Lavabit Relaunches Encrypted E-mail Service

Lavabit is relaunching it’s encrypted e-mail service, after having been shut down since 2013. The company shut down it’s encrypted e-mail service to avoid complying with a request by federal law enforcement that would have compromised user privacy. Whistleblower Edward Snowden was a user of Lavabit’s e-mail service at the time, and the FBI had requested Lavabit’s encryption key. “The SSL key was our biggest threat,” Ladar Levison, founder of Lavabit, told The Intercept. While the FBI had claimed that they were only interested in one account, Edward Snowden’s, turning over the key would have allowed the FBI access to all of Lavabit’s users accounts. At the time Lavabit ended their service they had nearly half a million accounts.

On Friday, January 20^th, 2017, Lavabit relaunched it’s e-mail service, this time solving the SSL key problem and adding other new privacy enhancing technologies. One of the new privacy features is a system which obscures e-mail metadata, which is designed to make it more difficult to conduct mass surveillance, such as the mass surveillance programs run by the NSA and other agencies. Later this year Lavabit plans to roll out end-to-end encryption for it’s e-mail service. “This is the first step in a very long journey,” Levison told The Intercept. “What we’re hoping for is that by the end of this year we’ll be more secure than any of the other encrypted messaging apps out there on the market.”

While Edward Snowden has told The Intercept that he cannot verify Lavabit’s new privacy claims, he did say that he would be reactivating his Lavabit e-mail address, “if only to show support for their courage.” Lavabit is asking it’s former users to login to their old accounts so that their account can be regenerated under the service’s new architecture, allowing the old accounts to operate under the upcoming end-to-end encryption system. Levison told The Intercept that Lavabit may not be migrating the nearly 50 million encrypted e-mails of former users which are stored under the old format. Users lost all access to their e-mails when Lavabit shut down in 2013.

Under Lavabit’s new system, the company will no longer be able to hand over it’s SSL key. Their new SSL key is stored in a tamper-resistant hardware security module, which provides a secure enclave for storing keys and performing encryption and decryption. The company blindly generates a long passphrase, so that they do not know what it is. The key is inserted into the hardware security module and the passphrase is then destroyed. “Once it’s in there we cannot pull that SSL key back out,” a Lavabit developer told The Intercept. If someone does attempt to extract the key, a self-destruct mechanism is triggered, destroying the key. However, the hardware security module is only meant to be a temporary solution until Lavabit’s end-to-end encryption is rolled out. Once end-to-end encryption is implemented, the SSL key will not be as critical, as e-mail encryption will then occur on each user’s device instead of on Lavabit’s server.

Lavabit’s end-to-end encryption platform is known as DIME, the Dark Internet Mail Environment. Three different modes of operation are now available for accounts on Lavabit through DIME, they are Trustful, Cautious, and Paranoid. Under Trustful mode, “The server handles all privacy issues requiring users to “trust” the server. Accounts operating in Trustful mode send messages using the Simple Mail Transfer Protocol (SMTP) and receive messages using the Post Office Protocol (POP) or the Internet Mail Access Protocol (IMAP). Webmail systems handling server-side encryption functions operate in Trustful mode,” a statement on Lavabit’s website said. Under Cautious mode, “The server is only used to store and synchronize encrypted data, including encrypted copies of a user’s private keys and encrypted copies of messages. Cautious mode provides a comparable user experience to email today, while minimizing the trust placed in the server,” and under Paranoid mode, “The server will never have access to a user’s private keys (encrypted or decrypted). Paranoid mode minimizes the amount of trust a user is required to place in their server, at the expense of functionality. Paranoid mode does not support webmail access or allows users access their account from multiple devices without an external method for synchronizing their key ring.”

The three modes of operation all use a new feature called Dark Mail, which is based on Tor and designed to obscure e-mail metadata. With Dark Mail, metadata is encrypted, and the sender’s ISP does not know which Lavabit account will receive the e-mail, only which domain receives it. Upon reaching the domain, the server decrypts the “to” field of the e-mail so that it can be delivered. The receiving domain does not know which account sent the e-mail, only the domain it came from. If Levison’s work on the new technology behind Lavabit is successful, the NSA will have a harder time monitoring everyone’s e-mail. Levison told Wired back in 2014 that if the NSA “can follow the flow of every packet on the internet, they may be able to track where every packet is headed. But I’m making it so that becomes incredibly difficult, and it’s been minimized down to the domain level.” “I’m trying to dramatically reduce the amount of trust that you need to place in your service provider to the absolute minimum necessary to accomplish the function of email.”

Lavabit is offering plans starting with 5gb of storage for $15 annually, and 20gb of storage for $30 annually. Their site accepts Bitcoin and credit cards for payment.

For info on other secure e-mail providers click here.