back to article First Lavabit, now CryptoSeal pulls the plug: VPN service axed

VPN service CryptoSeal has followed Lavabit's example and shuttered its consumer service, saying its CryptoSeal Privacy service architecture would make it impossible to comply with a government order without handing over the crypto keys to its entire system. The company, which will continue offering business services, made the …

COMMENTS

This topic is closed for new posts.
  1. WatAWorld

    Good on Cryptoseal for doing the right thing

    Good on Cryptoseal for doing the right thing.

    Too bad MS, Apple, Google and Facebook did not have such morals and ethics. (At least Yahoo once appealed an order to a FISA court.)

    1. poopypants

      Re: Good on Cryptoseal for doing the right thing

      Internet Companies Like Facebook And Google Fight The NSA Harder Than Ever

      from: http://www.huffingtonpost.com/2013/09/10/internet-companies-nsa_n_3896097.html

      Perhaps you might consider the most cursory and elemental fact checking before you start expressing opinions that have no foundation in fact.

      1. Lars
        Flame

        Re: Good on Cryptoseal for doing the right thing

        Yes, we all know that they have complained but we don't know if they obey or not. We don't know if they are speaking the truth or not as speaking the truth might be against the law. Incidentally how can you break a law if that law is secret until somebody pushes it up your nose. How can a secret law be anything but unlawful. And you also know that Google or Facebook will never shut down regardless of what agreements they have made and that "harder than ever" proves absolutely nothing.

        1. Wzrd1 Silver badge

          Re: Good on Cryptoseal for doing the right thing

          There is no secret law. The order is an order of the court, that order comes with a gag order.

          Speak of the court order, be held in criminal contempt of court.

          That means prison time, as long as the judge desires, as well as hefty fines that can make Bill Gates blanch, if the court so desires.

      2. This post has been deleted by its author

      3. Rob Crawford

        Re: Good on Cryptoseal for doing the right thing

        Oh dear you are relying on HoPo for information.

        Sorry you are about 5 months behind the story

  2. Schultz

    I see a new business model

    "Paid subscribers are offered a one-year subscription to a non-US VPN service"

    So now we'll see security-conscious internet companies building infrastructure across the Canadian and Mexican border, administered by non-US nationals? The NSA will surely build next door to make sure no bytes are being lost, but with the correct ownership-structure such companies might be safe from secret court-orders.

    This should be easier than shuffling data across continents to access European or other services.

    1. Wzrd1 Silver badge

      Re: I see a new business model

      Doubt it'd be in any Commonwealth nation.

      Doubtful for Mexico as well.

      More likely one of the old soviet bloc states or a Nordic state.

    2. Anonymous Coward
      Anonymous Coward

      Re: I see a new business model

      So now we'll see security-conscious internet companies building infrastructure across the Canadian and Mexican border, administered by non-US nationals?

      Yes for it happening, no for the actual location. As these people demonstrate, technology is not the issue.

  3. Christian Berger

    You cannot outsouce cryptography

    At least not to a company based in one of many countries. If you have to outsource such things, do it to someone you meet regularly in person.

  4. John Smith 19 Gold badge
    Unhappy

    The biggest problem is *not* the technical one.

    It's the legal one.

    But I agree this should open up different business models.

    But for starters NO US staff/offices/servers is a good idea.

    Switzerland looks to be the only country that takes personal privacy seriously with a well functioning government, but there must be others?

    1. Fred Flintstone Gold badge

      Re: The biggest problem is *not* the technical one.

      Switzerland looks to be the only country that takes personal privacy seriously with a well functioning government, but there must be others?

      AFAIK, Canada makes a good choice as well. Their issue is not so much law as having the US next door.

      When you start looking at the global picture and how cross judicial processes work it's actually not that hard to ensure due process is restored, even for a multinational. There is only one absolute requirement: do not have your HQ in the US, which is bad news for Silicon Valley.

    2. SD24576

      Re: The biggest problem is *not* the technical one.

      http://en.wikipedia.org/wiki/Onyx_%28interception_system%29

      They're up to the same tricks though.

    3. Anonymous Coward
      Anonymous Coward

      Re: The biggest problem is *not* the technical one.

      Having met many of the worlds nation's interception experts, I can't think of a nation that is untouched by the trojan policy of 'total information awareness.' (pushed through as 'legal interception') in fact , it seems that TIA is now policy in USA, UKUSA, FVEY (2nd Tier), and nearly everyone else (3rd Tier)

      Specifically the CH experts on interception are serious, reliable engineers. (They don't work for CryptoAG)

      "intelligence collection group" is not something to google lightly in many of the world's nations..."grupo de recolección de inteligencia"..."intelligentieinzameling groep"...

      Look at the current Apple iCloud allegations - http://www.zdnet.com/apples-icloud-cracked-lack-of-two-factor-authentication-allows-remote-download-7000022196/ (zdnet article of the fact that Apple stores encrypted user-iCloud-data, allegedly, WITH the keys...) ..just as random a fact as Android using crap cyphersuites?

      but maybe I'm wrong in my research? - there's the opportunity to have a privacy/security balance debate - but instead the grauniad and el'reg seem to be the only places where only a subset of the questions/debate are breached; co-incidentally has el'reg done a wikipedia style SockPuppet audit yet on the alleged identities behind the debaters in these topics?

      1. Anonymous Coward
        Anonymous Coward

        Re: The biggest problem is *not* the technical one.

        co-incidentally has el'reg done a wikipedia style SockPuppet audit yet on the alleged identities behind the debaters in these topics?

        Hmm:

        - you may be AC in the forums, but you still have an account name by which you log in

        - not all AC are AC to El Reg staff...

      2. Old Handle

        Re: The biggest problem is *not* the technical one.

        Perhaps the best you can do is play multiple countries off against each other.

This topic is closed for new posts.

Other stories you might like