Slashdot Mirror
Inside the Decision To Shut Down Silent Mail
Trailrunner7 writes with this snippet from ThreatPost:: "Silent Circle's decision to shut down its Silent Mail email service may have come quickly yesterday, and the timing of the announcement admittedly was prompted by Lavabit's decision to suspend operations hours before. But the seeds for this decision may have been sown long before Edward Snowden, who reportedly used Lavabit as a secure email provider, was a household name and NSA warrants for customer data were known costs of doing business. ... 'When we saw the Lavabit announcement, the thing we were worrying about had happened, and it had happened to somebody else. It was very difficult to not think I'm next,' Callas said. 'I had been discussing with Phil [founder and PGP developer Phil Zimmerman] over dinner the night before, should we be doing this and what the timing should be. I was looking at it from point that I want to be a responsible service provider and not leave users in a lurch. [The Lavabit announcement] told me I have to start moving on it now.'"
This is called "oppression," when you live in fear of being the "next" target of government "scrutiny."
I don't think there is any money directly attached. It's more of a threatened 'if you don't comply we throw you and your employees in jail' thing. Not sure how that would work out in a real world courtroom (I'd like to assume it would make it to court including a jury), but the companies likely don't want to chance it. Can't say I blame them in this case- it's looking like McCarthyism (http://en.wikipedia.org/wiki/Mcarthyism) all over again. Sorry for the rusty geek skills.
We never liked the choices available for secure email for mobile devices, because no email client with PGP encryption was available for smartphones. Instead, we had to install PGP Universal, which is a server-based version of PGP, designed for enterprise environments, which does the PGP encryption and decryption on the server, with PGP private keys stored on the server. Not a good architecture for consumers in today's climate. We strongly preferred to do PGP on the client side, but we were a long way from having a PGP client for mobile devices. And even if we had a PGP client, we would still be stuck with email metadata exposure on the servers, even with the message body encrypted. That's why we were unhappy with Silent Mail, and why we were discussing a phaseout for some weeks before these events. The Lavabit event made it clear we could not put it off any longer. --Phil Zimmermann (spelled with two Ns)
US businesses are run under US laws even if they are outside the US. This is related to that whole 'you can't bribery, even in countries where that's the norm' thing others have talked about in previous article's comments.
Basically in order to, as a US citizen, move your business abroad (without serious lobbying power) and forgoe the aforementioned issues, you're need to:
A. Reincorporate the business in a foreign nation.
B. Get your customer data transferred to the foreign nation without running afoul of US law.
C. Not have US citizens who are on the board/in key positions intimidated through legal or extralegal means to provide governmental access to the information.
Given that Zimmerman is one of the members of this particular company, and went through the predecessors to this with PGP, I'm pretty sure he's well aware of the legal ramifications both domestic and abroad at relocating his business.
To reliably do this, they must move themselves and have a self-hosted solution. If you host your data with anyone else you need to believe they value your data more than the money to be made from it or you are worth the head-ache of annoyingly trying to protect it from government agencies.
Over the last 10 years from time to time people within my company (which highly depends on privacy) have suggested hosting our servers/services with external hosting providers/cloud solutions. Every time I refuse. Their arguments are valid. It could be cheaper. It removes the hosting burden. These large providers are experts and could have better security. Even all of that being true the overriding truth as I see it is even though they may be better, cheaper, etc I can promise you we care about our data more than they will. FBI raids a data center for someone elses server and grabs our with it? Sorry, it was the FBIs fault! Any business reality makes handing over our data a legal requirement or just more convenient legally? Sorry we had to!
The last few months revelations just confirm what I've always known. If security and privacy are your business and you take it seriously, you had better be hosting it yourself. Google may have better technical experts than you, but I promise the people who actually make decisions internally care more about your data and will fight for it more when you host internally.
"reality has a well-known liberal bias" - Steven Colbert
There's negligible money in complying with these (illegal) 'requests' fro data. Why spread FUD? If you want to do something about it, fix the damn US government. Personally,I'm still surprised a few of those companies haven't moved to Canada.
It's not the threat of jail, but the threat that things can start going wrong for any provider that does not play ball with the NSA.
It's like the mafia thugs that come into the restaurant and sell the owner "insurance" because "a lot of bad things can happen, you know?"
