Over the course of three balmy days in July 2014, hundreds of black-clad, multi-pierced computer geeks swarmed Manhattan’s Hotel Pennsylvania for the biennial Hackers on Planet Earth (HOPE) conference. That year’s theme was “dissent,” and attendees shuttled among conference rooms that had been renamed in a scattershot homage to famous whistle-blowers. On a Saturday afternoon, Daniel Ellsberg took the stage in the Manning Room, a nod to Chelsea Manning, the Army intelligence analyst who passed hundreds of thousands of classified documents to WikiLeaks and is now serving a thirty-five-year sentence in Fort Leavenworth prison. Ellsberg told the audience about the tense days surrounding his release of the Pentagon Papers, leavening his delivery with borscht-belt asides: “My wife used to hate it when I was called a ‘leaker’ because it made me sound incontinent.”
Ellsberg was identified on the HOPE program as the keynote speaker, but in truth he was merely the warm-up act for Edward Snowden, who appeared on a screen behind him via video link from Russia. Snowden wore a black shirt that accentuated the pallor of his face, but he seemed in good spirits, smiling bashfully as the overflow crowd greeted him with a prolonged standing ovation. It is because of Snowden’s disclosures to several media outlets that the world has learned about the global system of mass surveillance run by the U.S. National Security Agency, abetted by rubber-stamp secret tribunals and the obeisance of the nation’s largest tech companies. Snowden told the hacker community (as well as the NSA moles he said were surely in the audience) that technology itself was not the enemy. He urged his listeners to use their skills to fight back against prying entities.
When he talks about privacy, he explained, “I say, ‘Encryption, encryption, encryption,’ because it’s an important first step.” But most encryption standards for email don’t cloak a message’s metadata — the header that contains the identification of the sender and receiver, as well as the subject line and time stamp. He saw this as increasingly insufficient in a world where association is often what really matters. When a whistle-blower sends someone an encrypted email, he said, “the government can’t read the content of the communication, but they go, ‘Why is an employee of the government, who was at work on Thursday at the Central Intelligence Agency or the National Security Agency or the FBI [and] who works on programs that would be deeply embarrassing to the government — why are they contacting someone at the Freedom of the Press Foundation or the Washington Post or the New York Times?’ ”
Snowden outlined the sorry state of online privacy. Of course, encryption standards had always been relatively lax at major tech firms such as Google, Facebook, and Yahoo, whose business models depend on mining user information for targeted advertising. But Snowden’s disclosures had revealed the more troubling fact that these companies — along with Microsoft, Apple, and AOL — all cooperated with Prism, the top-secret NSA program that mined private data directly from the companies’ servers.
As Snowden spoke, I received a text message from an audience member who had given an address in the same room the night before about his new encrypted-email project. “It’s uncanny how much Snowden sounds like me,” Ladar Levison wrote. “He’s parroting what I said.”
Levison is not a modest man, but he has some grounds for speaking with authority. After all, Snowden was the most famous user of Lavabit, Levison’s first encrypted-email service.
Ladar Levison was working as a systems engineer in 2004, when Google released Gmail, a service that promised a free email account with one gigabyte of storage. He realized, he told me later, that he “could run to CompUSA and set up a free email service that was on par with Gmail and give people one gigabyte, too.” He didn’t originally conceive of Lavabit as a service for political dissidents, but he was interested in user privacy. Unlike big providers such as Google and Yahoo, Levison didn’t want to collect user data for advertising purposes.
“What would differentiate us is we’d build a service that we’d want to use ourselves,” Levison said. “We wouldn’t want our messages profiled. We understood what keyword analysis was. If your buddy was sending messages about trouble with his wife, you wouldn’t want to be seeing ads with divorce lawyers on the right.” He’d only allow random advertising, even though “you don’t make much money that way.” To generate revenue, Levison added an encryption feature for paying customers. At its peak, Lavabit had around 400,000 free users and 10,000 paid subscribers, among them Edward Snowden.
In the spring of 2013, Snowden began leaking NSA documents to Glenn Greenwald and other journalists at the Guardian and the Washington Post. That summer, two FBI agents knocked on Levison’s door with a court order for access to Lavabit’s metadata logs. When he said that he didn’t keep such logs, the agency responded by demanding Lavabit’s SSL keys, long digital codes that would allow the FBI to decrypt user passwords and breach the account of every Lavabit user.
