Moving Beyond the NSA's Reach
As noted in the roundup, Lavabit is in the news again as one of two popular encrypted email services to shut down last Thursday. The company first made headlines back in July, when Edward Snowden used his Lavabit account to invite journalists to a press conference held in Moscow's Sheremetyevo International Airport.
Lavabit's owner, Ladar Levison, punctuates the otherwise cryptic farewell statement posted to the company site with some clear
Published by The Lawfare Institute
in Cooperation With
As noted in the roundup, Lavabit is in the news again as one of two popular encrypted email services to shut down last Thursday. The company first made headlines back in July, when Edward Snowden used his Lavabit account to invite journalists to a press conference held in Moscow's Sheremetyevo International Airport.
Lavabit's owner, Ladar Levison, punctuates the otherwise cryptic farewell statement posted to the company site with some clear advice for users.
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.Levison's statement is a reminder that there are limits to the NSA's reach, and that those with a special interest in secure communications are probably looking into jurisdictional alternatives. Email may suffer from intrinsic insecurity, but a quick search online yields comprehensive information on which countries boast user-friendly encryption laws. Unsurprisingly, the Lavabit alternatives most frequently cited over the last couple days include CounterMail, with servers in Sweden; MyKolab and Neomailbox, both based in Switzerland; the Java-enabled version of Hushmail, which operates out of Vancouver; and the ingenious Bitmessage, a decentralized service that leaves the government without anyone to subpoena and which auto-deletes emails after two days. MyKolab goes so far as to market itself as NSA-proof:
We offer secure email accounts including calenders [sic] and address books that synchronize to all your devices. The data is stored in our very own data center in Switzerland and can not be accessed by spy programs such as PRISM, so there will be no spying.Offshore email is just one concrete example of how the Snowden saga may be pushing wary online users to actively move outside the reach of the U.S. intelligence community, which relies heavily on private companies for help monitoring networks. Intelligence officials stated back in June that terrorist organizations appeared to be changing their communication habits based on media coverage of the NSA surveillance programs. These changes might be expected to fall into two categories. On the one hand, terrorists are no doubt interested in discerning what they can of the nature and scale of U.S. surveillance efforts, and tailoring their practices accordingly. But terrorists are also simply on notice to maximize precautions however possible in the face of uncertainty. Whereas the public's murky conception of the law might have once been a boon for NSA data collection practices, now that the U.S. is perceived as a mass-spying regime, and our horizon of expectation (so to speak) has so dramatically shifted when it comes to interpreting U.S. surveillance laws, continued lack of transparency will arguably just feed online paranoia---and precaution.
Jane Chong is former deputy managing editor of Lawfare. She served as a law clerk on the U.S. Court of Appeals for the Third Circuit and is a graduate of Yale Law School and Duke University.