By Joseph Menn
SAN FRANCISCO (Reuters) - The founder of the Lavabit encrypted email service, which shut down rather than allow potentially unlimited government interception, said he will release his programming code to the public in an effort to improve communication security.
Ladar Levison, who shuttered his startup Lavabit after a U.S. court forced him to turn over the company's cryptographic keys to federal agents, said he would work with former rivals and newcomers on an open email system designed to protect ordinary users' privacy from law enforcement, as well as insider corruption and hacking.
Lavabit and civil-liberties groups have asked an appeals court to reverse the decision favoring the federal agents, who are believed to have been seeking information about former National Security Agency contractor Edward Snowden, a Lavabit user.
Levison told Reuters that he was so concerned about mass surveillance that he did not want to wait until the appeals court ruling.
"They've effectively violated the public's trust and as a result, we've decided as a community that it's time to develop a technical solution," Levison said. "Maybe there can be 100 Lavabits if I turn over the code."
Levison's Darkmail Alliance plan ranks as one of the more dramatic examples of simmering rebellion in the technology industry against government intelligence-gathering methods, especially those revealed in secret documents leaked by Snowden.
It emerges as a fresh report showed that the NSA taps massive internal traffic at Google and Yahoo as emails and other user activity moves among international data centers owned by those companies. Google has said it is racing to encrypt such internal transmissions, though the major email service providers tend to have far less security than specialists such as Lavabit.
Several technology standards-setting groups and cryptography experts are also working to tighten security procedures and avoid formulas that were devised with help from the NSA.
Most Internet systems rely to a large extent on the users' trust of numerous companies, including the makers of the operating system and hardware, the email providers, and even advertising networks and tracking firms.
But the Snowden documents show that many of those third parties can be ordered to snoop in secret on Americans, while even major American companies can have their communications intercepted overseas.
U.S. intelligence agencies can read at least everything by non-Americans that is relevant to international politics, while many other countries and freelance hackers have no restrictions and myriad opportunities to penetrate those multilayered and complex systems.
"It really creates a situation where you can't have a trusted third party," Levison said. "If they are compromised, the entire system of trust breaks down."
The issue closest to the front line is secure email. Though Snowden has said that email sent using cryptography based on the Pretty Good Privacy standard is fairly safe from prying eyes, it is too cumbersome for most people.
Lavabit's case shows that even very sophisticated providers that do the hard work on behalf of the users can't guarantee protection from court orders. After Levison shut his company down at least two other privacy-oriented email services, from Silent Circle and CryptoSeal, also stopped accepting customers.
Because the U.S. Justice Department's logic in the Lavabit case would allow it to access all traffic, not just one targeted user, "if it stands, it will cripple the cloud computing and software-as-a-service industries in the U.S.," said CryptoSeal co-founder Ryan Lackey.
That's because the lower court judge directed Lavabit to hand over the keys to its Secure Sockets Layer encryption, which would allow the government to see everything that the company sees.
Lavabit has appealed to the Fourth U.S. Circuit Court of Appeals in Richmond, Virginia, and last week the American Civil Liberties Union and the Electronic Frontier Foundation filed separate friend-of-the-court briefs arguing that exposing 400,000 users to possible surveillance was unreasonably burdensome, an invasion of privacy, and unconstitutionally broad.
Though federal authorities have said they would only look at the data of specific users, privacy advocates are skeptical. Previous reports based on Snowden documents showed that the NSA has amassed a stockpiles of SSL keys, some of which may have been obtained in pursuit of one target but remain on hand for other users of the same service.
In the interview, Levison said he has learned of other companies being forced to hand over their SSL keys, though he said none were household names.
INDIVIDUAL SECURITY KEYS
A part of the answer, according to Silent Circle Chief Technology Officer Jon Callas, is to make sure that only individual users have their own keys. "That's really the fundamental thing you have to do," Callas said.
Silent Circle is Lavabit's first partner in the new email project. Together they will work on the code and the protocols for implementing it correctly, a process expected to take months.
There are a number of possibilities for making sure that an email gets to the right place while keeping most information about it secret from communications carriers and even the email providers. One is a system like Tor, where a series of servers knows only the last one that the email came from and the next one along the chain.
Callas said the messages themselves could be stored in the cloud, with only the senders and recipients having access, though some users might opt to keep them stored on their own machines. He said the goal was a system that would be nearly as easy to use as everyday mail programs.
Levison said he expected that Lavabit itself will return as a provider of support services.
"I don't think the government fully realized the ethical implication of what they are doing. They are forcing businesses to spy on their customers," he said. "If the government has access to everyone's communications, we can become a totalitarian state overnight."
(Reporting by Joseph Menn; Editing by Tim Dobbyn)