After Lavabit and Silent Mail abruptly shut down this August, many security experts saw the one-two punch as a deathknell for secure email — particularly as Lavabit sank into a protracted legal battle over protecting a user rumored to be Edward Snowden. But today, the two services have returned with a new protocol dubbed Dark Mail, a collaborative project that promises to succeed where the previous projects failed, keeping messages out of the hands of snooping governments without falling prey to court orders.
"We want to proliferate the world with this architecture."
Announced today at an email conference in California, the new system would provide sophisticated encryption combined with a red-light / green-light interface to show whether an email is being sent over unencrypted channels. The developers think this simple design will make the underlying security principles more accessible to the common user, making it obvious which messages are encrypted and which are not. And rather than simply replacing Lavabit and Silent Mail, the team is establishing the new setup as an open protocol, hoping other email services will sign on to incorporate Dark Mail protections into their product. There are no official partners yet, but Silent Circle executives say they know of six companies who will incorporate Dark Mail as soon as the protocol launches. As Silent Circle CEO Mike Janke put it, "We want to proliferate the world with this architecture."
Developers no longer trust SSL
The protocol is based on the same ephemeral-key encryption that powers many of Silent Circle's other products. The main technical change is a rejection of SSL, the widely used encryption scheme that has played a central part in Lavabit's legal troubles. Now that the developers know SSL can be passively decrypted, they no longer trust it, so they're wrapping all the SSL-encrypted data in an extra layer of protection, running of Silent Circle's own SCIMP algorithm.
Like previous Silent Circle products, the protocol would also limit metadata, the information that's used to track each email's sender and recipient. Like most email services, Darkmail routes every message through a central hub, so outside observers will only be able to see traffic entering and exiting the system. (A message would be seen as sent "to Dark Mail," for instance, but it would be unclear how it was routed within Dark Mail.) On the server side, Darkmail will scrub the routing information as soon as possible, leaving no records to be pulled by outside agents. By focusing on server architecture as well as individual practices, the protocol would potentially offer more metadata protection than decentralized services like PGP.
It's difficult to say for certain how secure the system is until it's been independently audited, but the team says they plan to open up the code for review in the coming months, starting with a white paper detailing its technical workings coming in the next two weeks. (In the past, Silent Circle has drawn criticism in the open-source community for its late audits.) The official launch is slated for the second quarter of 2014, by which time the team hopes to have as many as two dozen providers on board.