TIME technology

Hackers Unveil Their Plan to Change Email Forever

"They’re going to keep coming after us,” Ladar Levison, creator of an encrypted email service used by Edward Snowden, said at Defcon on Friday

The creator of an ultra-secure email service once said to be used by Edward Snowden unveiled his next project at a major hacker conference Friday: he and others like him want to change the very nature of email forever.

Ladar Levison, creator of the Lavabit encrypted email provider, was forced in August of last year to give investigators access to an account reportedly used by Snowden, the National Security Agency leaker, after a tug-of-war with federal authorities. But rather than compromise the privacy of his other 400,000-plus email users, Levison says, he shut the entire project down. A similar encrypted email provider, Silent Circle, took heed and shuttered its own service to pre-empt any federal authorities that might come demanding information from it as well.

Out of those ashes, Levison and others launched the Dark Mail project, which is developing Dime, a set of new email protocols its creators hope will revolutionize the way the world communicates online.

“If I sound a little bit upset, it’s because I am,” Levison told a packed ballroom Friday at Defcon, a top hacker conference held annually in Las Vegas.

“I’m not upset that I got railroaded and I had to shut down my business,” said Levison. “I’m upset because we need a Mil-Spec [military grade] cryptographic mail system for the entire planet just to be able to talk to our friends and family without any kind of fear of government surveillance.”

Levison devoted much of his talk to arguing there’s a need for a secure emailing system in a world where government entities like the NSA have broad legal authority — and even broader technical capabilities — to conduct surveillance en masse, both in the U.S. and abroad. “With the type of metadata collection that’s going on today, we have guilt by association,” he said. “Imagine being put on a no-fly list because you happen to sit next to a criminal at a convention like this.”

Jon Callas, chief technology officer of Silent Circle and a co-founder of the Dark Mail project, told TIME that “the biggest problem we have today with email is that it was designed in the early 1970s and it was not designed for the problems we have today. Even the standard email encryption that we have today protects the content but not the metadata.”

Metadata — information like the identity of the sender or the time and date a message was sent — has been a key target of NSA surveillance. “Ironically, we have been protecting the stuff that they’re not collecting,” Callas said.

Dime uses multiple layers of cryptography — think Russian nesting dolls — to protect an email’s content and metadata from beginning to end as an email is passed through the Internet from a sender to a recipient, or recipients. The idea is to create an email system in which no service provider has all the information about a message, so there is no entity (like Lavabit, for example) for federal authorities to come down on.

“Each doll is labeled only with the stuff that is needed,” Callas told TIME. “So if you’re on Google, you get a doll that says ‘This doll came from Yahoo.’ Then you hand it to the next layer and they open it up and say, ‘This is for Alice.’ Then when Alice opens it up, Alice gets the whole message. But all along the way, my system only knows that it’s supposed to go to Google, not that it’s for Alice … It separates stuff up so that you don’t end up in a situation where anybody along the path knows everything,” Callas said.

Dime’s creators hope that enough people will begin using the service on their own that a major email service provider, like Google, Yahoo or Microsoft — all of whom are already exploring ways to better encrypt users’ messages — adopts it and it snowballs from there. Ultimately, what the Dark Mail project is aiming for is nothing less than a complete transformation of the way email works on planet Earth.

“It all has to be rebuilt,” Callas said.

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser