Yesterday I learned about 'Dark Mail Alliance', where Lavabit, reportedly an email provider for NSA leaker Edward Snowden and Silent Circle comes together to create a surveillance-proof email technology.
Ladar Levison at Lavabit and Silent Circle CEO Mike Janke, Founders of two e-mail services that recently shut down amid government efforts to nab encryption keys, as well as the larger revelations regarding the NSA's surveillance efforts.
The newly developed technology has been designed to look just like ordinary email, with an interface that includes all the usual folders i.e. inbox, sent mail, and drafts. But where it differs is that it applies peer-to-peer encryption not only to the body of the digital missive, but also to its metadata (To:, From: and Subject fields) that third parties are most likely to collect.
The encryption, based on a Silent Circle instant messaging protocol called SCIMP and the secret keys generated to encrypt the communications will be deleted after each exchange of messages.
All Dark Mail emails passing over the company's servers will be encrypted, and it won't hold the keys to decrypt them. Its servers will be located in Canada and Switzerland.
"Our goal is to open source the protocol and architecture and help others implement this new technology to address the privacy concerns over surveillance and back door threats of any kind." team said.
Image credit : Ars Technica |
Existing forms of email encryption like PGP, can be used to encrypt the content of an email. But PGP cannot encrypt the "subject" header or metadata like the "to" and "from" fields, and the average user can find it too complicated to use.
"What we call 'Email 3.0.' is an urgent replacement for today's decades old email protocols ('1.0') and mail that is encrypted but still relies on vulnerable protocols leaking metadata ('2.0')" they said.
They are planning to launch an iOS app and an Android app, as well as a desktop version for both Mac and Windows.
"Any agencies that come down to us have no way to force us to comply with surveillance because architecturally it's impossible," they said. "That's the beauty of it."
The new technology may not be fully NSA or GCHQ proof, but they sure are going to be nightmare for such spying agencies. The company plans to release a white paper detailing the technical specifications within the next two weeks.