Feeds

back to article Silent Circle shutters email service

Silent Circle, the company founded by former PGP wonks and Navy Seals and which offers very, very, secure communications, has decided to shutter its Silent Mail email service. The decision, announced in a blog post, comes on the same day that Lavabit, another secure email service, decided to close because it cannot guarantee …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
Unhappy

Blimey.

4
0
Flame

Indeed. Two things really worry me -

Obama is willing to deny Americans their bread and butter in favour of surveillance.

Other than here and the Guardian, this story doesn't seem to appear in the UK press.

There's an up side though. It's offering a huge opportunity to services hosted in countries not subject to such surveillance or, at the very least, offer a little more transparency.

This is turning into an arms race. Client-side encryption (where private keys are generated and retained on the client device), together with distributed server-side storage (data replication across state boundaries) is where this is going next. If the Internet itself is put at risk (probably the next step for oppressive governments), then smaller, decentralised networks will spring up in its place.

Shameful.

8
0
Anonymous Coward

A couple of things.

1 - "It's offering a huge opportunity to services hosted in countries not subject to such surveillance or, at the very least, offer a little more transparency." Going live in October, currently running tests and investment discussion - and this is legally clean (we started with the law, rather than trying to pretend it doesn't exist). Interesting fact: the knowledge you need to do this right is ENTIRELY OMITTED from the privacy certifications supplied by the IAPP. I hope that gaping hole has nothing to do with the fact that the IAPP is US based?

2 - I said from the moment Silent Circle went into beta that they were ignoring the risk US law was creating, and sure enough - see what got them in the end. It was not credible. What annoys me is that they took so long to see this, whereas it was pretty clear from the start that with the current legal platform, the US is simply not a place you want to be if you have any secrets like IP or information that creates a competition with whatever the US decides to be in competition with national interest (a nice vague definition that can be changed at will).

3 - "There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure". BS. All you need to do it frame it in SSL and then address the residual risk - the more pressing problems lie elsewhere. But that's trying to bring the focus back on what is NOT the problem - without doing it right legally you're wasting your time.

The interesting thing is the fallout: what happens to the people who invested in either?

5
2
Anonymous Coward

Hushmail.com still seems to be up...

0
0
Big Brother

It's on the bbc.

It's currently on the front page of the BBC.

2
0
Black Helicopters

Hushmail - ssshhh they could be listening....

"However, developments in November 2007 led to doubts among security-conscious users about Hushmail's security and concern over a backdoor. Hushmail has turned over cleartext copies of private e-mail messages associated with several addresses at the request of law enforcement agencies under a Mutual Legal Assistance Treaty with the United States."

http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/

https://en.wikipedia.org/wiki/Hushmail

2
0
Mushroom

A New Email RFC is Needed

A fundamentally new RFC for email is needed that combines intrinsically encrypted message subject & body, and separately implements a bind (or double blind) encrypted and/or secure route addressing scheme.

0
0
Anonymous Coward

"we started with the law, rather than trying to pretend it doesn't exist"

OK, but:

1) What happens if the relevant law changes, either by democratic vote or by change of management (aka coup)?

2) What happens if The Powers That Be simply ignore inconvenient laws?

0
0

Re: It's on the bbc.

Front page of the Telegraph to - near the bottom, but it appears to be the top Technology story. Google News finds several other mainstream UK sites carrying it, along with tech sites. While that doesn't say how prominent it is, I really don't see any reason to think its being deliberately buried in the UK press.

0
0
Silver badge

Unless you use seriously long SSL keys your data is probably being decryted in near realtime.

0
0
Anonymous Coward

"Email as we know it with SMTP, POP3, and IMAP cannot be secure.”"

All can be secure as SSL can be used; even SMTP. Where the capture on the wire can occur is when the message is sent from one server to another using SMTP; that is not encrypted. Client to server can be encrypted, so could server to server, no one does it though.

3
1

I think they are more concerned about the endpoints than the transport.

2
0

Except that there are documented vulnerabilities even in SSL (e.g. CRIME, and much more recently, BREACH) and of course there are all kinds of things like MITM attacks to be concerned with - SSL is not a magic bullet to these things. It's one aspect of it, but far from the only aspect.

3
0

With SSL you're at the mercy of the certificate authorities, who are slaves to their governments and to money. The only app that doublechecks stuff is the Chrome browser, which has hardcoded the expected certificate chain for google services.Not that that helps, as google is subject to government spying anyways.

