Lavabit back, with DIME this time
Encrypted email provider Lavabit is coming back, with improved protection and security.
Lavabit founder Ladar Levison says relaunching the secure email service will protect US Constitution-guaranteed values of freedom, justice and liberty.
Email is “the heart of our cyber-identities”, he said.
Levison closed down Lavabit in 2013 when United States authorities were seeking silent interception of user communications, so as not to have to hand over digital decryption keys under a search warrant.
The new version is built around the Dark Internet Mail Environment (DIME) – and end-to-end encryption standard developed with Kickstarter crowdfunding, which provides automated and federated encryption capabilities and can work with a range of different service providers.
The new Lavabit is intended to enhance to function and usability of email encryption offered by existing solutions such as OpenPGP and S/MIME, including automatically scrambling messages and their metadata.
Levison says Lavabit is using hardware security modules (HSM) in line with the US Federal Information Processing Standard 140-2, which means digital keys can be used without being accessed directly.
To protect the HSM key, Lavabit creates a passphrase for the system supervisor account blindly, locking out any service provider staffers.
“Any attempt to extract the key will trigger a tamper circuit causing the key to self-destruct,” Levison said.
Versions of DIME can already be used with mail clients such as Mozilla Thunderbird and Microsoft Outlook, Outlook Express and Windows Live Mail.