After their companies dropped secure email products in the face of government intervention, security vendors Lavabit and Silent Circle have launched the Dark Mail Alliance.
The companies said that the concept is to launch a secure back-end that will allow secure emails to be sent and received. The collective behind Dark Mail Alliance, said that its concept is not a “business venture, but a moral and technological journey”.
Speaking to IT Security Guru, Mike Janke, CEO of Silent Circle and one of the founders of Dark Mail Alliance, said that while the launch of a product is a few months away, at the moment it has a working prototype that it has been testing for some time.
“We have a SMTP ‘gateway’ bolted onto the end-to-end architecture. So a user can also email people who are not using this architecture. If you are a customer of a provider who uses the Dark Mail architecture and I email you – then it is encrypted end-to-end with no metadata leak.
“However, if I email my mother who uses Gmail – the entire email is ‘unsecure’. Our idea was not to limit this to just Silent Circle customers, but to proliferate this architecture throughout the internet so it widens the communication base of the world. That is why we partnered with Ladar (Levison, founder of Lavabit) and Lavabit to help as many companies as possible implement this and offer it to their customers.”
I asked Janke how the alliance will vet and approve Dark Mail compatible vendors/providers, he said that this will be done “through discussions, meetings and interactions” but it will not approve or disapprove a vendor, but rather help them implement it correctly.
In a recent announcement, it confirmed that each company will continue to offer individual email products but it is up to the provider to call it whatever they want, but it will have the end-to-end architecture engine running under the hood and when there are enough providers in the alliance, it will be launched worldwide.
“Some will choose to implement the protocol with an SMTP gateway for the ability to send and receive ‘open’ emails; some will not and only choose to offer peer-to-peer email service – it’s up to the provider who implements it,” Janke said.
The ‘engine’ behind the new architecture is version 2 of the Silent Circle internet mail protocol and this will ultimately be released in open source. “We believe very strongly that the Dark Mail Alliance will be successful if within three years we have 50 per cent of the world’s emails being sent with this new architecture,” Janke said.
“We at Silent Circle had been developing this new protocol for some time. We were originally going to launch it as a Silent Circle only product, but by teaming with Ladar, we saw the value of bolting on an SMTP gateway that his team is building and get this out to the world by putting it open source and helping others implement it.”
In terms of the security of the protocol, Janke said that this is a peer-to-peer technology so a third party cannot decrypt the communications. “An evil third party can do traffic analysis. The best way for someone to do evil is to steal your device or impersonate you.”
Finally with all of the talk of the dangers of the dark web, surely the term “dark” carries a negative aspect to it? Janke said that Dark Mail is meant to imply that your email is dark, or unseen to others, and that it is secure, private and that your w
ritten words are not viewed by some data-mining tech firm or a surveillance-hungry government agency.
He said: “We are proud of the name, we stand behind it and for goodness sake – it’s just the name of our technical alliance!”
With surveillance and monitoring very much the theme of the past few months, this cooperative effort of two firms firstly shows how capable security can be when people work together, and secondly how determined they are to protect users and themselves. Whether that continues to be the case and they can prevent surveillance will be seen after the launch, but the impression I get is that they’ll try their hardest to defend themselves.