What expectation of privacy is there with US-based vendors with the LavaBit and SilentCircle shutdown?

Question

Lavabit hosts a secure messaging service that was recently shut down. Likewise SilentCircle has preemptively done the same thing with their email-based service.

It seems that the justification for these actions is to prevent the US government from sending subpoenas, warrants, security letters regarding this service.

• Why is email the only aspect most vendors are concerned about? Other equal methods of communication exist (Encrypted phone, sms, ftp etc) but SilentCircle doesn't appear to be concerned with shutting them down under the same premise.

• Is any certificate vendor, like Verisign, that issues S/MIME certificates susceptible to government subpoena? What about non US companies or private issuances of S/MIME?

• What expectation of privacy should I have when doing business with any US vendor? Is there any expectation of privacy? Does my citizen status matter, or does it matter if I'm in the US or not?

• Are there any known aspects of this that overlap (or explicitly don't overlap) with the PRISM NSA surveillance program?

Answer 1

From what information is out there, it seems like the most likely scenario was that the US Government wanted these companies to install back-door technology into their systems and give the government agencies access to all the information that flows through them; these companies would be ordered to not disclose the backdoor nor the government's involvement.

This appears to have happened back in 2007 with Hushmail. Faced with such an order, the company's only option is to either quietly comply or cease to exist. Note that Hushmail is a Canadian company, but it was nonetheless forced to comply with the US order.

Why is email the only aspect most vendors are concerned about?

Here's what Silent Circle said:

There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure.... And yet, many people wanted it.... However, we have reconsidered this position. We've been thinking about this for some time, whether it was a good idea at all. Yesterday, another secure email provider, Lavabit, shut down their system less they "be complicit in crimes against the American people." We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.

In other words, they didn't think offering the illusion of secure email was particularly useful in the first place because significant data leakage is inevitable in the associated protocols.

But more importantly, once you receive a government order, you no longer have any choice. At that point it becomes too late to stop offering your email service as the order will prohibit you from doing so. At that point, you you must continue to offer your service and pretend that it hasn't been compromised. Otherwise you have to cease all operations altogether.

Silent Circle is hoping that by closing down their email service, they'll be less of a target for spying agencies and will avoid being ordered to compromise their services.

Is any certificate vendor, like Verisign, that issues S/MIME certificates susceptible to government subpoena?

Yes.

What about non US companies?

In many cases, yes. There are a few nations where a US order can't be enforced, though these probably will have their own governmental interference to contend with.

What expectation of privacy should I have when doing business with any US vendor?

Not much. Though to be fair, other governments do similar things as well. Which means realistically, you have no expectation of privacy that you cannot actually prove yourself.

Does my citizen status matter, or does it matter if I'm in the US or not?

The NSA explicitly asserts that all communication anywhere in the world that involves at least one non-US citizen is theirs to collect without cause. They also state that information that they can't prove involves only US citizens will also be collected just in case. The NSA and FBI also have largely unlimited power to force US residents to comply with nearly any surveillance order if they can get a sign-off from a court. That power largely extends to any other nation with which they have a legal assistance treaty, which covers a lot of ground.

Answer 2

There are several issues with email:

1. Interaction with other email users without OpenPGP. You either reject them entirely or you have the receiving server do the encryption. Both of these are problematic.

   Silent circle chose the latter:

   People expect email to work universally, so we had to accept unencrypted mail from outside clients, which we then encrypted for our users. That is a major departure from our other services.

2. OpenPGP as it's commonly used isn't forward secret at all.

3. Email is store and forward, not a direct connection between sender and receiver.

   This makes forward secrecy much harder to implement since you can't simply exchange an ephemeral key at the start of the connection. It also forces the server to store ciphertext, which silent circle is reluctant to do.

   We don't even like the idea of storing ciphertext (and obviously, running a mail server means you end up storing a fair amount if it). You can't be compelled to give up what you don't have.

4. Email headers contain important information, but they're unencrypted by default.

Phone-calls, TLS, or OTR have direct end-to-end connections where they can easily exchange ephemeral keys. SMS on the other hand seems almost as problematic as email.

Answer 3

1) FTP is a bit odd that it's still done, but phone and SMS don't normally require keeping logs of the content, so there is less information that can be subpoena'd. It's also the least easy for them to encrypt in such a way that information would reliably be protected from their legal requirements to cooperate for any insecure e-mail sent to them.

2) The government could possibly compel a CA to issue a certificate signed to say it is some third party, but Verisign never deals with the private key in the case of a certificate signing request and should discard the private key after delivery on any that they generate. Because of this, they have no private key to share, so while the government might be able to make a certificate that claims to be you, they wouldn't be able to access a certificate you had obtained and you wouldn't be able to access the information exchanged using the government's fake certificate if they made one.

3) Expect that the company will do whatever is legally required of them. They will comply with the government or be shut down. If you use your own levels of protection, then you are responsible for your data security. You can look and see if their system is setup to limit what they can actually access, but that would vary on a service by service basis.

4) I'm not sure what you mean, but if they are shutting down services out of fear of being asked / compelled in to cooperating with a program like PRISM, then it clearly has an impact on their reasoning, but I'm really not sure what you mean by this part of the question.

Update: SilentCircle has a blog post about why they made the decision.