Hacker News new | ask | show | jobs
by rhizome 4575 days ago
What I don't understand is why anyone trusted businesses (such as CertiVox and Lavabit) to keep their emails secure?

Because they didn't consider "because terrorism" to be a security threat that could penetrate privacy and property laws. Lavabit has proven that the Third-Party Doctrine means that once you give data to a business, you're giving it to the government.
1 comments
maffydub 4575 days ago
Sorry, maybe I wasn't clear.

I have an email I want to be secure.

Why am I giving this data to Lavabit in a form that they can decrypt? (Forget the government for the moment.)

Why aren't these systems engineered to mean that only _I_ have the key to decrypt them?

link
rhizome 4575 days ago
I don't know. Why aren't you running your own email server?
link
maffydub 4575 days ago
Me personally? Because I don't actually need secure email (and so didn't use Lavabit or CertiVox).

My point is that if I did want secure email, I wouldn't trust a company whose email system architecture meant that they could read my email.

A personal email server might be a good solution, but then you have to maintain it. It seems as though it should be possible for a company to build an email system (and offer it as a service to customers) whereby they _couldn't_ read user's email.

This seems like a good thing. (And as a nice side-effect, the government can't then issue them with a warrant to read your email. Although that's not to say they can't read your email in other ways.)

link
rhizome 4575 days ago
I'm not aware of any companies providing double-blind encrypted email services, but they may be out there. Certainly they would eventually be accused of providing harbor to terrorists and other unsavories. At best, it sidesteps the problem of the lack of legal privacy protections when using a service provider of any kind.

http://www.legaltechnology.com/latest-news/data-security-in-...

link