Kim Dotcom’s privacy-intensive cloud storage service, Mega, is at work on a new secure email service that would fill a vacuum created by the disappearance last week of three of the Web’s most popular encrypted email providers.
Mega’s plan is to combine the highest level of encryption with the usability and interface people are used to from big email providers such as Google.
“The biggest tech hurdle is providing email functionality that people expect,” Mega CEO Vikram Kumar told ZDnet, “such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side. If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side.”
The company will also not hold copies of its users’ encryption keys, so theoretically will not be able to turn over user information to any government authority.
Mega’s service would fill a vacuum created by the shutdown of three major secure email providers last week. Tor Mail was canceled because of a hack against Freedom Hosting, one of the Dark Web’s biggest hosting services. Lavabit and Silent Circle elected to close due to the environment of radical snooping which the NSA revelations have created.
In addition to privacy activists and just regular folks who want to keep their privacy intact, there are journalists and activists around the world for whom electronic discovery equals death.
So people continue to look around for secure email providers, but their efforts may be futile.
Even Kim Dotcom acknowledges that, given the proposed intelligence laws New Zealand is considering, it may have to locate its servers in some other country. Iceland is frequently mentioned as a theoretical data haven.
Here’s the problem. No email is secure. There are no exceptions to this rule. Nor shall there ever be. As a security expert told me way back in the middle of the last decade: any government can find out who you are, so long as they are willing to take the time and spend the money.
In the last several years, in the US government been willing to take a lot of time and spend a lot of money. Any claim by any company that they can make you secure is false. The best they can do is arguably make you somewhat more secure.