A new push to encrypt email, keeping messages free from government snooping, is gaining momentum.
new email service promising "end-to-end" encryption launched on Friday,
and others are being developed while major services such as Google
Gmail and Yahoo Mail have stepped up security measures.
catalyst for email encryption were revelations about widespread online
surveillance in documents leaked by Edward Snowden, the former National Security Agency contractor.
"A lot of people were upset with those
revelations, and that coalesced into this effort," said Jason Stockman,
a co-developer of ProtonMail, a new encrypted email service which
launched Friday with collaboration of scientists from Harvard, the
Massachusetts Institute of Technology and the European research lab
Stockman said ProtonMail aims to be as user-friendly as the
major commercial services, but with extra security, and with its servers
located in Switzerland to make it more difficult for US law enforcement
Encryption is a tool that can help dissident activists
avoid detection in places like China or Iran, but the movement has also
gained credence in the United States among those who want to stay clear
of snooping from the NSA or other intelligence services.
Making encryption easy
vision is to make encryption and privacy mainstream by making it easy
to use," Stockman told AFP. "There's no installation. Everything happens
behind the scenes automatically."
Even though email encryption
using special codes or keys, a system known as PGP, has been around for
two decades, "it was so complicated," and did not gain widespread
adoption, Stockman said.
After testing over the past few months,
ProtonMail went public Friday using a "freemium" model a basic account
will be free with some added features for a paid account.
users from China, Iran, Russia, and other countries around the world
have shown us in the past months, ProtonMail is an important tool for
freedom of speech and we are happy to finally be able to provide this to
the whole world," the company said in a blog post.
Yahoo recently announced efforts to encrypt their email communications,
but some specialists say the effort falls short.
companies don't want to encrypt your stuff because they spy on you,
too," said Bruce Schneier, a well-known cryptographer and author who is
chief technology officer for CO3 Systems.
"Hopefully, the NSA debate is creating incentives for people to build more encryption."
said that with services like Gmail, even if data is encrypted, "they
have the key right next to it if you have the key and lock next to each
other, so it's pretty much useless."
By locating in Switzerland,
ProtonMail hopes to avoid the legal woes of services like Lavabit widely
believed to be used by Snowden which shut down rather than hand over
data to the US government, and which now faces a contempt of court
Even if a Swiss court ordered data to be turned over,
Stockman said, "we would hand over piles of encrypted data. We don't
have a key. We never see the password."
'Dark mail alliance'
founder Ladar Levison meanwhile hopes to launch a new service with
other developers in a coalition known as the "Dark Mail Alliance."
told AFP he hopes to have a new encrypted email system in testing
within a few months and widely available later this year.
"The goal is to make it ubiquitous, so people don't have to turn it on," he said.
he added that the technical hurdles are formidable, because the more
user-friendly the system becomes, "the more susceptible it is to a
sophisticated attacker with fake or spoofed key information."
Levison said he hopes Dark Mail will become a new open standard that can be adopted by other email services.
Callas, a cryptographer who developed the PGP standard and later
co-founded the secure communications firm Silent Circle, cited
challenges in making a system that is both secure and ubiquitous.
you are a bank you have to have an email system that complies with
banking regulations," Callas told AFP, which could allow, for example,
certain emails to be subject to regulatory or court review.
of the services on the Internet started with zero security. We want to
start with a system that is totally secure and let people dial it down."
new email system would complement Silent Circle's existing secure
messaging system and encrypted mobile phone, which was launched earlier
"If we start competing for customers on the basis of maximum privacy, that's good for everybody," Callas said.