©ALL CONTENT OF THIS WEBSITE IS COPYRIGHTED AND CANNOT BE REPRODUCED WITHOUT THE ADMINISTRATORS CONSENT 2003-2020



Email Security Concerns....

Rory

Banned
Sep 29, 2012
801
0
0
The Game has changed…….

The recently closing of secure email providers has led to a lot of questions being asked about where to go and who to trust. Lets look at a few actions that have taken place recently.

TORMAIL- Obviously most here are familiar with Tor and its benefits. However its mail service went offline after Irish authorities arrested the man was reportedly the hosting provider.

LAVABIT- US Based Lavabits owner, Levinson was served with a secret federal court order to allow intercepts from the federal government. Those intercepts would allow the government to access the emails of all its customers. He choose to shut it down and is currently in violation of the court order and has stated he has been threatened by the government with arrests multiple times. He had a decision to make, allow the feds access and keep his company but violate rights of his users, or shut it down and lose his company of 10years while keeping true to his word.

SILENT MAIL- Silent Circle is another US based encrypted email which also offers silent text and silent phone. Founder Jon Callas wrote in reply to his decision to shut it down "We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now." The reason? To protect those using the service.

These companies are doing what is morally an ethically right but who isn't? We are all aware of the Hushmail cooperation with the feds back in 2007 that was obtained with a mutual assistance treaty between the US and Canada. This was geared towards steroid dealers at the time. We can also note that Snowden's leaked documents show that Google Inc, Microsoft Corp and other large providers have been compelled to help intelligence authorities gather email and other data on their users. The big providers and other companies typically offer encryption but said they cooperate with legal requests, including those by intelligence officials.

Now before going further lets look at the NSA and SOD in working with the DEA. An investigation by the Reuters news agency has uncovered regular use of information from the NSA by the DEA to bust drug users and dealers. "The investigation alleges "A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans."

Our current state of government has more "secret" courts issuing warrants without cause. Obviously this is bullshit and they are doing what they want, when they want without cause. They find a case they want to pursue and all of a sudden obtained "warrants" from the secret courts. The fact that law enforcement agencies being fed the information by the DEAs SOD division have been asked to conceal their sources of the tips, is a sure way to tell the information is obtained illegally.

Its being speculated that soon, if a US based "encrypted email service" exists, it is most likely complying with the FEDs orders. After all, everyone has bills to pay right? The safety of using an email service in a country that has a mutual assistance treaty with the United States is also of risk. According to the state department (Treaties and Agreements) treaties are in place as follows:

[Department of State in cooperation with the Department of Justice to facilitate cooperation in criminal matters, are in force with the following countries: Antigua & Barbuda, Argentina, Australia, Austria, the Bahamas, Barbados, Belgium, Belize, Brazil, Canada, Cyprus, Czech Republic, Dominica, Egypt, Estonia, France, Germany, Greece, Grenada, Hong Kong, Hungary, India, Ireland, Israel, Italy, Jamaica, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malaysia, Mexico, Morocco, the Kingdom of the Netherlands (including Aruba, Bonaire, Curacao, Saba, St. Eustatius and St. Maarten), Nigeria, Panama, Philippines, Poland, Romania, Russia, St. Lucia, St. Kitts & Nevis, St. Vincent & the Grenadines, South Africa, South Korea, Spain, Sweden, Switzerland, Thailand, Trinidad & Tobago, Turkey, Ukraine, United Kingdom (including the Isle of Man, Cayman Islands, Anguilla, British Virgin Islands, Montserrat and Turks and Caicos), Uruguay, and Venezuela. In addition, on February 1, 2010, 27 U.S.-EU Instruments/Agreements/Protocols entered into force that either supplement existing MLATs or create new mutual legal assistance relationships between the United States and every member of the EU. Mutual legal assistance agreements have been signed by the United States but not yet brought into force with the following countries: Algeria, Bermuda, and Colombia.]

Where does this leave us? Not many places will be completely secure. Callas wrote that Silent Phone, Silent Text and Silent Eyes -- Silent Circle's text, phone and video services -- are still "end-to-end secure." Email, though, is a different story: "Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves," Callas wrote.

This goes back to previous articles I have written regarding security thru encrypted IM and end to end devices. Wickr, silent text are a couple that are great and secure sources for communications.

Now the argument has been made on forums that LE doesn't want the little guy, just the dealers. Quite possibly in the past that was true but with the current info regarding SOD directives to contact your local LE and pass them the info, don't think the traffic stop you get coming home from the gym may just be coincidence. Also take plenty of care to NEVER text information or talk about information over the phone unless thru secure apps. For those local level business owners keep in mind that your customer maybe an idiot an be involved in something else, get busted and turn you over for a reduction in charges.

Also a reminder of going the extra mile into have pre paid phones (not linked to you), pre paid wifi cards (again not linked to you-see the pattern?) and VPNs on mobile devices as well as laptops is the safest option at this time. Dont ship to your home, never to your name, etc. Be smart and dont make it any easier for them. Anyone thats ever fought a felony case can tell you how much it costs in consideration to the extra $100 a month to be more secure.