In an effort to make certain that encrypted communications are truly secure, email hosting providers Silent Circle and Lavabit have teamed up on a project called the “Dark Mail Alliance,” designed to provide end-to-end encrypted email privacy technology.
Recent examples of how encrypted communications have been circumvented highlight the need for a new method for truly discreet communication.
Lavabit, which counted whistleblower Edward Snowden as a client, was subject to a search warrant in July requiring it to turn over its private SSL key. This would have provided access to not only Snowden’s account, but other private user information – all without communicating the security breach to customers and business partners.
Instead of complying with the court order, Lavabit founder Ladar Levison closed Lavabit and launched an appeal against the court’s ruling. And while Lavabit is currently inoperational, he teamed up with Silent Circle to create Dark Mail, a new open-source protocol and architecture that circumvents surveillance and back door threats of any kind.
In solidarity with Lavabit, Silent Mail shuttered its encrypted email service, Silent Mail.
Silent Circle and Lavabit are also looking for other members to bring into this alliance.
Facing the problem of surveillance, actions to bolster security and trust such as Google’s automatic encryption of its cloud services provide little assurance to consumers.
Dark Mail isn’t alone, however, in its quest for truly secure email hosting. Kim Dotcom, the founder of file hosting service Mega, has announced his intention to provide a secure email service, and Indiegogo-funded service Mailpile has raised more than $150,000 to build .
While Dark Mail is still in its very early stages, there do remain questions Mailpile’s Smári McCarthy brought up that there is still a lot we don’t know about Dark Mail and its approach. He writes, “They promise to release code as open source, but less has been said about the more important question of how the underlying protocols themselves will be designed.”
The worry is that what is being built could fall prey to the same problems that plague current email encryption. Or create new ones.