Today, Apple is facing a similar demand from the agency, which would like to unlock the iPhone 5C provided to Syed Rizwan Farook by his employer, the San Bernardino County Department of Public Health. On December 2, 2015, Farook and his wife killed fourteen people and wounded twenty-two in a shooting attack before being shot dead by police.
The government believes there may be some evidence related to the attack on Farook’s phone, which they can’t acquire without Apple’s help. Apple contends that helping in this case amounts to creating a “back door” that could be used on millions of other iPhones. Of course, the world’s most valuable company has more legal resources than Levison, who made a decent but by no means extravagant living. What’s more, Levison’s case was put under seal, precluding him from seeking public support for his defense.*
*Out of respect for user privacy, Levison has never specified the primary target of the FBI’s request, which remains under seal. But in March, the federal government accidentally released an unredacted document confirming that it was [email protected]
Levison was aware of some precedents for his predicament. In 2007, Hushmail, a privacy-minded email provider in Canada that was used by NSA whistle-blower Thomas Drake and others, received a court order as part of a U.S. investigation targeting steroid dealers. Hushmail turned over decrypted messages to the DEA, badly damaging its reputation in the hacker community. But Hushmail had faced a targeted request, not a demand to hand over its SSL keys. While Levison had cooperated in the past with investigations of Craigslist scams and other small frauds, he’d never been asked to unmask his entire clientele. As he saw it, he had two choices. He could cooperate with the government — violating his users’ privacy and losing their trust in the process — or he could shut Lavabit down.
No matter the outcome of Apple’s current battle with the FBI, it’s a safe bet that the company won’t opt to close its doors. But on August 7, 2013, Lavabit did just that. Levison closed his email service, and then delivered the now-useless encryption keys to the FBI. The following day, he posted a statement on Lavabit’s homepage:
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul-searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot.
At the time, Levison figured he’d “take a cushy corporate job,” but he soon discovered that his defiance had struck a chord with privacy advocates. At one security conference he ran into Mike Janke, a cofounder of Silent Circle, an encrypted-communications firm. On the day that Levison announced the closure of Lavabit, Silent Circle preemptively closed its own email service, in anticipation of government meddling. The two men agreed to cooperate on a new, better service. They formally called the venture the Dark Mail Alliance. Since that meeting, Silent Circle has largely focused on telephony security. According to Silent Circle’s cofounder, Phil Zimmermann, securing email communication is much more difficult than protecting telephony. “Phone calls are ephemeral,” he told me. “Emails are around for a long time.”
For Levison, the difficulty is part of the appeal. His goal is to build an email service that can’t be subpoenaed by the FBI — one in which there would be no centralized keys to unlock users’ secrets. To the uninitiated this may sound like a simple project, but Levison faces technological hurdles that the creators of email never anticipated.
Email’s origins date to the 1960s, before the creation of the Internet, when electronic messages were sent between computer terminals linked to a single mainframe. But tech engineer Ray Tomlinson is generally credited with inventing email proper in 1971, when he successfully sent a message between two computers over the ARPANET network. (Tomlinson, who died in March, was also responsible for the inclusion of the @ sign in email addresses.) Trey Ford, a global-security strategist at Rapid7, an I.T.-security firm, told me that early email users, a mix of university and government engineers, “were more concerned with stability and availability than security.” Many held the utopian view that interconnectivity could only be a force for good. The assumption was that “every player on the network is a good guy, so it’s fine for all these folks to touch your correspondence between two people,” said Alex Stamos, who was Yahoo’s chief information-security officer at the time that we spoke. (He has since moved to a similar position at Facebook.)
Security at mass providers lagged behind that of other industries that relied on electronic communication. While online banking and e-commerce websites have employed cryptographic protocols since the 1990s, the large email providers were late adopters. Google implemented a secure connection as Gmail’s default in 2010; Microsoft followed suit in 2012. Yahoo made the change only in early 2014, after the Washington Post reported on Muscular, a joint program by the NSA and its British counterpart that secretly intercepted unencrypted messages from the fiber-optic networks that connected Google and Yahoo data centers.
