Edward Snowden

Encrypted e-mail service thought used by Snowden shuts down

Secure communications providers, including one used by Snowden, halt operations rather than let US government access customer data

PUBLISHED : Friday, 09 August, 2013, 12:29pm
UPDATED : Saturday, 10 August, 2013, 3:19am

Two major secure e-mail service providers, one of them believed to have been used by Edward Snowden, have taken the extraordinary step of shutting down service rather than run the risk of the US government accessing customers' data.

Lavabit, based in Texas and which was reportedly used by the fugitive former US surveillance contractor, announced its suspension on Thursday afternoon, citing concerns about secret government court orders.

I have been forced to make a difficult decision - to become complicit in crimes against the American people, or walk away from 10 years of hard work by shutting down Lavabit
Lavabit owner Ladar Levison

That evening, Silent Circle, a firm based in the state of Maryland that counts heads of state among its customers, said it was following Lavabit's lead and shutting its e-mail service as a protective measure.

Taken together, the closures signal that e-mails, even if encrypted, can be accessed by US government authorities and that the only way to prevent turning over the data is to obliterate the servers the data is kept on.

Mike Janke, Silent Circle's chief executive, said his company had destroyed its server. "Gone. Can't get it back. Nobody can," he said. "We thought it was better to take flak from customers than be forced to turn it over."

Lavabit owner Ladar Levison explained the closure on the company's website.

He said: "I have been forced to make a difficult decision - to become complicit in crimes against the American people, or walk away from 10 years of hard work by shutting down Lavabit."

Levison said he had decided to "suspend operations", but was barred from discussing the events over the past six weeks that led to his decision. That matches the period since Snowden went public as the source of media reports detailing secret electronic spying operations by the US National Security Agency.

"This experience has taught me one very important lesson - without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the US," Levison wrote.

The US Department of Justice had no immediate comment.

Snowden told Guardian columnist Glenn Greenwald that the decision by Lavabit's owner was "inspiring" and asked why internet titans like Google and Facebook "aren't fighting for our interests the same way small businesses are".

At a Moscow news conference four weeks ago, a Human Rights Watch representative said she had been contacted by Snowden from a Lavabit e-mail address.

Use of effective encryption by regular e-mail users is rare.

Some of Snowden's leaked documents show Microsoft, Google and other large providers have been forced to help intelligence authorities gather e-mail and other data on their users.

The big providers and other companies typically offer encryption, but said they co-operate with legal requests, including those by intelligence officials.

Lavabit's statement suggested a gag order was in place, and lawyers said that could accompany any one of a wide range of demands for information.

The government could be seeking unencrypted versions of Snowden's e-mail correspondence, other information about him, the technical means to decrypt his future e-mails or those of other customers, or basic information on all of Lavabit's hundreds of thousands of users.

It is rare and perhaps unprecedented for a legitimate US business to shut down rather than comply with a government request for information, said Kurt Opsahl, an attorney with the Electronic Freedom Foundation.

Meanwhile, Germany's three biggest e-mail providers announced a partnership to bolster the security of messages sent between them after the revelations of US online surveillance.

Telecommunications giant Deutsche Telekom as well as GMX and Web.de both subsidiaries of Germany's United Internet, will automatically encrypt their e-mail traffic from now on.

Additional reporting by The New York Times