Four days after Lavabit's shutdown announcement and three days after Silent Circle pre-emptively shut down their Silent Mail product before they too were forced into the same operational corner. Ladar Levison, the operator of Lavabit, has been able to say almost nothing about the actual compulsion he has received — the gag-order regime that comes with FISA-court process is structurally what makes this kind of compulsion difficult to fight in public — but his published note is unusually direct: "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit." The interpretation everyone is making, and which Levison has not denied, is that he received a federal-court order requiring him to provide either content or some form of decryption capability for one or more accounts, almost certainly including Edward Snowden's, and that the order was framed in a way that would have compromised every other Lavabit customer's privacy as well. He shut the service down rather than comply.
The Silent Circle pre-emptive shutdown is the more telling of the two. Silent Circle's Phil Zimmermann (PGP), Jon Callas, and Mike Janke have substantial credibility on these questions — Zimmermann in particular has been thinking about the operational viability of encrypted-email for two decades — and their decision to shut down Silent Mail before being served with any compulsion of their own is the security-engineering community's signal that the operating model of "encrypted email as a service" is not viable in the post-Snowden environment. The reason is structural. An encrypted-email service that holds keys at the server side, which is what Lavabit was offering, can be compelled to hand those keys over. An encrypted-email service that holds keys client-side cannot do email-server functions like spam filtering, virus scanning, search-by-content, or anti-abuse work; it has therefore been a niche product. Silent Circle's analysis is that the niche is now occupied by tools that should not pretend to offer the protections the niche claims, and they have walked away from the product line rather than continue to offer something that misleads users about its protections. Kim Zetter at Wired has been the steadiest source on the technical and legal specifics of the Lavabit case as they have surfaced.
This is the second-order effect that I think will be operationally substantial over the coming year. The previous defensive answer for clients who needed encrypted email was to point them at one of the dedicated services. That answer is now meaningfully harder to give. The honest answer in 2013 is OpenPGP at the user end with a careful threat-model conversation about what the key management actually buys, deployed against whatever email infrastructure the user has. The OpenPGP tooling has not improved enough to make this comfortable; the alternative — the dedicated encrypted-email service — has been demonstrated to be operationally unviable against state compulsion. The space between "use OpenPGP with all the operational pain that implies" and "trust the platform vendor" is, on present evidence, smaller than it was three months ago.
For the engagements where this matters — News International's source-protection workflows, Browne Jacobson's privileged-client-communications, the Hedgehog clients with sensitive correspondence requirements — I have been redrafting the practical advice. The previous draft pointed at a small number of dedicated services as candidate solutions; the current draft points at OpenPGP-with-Thunderbird-Enigmail as the only deployable answer for non-developer users, with a clear threat-model articulation that this is necessary because the dedicated-service alternatives have demonstrated their structural vulnerability to compulsion. The clients are, on the whole, accepting this argument; the deployment is going to be slow because the OpenPGP tooling is what it is.
The wider point is what this incident tells us about the operational viability of any commercial-service-provider as a privacy guarantor. Lavabit and Silent Mail were both run by people with substantial technical credibility and explicit privacy-protective business models. They were both materially better than the major-platform alternatives. They were both demonstrated to be operationally unable to resist sustained federal compulsion. The structural conclusion is that any privacy guarantee that depends on the service-provider's continued operation under whatever compulsion is brought to bear is not a privacy guarantee in any meaningful sense. The privacy guarantee has to be at the cryptographic-architecture level, with the service provider holding only encrypted material and no keys. This is the architectural argument I have been making since Petraeus; the Lavabit story is the public confirmation of the case. Bruce Schneier has been making the same argument at Schneier on Security through the past week, with rather more direct rhetoric than I am willing to use about what the implications are for the broader US tech sector.
For the Hedgehog SOC, the post-Lavabit detection-content question is bounded — the SOC monitors traffic and infrastructure, not encrypted-email-service trust models — but there is one practical addition: the kinds of data-flow patterns that suggest a client is using a dedicated-encrypted-email service for sensitive correspondence are now patterns the analysts know to flag, because the population of services running that pattern is small and shifting and any sudden change in that pattern at a client may indicate either compromise or a change in the client's operational practice that the security team needs to know about.
The wider piece I have been outlining, on the structural relationship between commercial security infrastructure and state-level surveillance, is now mostly written. I will probably publish it as a longer piece in early September, after the engagement-team review has caught the obvious mistakes. The post-Lavabit moment is, in some ways, the cleanest single illustration the piece needs.
The next post is likely the Manning sentencing, which is scheduled for next week, or whatever surfaces from the continuing Snowden disclosures. The pace is, if anything, accelerating.