There is a very short window of opportunity to stop the Panopticon now. Unfortunately, the people in power have made it clear that nothing in the political process is going to stop them. The solutions, if they come, will be outside of the political process. They made it that way, so people who resist ubiquitous surveillance and surrender of privacy can be seen as "radicals" and "terrorists" and worse.
There are some bad times coming, I fear.
You are welcome on my lawn.
The Constitution is not a suicide pact. There are options between colonoscopy-level-surveillance and nuclear-price-of-feedom.
I don't think there is any money directly attached.
Qwest said no, and lost all their government contracts, followed by the CEO being arrested for having used said government contracts' value in financial reports.
It isn't NSA money. Compared to the world's players, the NSA isn't that big. There are a lot of people who want that data too:
1: LEOs in the US. That NSA info gets forked over to Joe DA who is being forced by the private prisons to shove as many people in jail as possible (or be replaced by someone who can), the NSA stuff is a gold mine. Find people texting at a location after dark at a park? Criminal trespass charges. Kids texting out of school, curfew charges. People on parole seen on a camera by someone else, big cash as those arrestees go in for the long haul. With the fact that all but two states in the US are required by contract to maintain 90% bed occupancy, someone has to fill those beds. Don't forget all the marijuana charges and charges of conspiracy (two people talking about a grow room can felony charges.)
2: Insurance companies. Already, I have had to go through a physical because someone snapped a photo of me in a humidor and posted it onto FB, and the insurance company questioned if I were a smoker or not, then demanded the physical and drug test. Picture the gold mine they have.
3: Other country's NSA-departments. Knowing who is a system admin at another country's sensitive /secret/top secret depot is very important, as that person can be given the $5 wrench treatment (or one of their family members) until they give up and do a Snowden. Think the US is good, China has far better technology, intel, and manpower at sigint.
4: Companies and governments. If an area is starting to have water issues, get the people moving in to raise prices on that sky high.
So, the NSA by itself isn't a threat. That data in other people's hands is. It would be nice if Google, Apple, etc. would not just keep passively handing items to advertisers, because they are on the verge of losing their entire subscriber (not customer) base to foreign services.
How do you think tons of drugs from Mexico and Colombia get into the US every day?
The Overlords want you to think that it is all due to corrupt policemen and politicians south of the border, but how does it get in and then gets distributed?
Same answer, corrupt policemen and politicians. But they want the market for themselves, so yes, you try to do it on your own, you're a terrorist!
Be very, very careful what you put into that head, because you will never, ever get it out. - Cardinal Wolsey
By your UID you should be old enough to remember Cayman Islands. Great place, white sandy beaches and a English-backed government.
When the US Government (thru the OECD) decided that the 400+ banks in Cayman were laundering money, the Cayman government caved in and signed a treaty to provide OECD member states with access to bank information.
Bear in mind, laundering money back then wasn't about financing terrorist organizations, it was about US citizens not paying taxes.
More recently, the Swiss turned over data on US citizens who have (had?) Swiss bank accounts.
Sorry, Antigua won't stand up to the US. No more than Cayman or the Swiss did.
And no, it will not take a aircraft carrier and its group off the coast. It will only take a call from some senior D.C. politicians before they cave in.
Be very, very careful what you put into that head, because you will never, ever get it out. - Cardinal Wolsey
We were a small ISP, and we got subpoenas multiple times per month. You don't say no to a court order, unless you want to spend some time in court/jail explaining to the judge why you feel like you shouldn't have to comply. This is fine if you're a hippie, have tons of time and money, nothing to lose, and could care less about eventually having a criminal record.
Due to CALEA, we were required to buy equipment to fulfill "tapping" requests from law enforcement. http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act You can thank Clinton and Congress (1994) for that.
It was another cost of doing business if you wanted to be a service provider in the U.S. Don't like it? You do something else....and so I did.
But spying on facebook chats will solve this!
John Doe has invited you to Drug pickup September the 2nd 22:00
John Doe 11:00 ... Please share and invite all your friends who may want to participate in the bidding process! Peace!
Yo man! Those cocaine subs will arrive at (time & location)
Can't decide whatever to post as AC or aliquis. Score mod points and karma or forever be seen as a drug lord by the NSA.