In the months since Edward Snowden blew the whistle on PRISM—the NSA’s clandestine mass electronic surveillance data mining program—few buzzwords have been thrown around more often than encrypted e-mail.
Considering free e-mail services like Gmail and Yahoo are no longer options for anyone dead-set on keeping their correspondence private, encrypted e-mail services are all the rage lately. Once used solely by a small subset of privacy-conscientious Internet users, encrypted e-mail popularity is booming as new and established services go down and pop up every day.
In August, encrypted e-mail services started falling like dominoes. On Aug. 4, Tor Mail shut down after a suspected joint NSA and FBI malware attack took down its server base, Freedom Hosting. Admittedly, Freedom Hosting had it coming; they were allowing pedophiles to trade child pornography materials on its servers.
The biggest blow to encrypted e-mail thus far was the abrupt shutdown of Lavabit, which had run asymmetric encryption for its 350,000 users since 2004. Infamous for its use by Snowden, the service suspended operations on Aug. 8. In an open letter on Lavabit’s homepage, founder Ladar Levison said he would rather shut down than “become complicit in crimes against the American people.” Bound by legal restrictions, Levison strongly hinted at fighting a secret government lawsuit demanding confidential user information.
Next to fall—or rather to commit what Cryptocloud users have dubbed Privacy Seppuku— was Silent Circle, shuttering its Silent Mail service on Aug. 9 after seeing “the writing on the wall” in the wake of Lavabit. A blog post by CTO Jon Callas explained its preemptive closure to avoid government subpoenas, admitting “e-mail as we know it with SMTP, POP3, and IMAP cannot be secure.”
While Tor Mail, Lavabit and Silent Mail have all bitten the dust, many other well-regarded encrypted e-mail services are still alive and kicking. Services like GuerillaMail, Canada-based Hushmail, Sweden-based CounterMail and Switzerland-based Neomailbox are all up and running with no plans to stop anytime soon.
Despite government pressure and the inherent vulnerability of encrypted e-mail Callas described, new players are also entering the game. Kim Dotcom’s Mega made waves this week, announcing they’re at work on a “cutting-edge” encrypted e-mail service to run on a non U.S.-based server.
Mega’s CEO Vikram Kumar said, “There is probably no one in the world who takes the Mega approach of making true crypto work for the masses,” but added “it will take months or more to crack” as they develop a service with easy-to-use e-mail functionality that doesn’t undermine its end-to-end encryption core security proposition.