VPN company shuts down after Lavabit case demonstrates threat of state-ordered, secret self-sabotage

Cryptoseal has shut down Cryptoseal Privacy, a VPN product advertised as a privacy tool, citing the action against Lavabit, the privacy-oriented email provider used by Edward Snowden. Court documents released in the wake of Lavabit's shut-down showed that the US government believes that it has the power to order service providers to redesign their systems to make it possible to spy on users. Cryptoseal had been operating under the assumption that since it had no way of spying on its users, it was immune to wiretap orders, and the revelation that they may be forced to break their system's security was enough to put them off altogether. Like Lavabit, Cryptoseal was unwilling to advertise a service that was immune from snooping if they might someday be forced to secretly redesign their systems to make snooping possible.

“With immediate effect as of this notice, CryptoSeal Privacy, our consumer VPN service, is terminated. All cryptographic keys used in the operation of the service have been zerofilled, and while no logs were produced (by design) during operation of the service, all records created incidental to the operation of the service have been deleted to the best of our ability,” the company said in a statement....

“The Lavabit case, with filings released by Kevin Poulsen of Wired.com reveals a Government theory that if a pen register order is made on a provider, and the provider’s systems do not readily facilitate full monitoring of pen register information and delivery to the Government in realtime, the Government can compel production of cryptographic keys via a warrant to support a government-provided pen trap device,” CryptoSeal state.

A pen register is a device originally created in the 1800′s for recording telegraph signals on paper but more recently the term has been used to describe devices that can monitor telephone lines and Internet communications. Since VPN communications are encrypted, CryptoSeal believes that the only way it would be able to comply with a pen register order would be to do the unthinkable – hand over its encryption keys.

“Our system does not support recording any of the information commonly requested in a pen register order, and it would be technically infeasible for us to add this in a prompt manner. The consequence, being forced to turn over cryptographic keys to our entire system on the strength of a pen register order, is unreasonable in our opinion, and likely unconstitutional, but until this matter is settled, we are unable to proceed with our service,” the company informs.

VPN Provider Shuts Down After Lavabit Case Undermines Security [Andy/Torrentfreak]

Notable Replies

  1. I don't know whether to cheer for this company's ethical choice, or to weep for my country's descent to a totalitarian state.

  2. Came to say this. The next step is for those technologies that are truly secure to be outlawed. I vaguely recall an attempt, long ago, to outlaw large-prime keys.

  3. It's time to kill NSLs along with the secrecy and conscription that goes with it.

    The economic losses because of this spying on Americans and the world will be astronomical. I can image a world where tech doesn't happen in America.

  4. Drew_G says:

    On the contrary, they're very very pro-capitalist. De-facto feudalism's just the natural consequence of capitalism allowed to run rampant (see: the last time america really tried that, late 1800s-early-1900s).

  5. daneel says:

    When secure systems are outlawed, only outlaws will be secure.

Continue the discussion bbs.boingboing.net

10 more replies