Inside the Decision to Shut Down Silent Mail

Silent Circle shut down its Silent Mail service yesterday to ward off future requests for customer data by the government.

Silent Circle’s decision to shut down its Silent Mail email service may have come quickly yesterday, and the timing of the announcement admittedly was prompted by Lavabit’s decision to suspend operations hours before. But the seeds for this decision may have been sown long before Edward Snowden, who reportedly used Lavabit as a secure email provider, was a household name and NSA warrants for customer data were known costs of doing business.

“When the team first delivered [Silent Mail], I congratulated and apologized at the same time, and told them this might be our first legacy product,” said Silent Circle CTO Jon Callas.

Silent Circle’s value proposition is its secure real-time voice, video and text communication services; email may have been extraneous from the start. And given the actions of the NSA whistleblower and Internet providers and technology companies seeking transparencies about government requests for customer data, Silent Mail’s days were numbered.

Ironically, yesterday when Lavabit, which provided a similar secure email service, announced it was shutting down rather than “become complicit in crimes against the American people,” as owner Ladar Levison said, things moved quickly for Silent Circle’s decision makers.

“When we saw the Lavabit announcement, the thing we were worrying about had happened, and it had happened to somebody else. It was very difficult to not think I’m next,” Callas said. “I had been discussing with Phil [founder and PGP developer Phil Zimmerman] over dinner the night before, should we be doing this and what the timing should be. I was looking at it from point that I want to be a responsible service provider and not leave users in a lurch. [The Lavabit announcement] told me I have to start moving on it now.”

Within hours, the decision was made and a blogpost was live on the Silent Circle website explaining why.

“We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail now,” Callas wrote. “We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.”

Silent Mail was the outlier for Silent Circle. It was the one product the government could target with a warrant, and the one privacy promise the company could not keep to its customers, Callas said.

“We have been debating Silent Mail from the very beginning and the reason is if you look at what we’re doing with Silent Phone and Silent Text, they offer very high degrees of security,” Callas said. “Email is intrinsically not as good.”

Silent Phone and Silent Text promise end to end encryption with each service; encrypted data is not stored by the company and metadata from conversations is not stored. The same promises could not be made with Silent Mail, and the blame lies with standard email protocols such as SMTP, POP3 and IMAP that leak too much information and metadata, Callas said. The Lavabit announcement yesterday made it clear that Silent Circle had to act promptly with its product, scrapping a number of other options to phase the service out slowly, not take orders after a particular date, or even give customers 72 hours notice of the decision.

“Then, that is the flag for the warrants to come,” Callas said. “We said we had to do something and do it now, and tell people why we did. I had to think about it in terms of if I were [the government], what would I be doing? I would be typing up the subpoenas to be delivered at 7 a.m.”

Lavabit’s Levison, meanwhile, intimated that the 10-year-old company is in the midst of some unnamed request for user data, details of which it could not legally share. Some have speculated the company is in a battle over a request for Snowden’s passwords or other sensitive data. Rather than comply, Levison said he is suspending operations and preparing an appeal that if favorable, would enable him to revive Lavabit.

“I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on–the first amendment is supposed to guarantee me the freedom to speak out in situations like this,” Levison wrote in a note on the Lavabit site. “Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.”

Silent Circle, meanwhile, appears to have sidestepped that landmine and doesn’t expect any issues around Silent Phone and Silent Text.

“We already worry about that with the other services, which is why we could move from being nice about it, to being drastic,” Callas said about Silent Mail. “We know our strengths on the other [products]. It’s the defense we have. We’re quite public that we don’t keep data. Don’t come to us, because we don’t have it.”

Suggested articles


  • Ralph on

    "Chilling effect" is does not describe what is unfolding now. Flash freezing with liquid nitrogen is more like it. It is clear that our near-term electronic future will be entirely free of that pesky commodity we call privacy, and it didn't even take a new terrorist threat to make it happen... just the revelation of some once-secret information about... our lack of privacy. It is funny, really, when you think about it.
  • kosmos on

    It is interesting to note how many people are jumping, hopping, infuriatingly mad about this and yet how many have Facebook pages that literally leak personal data about them every day? The problem is that personal privacy is an extremely valuable commodity and yet, the majority of people have sold there's out for the ability to post a photo of what they ate that night and just who exactly the winner of America's got talent should be? Even now as my browser connects to this website it is leaking vast amounts of information about me. my IP address, cookie data, trackers for advertisers. The systems are inherently insecure they weren't built with security in mind and until people wake up to the value that their personal privacy has we will walk eye's wide open into the panopticon of the future were what you do and think is as transparent as a single pane of glass.
  • Dave on

    Lavabit and Silent Circle should shift all their operations out of the US. That would put them beyond the jackboot-wearers' reach. The secure search engines StartPage and Ixquick are foreign-based for this reason.
  • Peter on

    On the plus side this is finally helping people understand what is secure and what is not (something that the real criminals have known for a long time). If the net result of this is that more normal people are more aware of what is and is not secure than it might not be that bad. Obviously if the NSA can require software providers to put backdoors in client software and gag them from discussing this, then that's another issue. Perhaps now would be a good time for providers of open source encryption software to require (or strongly request) users to compile from source rather than assume that a binary corresponds to the published source code.....
  • Margaret Bartley on

    My sister and I discuss this occasionally, and her attitude is that she does nothing wrong, has nothing to hide, and is not concerned with government surveillance. She is what we used to call a "Good German", referring to the people during the Nazi years who just went about their business, shopping, going to work, as the trains to the death camps went by. People like my sister can post anything they want on Facebook, they don't have anything to hide. So don't look at all the civilians on Facebook to say that people don't care about privacy. Those people don't but they don't count. It's the whistleblowers, activists and investigative reporters that care about privacy, and who need it. Unfortunately, people like my sister do not realize how important to the quality of their life, it is that we have those whistleblowers, activists and investigative reporters.
    • Kratoklastes on

      Your sister needs to be reminded of the statement by Cardinal Richelieue (another power-mad technocrat who serves as the role model for the security-theatre proto-Nazis - along with Tomas de Torquemada). "Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre." "Give me six lines written in the hand of the most honest man, and I will find therein something to hang him". All that needs happen for your sister's Facebook page to become a terminal liability, is for someone in the 'justice' system to take a dislike to her.
      • Margaret Bartley on

        And that's the point. She is very confident that no one in such a position would target her. Her life's experience, including the people she knows, reaffirms her position. That's why I used the analogy of the Good Germans, who, no matter how hard they tried to follow the rules and do what they were told, had their lives devastated by the bombs from the sky, which, if they had been paying attention, they would have predicted and made arrangements for. I'm not sure how we can make arrangements for the coming devastation now, though.
  • G on

    I feel for you Margaret. A lot of us have close relations like that, "Good Germans" who do not (yet) see. Keep trying, gently and logically.
  • Emily on

    Yes, I too have a sister like that, but she has an excuse: glioma.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.