Mega CEO: Forget anonymous e-mail. Think privacy (Q&A)
Mega.co.nz's Vikram Kumar explains why he's building private but not anonymous e-mail, why you won't see Google investing in end-to-end encryption, and lessons learned from the summer of Snowden.
The future of secure, private e-mail doesn't lie in Silicon Valley, or Silicon Alley, or even in the Northern Hemisphere, but in New Zealand.
At least, that's what Mega.co.nz Chief Executive Vikram Kumar wants to turn into a reality.
After encrypted e-mail service -- but only after the unexpected closure of .Mega , offering a mind-boggling, industry-leading 50GB of encrypted free space, the company startled the world again by announcing that it would be building an
In the wake of the unexpected secure e-mail service closures by Lavabit, what does secure e-mail even mean? From his home in windy Wellington, New Zealand, Kumar spoke over Skype about what customers should and shouldn't expect from Mega.co.nz, and why he believes in the service's approach. The following is an edited Q&A.
Q: What will Mega.co.nz's e-mail service offer that sets it apart from the competition?
Vikram Kumar: With Mega, people can have an account and upload files like Dropbox. You can securely share those files among a closed group of people or publicly. It's a good basis for communications.
Our chat, voice, and video will be based on end-to-end encryption -- everything just works automatically. It's not e-mail in the sense of Gmail or Yahoo Mail. The problem is that the email protocols are inherently quite insecure.
It doesn't sound like a standard e-mail service.
Kumar: The first step is to initiate accounts in Mega. The second problem is solving how we do messaging between everyone. You have to figure out encryption keys, all that stuff.
Mega will integrate WebRTC with its own security that we have. We've got the ways to manage keys and security in the browser.
Once we've got the messaging, chat, and voice video integrated with cloud storage, the next step after that will be using Mega as a back-end platform for building their own online services. We really push the ability for online services, back-end storage, and back-end communication service.
It's very much a platform play.
It sounds like people only will be to talk to other Mega accounts. Couldn't this lead to a Balkanization of communication?
Kumar: This goes back to the way that e-mail was constructed. E-mail was supposed to be the digital equivalent of physical mail. But the Internet way of working, there's a single document, I send you a link, and we collaborate in real time, but we don't actually have to have the document. The whole point of the Internet was that anyone could talk to anyone.
So what's Mega's pitch? Why will somebody switch to Mega?
Kumar: We've seen a lot of people express an interest, but the real question will be the expectation of e-mail. In traditional e-mail, you can e-mail anyone and get an e-mail from anyone. That's not going to be possible in the first instance, since we can't secure that end to end.
So the question will be, are people willing to sacrifice that in the first instance? Will customer behavior change? I'm not sure anyone is clear that we'll see a shift in customer behavior.
There will be some people who value privacy -- accountants, lawyers, architects -- I think they will shift very quickly. For the average person, there's a need to change the way they do things, and that's always very hard to predict.
When will it be ready?
Kumar: Q1 is a realistic time frame.
The service is probably a few months away, although the fundamentals are already in place. End-to-end encryption is still really hard. The aim is for the average Internet user, the interface has to be really easy to use.
Why is end-to-end encryption not used more widely? If
Kumar: It's a very small component of cryptographic implementation. Perfect Forward Secrecy is one of those, but by no means is it the only one.
We all think that the NSA has weakened some of the cryptographic suites. Perfect Forward Secrecy is one of those good practices. We have it. You should have it. But on its own, not having it doesn't mean that the service has been compromised. Still, people should be asking for it.
Google or Skype or Yahoo are capable of providing true end-to-end encryption, but the problem that they run into is that that stops their business model of advertising. Mega's business model is pay for storage. There's no advertising.
You get 50GB of free space. After that, people pay. To me, that's the privacy-friendly business model.
People have to start looking at the business model. Anything that involves advertising or tracking is going to be hard on the privacy end.
What's your take on the unplanned shutdowns of encrypted e-mail services
Kumar: Lavabit got a National Security Letter, and Mega doesn't face that situation, because we don't have to turn over SSL keys across the board. But let's say that we did, theoretically, then our next step would've been to move to a jurisdiction that doesn't make that legally possible.
I do wonder why Lavabit didn't consider shifting to a jurisdiction outside of the US.
For Silent Circle, while they talk about privacy, I think they're more interested in being anonymous online. That's brought up this question about how to be anonymous while using e-mail. I don't know that that's even possible.
Do you see a difference between privacy and anonymity?
Kumar: I see a lot of people who think that encryption is the silver bullet. If you've got encryption, you've got protection, and if you don't have encryption you don't have protection. That's very black-and-white thinking.
The public doesn't understand the difference. I'm of the strong opinion that it's almost impossible to be anonymous online. Services like Tor are really, really useful for good and bad things.
What Mega has done is published on our Web site complete details of how we handle requests from law enforcement -- extreme transparency. We will only hand over information if required to do so, not requested to do so.
One exception is child exploitation. Then we choose to take action, even if we are not required to do so. We work with the specialist agency in the New Zealand government. If we can't hand it over legally, we work with the government to get an order to hand it over.
What information does Mega have that can identify its users that are potentially involved in child exploitation?
Kumar: We hand over their e-mail address; we log and have their IP address, and we time-stamp it. An IP address at a particular point of time, and the ISP (Internet service provider) helps the government get them.
We don't want Mega to be used for illegal purposes. We're quite transparent. We tell people not to use Mega for that. Had Mega been a completely anonymous service, that wouldn't have been possible. We hand over personal information, or at least information that can help lead to the ID of a person, and that's the difference between privacy and being anonymous online.
So a person, a journalist, dissident, or even a bad guy, could use an anonymity-increasing service with Mega?
Kumar: We've designed Mega to protect privacy, but that doesn't stop anyone from using Tor or any other tool with Mega. If somebody has been specifically targeted, the encryption has been useful but it won't be perfect.
We've seen attacks on Tor, and on end devices.
It seems one of the big lessons from the
Kumar: Having encryption only raises the bar. Right now, everything is plaintext, like a postcard. Encryption only provides an envelope around the postcard. Encryption is really good, really important, but it's not a silver bullet that will solve all the problems that we have. Let's also get the legal side right.