“There’s a constant creative tension between security and usability,” Stephan Somogyi, a product manager for security and privacy at Google, told me. With hundreds of millions of users, most of whom are not computer experts, Google and other large email providers are wary of implementing security features that make demands of users. “A lot of people don’t understand security, and they bristle at having to enter their password again,” Somogyi said. “You can oversecure something, but if you oversecure something and stop people from being able to use it, then they’re just going to use something else. Because there’s an overabundance of research that shows if you get in people’s way, they’ll choose a less secure alternative, because it allows them to get done what they want to get done.” End-to-end encryption also poses challenges for email search features and spam filters, two of Gmail’s primary attractions for many users.
Even without these user-experience issues, increasing privacy protection wouldn’t necessarily make business sense for the big players. “If you look at how the Internet works today, the way people make money is by selling advertisements, farming your emails for personal data,” said Andy Yen, one of the founders of an email service called Protonmail. “If we really want to have more privacy online, the Googles, the Yahoos, and the Facebooks of the world are not going to be the ones to do it.”
Yen’s statement might seem odd in light of the highly publicized battle between Apple and the FBI, in which the agency has called the company’s opposition to government cooperation a “marketing strategy.” But Levison pointed out that the government, not Apple, chose to fight this battle in the open. “I wanted my fight with the government to be public, but I was placed under a gag order,” he said. In contrast, Apple asked that the government make its request for assistance under seal, and might very well have acquiesced if they could have done so secretly. Levison believes that there’s been a genuine cultural shift inside Apple and other tech behemoths in favor of increased privacy protection, but only because of the shaming effects of the Snowden revelations, which exposed collusion between Big Tech and the government.
Meanwhile, smaller, privacy-minded email services have struggled to attract wide audiences, even though reliable tools for encrypting messages have been available since 1991. That’s the year Phil Zimmermann, the Silent Circle cofounder, launched Pretty Good Privacy, a “military-grade” encryption scheme that ensures only the intended parties can read an email message. “It was designed for people who were up against their own governments,” Zimmermann told me. The U.S. government certainly perceived PGP as a military-grade threat, targeting Zimmermann in a criminal investigation for munitions export without a license. (After he published the PGP protocol as a book — in order to claim First Amendment protections for his idea — no charges were filed.)
PGP requires users to set up and maintain private encryption keys, and it doesn’t allow for shortcuts like password retrieval. For casual users, this can be cumbersome. “PGP has been available for twenty-five years and has virtually no adoption,” Yen told me. The same can be said for other high-security email and operating systems that often employ PGP standards, including TAILS (The Amnesic Incognito Live System), which Snowden used in his communications with Glenn Greenwald and the filmmaker Laura Poitras. (Greenwald initially lacked the computer savvy to set up TAILS on his own.)
In any case, PGP’s safeguards do not encrypt metadata. This means that even if the content of an email message is hidden, hackers can still determine whom the sender is contacting. “Metadata absolutely tells you everything about somebody’s life,” Stewart Baker, who was general counsel for the NSA in the early Nineties, has said. “If you have enough metadata, you don’t really need content.”
The month before the HOPE conference, I met Levison at the two-story brick colonial home in Garland, Texas, about twenty miles northeast of Dallas, where he was spending time when he was not traveling to fund-raise for Dark Mail. I was met at the door by Greg Brown, a twenty-year veteran of Qualcomm and one of a handful of engineers working with Levison on the project. He was wearing a gray T-shirt that read team edward.
The house was sparsely furnished, but the walls were covered with political posters that warned of an Orwellian future. you are now entering a privacy free country, proclaimed one. Another featured a black-clad “THINKPOL” officer and the caption support your local thought police. Other stabs at decoration betrayed a geeky vibe, none more than a huge painting of Vigo the Carpathian, the villain of Ghostbusters II.
Brown introduced me to Stephen Watt, the project’s lead developer, who is seven feet tall and has the bulging muscles of a gym devotee. When I asked about his computer background, he sighed and said, “I don’t want this to come off as arrogant or anything, but the easiest thing might be to Google me.”
A former Morgan Stanley engineer, Watt had created a so-called packet-sniffing program for a friend, Albert Gonzalez, who used it to steal millions of credit- and debit-card numbers from T. J. Maxx and other retailers. Watt received no money from the venture and insists that he didn’t know what his friend was up to. But after Gonzalez received a twenty-year prison sentence, Watt pled guilty in 2008 and spent two years in a Seattle prison. He was also ordered to pay $171.5 million in restitution. “Of course, that’s impossible,” he told me. “It’s hard to get a job as a felon, especially in computers.” Levison wasn’t paying him much, and the government took 10 percent of each paycheck, but Watt told me he was thankful for the job.
