Snowden's Favorite Email Provider, Lavabit, Relaunches | Dark Web News
Four years ago, Lavabit was caught on the horns of a massive dilemma that would have forced it to release the crucial encryption keys for...
Lavabit was founded on the principle that everyone—individuals, organizations and businesses—have an innate right to private, secure communication. We’ve never wavered from that mission.
In 2014, the company suspended its service to protect global customers after the US government ordered Lavabit to release its Secure Sockets Layer (SSL) private keys in the wake of the Edward Snowden data release. Citing its philosophy of digital rights, privacy and customer protection the company suspended operations.
The Company went underground and rebuilt email the way it should be—from the ground-up and secure from point A to point B—so this could never happen again. A pioneer in email security with over 15 years in-the-trenches experience, we have intimate knowledge of email standards and encryption technologies, which has kept our technology years ahead of the curve.
Trusted, proven and privacy battle-tested, Lavabit is not your typical start-up. Coming out of stealth-mode, Lavabit is back with the Dark Internet Mail Environment—DIME—a revolutionary new end-to-end encrypted global standard that powers Flow, our new email subscription service, Magma, our encrypted mail server, Volcano our forthcoming email client, and other DIME enabled technologies.
More than 74 trillion messages are transmitted a year by 3.7 billion email users. Virtually every aspect of global communication, commerce and life are mediated by email. Email is at the core of our cyber identities—a role that’s increasingly risky. Like a postcard in the mail, emails expose their data and metadata as they travel—giving attackers easy access to personal information, systems and networks.
As defined by true end-to-end encryption, email security is a complex and elusive problem that no one has solved until now. When the first email protocols were developed in the 1970s, security and privacy were afterthoughts, and encryption technologies were restricted. While ad hoc efforts have attempted to bolt security functionality onto legacy SMTP, POP3 and IMAP protocols, they’ve fallen short—both in effectiveness and ease of use. The handful of new solutions touted by startups have proven cumbersome and ineffective in delivering automated, cross-platform protection.
Lavabit is bold. With our flexible architecture, we are replacing legacy email with a new federated, end-to-end encrypted protocol that’s user-friendly, accessible and effective. Our Dark Internet Mail Environment and associated encryption technologies are simple enough for your grandmother to use but secure enough for nation-state secrets.
Leveraging lessons from the 28-year history of Pretty Good Privacy (PGP), Lavabit has created the Dark Internet Mail Environment—DIME—the world's first end-to-end encrypted “Email 3.0” global standard. Lavabit’s encryption methodology and server technology solve the problems of centralized trust authorities, cross-domain and cross-platform interoperability, and is the first email encryption standard designed to minimize metadata leakage. Problems that cloud-mediated, and other “walled-garden” email security approaches fail to address.
Simply put, there is more than just encrypting a message in transit. Email adds a new complexity to secure communications. Instead of having a secure single channel between the sender and a server, like when you’re browsing the web, it’s also critical to have a secure channel between users, so that messages remain protected from sender’s computer, all the way to the recipient, regardless of how many servers, or service providers the message must pass through along the way. DIME does just that, by delivering layers of encrypted protection in every step of this process.
Inherently, email clients running Lavabit technology can communicate securely within their domain and with any other DIME capable client. By incorporating encryption directly into protocols and at user-end-points, we created DIME to be the critical and until now missing piece of the cybersecurity puzzle. A critical first step in preventing corporate espionage, safeguarding consumer cyberattacks, eliminating phishing, spoofing, spam, TLS stripping and drive-by malware insertion attacks.
Because it’s infinitely extensible, the DIME standard can easily be adapted to provide protection for encrypted voice calls, online chats, cloud-based file storage, enterprise workflows, and blockchain applications. Any encryption technology that can be linked to an email address, can benefit from DIME. It will be a revolutionary unified encrypted ecosystem capable of restoring privacy, ensuring control over the security of our data. Encryption provides the mechanism, while DIME provides the means.
DIME Architecture & Specification: https://darkmail.info/spec
Lavabit powers true end-to-end, multilayered encryption between users.
By performing message encryption at the user level—within the client email application—DIME eliminates the exposure of critical cryptographic functions to systems outside of user's control.
When a message passes through the server fully encrypted, its contents and metadata are shielded—providing critical protection to a world where email increasingly being stored on centralized servers.
To minimize what a potentially compromised server can access, we made DIME messages analogous to sealed shipping containers. All a hostile server can see is the next hop on the path for a message.
Email is the central nervous system for modern companies. Which is why email is one of the first things targeted by attackers. Many of the most famous security breaches can be traced back to either an account or an email server being breached. Whether it’s phishing, email-borne viruses, or inserting malware into an unencrypted attachment from someone the victim already knows, email is a critically vulnerable form of communication.
