Kim Dotcom’s Mega.co.nz is working on a highly-secure email service to run on a non-US-based server. It comes as the US squeezes email providers that offer encryption and Mega’s CEO calls Lavabit’s shutdown an “honorable act of Privacy Seppuku.”
Mega’s Chief Executive Vikram Kumar, who is heading the development of the company’s own end-to-end encryption technology to protect the privacy of the future email’s users, has reacted to the Lavabit founder’s decision to suspend his service’s operations – an act, which was shortly followed by voluntary closing down of another secure email service, Silent Circle.
“These are acts of ‘Privacy Seppuku’ – honorably and publicly shutting down (“suicide”) rather than being forced to comply with laws and courts intent on violating people’s privacy,” Kumar said in his blog post.
The concept he was referring to was developed by secure service
providers such as Cryptocloud, which made a ‘corporate seppuku’
pledge to oppose the mass surveillance and shield the privacy of
their users’ data. The name for the move apparently derives from
a Japanese ritual suicide, which was originally practiced by
samurai to preserve honor.
According to Cryptocloud team’s board post cited by Kumar,
“corporate seppuku” is “shutting down a company rather than
agreeing to become an extension of the massive, ever-expanding,
secretive global surveillance network organized by the US
National Security Agency.”
This way, if the company receives a secret order from the NSA
“to become a real-time participant in ongoing, blanket, secret
surveillance of its customers,” it will not be forced into
doing it. The pledge it made to its users will make it terminate
itself instead, thus making the data mining impossible.
Such a policy manifests that “there is always a choice”
for any company approached by the agents, while at the same time
placing the users’ security in the highest priority.
Owner and operator of Lavabit.com Ladar Levison on Thursday wrote
that his nine-year-old encrypted email service was shutting down
in order to avoid becoming “complicit in crimes against the
American people.”
“We see the writing the wall, and we have decided that it is
best for us to shut down Silent Mail now,” Silent Circle
founder Jon Callas then wrote in a blog post.
But as Cryptocloud urged all the companies to make an ultimate
privacy-protecting pledge, NSA leaker Edward Snowden said in an
email to The Guardian that the internet giants are unlikely to
join such action – although it could yield much greater results.
He called for Google and Facebook to question their current
stance, calling Lavabit’s owner decision “inspiring.”
“Employees and leaders at Google, Facebook, Microsoft, Yahoo,
Apple, and the rest of our internet titans must ask themselves
why they aren’t fighting for our interests the same way small
businesses are. The defense they have offered to this point is
that they were compelled by laws they do not agree with, but one
day of downtime for the coalition of their services could achieve
what a hundred Lavabits could not,” Snowden said.
Mega doing ‘true crypto work for masses’
Meanwhile, Kumar has been involved in an email service project
with what he says is exceptional level of encryption.
Mega has been doing an “exciting” but “very hard”
and time-consuming job of developing both highly-secure and
functional email service, Kumar told ZDNet.
“The biggest tech hurdle is providing email functionality that
people expect, such as searching emails, that are trivial to
provide if emails are stored in plain text (or available in plain
text) on the server side. If all the server can see is encrypted
text, as is the case with true end-to-end encryption, then all
the functionality has to be built client side,” he explained,
adding that even Silent Circle did not try to achieve such a
feat.
“On this and other fronts, Mega is doing some hugely
cutting-edge stuff. There is probably no one in the world who
takes the Mega approach of making true crypto work for the
masses, our core proposition,” Kumar said.
According to the company’s founder Dotcom, Mega doesn’t hold
decryption keys to customer accounts and “never will”,
thus making it impossible for it to read the emails. This also
means that Mega by design cannot be forced to rat on its users by
intelligence agencies.
However, Dotcom earlier told TorrentFreak that a new spy
legislation being pushed by the US and its Five Eyes alliance
partners – UK, Canada, Australia and New Zealand – may force Mega
to relocate its servers to some country exempt from such
jurisdictions, such as Iceland.
The New Zealand government is already “aggressively”
eyeing legislation that will compel all internet service
providers in the country to design a “secret decryption
access” for the intelligence agencies, he said.