Subscribe
About

Prism fallout begins as services close

Secure e-mail providers are the first casualties in the wake of Internet surveillance revelations.

Jon Tullett
By Jon Tullett, Editor: News analysis
Johannesburg, 14 Aug 2013

The fallout from the Prism revelations has begun: two secure e-mail providers have closed their services, citing concerns over US government surveillance. These are security specialists and could be outliers, but a report from the Information Technology and Innovation Foundation (ITIF) suggests others could follow, to the tune of $35 billion losses for the US cloud marketplace.

Lavabit was the first to go, with owner Ladar Levison posting a bitter farewell message on the company's homepage. Lavabit had been providing secure e-mail services since 2004, but pressure from the government, accompanied by gag orders preventing disclosure, was the final straw. "I have been forced to make a difficult decision," Levison wrote, "to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations."

Lavabit, not incidentally, was the messaging provider of choice for one Edward Snowden.

One day later, Silent Circle, a provider of encrypted communications products, announced it would pre-emptively discontinue its e-mail product before it fell afoul of spy agencies. Silent Circle has solid credentials - it was co-founded by Phil Zimmermann, the inventor of PGP and a well-regarded encryption specialist.

On the Silent Circle homepage, the founders left a message: "Yesterday, another secure e-mail provider, Lavabit, shut down their system lest they 'be complicit in crimes against the American people'. We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now."

Silent Circle and Lavabit are security specialists, catering to a niche user base, which values privacy and security more than the average user, so this could be seen as extreme reactions by outliers. But research from the ITIF suggests the damage to the cloud provider market could be considerable.

ITIF asked IT managers whether the Prism revelations would affect their decisions to use US-based cloud providers, and concluded that US firms stood to lose up to 20% of the market - up to $35 billion - by 2016. EU-based providers, as well as local firms in other countries, would increase investment to pick up the slack, and could continue to take market share from the US as a result, ITIF predicted.

"Local is lekker," noted Francis Cronj'e, ICT lawyer and one of the authors of POPI. Speaking at the ITWeb Cloud Summit, in July, Cronj'e emphasised that companies should reassess data risk and should consider local hosting, where the provider and the customer share a common legal framework, in some circumstances.

In Europe, a "No Prism" logo is starting to appear on some sites, claiming immunity from US spying.

This is somewhat disingenuous: host countries such as Germany and the UK are no less aggressive in their Internet surveillance.

Share