Two email providers, forced to close their services after the NSA demanded a backdoor, have proposed a new open standard for secure email that would be harder for security services and others to eavesdrop upon.
The encrypted email service Lavabit,
and Silent Circle, a firm also encrypting phone calls and texts, are the founding members of the Darkmail Alliance, a service that aims to prevent government agencies from listening in on the metadata of emails.
The metadata is the information
bundled up with the content of an email such as that showing the sender, the recipient and date the message was sent. Conventional email can never be made fully secure because the standard requires some metadata to be sent unencrypted.
Silent Circle's chief executive and co-founder, said:
We want to get another dozen to two dozen email providers up and running on Darkmail architecture so that at any one time citizens of the world can choose two dozen
email providers to get their email service from.
He said that the services Lavabit and Silent Mail kept too much data on the provider's server:
So what happened is you saw nation states can go to an
email provider and coerce them into turning over the keys and decrypting.
The proposal of the alliance, it says, is as close to being compatible with conventional email as can be; users can send and receive insecure emails with
contacts on normal services, and it is only when an email is sent between two accounts within the alliance that the message is encrypted and routed from one peer to the other without going through a central server.
The ultimate aim is to get the
big email providers, such as Microsoft , Yahoo ! and Gmail , using the new standard too.