14 DAY TRIAL // Lavabit, the secure email service, was shut down a couple of months ago after the company's owner Ladar Levinson decided he'd rather close it down than hand over the keys, literally and figuratively, to his business to the NSA.
Given that Levinson is now involved in what will likely be a long lawsuit with the US government, he won't be able to go back to his company for quite some time. So he is now looking to open up the Lavabit code and turn it into a free/open source project, with the help of Kickstarter.
But there are serious reasons why this isn't a great idea. Security researcher Moxie Marlinspike explains why funding an open source Lavabit version is a fundamentally flawed idea, because the service isn't built on solid security practices.
Lavabit boasted that it offered an encrypted email service so secure that even the company's employees couldn't access the stored email messages. That's technically true, but it creates the false impression that Lavabit had no way of accessing the plain text messages, which is false.
That's because the encryption was entirely server-side. The email messages arrived in plain text and were encrypted on the spot with a key also stored on the server. These encrypted messages were then stored. Likewise, they left the servers in plain text, though via an encrypted HTTPS connection.
This opens up the system to a number of possible attacks. On the one hand, anyone in control of the server, either a legitimate operator or a hacker, would have access to the full archive of messages.
Likewise, anyone intercepting the communications between users and the servers would get access to the plain text messages, if it could break the HTTPS encryption, something which the NSA is particularly good at.
But the NSA didn't want to work for it. The agency simply asked Lavabit for the SSL keys and presumably the local encryption keys, so it could get access to both the real-time traffic and the archived messages.
An actually secure service would not have had any way of providing those keys, since only the users would have access to it. But Lavabit was in a position to hand them over, which is why the NSA could pressure it. Thankfully, Levinson decided to shut down Lavabit rather than hand over the keys.
But those same problems remain true with an open source version of the service. Granted, there is actually no way to provide a full, end-to-end encrypted email service with the current system.