UK Secure Email Provider Shut Down His Service In January To Prevent GCHQ From Obtaining Encryption Keys

from the the-fallout-before-the-fallout dept

Shutting down secure email services because of surveillance agency interference apparently isn't just a local phenomenon. Lavabit, Snowden's email provider, shut down earlier this year to prevent being forced by the NSA to sabotage its own encryption. Silent Circle, another secure communications service, shut down its email product only hours later (but not its main messaging product). Silent Circle hadn't yet been pressured by the government, but obviously felt it was only a matter of time.



International Business Times is reporting a similar incident occurred in the UK earlier this year.

PrivateSky was shut down at the beginning of the year after introducing a web-based version in beta and for Outlook and had "tens of thousands of heavily active users".



Brian Spector, CEO of CertiVox, told IT Security Guru: "Towards the end of 2012, we heard from the National Technical Assistance Centre (NTAC), a division of GCHQ and a liaison with the Home Office, [that] they wanted the keys to decrypt the customer data. We did it before Lavabit and Silent Circle and it was before Snowden happened.

[W]e had the choice to make - either architect the world's most secure encryption system on the planet, so secure that CertiVox cannot see your data, or spend £500,000 building a backdoor into the system to mainline data to GCHQ so they can mainline it over to the NSA.



"It would be anti-ethical to the values and message we are selling our customers in the first place."

He said that from the technology it has implemented a split of the root key in the M-Pin technology so it has one half and the user has the other.



"So as far as I know we are the first to do that so if the NSA or GCHQ says 'hand it over' we can comply as they cannot do anything with it until they have the other half, where the customer has control of it."

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Even before the leaks made the Five Eyes' covert surveillance programs public, PrivateSky got an inside peek at the intelligence community's thirst for data. Unfortunately for Spector and his company, complying with GCHQ's request would mean destroying the security it promised to its customers.I suppose GCHQ is satisfied either way. While having the encryption key would have been nice, it's just as simple to gather up communications and metadata from less secure services -- services some of PrivateSky's customers would have resorted to instead. National intelligence agencies seem all too willing to deploy scorched earth policies that destroy companies that don't immediately cave in to their demands. And why not? It does no harm to the government to force secure services out of business. The users of these services have to goand many of the available options have been compromised already.Spector hasn't completely given up on the thought of offering a secure email service. He says PrivateSky is still up and running but is currently only used internally by CertiVox. But he does have a plan for another secure email offering based on the internal PrivateSky service.This could throw up some obstacles for intelligence agencies, the sort of thing they do everything in their power to avoid. The path of least resistance is also the one most frequently traveled. These agencies hate being told "no" almost as much as they hate being inconvenienced. PrivateSky's split key will do both. It should be interesting to see GCHQ's response if Spector takes the service live again.

Filed Under: email, encryption, gchq, secure email, shutting down, surveillance

Companies: certivox, lavabit, silent circle