Silent Circle and Lavabit may have abruptly shut down in August amid growing pressure from the National Security Agency to hand over user information, but that doesn’t mean they’ve given up on secure email services. Rather, the two are teaming up under the newly formed Dark Mail Alliance to develop a unique end-to-end encrypted protocol and architecture, which will be released as open source for anyone to implement.
Announced yesterday at at the Inbox Love email conference in California, the new system will be based on the XMPP messaging protocol instead of the old and widely used SMTP, while adding an extra layer of protection by wrapping up all the SSL-encrypted data with Silent Circle's own SCIMP algorithm.
Encryption will apply to an email’s content, attachments and metadata such as the ‘to’ and ‘from’ fields as well as IP addresses and headers. The service will use ephemeral keys, meaning keys are created on-device so only the owner has access to them, and they are deleted after each exchange of messages.
As founding partners of The Dark Mail Alliance, both Silent Circle and Lavabit will work to bring other members into the alliance, assist them in implementing the new protocol and help proliferate what they call “the worlds first end-to-end encrypted 'Email 3.0' throughout the world's email providers.” The official launch is slated for the second quarter of 2014 and a Kickstarter campaign to raise funds will begin soon.
Dark Mail would be available free of cost as an add-on or an option to existing e-mail providers -- so Gmail could use it if Google chose to participate -- in a way that is transparent to end users. The goal is to have “100 Lavabit-like services” around the world and take back email privacy.
Image via ArsTechnica