Email service provider Lavabit famously (in tech security circles anyway) shut its doors and turned itself off back in 2013. Its owner, Ladar Levison, explained that he was doing so to keep from having to comply with federal government orders to hand over the encryption key that would give the feds access to the contents of emails by domestic surveillance whistleblower Edward Snowden.
Now, as a new administration takes control of the White House, Levison and Lavabit are returning. Lavabit is relaunching its services, now that Levison has worked to make it even harder for the federal government to attempt to gain access to emails sent by its users. On his announcement, timed to launch with Donald Trump’s inauguration, Levison explained that he had developed an end-to-end encryption system that would minimize the ability to for outsiders to access users info, once it’s all fully implemented.
Kim Zetter over at The Intercept has more details directly from Lavabit:
With the new architecture, Lavabit will no longer be able to hand over its SSL key, because the key is now stored in a hardware security module — a tamper-resistant device that provides a secure enclave for storing keys and performing sensitive functions, like encryption and decryption. Lavabit generates a long passphrase blindly so the company doesn’t know what it is; Lavabit then inserts the key into the device and destroys the passphrase.
“Once it’s in there we cannot pull that SSL key back out,” says Sean, a Lavabit developer who asked to be identified only by his first name. (Many of Lavabit’s coders and engineers are volunteers who work for employers who might not like them helping build a system that thwarts government surveillance.)
If anyone does try to extract the key, it will trigger a mechanism that causes the key to self-destruct.
The hardware security module is a temporary solution, however, until end-to-end encryption is available, which will encrypt email on the user’s device and make the SSL encryption less critical.
The site is for Lavabit is active, and for those who want to subscribe, the price currently ranges from $15 to $30 annually depending on storage limits. And they accept bitcoins!
Reason TV has previously interviewed Levison about the importance of encryption in protecting liberty and privacy (and warnings about those who simply use vague encryption and security claims for marketing purposes). Watch below:
from Hit & Run http://ift.tt/2jnq9d6
via IFTTT