A handful of other like-minded employees and volunteers crouched over computers in the second-floor conference room, but Levison preferred the master bedroom, where he usually worked alone except for his energetic dog, Princess. Levison had close-cropped black hair, an aquiline nose, and blue eyes that often locked in long, uncomfortable stares.
He and his team were cramming to present an early version of Dark Mail at an upcoming tech conference. They had been working long hours, fueled by Diet Coke and Red Bull. There was a lot of sniping, mostly in jargon that I could barely follow. And there were sillier spats, too. One night, Levison made an impassioned but flawed argument that the big-budget robot movie Pacific Rim was better than the cult favorite Office Space.
But the team was making progress. Though Dark Mail was intended to be compatible with email clients such as Microsoft Outlook and Gmail, Levison and his developers were also developing their own mail client, called Volcano. It would offer end-to-end encryption: messages would be encrypted on users’ own devices and remain encrypted through the servers until they reached their intended recipient. With Lavabit, Levison had an SSL key that would allow access to user passwords, but with Dark Mail, only the sender and receiver will have the necessary keys to decrypt a message. This in itself is not an innovation. Yen’s Protonmail provides the same service, and in 2014, both Google and Yahoo released source code for email with PGP-based end-to-end encryption for review by the tech community, though neither company has set a date for a public launch.
Dark Mail’s real innovation concerns metadata. “It’s extremely hard in the current mail system to hide metadata,” Facebook’s Alex Stamos told me. “It’s pretty much impossible.” Levison seized on a solution inspired by The Onion Router, commonly called Tor. Originally developed by the U.S. Navy in an attempt to protect government communications, Tor links some 5,000 servers across the globe, bouncing Internet traffic randomly from one to another to conceal a user’s location and activity. (Illicit enterprises, including the drug marketplace Silk Road, which was shut down by the FBI in 2013, have also relied on Tor for buyer–seller anonymity.) With Tor, encrypted data is partially decrypted at each node to reveal the routing instructions for the next destination, like peeling layers of an onion. Levison told me that Dark Mail uses “something of a pseudo-onion between the sender’s server and the recipient’s server.” When a Dark Mail user sends an encrypted email, his server will be able to identify only the domain of the intended recipient, not the specific email address. On the other end, the recipient’s server will know only the sender’s domain as it decrypts the information to transmit it to the specific email address.
This level of encryption requires essentially a new protocol for email, and it represents a more ambitious undertaking than other secure email ventures. But as Yen told me, “if you want to change the protocol, then every single mail service in the world would have to comply for this to work.” That’s why Levison will distribute Dark Mail freely, with the software open for all to see, test, and improve.
“If they have a new protocol and it’s open-source and vigorously tested, then it’s something we may use ourselves at Protonmail,” Yen said. Levison is optimistic that the big players, who have moved toward increased privacy after the Snowden revelations, will follow suit.
“We pay attention to any new innovations, protocols, standards, and proposals impacting online communications,” David Dennis, who directs Microsoft Outlook, said in 2013 in response to questions about Dark Mail. “And we’re always open to discussions with potential partners.”
If the Dark Mail protocol is widely adopted, it could achieve what Levison has promised: privacy that even the U.S. government can’t crack. “I’m not protecting against criminals with limited resources,” he said. “I’m trying to protect my network against a thousand of the best hackers in the entire world, employed by the NSA.” After his defiance over Lavabit, Levison said, the government knew he wasn’t likely to turn over any information concerning Dark Mail. “They’re going to be targeting me from day one.”
If you create a product that allows evil monsters to communicate in this way, to behead children, to strike innocents,” Senator Dianne Feinstein told Andrea Mitchell on MSNBC last fall, about efforts such as Levison’s, “whether it’s at a game in a stadium, in a small restaurant in Paris, take down an airliner, that’s a big problem.”
The senator was speaking three days after the terrorist attacks in Paris last November. At the time, statements by Feinstein and others seemed to suggest that law-enforcement agencies had the suspects in their web of surveillance but were prevented by encryption from uncovering the details of their plans. But it appears that much of the planning was done through unencrypted SMS messages — and that the failures of intelligence were conventional and all too familiar.
