Phil Zimmerman’s encrypted communications company Silent Circle is shuttering its Silent Mail email service after another secure email service used by NSA leaker Edward Snowden, called Lavabit, closed down earlier today. Silent Circle wrote that it saw "the writing on the wall" after Lavabit owner Ladar Levison explained he was being forced to "become complicit in crimes against the American people or walk away."
Silent Circle’s other services, Silent Phone and Silent Text, are completely end-to-end encrypted; only the users hold the keys needed to decrypt the messages, so even if the company were compelled to produce evidence in court, it wouldn’t have access to its customers’ communications in a usable form. But the protocols used for email — SMTP, POP3, and IMAP — can’t be secured, facing the team with a dilemma: continue providing Silent Mail, which offers similar privacy protections as other secure email services, or ditch the service altogether.
"It's always better to be safe than sorry."
Silent Circle says it hadn't yet received any government requests for data, but didn't want to simply wait until the feds came calling for its customers' emails. "We’d considered phasing the service out, continuing service for existing customers, and a variety of other things up until today. It is always better to be safe than sorry, and with your safety we decided that the worst decision is always no decision," it said.
Update: We've reached out to Silent Circle and received the following statement from Chief Technical Officer Jon Callas:
We give very strong security guarantees about Silent Phone and Silent Text, and every time we talked about key management, metadata, and so on, had to have a little asterisk footnote that essentially said, "Except for Silent Mail." Email is different. It's also useful, which is why we offered as a service.
We have had discussions about it from the very start, and our discussions about whether we should have it at all have been picking up speed. What to do about it was an agenda item on our next BoD meeting, even. We had also planned changes in our offerings to be announced next week.
When we saw the sad news about Lavabit, we had discussions about what that means for us and anyone else running a secure email system. Ladar Levison is a great guy and his team does fantastic work. Something happened there. We can but guess, but there are a lot of obvious guesses.
Our own discussion took on a new urgency. After debate and discussion, we decided that it's best for everyone if we just close it down, delete all the mail, and wipe the disks. It's drastic, but whatever made Lavabit have to close down can't be good for us or our subscribers, whom we have pledged to protect. Of all the choices we had, that seemed the least bad.