And in the wake of high-profile security breaches at Yahoo, Facebook, Marriott, Equifax and dozens of other organizations, consumers and businesses are waking up to the need for secure email, and the need to pay for encrypted protection.
Although the United States is adopting email encryption at a faster pace, China, Russia, Japan, Korea, and India are all expected to increase their respective markets during the next five years. Awareness and investment in email encryption technology is a growing global trend. According to Gartner, revenues from the rapidly growing global email encryption market will grow to nearly $27.9 billion by 2025.
A number of interrelated factors continue to drive growth in the email encryption market:
Lavabit’s B2B focus is on industries with regulatory requirements to safeguard information and industries regularly targeted for information theft. Specific sectors include insurance, financial services, banking, health care, law firms, biotechnology, political figures, and journalists. Any business with valuable intellectual property, large amounts of consumer data, or that view confidentiality as being business critical are prime targets for adopting email encryption at an organization level.
Cybersecurity Ventures predicts that overall cybercrime damages will cost the world $6 trillion annually, up from $3 trillion in 2015. Clearly, cybercriminal activity threatens all aspects of our ever-increasing digital lives and will be one of the biggest challenges that humanity will face in our evolving technology-dependent world. Consequently, global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the next five years, from 2017 to 2021. The extensibility of DIME means Lavabit will be well positioned to grow beyond email and benefit from this rapidly growing market segment.
Lavabit’s DIME technology is the only peer-reviewed, federated solution capable of providing automatic end-to-end encryption for email. DIME’s unique encryption methodology ensures secure and reliable delivery of email while providing confidentiality, preventing manipulation and eliminating metadata leakage along the delivery path.
Backed by over 6 million lines of source code, Lavabit’s breakthrough technology automatically and securely ties an email address to a public key. Our platform makes it possible for software to securely perform encryption functions automatically, and without burdening the user. This makes the Lavabit solution more versatile, secure and flexible than any technology available today.
Consumer and business customers are already using the Lavabit email service with a Flow email subscription. With the introduction of Magma, Lavabit’s DIME-compatible server, our technology is already gaining traction in the marketplace. With Volcano, our still-in-development email client for Android, iOS, and the desktop, Lavabit is poised to turn email into the secure communications platform our personal and corporate users want, and the market demands.
The reality is that the world is mobile, and thus, we must get the technology directly into the hands of its users. The primary use of campaign proceeds will the completion of Volcano, which is presently slated for launch in 2019. Lavabit’s DIME-compatible mail client will enable users to operate in our vaunted Cautious and Paranoid modes. As such, the development of Volcano for mobile devices is the Company ’s top development priority.
Both Magma and Volcano interoperate with legacy email systems and will be made available to customers as a: cloud hosted service, user supported installable products, or hybrid, where customer installations are managed by the Lavabit professional services team. Clearly, Lavabit email provides the ideal solution for consumers seeking complete email privacy, companies operating in sectors where keeping email messages confidential is critical to business success, and companies who need to adopt the use of email encryption software for regulatory and data-security compliance.
Since our relaunch, we have learned that based on our principled customer stance, Lavabit has retained its reputation as one of the most trusted email encryption brands. Lavabit will use its market perception and security-first focus to enshrine the DIME encryption standard within the consumer and enterprise segments of the rapidly growing global market for cybersecurity. As such, Lavabit has developed a phased go-to-market plan predicated on the development of our email client and the ability to scale our product and service offerings to create a broader encrypted ecosystem.
To stimulate early adoption, Lavabit is advancing an open source strategy, in an effort to distribute DIME technology and demonstrate consumer and commercial viability. Lavabit’s business strategy starts with a B2C and B2B cloud hosted email services, with an eye towards expansion into the on-premise market through direct, and value-added reseller (VAR) sales. Future SaaS, licensing, and consulting revenues will be key profit centers as Lavabit expands its commercial footprint.
Central to Lavabit’s focus is to position DIME, and DIME compatible technologies, as the superior alternative, and natural successor to existing enterprise email platforms like Microsoft Exchange, Lotus Domino, Oracle Messaging Server, and Zimbra. Lavabit’s vision is to become the provider of choice for consumer and commercial users looking to the cloud for both outsourced, and installable email solutions.
Lavabit currently sells encrypted email services to consumers, and small businesses using a subscription model. Lavabit’s subscription revenues are generated through the sale of its standard service plan, priced at $30 per annum, and its premier service plan, priced at $60 per annum.
Since our relaunch in 2017, the company has welcomed more than 100,000 returning users to its new service with the offer of a free subscription, while adding an additional 15,000 new customers (business and consumer) onto its paid service plans, with customers coming from over 85 different countries. In 2017 and 2018, the company collected more than $150,000 in revenues from subscription sales to new customers.*
*Some customers are subscribed to our standard and premier service plans but receive discounted pricing because of a promotion that was offered during Q1 and Q2 of 2017.
