in multiple jurisdictions (provided you move your HQ out of the danger zone, otherwise you're wasting your time). Technology is pretty much at the tail end of that process.

      What I find spectacularly interesting is that the knowledge required to do it right is actually not in any of the privacy accreditations. The people that come to us with IAPP credentials always need a lot of extra schooling before we can even use them as assistants. I'm not sure why that is, but the omission is interesting given that the IAPP is US based. You'd almost see a conspiracy there..

    12. HereWeGoAgain

      America is not the land of the free

      And the US Constitution is not worth a bean and never has.

      Did the US Constitution stop slavery? No.

      Did it stop mass internment in WW2? No.

      Americans who ramble on about the Constitution are living with their heads in the sand.

      Still, 10/10 for Lava for having some integrity.

      1. cortland

        Re: America is not the land of the free

        By the same performance based standard, NO systems of laws nor religions are, either, or ever have been.

      2. Marshalltown
        Pint

        Re: America is not the land of the free

        The US constitution, or more the Bill of Rights, is about all the country has going for it. What's not worth a bean is the average citizen of the US, who couldn't care less about their constitutional rights until they accidentally find them selves interred in Gitmo by mistake, or gagged by some one who sued because of hurt feelings over some non-pc utterance. The "Constitution" is "the law" in the sense that Kipling wrote of in MacDonough's Song. Read it, understand it. I've spoken with Vietnamese immigrants who had a better grasp of the constitution than most high school graduates and more than half the lawyers you'll meet.

    13. Ramazan
      Coffee/keyboard

      Re: ironic that this happens in the land of the free

      So if someone smuggles anti-aircraft and anti-tank weapons into the USA, are you willing to overthrow your government?

      Just contemplate how different is this from Syria,.. numerically maybe?

    14. Anonymous Coward
      Anonymous Coward

      "I predict a large scale exodus of companies hosting in the USA."

      Where would they go and not have to meet some form of governmental mandated monitoring *AND* have the Internet backbone?

      Unless companies are going to start setting up on offshore data center rigs and have fiber run to the US and other countries, there is nowhere to go.

    15. Scorchio!!

      "It's ironic that this happens in the land of the free.

      I predict a large scale exodus of companies hosting in the USA.

      The US Government have really shot themselves in the foot with this move, it's going to fuck up a whole industry."

      Not at all. Why rely on a provider to do your encryption for you? How utterly naive. Never heard of PGP?

      "To the best of publicly available information, there is no known method which will allow a person or group to break PGP encryption by cryptographic or computational means. Indeed, in 1996, cryptographer Bruce Schneier characterized an early version as being "the closest you're likely to get to military-grade encryption."" [ http://en.wikipedia.org/wiki/Pretty_Good_Privacy ]

      As to your prediction, pshaw.

  2. Nate Amsden

    nowhere to run

    Sad to see but where else is there to go? I mean most(all? I can't think of any major ones off the top of my head that don't, and really minor ones are often subject to the pressure of the majors) countries have evil in them like this. Fortunately Snowden has shown a bright light on the internals of what we have here. I had suspected such stuff was going on for years but I still felt sad when the fears were confirmed.

    (sigh)

    1. Anonymous Coward
      Anonymous Coward

      Re: nowhere to run

      Try Fantasy Land.

    2. Anonymous Coward
      Anonymous Coward

      Re: nowhere to run

      If you wait until October you'll have an answer. A proper, no BS, no activist, simply professional service. It's already live for testing. However, you must realise that such a service will certainly not be for free.

      1. Intractable Potsherd

        Re: nowhere to run @AC

        Talk is easy - where's your evidence?

      2. Scorchio!!
        FAIL

        Re: nowhere to run

        "If you wait until October you'll have an answer. A proper, no BS, no activist, simply professional service. It's already live for testing. However, you must realise that such a service will certainly not be for free."

        Oh FGS use PGP. Last time I looked it was even possible to invoke it using Outhouse Express.

        Sheesh.

  3. Anonymous Coward
    Anonymous Coward

    I'm actually surprised they didn't do this earlier, this is common place. Apparently he put up a good fight, and his comments alone say enough. Unfortunately, all governments are seemingly inline with these type of gag orders.

Page:

This topic is closed for new posts.

Other stories you might like