Mega to run ‘cutting-edge’ encrypted email after Lavabit’s ‘privacy seppuku’

11 Aug, 2013 16:56 / Updated 11 years ago

Kim Dotcom’s Mega.co.nz is working on a highly-secure email service to run on a non-US-based server. It comes as the US squeezes email providers that offer encryption and Mega’s CEO calls Lavabit’s shutdown an “honorable act of Privacy Seppuku.”

Mega’s Chief Executive Vikram Kumar, who is heading the development of the company’s own end-to-end encryption technology to protect the privacy of the future email’s users, has reacted to the Lavabit founder’s decision to suspend his service’s operations – an act, which was shortly followed by voluntary closing down of another secure email service, Silent Circle. 

“These are acts of ‘Privacy Seppuku’ – honorably and publicly shutting down (“suicide”) rather than being forced to comply with laws and courts intent on violating people’s privacy,” Kumar said in his blog post.

The concept he was referring to was developed by secure service providers such as Cryptocloud, which made a ‘corporate seppuku’ pledge to oppose the mass surveillance and shield the privacy of their users’ data. The name for the move apparently derives from a Japanese ritual suicide, which was originally practiced by samurai to preserve honor.

According to Cryptocloud team’s board post cited by Kumar, “corporate seppuku” is “shutting down a company rather than agreeing to become an extension of the massive, ever-expanding, secretive global surveillance network organized by the US National Security Agency.”

This way, if the company receives a secret order from the NSA “to become a real-time participant in ongoing, blanket, secret surveillance of its customers,” it will not be forced into doing it. The pledge it made to its users will make it terminate itself instead, thus making the data mining impossible.

Such a policy manifests that “there is always a choice” for any company approached by the agents, while at the same time placing the users’ security in the highest priority.

Owner and operator of Lavabit.com Ladar Levison on Thursday wrote that his nine-year-old encrypted email service was shutting down in order to avoid becoming “complicit in crimes against the American people.”

“We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now,” Silent Circle founder Jon Callas then wrote in a blog post.

But as Cryptocloud urged all the companies to make an ultimate privacy-protecting pledge, NSA leaker Edward Snowden said in an email to The Guardian that the internet giants are unlikely to join such action – although it could yield much greater results. He called for Google and Facebook to question their current stance, calling Lavabit’s owner decision “inspiring.”

“Employees and leaders at Google, Facebook, Microsoft, Yahoo, Apple, and the rest of our internet titans must ask themselves why they aren’t fighting for our interests the same way small businesses are. The defense they have offered to this point is that they were compelled by laws they do not agree with, but one day of downtime for the coalition of their services could achieve what a hundred Lavabits could not,” Snowden said.

Mega doing ‘true crypto work for masses’

Meanwhile, Kumar has been involved in an email service project with what he says is exceptional level of encryption.

Mega has been doing an “exciting” but “very hard” and time-consuming job of developing both highly-secure and functional email service, Kumar told ZDNet.

“The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side. If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side,” he explained, adding that even Silent Circle did not try to achieve such a feat.

“On this and other fronts, Mega is doing some hugely cutting-edge stuff. There is probably no one in the world who takes the Mega approach of making true crypto work for the masses, our core proposition,” Kumar said.

According to the company’s founder Dotcom, Mega doesn’t hold decryption keys to customer accounts and “never will”, thus making it impossible for it to read the emails. This also means that Mega by design cannot be forced to rat on its users by intelligence agencies.

However, Dotcom earlier told TorrentFreak that a new spy legislation being pushed by the US and its Five Eyes alliance partners – UK, Canada, Australia and New Zealand – may force Mega to relocate its servers to some country exempt from such jurisdictions, such as Iceland.

The New Zealand government is already “aggressively” eyeing legislation that will compel all internet service providers in the country to design a “secret decryption access” for the intelligence agencies, he said.