These are heroic days. And someone has just managed to become an instant hero by shutting down his servers and letting down 350.000 people. Ladar Levison stopped lavabit.com, the company that provided e-mail for Edward Snowden, and the company he spent ten years of his life building. As he explains here he preferred to cease service without a warning rather than to “become complicit in crimes against the American people”.
Everybody jumped to the conclusion that some government authority must have something to do with it. Maybe he got a National Security Letter, something that you can not lawfully talk about (unless you are Brewster Kahle and fight for your right to talk in court). Nobody is allowed to know. What we know is how people react, for example on his Facebook page.
Some are pissed – they are former customers. But most pay their respects, and some say they donated money to help with legal expenses. Another provider, Silent Circle, co-founded by PGP inventor Phil Zimmermann, followed suit and shut down his encrypted e-mail service as a preventive measure, even without having been contacted by the authorities.
There are very good technical resons. E-mail is inherently insecure. Copies of your messages are stored, and even if the contents is encrypted, the metadata part – who sent it, to whom, when, from where – remains visible for every government agency to store. There is really no good advice to give – other than avoiding to set up shop in the US, which only might help a little bit. Or use encrypted real-time forms of communications like chat.
But if you can’t help it, maybe you can profit from it? That’s what “E-mail made in Germany” has been created for. Three of the largest German e-mail providers conspire to encrypt everything exchanged between their servers and not to store it on US soil. Most people know that Germans are using the same tools as the NSA. So it will be interesting to see if this marketing helps them against, say, Google or Yahoo. They say their alliance is open for other providers.