Dark Mail: Email that hides from the NSA
POSTED: Saturday, July 26, 2014 - 9:00pm
UPDATED: Saturday, July 26, 2014 - 9:04pm
By Jose Pagliery
NEW YORK (CNNMoney) -- You can run from NSA surveillance -- but you can't hide. One way or another, the U.S. government will be able to snoop on your personal conversations.
But there's one tool that could make it much more difficult for the NSA to spy on you. Meet Dark Mail, your personal black box for email.
Like Google's Gmail and other email services with robust security tools, Dark Mail encrypts email content, shielding it from government spies.
But Dark Mail takes the extra step of cloaking your email's metadata, which includes the subject line and the 'To' and 'From' fields. That way, spies can't easily identify who's sending emails.
Why is that important? Even if the NSA can't read the body of your message, knowing who you email can trigger extra government scrutiny.
The NSA uses email metadata collected on millions of Americans to select specific people for closer surveillance of emails and phone calls. To appreciate how quickly this can balloon, consider that for every one target, nine of their connections get spied on too.
The NSA's bulk collection of metadata reminds Dark Mail co-creator Ladar Levison of the guilt-by-association of the 1950's Communist-hunting McCarthy era.
"I think we lost the freedom of association, and we didn't realize it," Levison said. "The fear now is that if I email you, and you're under surveillance... I will, in turn, place myself under surveillance."
Dark Mail is not NSA-proof. The government can still target a person and follow each email's trail. But to do that, the government would have to trace every stop along an email's path -- device, server, server and device.
Using Dark Mail is like mailing an envelope that, on the outside, is only addressed to and from post offices. Finding the actual sender and recipient is not an unsolvable mystery, but it creates some drag for the dragnet.
"Done right, this should make it technologically impossible to conduct mass surveillance," Levison said.
This isn't Levison's first attempt at building a highly private communication tool. He created a similar email service called Lavabit, but he closed it last year when FBI agents demanded he silently give up information about one particular Lavabit user: Edward Snowden.
Levison refused to give up the encryption keys that would let the feds secretly monitor Lavabit, choosing instead to shut it down. For fighting the FBI demand, he's now saddled with federal fines.
Dark Mail and Lavabit have one important difference: Unlike Lavabit, Levison doesn't hold the keys to Dark Mail -- each individual user does. Emails are encrypted on users' devices, protected by their passwords. That means even he can't read Dark Mail users' emails, and he would have nothing to turn over to the feds should they come asking.
Dark Mail won't be available for another six months. Levison is still developing it with Stephen Watt, a former Wall Street coder (now a convicted hacker who served time in prison). Levison said Dark Mail could work as an add-on with all major email services -- as long as they make slight tweaks to their code. Levison is trying to get Google, Microsoft Yahoo and other email providers on board.
If users want to use Dark Mail as its own email sending program, Levison is developing an email client called "Volcano." From initial sketches Levison showed CNNMoney, Volcano won't look or feel too different from every other email service we use.
™ & © 2014 Cable News Network, Inc., a Time Warner Company. All rights reserved.