As for everything else, a compromised, rogue or court controlled certificate authority can issue certs that appear (and technically are) entirely legit, but enable man in the middle eavesdropping. If the data at any point flows through a node on the internet located in a hostile country (hostile towards free speech and privacy that is), it will be compromised. Considering the majority of traffic on the internet at some point goes through the US, UK and EU, basically everything you send can be intercepted.

The big problem with encryption is in the key exchange.

PGP where you physically exchange keys with eachother is a little bit better, but you can't trust the software and operating system, and you can't trust the hardware, they've all been exposed to hostile governments at some point in the supply chain.

For all the bad rap China gets for it's great firewall and censorship, they're starting to look benigner and refreshingly honest, because atleast they let people know there indeed exist such policies.

2
0
Bronze badge

@ ilmari: there is no security

Looks likes your post boils down to "there is no absolute security", which is of course correct. However, IIRC, Silent Circle is apparently happy to provide "secure" VOIP communication while email comms are supposedly not secure enough.

I have some trouble believing e.g. PGP enabled email cannot be made as secure as PGP (or SRTP or whatever it's called) enabled VOIP.

1
0

Re: @ ilmari: there is no security

Email cannot be secured.

Mostly because the ciphertext must be stored on Silent Circle's (or any email provider) servers. When someone sends a plaintext email to someone's Silent Circle address, they (Silent Circle) encrypt the email on their servers. Mail amongst Silent Circle users is encrypted from the get-go. Either way, Silent Cirlce's servers retain ciphertext. And that's the weakness.

They can be forced by law (regardless of whether that law is "good" or "bad") to change their systems to retain copies of the private keys that decrypt the symmetric keys that decrypt the email.

VOIP and SMS *can* be secured, because it's peer-to-peer, and the chiphertext never goes through Silent Circle's servers, so isn't retained. It it's not stored, it cannot be decrypted.

2
0
xyz

by endpoints do you mean their arses?

0
0

This post has been deleted by its author

Anonymous Coward

Re: @ ilmari: there is no security

Email cannot be secured.

That will be news to many organisations who get this right. My first question is: define "secured". From what, against who? The second question is why an organisation thinks it cannot be forced to place tapping capability in its code. If US laws allow the demand of intercept capability under threat of whatever sanctions, this also implies it can demand code upgrades to create a data tap, or shut the service down.

This creates an interesting issue: the inability of an operator to comply with a lawful order may cause it to be shut down instead. If YOU control the code that clients use, YOU are the one that can be served with a demand for lawful intercept. If criminal use is suspected, "we have engineered it so that you can't, na na na na" is not a get-out-of-jail card, it will simply result in the service being shut down.

Lawful intercept is there for a reason. If you disagree with how easy it is for lawmakers to abuse it, either change the law or move jurisdiction. Don't try to BS your way out with technology.

0
1

The NSA eats SSL for breakfast.

0
2
Anonymous Coward

"With SSL you're at the mercy of the certificate authorities, who are slaves to their governments and to money."

Well, you don't need to use a CA, you can easily setup your own PKI infrastructure. Various email providers could easily create their own shared PKI infrastructure to secure data in transport. This is all a CA is basically doing, it is just their root and intermediate certs are preinstalled in OS/browsers/applications. You could even go further and have it so the public portion of a cert is not actually shared; much like how SSH can work.

1
0
Vic
Silver badge

> so could server to server, no one does it though.

Yes we do.

*Default* sendmail installations currently use TLS for OE; it's hardly rocket science to set up a required route (to ignore DNS hijacking) and pre-share a key...

Vic.

0
0
WTF?

Why don't they just go abroad?

I don't understand why they don't just register the company in a more ethical country and set up the hosting there too. That way, they are immune from the demands of the NSA and such.

2
0
Silver badge
Big Brother

Re: Why don't they just go abroad?

Because hosting in two countries doesn't make them immune to demands from one, it makes them subject to both. Of course, they could move the whole operation, including staff... but that is quite complicated.

Also, "ethical country" should replace "business ethics" on the standard list of oxymoron examples.

4
0

Re: Why don't they just go abroad?

That's a very defeatist attitude I thing @Allan.

I didn't suggest hosting in two countries.

What's wrong with hiring local staff in the country where they register their business and even using a local cloud provider or dedicated servers in an existing data-centre in said country?

Nothing is impossible. Limitations exist only in your mind.

2
1
Silver badge
Devil

Re: Why don't they just go abroad?

"Nothing is impossible."

