The Privacy BlogThoughts on privacy, security, and other stuff.

Aug/13

12

Lavabit and Silent Mail shutdowns

There has been a lot of chatter about implications of first Lavabit and then Silent Circle’s Silent Mail being shut down by their operators.

In both cases, it appears that there was information visible to the services which could be compelled by search warrants, court orders, or national security letters.

I want to assure Anonymizer users that we have no such information about Anonymizer Universal users that could be compelled. While we know who our customers are, for billing purposes, we have no information at all about what they do.

This has been tested many times, under many different kinds of court orders, and no user activity information has ever been provided, or could be provided.

·

2 comments

  • Mike Bradok · August 14, 2013 at 11:53 am

    Yet in your privacy statement you say that if compelled by authorities with a court or similar order you will hand over subscriber information. If you truly hold no information of interest why do you need that disclaimer and why would the authorities bother asking? It’s a small world when it comes to the authorities they all know who you are and whether there would be usable information available to them. How can subscribers be sure that your service is not under the same type of gag order that Levison is under?

    In today’s post 9/11 climate it is really hard to trust what any US based privacy company has to say about government intrusion into their systems.

  • Author comment by lance · August 14, 2013 at 3:19 pm

    I tried to be very clear in my statement. We have subscriber information, name, address, email, credit card, subscription type and dates, etc. That information can be compelled because we have it. We don’t have any information about what our customers do, so that information can not be compelled.
    Lavabit and Silent Circle’s “Silent Email” product retain transactional information which could be subpoenaed. It is the nature of email systems to do so. Additionally, email has a lot of meta-data in the clear which can be used for traffic analysis.

    Your comment suggests that the US is more likely to spy on you than other countries. I think that is unlikely, we just KNOW about the US spying. Keep in mind that in the EU there are actual data retention directives which legally require a lot of user and transactional information to be retained. The US does not have those laws.

    At the end of the day, you need to trust someone. I suggest that you make that decision on the basis of reputation and track record. Many other privacy services have been shown to keep logs when some of their users end up in court. Anonymizer has been providing commercial anonymity longer than any other company in the world, and there has never been a compromise of our user activity information. We have been forced to hand over subscriber records on many occasions, but never activity. The most that would reveal was that a given person was a customer, but nothing more.
    This has been tested many hundreds of times over the almost 20 years I have been doing this.

Leave a Reply

<<

>>