Email encryption, data breaches and a lawyer’s duty to choose technologies with competence—these are recurring topics here on Slaw and elsewhere. At least two revelations in the last week call us to hark back on this.
First, there is the Law Society of BC’s recent fraud alert from January 19 about fraudsters again targeting lawyers disbursing trust funds. Millions of dollars in a real estate transaction payout were redirected by fraudulent notice of changes in instructions. The recent LSBC alert warns “We do not yet know how the fraudster knew the details of the transaction.” This is eerily similar to the May 2015 incident where the LSBC also warned “we do not yet know how the fraudster knew the details of the transaction.” A very plausible fault could be the routine use of unencrypted email. Maybe it’s time to consider what “reasonable efforts” means when guarding client data. As one commentator states “In an era in which almost all client information is traveling across the Internet and into computers and smartphones, maintaining client confidentiality means encryption.”
Second, we have Lavabit’s rebirth in the wake of Trump. From the ashes we see this via https://lavabit.com posted last Friday:
January 20th, 2017
Fellow Citizens & Lavabit Users,
Today is Inauguration Day in the United States, the day we enact one of our most sacred democratic traditions, the peaceful transition of power. Regardless of one’s political disposition, today we acknowledge our shared values of Freedom, Justice, and Liberty as secured by our Constitution. This is the reason why I’ve chosen today to relaunch Lavabit.
In August 2013, I was forced to make a difficult decision: violate the rights of the American people and my global customers or shut down. I chose Freedom. Much has changed since my decision, but unfortunately much has not in our post-Snowden world. Email continues to be the heart of our cyber-identities, but as evidenced by recent jaw-dropping headlines it remains insecure, unreliable, and easily readable by an attacker.
Today, we start a new freedom journey and inaugurate the next-generation of email privacy and security. In 2014, with Kickstarter funding, I started the development of the Dark Internet Mail Environment (DIME), a revolutionary end-to-end encrypted global standard and Magma, its associated DIME capable free and open source mail server. Today, I am proud to announce that we are releasing DIME and Magma to the world. DIME provides multiple modes of security (Trustful, Cautious, & Paranoid) and is radically different from any other encrypted platform, solving security problems others neglect. DIME is the only automated, federated, encryption standard designed to work with different service providers while minimizing the leakage of metadata without a centralized authority. DIME is end-to-end secure, yet flexible enough to allow users to continue using their email without a Ph.D. in cryptology.
Former Lavabit users will be able to access their accounts in “Trustful” mode and update their credentials to the new DIME standard. Anyone who wants a future Lavabit account can pre-register for our next release available in all security modes. Anyone can access our free, open source library, and associated command line tools capable of creating, and handling the new DIME standard. Anyone with a domain can deploy Magma or implement their own encrypted DIME compatible server. These are just the first steps of many as our implicit goals are to build the graphical clients for Windows, Mac OS X/iOS, and Linux/Android and help others implement this new technology.
Today, the democratic power we transfer to keep identities safe is our own. With your continued patronage, we will restore privacy and make end-to-end encryption an automatic, ubiquitous and open source reality.
In Freedom, Liberty & Justice…
Owner and Operator
— Nate Russell is a liaison lawyer with Courthouse Libraries BC. Find him on Twitter @nrusse.