Actually, Alan Turing proved some things ARE impossible, such as creating a program that can learn if another program can halt. His research into the Halting Problem demonstrated a paradox if you tried. Several other "no solution" proofs (most by contradiction) have emerged as well.

The problem here is that all roads lead to Hell essentially. Not only that, you're in Hell and so are most of your clients. How do you avoid Hell in such a situation?

5
1
Silver badge
Black Helicopters

Re: Why don't they just go abroad?

Well, you did say, "set up the hosting there too", so I think you did suggest hosting in two countries.

Anyway, if the plan is to stay where you are and offshore the hosting, it doesn't stop the Gov turning up and demanding the data. Sure, you haven't got the data, but that doesn't prevent you spending lots of time in court and lots of money on lawyers, just the same as saying "it's all encrypted, and I don't have the keys".

Charles 9 is right, Turing was a genius. You can tell the guys in the helicopter your "Nothing is impossible".

0
0
Anonymous Coward

Re: Why don't they just go abroad?

Because hosting in two countries doesn't make them immune to demands from one, it makes them subject to both. Of course, they could move the whole operation, including staff... but that is quite complicated.

Entirely depends on how you structure it. There are a couple of variables you need to control, but it can be done in such a way that you can actually use the differences in law between countries to your advantage. I design global privacy protection strategies for multinationals for a living, and there is only one absolute: do NOT have your HQ in the US. Other than that, divide and rule :)

2
0
Silver badge
WTF?

Re: Why don't they just go abroad?

Silent Circle's servers are in Canada. Only their front office is in Washington.

Zimmerman has the creds for fighting the US government, he did it for three years and won so I suspect there are more, serious, details we have not been made privvy too.

You can still use their encrypted document transmission service with a 60 Mbyte limit. This should handle most email sized transmittals.

0
0
Anonymous Coward

Re: Why don't they just go abroad?

Silent Circle's servers are in Canada. Only their front office is in Washington.

And there is exactly your problem. Their HQ, and thus decision power lies in the US, which exposes the entire club to US law. It is entirely irrelevant where your data resides if your HQ can be ordered to submit the data or insert a backdoor. The one and only way you can prevent US officialdom interfering is by leaving the US. Full stop. There are no options. Their enthusiasm to abuse overreaching laws that were sold to the population as "temporary" "emergency" measures whose use keep getting extended is out of control, and even if this abuse is reigned in it will take at least a decade to root out all the holdouts clinging to "their" powers.

You should not have a HQ, or data in the US or another location under its influence (the latter is a bit more subtle, which is why we tend to spend a few weeks digging out details about suppliers too). If you leave even a single US affected tentacle in your organisation uncontrolled it WILL be used if your company has something of interest to the US, or is getting in the way of something the US wants. If you fix the legal influences you can then at least only concentrate on the traditional illegal ones such as hacking, staff coercion and blackmail.

Paranoid? Sure. Unfortunately, also proven right, multiple times over :(.

0
0
Silver badge

Never trust in centralized services

Those are always a single point of attack. When your system is decentralized it's much harder to shut down, censor or eavesdrop on.

0
0
Silver badge

Re: Never trust in centralized services

But then you run into efficiency problems which means its effective communications rate is limited. Furthermore, there's still the matter of attacking the system itself (IOW, switch from attacking the endpoints to attacking the infrastructure). That's how Japanese authorities fight some of the darknets that appear over there.

0
0

The unspoken assumption here is that...

...the Internet is an appropriate venue for secure communications. Once you realize that has never been and will never be the case, the problem disappears.

6
0
Anonymous Coward

Re: The unspoken assumption here is that...

agreed, the internet is a snake pit, filled with pictures of kittens.

4
0
MrT
Bronze badge

Good job too...

...because if it were a snake pit full of actual kittens instead of just pictures... ;-)

1
0
Silver badge
Coffee/keyboard

Re: The unspoken assumption here is that...

And some guy with dirty fingernails.

0
0
Trollface

Re: The unspoken assumption here is that...

And some guy stretching his rear orifice unimaginably wide....

0
0
Bronze badge
Black Helicopters

Ironic

that the advert to the right here ---->

is for employment at GCHQ

2
0

A Tragedy Unfolding

Now we knew who had our back for real. At this point who can you turn to and honestly think their private keys weren't handed over?

1
0

This is a wake up call

America is the bogeyman. We aer not being spied upon by North Korea/Iran/Some other place. We are being spied upon by the regime in Washington.

