The NSA and its PRISM data collection has been a hot topic for a while now. Ever since Edward Snowden flew to Hong Kong and dumped the news on the world that none of us can really say anything privately online, a lot of people have been trying to figure out how to get around that surveillance. One method would be to use privatised services with encrypted data, but that doesn't necessarily stop the US government from leaning on the company itself until they hand over your information. To prevent that happening to its users, Lavabit recently ended its near ten year operation and now another company, Cryptoseal, has done the same thing.
The context is a little different in this situation though. While Lavabit was being pressed by the US government to hand over data on Edward Snowden, that would have allowed it to gain access to all of the company's users, Cryptoseal isn't even waiting for the warning shot.
“With immediate effect as of this notice, CryptoSeal Privacy, our consumer VPN service, is terminated. All cryptographic keys used in the operation of the service have been zerofilled, and while no logs were produced (by design) during operation of the service, all records created incidental to the operation of the service have been deleted to the best of our ability,” the company said in a public statement.
Until now, CryptoSeal offered a VPN service, which allows a customer to mask their IP address, essentially leap frogging from one system to another and masking their tracks. While that should make someone pretty safe online, the problems start if the US or another government begins pressuring the company to provide details, as they hold the encryption keys. Despite a thriving business, CryptoSeal decided it wasn't worth risking its customers' data or their trust.
“Essentially, the service was created and operated under a certain understanding of current US law, and that understanding may not currently be valid,” the statement continued. “As we are a US company and comply fully with US law, but wish to protect the privacy of our users, it is impossible for us to continue offering the CryptoSeal Privacy consumer VPN product.”
It became clear in the wake of the Edward Snowden leaks, that no US company could stand up to the NSA and other organisations if the demands for data came in. If Facebook, Google and Yahoo were bending over backwards, despite their billions of dollars and no doubt, crack legal teams, what chance does a company like CryptoSeal have?
Kitguru Says: This is why the efforts of certain people, within the US and without, are so important as until these data acquisition laws are changed and tied down, companies will continue to feel threatened and unable to do business as they see fit. Despite operating within legal guidelines, the business of user privacy becomes impossible when the government can order you to not do your job.