'Dark Mail Alliance' looks to create user-friendly e-mail encryption
The founders of shuttered e-mail services Silent Mail and Lavabit -- the latter used by NSA leaker Edward Snowden -- want to bring easy-to-use, snoop-proof e-mail to everyone.
- Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
Encrypted e-mail "easy enough for your grandma to use"?
That's the goal of the Dark Mail Alliance, a new project from the founders of two e-mail services that recently shut down amid government efforts to nab encryption keys, as well as the larger revelations regarding the NSA's surveillance efforts.
Lavabit's Ladar Levison, who pulled the plug on his service after being pushed to hand the FBI his SSL keys, and Mike Janke of Silent Circle, which saw the Lavabit closure as "writing on the wall" and similarly shuttered its Silent Mail offering, are the men behind the idea.
The project involves creating an open-source protocol and architecture that will hand control of encryption -- or the scrambling of data to shield it from prying eyes -- to individual users, so e-mail services can't possibly be compelled to provide unencrypted user data to surveillance outfits, among other privacy concerns.
Encryption keys would be created on a user's device, and only he or she could use them. Dark Mail would assign a private encryption key to a particular user and spread it among his or her devices. It would place public keys into a public server. And it would store encrypted e-mail for retrieval in the cloud.
It would also take the form of an easy-to-use add-on for any e-mail service, so users of Gmail, say, could swap secret messages with Yahoo Mail users -- if, that is, Levison and Janke can convince those companies and others to adopt the technology.
Levison told Forbes' Kashmir Hill that the project's name was inspired by the Rebel Alliance in "Star Wars," adding, "We're the rebels who have decided privacy is too important to compromise on. We're fighting to bring privacy back to the Internet."
Levison also served up the grandma quote to Hill, who comments that she knows from experience how tough it can be to set up encrypted e-mail on your own. (She's not the only one -- journalist Glenn Greenwald initially ignored overtures from then-unnamed NSA leaker [and Lavabit user] Edward Snowden because Snowden wanted to correspond via encrypted communications and Greenwald didn't want to go through the hassle.)
The Hill and Greenwald examples point out how important the possibility of private communications can be to journalists and whistle-blowers. But they're also important to political dissidents living under repressive regimes, as well as others. Law enforcement agencies, on the other hand, fear that easy-to-use encryption could make the Internet "go dark" and severely hamper their ability to pursue suspects.
Levison told Forbes he is concerned about criminals such as terrorists using the tool, but he says he counterbalances that worry with "the need to speak privately as a fundamental part of any democracy." And Janke added that "if law enforcement wants that data, they'll have to subpoena an individual [rather than an e-mail provider]."
It's not a given, though, that Google and others will sign up. "We want to get the Googles, the Yahoos, and the Microsofts to stand tall," Janke told Forbes. "But it will be an interesting friction point. These companies make money by mining their free e-mail."