The U.S. government has seized on a better example in its ongoing dispute with Apple over unlocking Syed Rizwan Farook’s iPhone.
“We’ve now learned of other instances when the authorities have made similar requests of Apple, for instance, but only in the San Bernardino case has the Department of Justice filed an order to make Apple comply with the court order for assistance,” Levison said. “It makes sense, given the optics of this case. You have a horrific incident, fresh in peoples’ minds. And you have a device that is clearly associated with the attacker that could have critical data linking that attacker to an accomplice.”
While the Justice Department says that it’s asking Apple to cooperate in only a few cases — the suit in San Bernardino being the most prominent — the company argues that creating a program to hack into its privacy features will set a precedent for further law-enforcement intrusions, as well as weaken iPhones’ overall security. In a formal legal rebuttal to Apple’s claim, the Justice Department cited the Lavabit case and indicated that, if Apple was unprepared to help with the hack, the government would seek “access to the source code and Apple’s private electronic signature.”
In March, Levison filed an amicus brief in support of Apple. His major objection to the government’s demands, in both Apple’s case and his own, is philosophical: while terrorists and other evildoers may employ encrypted communication, so do ordinary bank users, political dissidents in totalitarian states, and multinational corporations that are protecting their trade secrets. “Encryption is a defensive weapon of the digital world,” Levison told me. “I liken it to buying body armor in the physical world.”
He says he’s appalled by calls for unchecked surveillance from government officials who remain unchastened by the exposure of earlier unconstitutional power grabs. “As far as I’m concerned, [FBI director James] Comey and the rest of the law-enforcement intelligence community were convicted of child molestation,” Levison told me. “And now they’re going back to Congress asking to be appointed schoolteachers.”
On my final evening in Texas, Levison hosted a barbecue to celebrate the completion of an early version of Dark Mail’s server software, which he was calling Magma. Ever thrifty, he had argued with his team about the amount of ground beef to buy. Levison returned from the store with a package of raw hamburger patties and a second package of more expensive Angus beef. He presented the latter to Brown and Watt as a reward for their hard work.
“It was a kind but also awkward gesture,” Watt told me later. “He came up to the room and put the package of beef on the table. I was like, ‘Thanks, but can you take it back down to the fridge?’ ”
The barbecue was a small affair. The presence of a few non-techies — besides me, there was a graphic designer Levison had commissioned to produce logos and a Texas-based documentarian who was making a film about the project — inspired Levison to talk about his project in broader, political terms. He called himself a “small-government guy” and said President Obama was “a huge failure on privacy.” For Levison, Dark Mail had become a deeply personal project, an outgrowth of his fight with the government over Lavabit. But he also saw Dark Mail as part of a larger grassroots effort to push back against government surveillance.
“We thought the NSA was targeting governments, trying to hunt down Osama bin Laden,” he said. “We didn’t think they’d turn their spying capabilities on their own citizens, without due process. Does that sound like a healthy democracy to you?”
On June 2, 2015, President Obama signed into law the USA Freedom Act. The act ended the NSA’s bulk collection of Americans’ phone data, forcing the agency to return to the courts to access data from telephone companies involving terrorist suspects and publicly report, albeit in a limited way, on the scope of its data requests. Some privacy advocates celebrated this change, while others remarked that a better outcome would have been to allow the program, declared illegal by a federal appellate court just a month earlier, to expire on June 1, as it was set to do under the timeline of the Patriot Act. Meanwhile, the USA Freedom Act reauthorized two other expiring surveillance provisions of the Patriot Act, and it failed to check the NSA’s foreign surveillance (which includes the surveillance of domestic email communications that touch a foreign server).
Predictably, after the terror strikes in Egypt, Lebanon, Paris, and San Bernardino, American officials are calling for more intrusive surveillance. “But you don’t take people who abuse their authority and give them more,” Levison told me recently. “That’s why we need Dark Mail. It will protect privacy rights by technological fiat.”
Last spring, Levison released a large batch of technical specifications and code to the Dark Mail website, hoping to inspire other programmers and garner feedback. In the opening pages of the release, he addressed the U.S. government directly: “I would like to dedicate this project to the National Security Agency,” he wrote. “For better or worse, good or evil, what follows would not have been created without you.”