Citing "Terrifying" Surveillance Tactics, Yet Another U.S. Privacy Service Shuts Down

The Citizen's Guide to the Future
Oct. 22 2013 3:51 PM

Citing "Terrifying" Surveillance Tactics, Yet Another U.S. Privacy Service Shuts Down

Another privacy service shuts down out of discomfort with government surveillance

Photo by Justin Sullivan/Getty Images

Yet another American Internet privacy service has bitten the dust, prompted by fears about broad government surveillance demands.

Ryan Gallagher Ryan Gallagher

Ryan Gallagher is a journalist who reports on surveillance, security, and civil liberties.

San Francisco-based CryptoSeal, a provider of virtual private networks that can be used to browse the Internet anonymously, has closed its doors to users of its private VPN service. In a statement posted online, CryptoSeal announced that a key factor in the closure was the government’s recently revealed attempt to force email provider Lavabit to turn over its private encryption keys. Lavabit shut down in August as part of an effort to resist a surveillance demand believed to involve NSA whistle-blower Edward Snowden, who was a Lavabit customer. Lavabit was ordered to turn over its master encryption keys in a way that could have potentially compromised thousands of users’ private data.


In an email interview Tuesday, CryptoSeal co-founder Ryan Lackey told me that the company had not received any similar government order. Rather, he decided to take pre-emptive action after reading court documents in the Lavabit case showing the government’s aggressive surveillance tactics related to so-called “pen-register” law. Pen-register orders are used to gather metadata about a communication, such as the “to” and “from” fields in an email but not the actual content. Lavabit was served with a pen register order believed to be seeking information about Snowden’s email account—but the company’s encrypted systems meant that it  could not immediately turn over the data demanded. This frustrated the feds and led them to seek a sweeping warrant demanding that Lavabit instead turn over the encryption keys. In response, Lavabit’s founder chose to shut down his website as he felt that the demand was unlawful and would have forced him to commit “massive commercial fraud.”

Thirty-four-year-old Lackey says he was comfortable with the pen-register legal standard as he previously understood it—but that has now changed. “The post-Lavabit interpretation of a pen register order being enough to compel complete turnover of the service, if that’s the most effective way for USG to get pen register data, is terrifying,” he says.

Other companies offering secure communications agree. The government’s handling of Lavabit also prompted Silent Circle to pre-emptively shut down its encrypted email service, leading to a mounting standoff between the government and sections of the American tech industry. But as the latest company to call out the feds’ snooping methods, CryptoSeal doesn’t appear to have taken the decision lightly—and certainly can’t be dismissed as some sort of government-baiting anarchist outfit looking to jump on the bandwagon. Indeed, according to the CryptoSeal’s website, Lackey is more familiar with being an ally, not an opponent, of the U.S. government. He has done contract work for the U.S. Army, the website says, and also helped set up a satellite network serving the U.S. and coalition governments in Iraq and Afghanistan.

CryptoSeal is still offering VPNs to users of its business service because, according to Lackey, the government “already has the unilateral right to inspect traffic at any time” in the field of regulated industries. In addition, he says, system administrators at companies using VPNs want to monitor their traffic for antivirus and other malicious activity. But private users of CryptoSeal, of which Lackey says there were fewer than 1,000, will have to seek new VPN providers as the company feels it can no longer offer them a secure service. CryptoSeal is planning to work on a way to implement new technical measures that will notify its private VPN users if changes are made to configuration—giving them a heads up if there was a Lavabit-style court order in place, for instance. But the changes aren’t expected until mid- to late-2014.

“Until then,” says Lackey, “we recommend individuals use offshore services.”

Future Tense is a partnership of SlateNew America, and Arizona State University.



Don’t Worry, Obama Isn’t Sending U.S. Troops to Fight ISIS

But the next president might. 

IOS 8 Comes Out Today. Do Not Put It on Your iPhone 4S.

Why Greenland’s “Dark Snow” Should Worry You

How Much Should You Loathe NFL Commissioner Roger Goodell?

Here are the facts.

Amazon Is Launching a Serious Run at Apple and Samsung


Slim Pickings at the Network TV Bazaar

Three talented actresses in three terrible shows.


More Than Scottish Pride

Scotland’s referendum isn’t about nationalism. It’s about a system that failed, and a new generation looking to take a chance on itself. 

The Ungodly Horror of Having a Bug Crawl Into Your Ear and Scratch Away at Your Eardrum

We Could Fix Climate Change for Free. Now There’s Just One Thing Holding Us Back.

  News & Politics
Sept. 17 2014 7:03 PM Once Again, a Climate Policy Hearing Descends Into Absurdity
Business Insider
Sept. 17 2014 1:36 PM Nate Silver Versus Princeton Professor: Who Has the Right Models?
Sept. 17 2014 6:53 PM LGBTQ Luminaries Honored With MacArthur “Genius” Fellowships
  Double X
The XX Factor
Sept. 17 2014 6:14 PM Today in Gender Gaps: Biking
  Slate Plus
Slate Fare
Sept. 17 2014 9:37 AM Is Slate Too Liberal?  A members-only open thread.
Brow Beat
Sept. 17 2014 8:25 PM A New Song and Music Video From Angel Olsen, Indie’s Next Big Thing
Future Tense
Sept. 17 2014 9:00 PM Amazon Is Now a Gadget Company
  Health & Science
Sept. 17 2014 4:49 PM Schooling the Supreme Court on Rap Music Is it art or a true threat of violence?
Sports Nut
Sept. 17 2014 3:51 PM NFL Jerk Watch: Roger Goodell How much should you loathe the pro football commissioner?