DarkMail: Silent Circle and Lavabit Combine Forces
Lavabit was Edward Snowden’s email provider, and it’s definitely talked about in the past tense; founder Ladar Levison closed up shop rather than knuckle under to an order to give up its private SSL keys. Silent Circle founder Phil Zimmerman is the author of Pretty Good Privacy (PGP), an open source email encryption system which earned him a federal investigation for violating munitions export laws when it was mirrored internationally.
Both men have faced down the U.S. Government, and both are visionaries. When they make an announcement, like the creation of the Dark Mail Technical Alliance, everyone in the fields of cryptography and privacy pays close attention. The DMTA has been formed to bring the proposed Dark Internet Mail Environment (pdf) from concept to a broadly adopted standard, and they are well on their way to accomplishing this goal.
Also read: How You Can Still Avoid And Thwart The NSA
Darkmail: Not Just A Press Release
We face a flood of press releases on a daily basis claiming paradigm changing advances, but darkmail.info provides information on the Dark Internet Mail Environment in the form of a 107 page specification. Page fifteen of this document defines some allcaps keywords that are immediately recognizable to technical experts:
“The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, AND “OPTIONAL” as used in the context of this document are to be interpreted as described below.”
The many standards and systems that make up the internet are defined by the Internet Engineering Task Force’s Request For Comment process. The very first RFC was published on April 7th, 1969, the annual ritual of an April Fools RFC began in 1978, and the obituary of IANA administrator Jon Postel was published in 1998 as as RFC 2468, honoring his twenty nine years of service running the Internet Assigned Number Authority. There are over 7400 RFCs available, each of them uses this set of allcaps keywords, and they are the final word in how things should work.
That the DIME standard is RFC style text, but in a polished format, indicates just how quickly the alliance expects to move. They want the technological and business arrangements to happen in parallel, and to be done in the coming year.
We recently published Making Encrypted Email Usable, which offers information on easing your transition into PGP, but when the system’s original author proposes an alternative we should all pay close attention. The motivation for this move is probably best explained by pointing you to the blog of University of Maryland cryptographer Matt Green (@matthew_d_green). He offers a pointed view in What’s the matter with PGP?
It’s time for PGP to die. In the remainder of this post I’m going to explain why this is so, what it means for the future of email encryption, and some of the things we should do about it. Nothing I’m going to say here will surprise anyone who’s familiar with the technology — in fact, this will barely be a technical post. That’s because, fundamentally, most of the problems with email encryption aren’t hyper-technical problems. They’re still baked into the cake.
PGP was a marvel when it was released, but it’s been twenty-four years. If the problems the system face were completely resolvable they would have been resolved and we’d all be using it. Instead we see new messaging tools released every week that are either web based or mobile wrappers around standards based cryptography. The argument that we need backward compatibility has been completely disproven by what is happening in the real world.
What Does DIME Offer?
Today when you send an email using a mobile or desktop client it’s probably unencrypted, which means the full text of the message, as well as the author and recipient are visible on any system that handles it. If any one of your device, the recipient’s device, or either of your mail servers are vulnerable, then the whole message is exposed.
DIME solves this problem by building each message out of multiple encrypted compartments. When your client hands a message to your email server, the only thing your server can see is the destination domain. The destination mail server can see the recipient’s account name, but it only knows which server sent it. While in transit over the public internet, the place where the NSA now captures and indexes our email, the only information available for a DIME message are the source and destination domains.
PGP key management has been a miserable process, only somewhat improved by the tools we mentioned in Making Encrypted Mail Usable. What DIME offers is hard to characterize in a short article, but if you’re familiar with how chat clients handle Off The Record encryption, that’s probably a good way to envision DIME’s capabilities. All of those manual key exchange tasks with the potential for human error are streamlined, or simply automated and out of sight.
Ladar Levison, still smarting over the loss of Lavabit, takes aim in the opening dedication at the entity that cost him his company:
I would like to dedicate this project to the National Security Agency. For better or worse, good or evil, what follows would not have been created without you. Because sometimes upholding constitutional ideas just isn’t enough; sometimes you have to uphold the actual Constitution. May God bless these United States of America. May she once again become the land of the free and home of the brave.
The credentials of the founders are sterling, their motivations are crystal clear. The presence of a 107 page document using RFC style language, but well formatted and full of professional graphics, should help speed uptake among more than just the usual very technical audience for RFCs.
Images from Shutterstock.