Digital rights advocates are doubling down on their criticism of a US-based ISP suspected of performing encryption downgrade attacks that caused customers' e-mail to remain in plaintext as it passed over the Internet.

The attacks, according to researchers, were carried out by AT&T subsidiary Cricket and prevented e-mail from being protected by STARTTLS, a technology that uses the secure sockets layer or transport layer security protocols to encrypt plaintext communications. The attacks worked by removing the STARTTLS flag that causes e-mail to be encrypted as it passes from the sending server to the receiving server. After the tampering came to light late last month it was reported by The Washington Post and TechDirt.

"It is important that ISPs immediately stop this unauthorized removal of their customers' security measures," wrote Electronic Frontier Foundation staff technologist Jacob Hoffman-Andrews in a blog post published Tuesday. "ISPs act as trusted gateways to the global Internet, and it is a violation of that trust to intercept or modify client traffic, regardless of what protocol their customers are using. It is a double violation when such modification disables security measures their customers use to protect themselves."

The EFF post came a week after a privacy service provider called Golden Frog published a petition it filed with the Federal Communications Commission opposing the practice. In an accompanying blog post that laid out the case against Cricket was sabotaging end users' e-mail encryption, company officials wrote:

In May 2014, AIO merged with Cricket Wireless so the Golden Frog engineer became a Cricket customer. In June 2014, he brought the issue to the attention of Golden Frog Co-CTO Michael Douglass while the two were working together at a coffee shop. While using his laptop tethered to his phone and connected via Cricket, he was unable to send email securely. He switched to the coffee shop’s Wifi and was able to send encrypted email. They concluded that STARTTLS was being intercepted. The two investigated further and started running tests. They determined Cricket was intercepting and blocking STARTTLS on port 25 – basically, the STARTTLS command was masked out in server responses, and a command failure response was returned. The engineer was connecting to a personal mail server NOT associated with the wireless provider. The test was repeated by connecting to multiple mail servers including Golden Frog’s corporate mail servers. These were SMTP connections USING the Cricket/AIO network as a network provider to reach a remote, unaffiliated with AIO mail server.

STARTTLS has emerged as a key measure for preventing the National Security Agency and other state-sponsored spies from monitoring e-mail communications in bulk as it travels over the Internet. Both the EFF-provided Encrypt the Web Report and the Google-provided Safer E-mail Transparency report and STARTTLS lookup page help consumers determine how service providers stack up.