In amassing data about every American’s communications, U.S. intelligence agencies are not only making many uneasy about their privacy, but also are endangering the nation’s leadership in innovation and security in communications technology.
Analysts, technology executives and former officials spoke about the recent decisions by two U.S.-based providers of encrypted email to shutter their services in response to actual or anticipated legal demands to surrender customer data.
“Other companies offering these services are starting to move offshore outside the reach of whatever is going on” in the United States, said Howard A. Schmidt, former White House cyberczar.
Indeed, operating a secure email service in the United States no longer may be an option, said law professor Fred H. Cate, director of Indiana University’s Center for Applied Cybersecurity Research.
“If you mean by ‘secure’ a system to which the U.S. government cannot get access, it is beginning to look as if that might not be possible,” said Mr. Cate, who specializes in privacy, security and other information law issues.
Lavabit, the free encrypted email service used by National Security Agency leaker Edward Snowden, closed suddenly this month. Its founder said in a note on the company website that he took the drastic action to avoid being “complicit in crimes against the American people.”
In his note, Ladar Levison said the U.S. government had gagged him from explaining what had happened and why he felt compelled to close his Texas-based business. “I wish that I could legally share with you the events that led to my decision. I cannot,” he wrote.
Hours after Lavabit’s announcement, a Maryland-based company that offers encrypted communication services — SilentCircle — announced that it, too, was shuttering its email service and destroying all of its customers’ email archives.
SilentCircle CEO Mike Janke said the move was to pre-empt legal demands from Washington that the company turn over the “keys” to its customers’ encrypted emails and archived data stored on company servers.
“We saw the writing on the wall,” Mr. Janke said.
Encryption scrambles digital data by manipulating it according to a complex formula or algorithm, called a key. With the key, the data can be unscrambled. Without it, the information remains a mass of meaningless numbers.
The Patriot Act
Mr. Janke said SilentCircle needed to destroy its archives without notice because the company’s email servers had become “a treasure box” of data about its customers, which include several heads of state, some U.S. and allied special operations forces units, and 16 of the world’s largest companies.
“If we had given notice, it would have been like saying: ‘You’ve got 12 hours to serve us [a subpoena].’ I bet we would have got a national security letter within 30 minutes,” he said.
National security letters are administrative subpoenas issued by the FBI without any judicial review. They require companies to produce a broad range of business records “relevant” to a terrorism or counterintelligence investigation.