They're trying to avoid what's happened to Lavabit

Oct 22, 2013 06:44 GMT  ·  By

CryptoSeal, a virtual private network, has decided to shut down one of its services since it can no longer guarantee it won’t expose its customers to government monitoring.

The VPN service issued a statement saying that while it will continue to offer its services for businesses, its customer-only service will come to a stop.

“With immediate effect as of this notice, CryptoSeal Privacy, our consumer VPN service, is terminated. All cryptographic keys used in the operation of the service have been zerofilled, and while no logs were produced by design during operation of the service, all records created incidental to the operation of the service have been deleted to the best of our ability,” the message states.

Furthermore, they say that the service was created and operated under a certain understanding of US laws, but this could no longer be valid as exposed by recent reports about the NSA.

“As we are a US company and comply fully with US law, but wish to protect the privacy of our users, it is impossible for us to continue offering the CryptoSeal Privacy consumer VPN product,” they state.

The statement released by the service also hints at the reasons behind this decision, and that’s what happened to Ladar Levison, Lavabit’s owner.

The Lavabit case, they say, “reveals a Government theory that if a pen register order is made on a provider, and the provider’s systems do not readily facilitate full monitoring of pen register information and delivery to the Government in realtime, the Government can compel production of cryptographic keys via a warrant to support a government-provided pen trap device.”

Since the systems over at CrytoSeal do not support recording of any such information, they could be asked to hand over the SSL keys themselves, which is in their opinion unreasonable and likely unconstitutional. Instead, they choose to put a stop to their product rather than continue until this matter is settled.