PrivateSky developers speak out after being issued national security warrant
GCHQ, the British counterpart and facilitator to the NSA, has forced a privacy focused email service to shut down because it could not effectively spy on the encrypted emails people were sending.
As the blog IT Security Guru reports, a beta version of the PrivateSky service from London-based web security firm CertiVox was shut down early in 2013 following a government order.
The secure email encryption service, which worked with both web based email and Outlook, had “tens of thousands of heavily active users” before it was targeted by government spooks, according to the developers.
Brian Spector, CEO of CertiVox, tells reporters “Towards the end of 2012, we heard from the National Technical Assistance Centre (NTAC), a division of GCHQ and a liaison with the Home Office, [that] they wanted the keys to decrypt the customer data.”
“So they had persons of interest they wanted to track and came with a RIPA warrant signed by the home secretary. You have to comply with a RIPA warrant or you go to jail.” Spector adds.
“It is the same in the USA with FISMA, and it is essentially a national security warrant.” Spector further notes.
NSA head Keith Alexander yesterday stated during a Senate hearing Wednesday that mass spying on Americans is necessary because of events in Syria and Iraq, and because… 9/11.
Because the PrivateSky system works by splitting the root key between the company and the user, CertiVox was simply unable to wholly fulfil the government demand to hand over the data.
“So as far as I know we are the first to do that so if the NSA or GCHQ says ‘hand it over’… they cannot do anything with it until they have the other half, where the customer has control of it.” Spector notes.
The CEO also says that his company could only have continued to offer the secure email system by allowing government spies to have backdoor access to it — completely defeating the point of PrivateSky.
“So in late 2012 we had the choice to make — either architect the world’s most secure encryption system on the planet, so secure that CertiVox cannot see your data, or spend £500,000 building a backdoor into the system to mainline data to GCHQ so they can mainline it over to the NSA.” Spector notes.
“It would be anti-ethical to the values and message we are selling our customers in the first place.” he adds calling it a “catastrophic invasion of privacy” of users.
“It was all too heavy, and all too cloak and dagger for what we wanted to do, and the worst thing was we could have built a backdoor in but we are selling out our customers and the security of the service.”
“We are business people but we believe in privacy, internet freedom and responsible government.” he adds.
Clearly in the same position, Google, Yahoo and Microsoft are not going to shut down their email services, and hence, have likely complied, to varying degrees, with the NSA and its partners.
Earlier in the year, two otehr secure email services, Lavabit and Silent Circle, were also forced to shut down their encryption services. Lavabit was suspended by the government because it was the service that NSA whistleblower Edward Snowden was using.
Lavabit owner Ladar Levison said that he refused to be complicit in “crimes against the American people”, rejecting a court order demanding that the company work with the NSA, allowing it to spy on its customers’ communications data.
Silent Circle followed suit, with a spokesperson stating that while it had not yet received an order from the NSA, “the writing is on the wall”.
Referring to the PrivateSky service, CertiVox CEO Spector adds “We did it before Lavabit and Silent Circle and it was before Snowden happened.”
While clearly dismayed with the situation, Spector explains why he shut down PrivateSky: “…you don’t have any recourse on it or [means to] let the subject know that you have been approached to monitor their communications, as that is also against the law.”
“Whether or not you agree or disagree with the UK and US government, this is how it is and you have to comply with it,” he concludes.
Meanwhile, in a Senate Judiciary Committee hearing on Wednesday, General Keith Alexander said that there is “no other way” to protect Americans than to collect billions of phone and internet records.
“There is no other way that we know of to connect the dots. … Taking these programs off the table is absolutely not the thing to do.” Alexander told the committee’s chairman, Democratic Senator Patrick Leahy.