DIME and Dark Mail seek to change the world of digital mail
Ladar Levison may be an unfamiliar figure except to a few people in the community, but many are familiar with his former company: Lavabit, which was in business from 2004 to 2013. Lavabit was a pioneer in the field of secure email; it was founded with the goal of serving as a secure email provider.
Lavabit's Vulnerability: The Customer's Key
Lavabit really did set standards at the time: Asynchronous encryption was part of the standard – with a quality that even secret services had trouble breaking. The solution had one vulnerability, though: The key that Lavabit used for the crypto part of the installation was stored by Lavabit itself, on its own servers. Lavabit's customers needed to trust the company because Lavabit could always read the content of the email that a customer sent via its service. This functional approach did more than just scare off people with a certain affinity for encryption – it proved to be an existential problem for Lavabit.
For a long time after its founding, Lavabit was simply one provider among many and didn't cause much of a stir. The company cooperated with the authorities as needed and probably would have remained just one mail provider among many, if it weren't for a certain customer with the email address email@example.com (Figure 1). When Snowden first escaped abroad and began to disclose the most secret of secrets of the NSA, the fun was over very quickly for Lavabit, and the company saw itself facing various court orders (Figure 2) and search warrants.
Investigators demanded that Lavabit hand over all the keys that had been used internally for customers. The authorities would effectively have been able to decrypt all the messages that Lavabit had ever forwarded. Lavabit initially tried to resist but soon abandoned its business model, not least because Ladar Levison would otherwise have ended up in jail (Figure 3).
Secure Email Ahead
Since then, Levison has become a man with a mission. Shortly after the demise of Lavabit, he made a public announcement that he intended to found a Lavabit successor. The successor would do no less than replace email with new technology and a design focused on security. Levison has put together a punch-packing team to do this, too (Figure 4) :
- Phil Zimmermann (Figure 5)  is the inventor of PGP and thus contributes much crypto knowledge as a pioneer of security in digital communications.
- Jon Callas can look back on a long career working on Internet security; he worked for DEC and PGP and was a founding member of Silent Circle , another secure mail communication service on the web based on the Lavabit principle.
- Mike Janke is the other co-founder of Silent Circle and a close friend of Jon Callas and Phil Zimmermann.
All told, the four prime movers backing this new project can offer a huge amount of experience in terms of encrypted communication, and they already have a name for their baby – or actually two: First, the new project goes by the name of Project Dark Mail. Levison collected many donations and much goodwill on Kickstarter  under this name. Recently the project was renamed DIME, which stands for Dark Internet Mail Environment. As you can see from this name, DIME is not looking to be just an email add-on for more security, which is the case with GnuPG.
The Whole Enchilada
DIME seeks to replace legacy email with a new service that works just like email but is fundamentally secure. This goal involves many points that are on the DIME project's agenda.
The most important factor for DIME in the eyes of its founders is end-to-end encryption capability, in which the lock and the key are only known to the two persons communicating. This is not just intended to cover the email content – DIME also seeks to encrypt all the metadata and thus ensure secure transmission. The only information that a fictional man-in-the-middle sees when Alice and Bob communicate is the length of the encrypted message. Additionally, the attacker only sees garbled data that is more or less impossible for even a megacomputer to crack.
This approach kills several birds with one stone. If DIME only provides the medium to the communication participants, but can't decrypt the information itself, law enforcement agencies can't exploit DIME to lever open the data safe. Comprehensive anonymization would mean that DIME would be unable to provide data, even if it wanted to. Additionally, because the digital keys are kept by the users, DIME itself has no chance whatsoever to syphon off payload data when dispatching messages. This would put DIME in the clear and provide the protection needed to avoid a repeat of the Silent Circle or Lavabit scenarios, both of which attracted the attention of law enforcement agencies.
Buy this article as PDF