7
0
Anonymous Coward

No Secure Communications

With services like this & Tor compromised I think it proves that the only way to avoid government surveillance is to avoid using the internet, which for most people isn't practicable. Surveillance will only increase with the introduction of the "internet of things" & smart meters. However, it seems the mainstream British media have been largely silent on the issue. Maybe there is some hope of an internet free of spying as New Scientist recently carried an article on the development of meshnets worldwide (a slow but steadily progressing process). They are encrypted by default.

1
0
Anonymous Coward

Re: No Secure Communications

Further to this it does seem daft people are rebuilding the internet from scratch.

0
0
Silver badge
Devil

@ AC 0801hGMT - Re: No Secure Communications

Encrypted meshes or not, all your encryption will be useless when the enforcers come around to you to grab all your computer hardware for assessment. Not using an open, unencrypted channel of communication is practically admitting that you have got something to hide. So you must be either a pervert (CP*, IWF, mumsnet), animal abuser (RSPCA) or terrorist (GCHQ/JIC).

Be afraid.

* Not Child Porn, Claire Perry.

0
0
Anonymous Coward

Re: No Secure Communications

Not entirely daft.

If you have two layers of Internet, one that's the 'regular' internet we all know and are beginning to fear and one that's a distributed mesh-network- especially one with some TOR-like functionality so it bounces to a random internet1 entrypoint from your distributed net- you can obfuscate the endpoints. With obfuscated endpoints and encrypted data transmission systems, the only weak points are with the remote servers (assuming you trust your own).

The same packet could also be routed through a second, unrelated and unknown, distributed net. You'd be trading latency for security- but in most cases latency isn't an issue. Gaming and the Markets wouldn't worry too much about government surveillance- in one case it's a game and in the other case the information is freely published a few minutes later.

So you don't actually need to rebuild an entire infrastructure; you can hijack the Internet for a few bits of it and you're pretty secure (unknown start and endpoints and encrypted data). The problem is getting people onto a distributed network in the first place.

2
0
Anonymous Coward

Re: @ AC 0801hGMT - No Secure Communications

or hide your secrets out in the open.

like Jimmy Saville.

:/

1
1
Silver badge

@ Not entirely daft.

The important thing, I think, is to make it just hard enough to spy on that it can't be done in a blanket fashion with reasonable effort. Lavabit hoped that could do that, but it didn't work out because of the single point of failure. A p2p system has a better chance of succeeding at that goal I think.

0
0

Crypho

Wonder how this affects the likes of Crypho.com. They do end-to-end client-side crypto in their chat/file transfer system. Hosted in Norway, so at least a bit further away from the clutches of the govt of the 'land of the free'.

0
0
Anonymous Coward

"Other than here and the Guardian, this story doesn't seem to appear in the UK press."

There's a UK government D Notice ("defence advisory") on the whole subject [1, 2] since 7 June.

The Guardian have little to lose. They're already in financial trouble and have long since lost many (most?) of their worthwhile journalists. More recently they have been trying and allegedly succeeding in attracting a less UK-focused readership on the web (though quite how that helps them financially in the medium term remains to be seen). Maybe a D notice in this context isn't their main concern.

[1] http://www.pressgazette.co.uk/content/guardian-g8-spying-revelations-were-breach-da-notice-guidance-doesnt-explain-lack-follow

[2] http://order-order.com/2013/06/08/d-notice-june-7-2013/

0
0
Silver badge

PGP-encrypted usenet posts (or similar)

(one of )the big problem with email is that it is necessarily from an identifiable account to another, so there must be someone somewhere who knows who is who. If you adopt the opposite strategy, which is to make the message available to world+dog, but select who will be able to decrypt it, then you're good. As good as your encryption cypher is, at least.

To avoid censorship put it up on a distributed system (usenet for example, or some P2P "network") and give the key physically, a unique key for each and every person you want to send important stuff to (shouldn't be too many of them). Plus one that you give to everyone for when you want to make a wider announcement, perhaps.

Unless I'm missing something?

5
0
Silver badge
Black Helicopters

Re: PGP-encrypted usenet posts (or similar)

You can use asymmetric encryption. It doesn't validate your identity (without a cert chain) but it does mean you can talk to people without needing a pre-shared key. Cert chains for individuals aren't that useful anyway.

Obviously, if you do let your private key out, everyone can read everything - its a good idea to change it fairly frequently. You could sign your new public keys with the old one and post them all so people can validate the new keys come from the same source as the old ones.

0
0

Page:

This topic is closed for new posts.