Dark Mail: A New Secure Email Standard To Reclaim Privacy

November 8, 2013 | 03:47
Dark Mail: A New Secure Email Standard To Reclaim Privacy
Dark Mail: A New Secure Email Standard To Reclaim Privacy
Lavabit and Silent Circle, two secure email providers, launched the Dark Mail Alliance with the aim to provide private and secure email. Centered around a new email protocol which encrypts both content and metadata, they invite all mail providers to join the Alliance and make secure communications available on the web.

The Dark Mail Alliance was announced on Inbox Love conference last week in an interview with Lavabit founder Ladar Levison and Silent Circle founder Mike Janke. [See video below.]

The Dark Mail protocol is developed by Silent Circle. Initially the company wanted to launch it as one of their products but after the summer of Snowden they decided it needed to be more than that. Now they want to push it as a new open standard for email which has privacy and security at the core of its architecture.

Lavabit provided an encrypted email service to 400.000 users when it abruptly shut down in August. After being court ordered to hand over the SSL keys to the FBI which would have enabled them to read all emails, Levinson decided to terminate his business rather than expose his users. A day later, Silent Circle announced it too shut down its email service knowing it could not protect its users if the US government would come knocking.

The mail protocols we use today were developed when the Internet was still in its infancy. Because of the limited number of people on the networks and the kind of information that was exchanged security was not a priority. Building security on top of the existing protocols has proven difficult. There is PGP (Pretty Good Privacy), an encryption and decryption program but that only protects the message body from prying eyes, not the metadata. Also, it's plagued by its reputation as being hard to use.

At the conference Levinson said about Dark Mail's mission statement: 'The goal is to provide end-to-end user-to-user security. The type of security you get today with PGP. But integrating it into the protocol gives us the ability to secure the metainformation as it traverses the network. And make it easy enough for grandma to use it.'

To generate industry-wide support for the new email standard Lavabit and Silent Cirlce founded the Dark Mail Alliance. Email providers can become members of the non-profit organization which will be the rights holder of the Dark Mail standards and responsible for developing them. The standards will be open source so they can be vetted and developed by the security community.

Initially the Alliance is targetting small and medium mail service providers but it will be interesting to see if big players like Gmail will join too. In the wake of the NSA leaks there is a growing interest in secure online communication but end-to-end encryption interferes with Google's business model of mining users' email to sell ads against them.

Mike Janke said a white paper about the Dark Mail protocol will come out in the near future. The working prototype will be made available open source and mail providers who are interested in implementing it can get help from the Alliance. Janke said that if in three years time, 51% of email traffic is secure, Dark Mail will be a success.

 

 

Loading comments...
related items