Yet Another Privacy Service Has Shut Down to Avoid the Feds

One of the more unsettling chilling effects of the US government's quest to monitor everything internet users are saying online is that it puts a bullseye on the privacy services trying to protect users from exactly that.

Two of the country’s top secure email providers, Lavabit and Silent Circle, shuttered their doors shortly after Edward Snowden blew the lid off the NSA's domestic surveillance program. Now encryption services continue to drop like flies.

The latest is CryptoSeal Privacy, a VPN service that provides a secure and private way to use the internet. The company announced it's shutting down its consumer privacy product in order to avoid government attempts to access and monitor users’ encrypted communications.

CryptoSeal explained it must comply with subpoenas and warrants from law enforcement, and basically never anticipated this kind of intrusion from the top ranks of the US intelligence arm when the service first launched. Forced to choose between breaking the law or violating its users' privacy, the company threw in the towel.

"Essentially, the service was created and operated under a certain understanding of current US law, and that understanding may not currently be valid," CryptoSeal said in an announcement yesterday. "As we are a US company and comply fully with US law, but wish to protect the privacy of our users, it is impossible for us to continue offering the CryptoSeal Privacy consumer VPN product."

Lavabit and Silent Circle also closed for business rather than comply with government requests to hand over encryption keys needed to monitor user messages. And now Lavabit founder Ladar Levison is taking his privacy fight to court to “defend the constitution”—and he’s crowdfunding the money for his legal case.

Levinson was charged with refusing to comply with a secret FBI "pen order" to hand over information from user emails, including IP addresses and cryptographic keys. The order also forbid Lavabit from informing its users that their security had been breached by US cyber-spies.

Especially in light of Levinson's legal battle, it's no surprise other encryption services are worried they too will wind up caught between a rock and a hard place. CryptoSeal nodded to Lavabit in its explanation for shuttering its VPN service. Per the announcement:

Being forced to turn over cryptographic keys to our entire system on the strength of a pen register order, is unreasonable in our opinion, and likely unconstitutional, but until this matter is settled, we are unable to proceed with our service.

We encourage anyone interested in this issue to support Ladar Levison and Lavabit in their ongoing legal battle.  Donations can be made at https://rally.org/lavabit  We believe Lavabit is an excellent test case for this issue…

… For anyone operating a VPN, mail, or other communications provider in the US, we believe it would be prudent to evaluate whether a pen register order could be used to compel you to divulge SSL keys protecting message contents, and if so, to take appropriate action.

On the upside, the public backlash against Big Brother surveillance is causing something of a boom in the online privacy business, as new startups spring up promising a more secure or anonymous way to use the web. Let the game of cat and mouse begin.