Email might be on the verge of a radical makeover. And the NSA is not going to like it.
On Wednesday, two American companies with a track record of offering encrypted private communications are set to join forces in an unprecedented bid to counter dragnet Internet spying. Some of the world’s top cryptographers are behind the secure communications provider Silent Circle, and they’ve teamed up with the founder of Lavabit, the email provider used by Edward Snowden, which recently shut down in a bid to resist surveillance. They’re calling it the “Dark Mail Alliance.” For months, the team has been quietly working on rebuilding email as we know it—and they claim to have had a breakthrough.
The newly developed technology has been designed to look just like ordinary email, with an interface that includes all the usual folders—inbox, sent mail, and drafts. But where it differs is that it will automatically deploy peer-to-peer encryption, so that users of the Dark Mail technology will be able to communicate securely. The encryption, based on a Silent Circle instant messaging protocol called SCIMP, will apply to both content and metadata of the message and attachments. And the secret keys generated to encrypt the communications will be ephemeral, meaning they are deleted after each exchange of messages.
For the NSA and similar surveillance agencies across the world, it will sound like a nightmare. The technology will thwart attempts to sift emails directly from Internet cables as part of so-called “upstream” collection programs and limit the ability to collect messages directly from Internet companies through court orders. Covertly monitoring encrypted Dark Mail emails would likely have to be done by deploying Trojan spyware on a targeted individual’s computer. If every email provider in the world adopted this technology for all their users, it would render dragnet interception of email messages and email metadata virtually impossible.