On June 1, 2012, I announced that we would move our blog off wordpress.com, an American blog service, to a Canadian host, with its servers located within the borders of Canada. We hoped at the time that this would lessen somewhat the ability of the United States government to shut down our website. Recent events confirm the wisdom of this decision.
Zerohedge reports that Lavabit, which is apparently the email service of Edward Snowden, is in the middle of harassment by the US Federal government. See also: Snowden’s Super Secret Email Service Closes, Summing Up Why Tech Is Losing Billions Overseas.
Here is Lavabit’s farewell letter:
My Fellow Users,
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on–the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.
What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.
Owner and Operator, Lavabit LLC
Defending the constitution is expensive! Help us by donating to the Lavabit Legal Defense Fund here.
You were absolutely right in your decision to move the IBS out of the U.S.
It’s interesting that there are more email companies who are actively promoting the fact that they offer “offshore email” and protection from the USG. Do a google search for “offshore email”. It’s a very serious issue. Also, Simon Black has done an interesting post or two on this problem.
I recently saw a comparison of a number of different web hosting companies hosted in the U.S. Without mentioning names, at least one was criticized for shutting down a blog that was somehow critical of the USG.
This is an enormous business opportunity for those outside the U.S. who want to get into hosting. Just market to people who want to avoid US servers.
Quite obviously all the U.S. email, hosting services etc. are under the direct control of the USG (Patriot Act and PRISM revelations).
Finally, please remember that the USG will assert jurisdiction over the use of certain domain extensions. These include the: .com, .net, .org. This is true regardless of where the site is hosted. This may have interesting implications for the value of those domain names.
To put it simply: in the digital world there is nothing private!
Telus uses telus.net as address.
I have a question. When I make a comment here at IBS I get another email that comes from wordpress to confirm I sent the comment I just wrote. How is that when you say you moved from wordpress? I am misunderstanding something.
@northernstar, we do use wordpress software, including the WordPress Jetpack which makes use of some features that are available at WordPress.com. However, our server and all the data for this website including all comments, are stored on a Canadian server.
The information at this website is presented in public format and obviously not encrypted. So there is not likely that the US will force us either to hand over data or to shut down the site.
If anyone needed proof that the US is not the land of the free or of free speech, the shutdown of Lavabit, clearly under strong pressure from the US government (read the letter which Petros linked) is the final nail in the coffin.
This is utterly shameful and indefensible unless Lavabit was sponsoring child pornography or user manuals on how to build weapons of mass destruction, neither of which was it doing as far as I know.
What will the US government shut down next? The post office? The telephone networks? This smacks of the stupidity of our own RCMP Security Service in the early 1970s, when their response to intelligence that the FLQ was going to hold a meeting in a barn in the Quebec countryside, was to burn down the barn before the meeting. Proof that the terms “security service” and “intelligence service” are oxymorons, right up there with “military intelligence” and “friendly fire.”
This is an area I know something about. Let’s just say that as a result of the USG’s NSA revelations, and the legal authorizations under US law (e.g. Patriot, FISA, et al) that no one should be using US based servers for email, should take care to select a non US email provider that provides services to minimize exposure to its customers (e.g. encrypted mail and data on the servers and the provider does not hold the key), and use search engines that do not track or record information that can then be handed over to the government (e.g. DuckDuckGo.com). The approach that ‘we will give you everything we have – which is nothing or all encrypted and we don’t have the key’ still works (and not just in the USA in other countries as well). However, stand by to watch the USG ask Congress for a new law that requires ISPs and other service providers to obtain and retain such user/customer identifiers and information.
Lavabit got nailed by National Security Letters and FISA Warrant no doubt and gag orders apply. They got nailed because they have their servers in the US and are based in the US. That is regrettable, but it is also an opportunity for non US based providers to fill the vacuum (and I hope that they do).
In summary – don’t use US based clouds, servers or providers. If you use a Non US based provider, select carefully looking out of not only good security from hackers but also protection from government demands to turn over customer data.
In a similar vein, The Guardian and Bloomberg are carrying articles that the US cloud computing industry will be impacted by the NSA revelations:
A quote from The Guardian’s article:
“One British executive, Simon Wardley at the Leading Edge Forum thinktank, celebrated the publication of the information about the NSA’s spying and its Prism data collection program: “Do I like Prism … yes, and god bless America and the NSA for handing this golden opportunity to us,” he wrote on his blog. “Do I think we should be prepared to go the whole hog, ban US services and create a €100bn investment fund for small tech startups in Europe to boost the market … oh yes, without hesitation.” “
Indeed. Non-US providers are now experiencing a rapid surge of customers looking for a safe haven from the USA. For example, here’s an initiative which has been started in Germany (although much of what’s being touted was already in place pre-Snowden):”Internet Made in Germany” – http://web.de/internetmadeingermany/
Needless to say, I would recommend avoiding any US Internet providers wherever possible. If you do a bit of research, there are non-US alternatives for almost everything.
Lavabit’s Ladar Levison: ‘If You Knew What I Know About Email, You Might Not Use It’
“This is about protecting all of our users, not just one in particular. It’s not my place to decide whether an investigation is just, but the government has the legal authority to force you to do things you’re uncomfortable with,” said Levison in a phone call on Friday. “The fact that I can’t talk about this is as big a problem as what they asked me to do.
Muzzled: Snowden’s Alleged Email Service Shuts Down
As a reader on Forbes said… “What a humiliation to have Germans (!) commenting on the American loss of freedom.”
As one who did not understand why Petros was moving servers, I can now say, he was absolutely correct in his analysis of the potential risks!
Considering that the U.S. is spying on every single communication online and off *they are photographing every snail mail too!* this was a great move. Maybe a decent encrypted Canadian email address ought to be everyone’s next move. And cloud computing! I’ve used Apple’s version for some time but, will soon be looking for a Canadian based cloud service.
Sort of related to this topic. This story was on the front page of this weekend’s Ottawa Citizen: “Verizon entry could allow U.S. NSA to Spy on Canadians, Union Warns”
How to Safely Internationalize your Domain Name https://www.internationalman.com/78-global-perspectives/977-how-to-safely-internationalize-your-domain-name#.Ugt_DXoMh9k.twitter … – Why the dot com is not a good choice for your business
There’s a really interesting interview with Ladar Levinson, owner of Lavabit, on Democracy Now on the 13 August show – http://www.democracynow.org/shows/2013/8/13. I hadn’t appreciated that he felt that he had to shut down Lavabit without notice to the US government. I presume they would have prevented him from doing so had they known he was considering this option.
They also interviewed Nicholas Merrill who fought the FBI for nearly 7 years in court for the right to be able to say that he had received a National Security Letter. A National Security Letter compels the recipient to provide the requested information without disclosing the existence of the letter to anyone or risk five years in jail.