Dark Mail: New Encrypted Service Announced
The legal battle surrounding Lavabit, the encrypted email service that refused to let the FBI monitor all of its customers, is far from over. But Lavabit creator Ladar Levison has already moved on to his next project.
It's called Dark Mail, and it aims to change email by making encryption both stronger and easier to use.
Levison, along with his former competitors Mike Janke and Jon Callas, both of encrypted communications service Silent Circle, announced the Dark Mail Alliance at the Inbox Love conference held in Mountain View, Calif., yesterday (Oct. 30).
Dark Mail, which will be an open-source project, is scheduled to go live in mid-2014. The founders say the protocol will be available as an add-on to participating email providers.
Levison and Janke told Mashable that Dark Mail will be loosely based on Silent Mail, the encrypted email service that Silent Circle offered until early August, when the company shut it down to avoid the same kind of legal trouble in which Lavabit was already embroiled.
Dark Mail will differ from nearly every other email service on the Web in that it will be based on a transport protocol called Extensible Messaging and Presence Protocol, or XMPP, which was originally developed for instant-messaging software.
Standard email services use the Simple Mail Transfer Protocol, or SMTP, to send messages. Other protocols — such as the Internet Message Access Protocol (IMAP), Microsoft Exchange or Post Office Protocol (POP) — are used to receive messages.
But while it's relatively easy to encrypt the content of an email message, encrypting the addressing data — where the message came from, and where it's going — usually means the email won't be delivered.
Think of a physical letter: The letter itself can be written in code, but the "to" and "from" addresses on the envelope have to be readable by mail carriers.
Dark Mail will use some of the same modifications to XMPP that Silent Circle used to create SCIMP, Silent Circle's instant-messaging client, in order to encrypt addressing data.
XMPP is an open standard, and its code is constantly subject to peer review and improvement. It's unlikely that the National Security Agency (NSA), or any other group, could sneak in a back door to the protocol without anyone noticing.
Levison, Callas and Janke promise that Dark Mail will be encrypted end-to-end, meaning that operators of services using the Dark Mail protocol will never have access to their users' data and, therefore, will not be able to surrender that data to the U.S. government, even if ordered to do so by a federal court.
Such a court order led to the closing of Lavabit. The U.S. government desired access to a certain user's account — probably that of NSA leaker Edward Snowden himself — and Levison complied, to an extent.
But when the FBI ran into roadblocks attempting to decrypt the addressing fields of the targeted user's messages, it got a court order forcing Levison to surrender his own encryption keys, which protected all Lavabit users' messages, not just those of the user under investigation.
Levison handed over the keys on Aug. 8, and then shut down Lavabit the same day, before the FBI could use the keys to monitor his clients.
A day after Lavabit shut down, Silent Circle shut down its Silent Mail encrypted email service.
On the company blog on Aug. 9, Callas explained that currently existing email services could never be fully secure.
"Email that uses standard Internet protocols cannot have the same security guarantees that real-time communication has," Callas wrote.
The other big difference between Dark Mail and other email services is that it won't rely on Secure Sockets Layer (SSL), an encryption protocol used throughout the Internet that the NSA may have already cracked.
The Dark Mail Alliance is a not-for-profit organization, and will launch a Kickstarter campaign sometime next week to fund the protocol's development.