Lavabit’s existing B2B revenue is derived from providing a hosted email service to small businesses, priced on a per-user basis, and through the sale of support contracts for its Magma mail server. The pricing for support contracts is variable. We’ve currently sold several per-installation contracts priced between $10,000 and $15,000.
With adequate funding, Lavabit will prioritize, and expand its direct sales effort, by switching from a reactive model, to hiring a proactive sales team. We also plan to formally launch a VAR sales program. Based on a conservative bottoms-up projection, Lavabit anticipates continued YOY profitability and robust growth of its B2B sales.
Lavabit email is compatible with any domain that has implemented DIME. Lavabit is the only federated and interoperable email technology capable of offering secure, end-to-end email compatible outside its domain. No other company has solved the walled-garden email security shortfall. Lavabit’s lowest encryption setting—Trustful—is the highest setting offered by competitors.
Before suspending operations in 2014, Lavabit had more than 410,000 customers. Since the relaunch in 2017, Lavabit has migrated 100,000 returning customers, added 15,000 new customers in 85 countries and installed two commercial Magma server beta implementations. With zero marketing efforts, the Company has attracted more than 500,000 unique visitors from 170 countries to lavabit.com.
There’s significant media and market anticipation ahead of Lavabit’s broader market entry efforts. More than 300 members of the professional media are waiting for the opportunity to participate in the beta test, and nearly 100,000 customers are ready to sign up for service when DIME is fully operational on compatible email clients.
Edward Snowden, Privacy Advocate
[Snowden] plans on reactivating his Lavabit account once it relaunches, “if only to show support for their courage.” Lavabit’s greatest offering is “a proven willingness to shut down the company rather than sell out their users, even if a court makes the wrong call,” says Snowden. “That’s actually a very big deal: They might be the only ones in the world that can claim that.”
Cyrus Farivar, Journalist, Ars Technica and author of Habeas Data
"Long before Edward Snowden became a household name, Lavabit was fighting to keep email safe. The company has always been a guardian of digital freedom and with its DIME- enabled solutions now has a robust technical arsenal to do so. The company needs all of our help to make sure that encrypted email is accessible to all."
Check out Habeas Data chapter 6 on Lavabit here.
Once the email products and services achieve a steady state, Lavabit will begin reaching out to new markets with its suite of encryption solutions. The goal is to position Lavabit as the single source for securing communications and data. Some growth products and services will require little to no additional development and be available in the near term. Others will require additional development and won’t be pursued until specific milestones of our core business roadmap are achieved.
Lavabit’s DIME technology ties an email address to a public key infrastructure (PKI), allowing user-level encryption. From a commercialization perspective, DIME is unique because it also allows for the automated end-to-end encryption of file sharing, telephony, SMS, crypto-currencies, business records, and workflows. The incorporation of encryption directly into the protocols/user-end-points, its interoperable and federated nature, and inherent extensibility makes the Lavabit solution more versatile, more secure, and more usable than any solution available today. Our belief is we can use the DIME email – PKI marriage to create a universal foundation for a new secure identity protocol. DIME is still several years ahead of the curve, but the extensibility of the standard means Lavabit is ready to build an encrypted ecosystem that goes well beyond email.
Short-term (1-3 years)
Mid-term (3-5 years)
Long-term (5-10 years)
Lavabit is bootstrapping, and the company has maintained its liquidity to continue operations and partially fund development of its Volcano mail clients. Because of its high-margin existing email subscription business, emerging server business and low capital requirements Lavabit can maintain existing profitable operations at current state indefinitely. At this critical development juncture, Lavabit needs growth capital to employ seasoned developers capable of working on a highly complex codebase to complete this Volcano client application and integration phase. As such, the forecasted primary use of the funds will be to finance ongoing product development and day-to-day operations.
Mission - We deliver reliable, fast, affordable and secure email service that never sacrifices privacy for profits.
Value - We always deliver secure, high-quality email services at the lowest possible price.
Service - We provide friendly, competent service to everyone—whether they're customers, new users or interested visitors.
Privacy - We vigorously protect the privacy of our users above all else.
Usability - Secure email should be as easy as regular email. We develop our services always with simplicity and ease-of-use in mind.
Accessibility - We engineer our systems and solutions to accommodate the widest range of users, preferences, and applications.
Listening - We engage in ongoing conversation with the community to deliver the features our users want and need.
Reciprocity - We stay open source, donate resources to help others and work for the benefit of the community.
Engineering - We embrace exceptional engineering that delivers technically superior software and services.
Ethics - We strive always to make the right decisions—even if they're not the easiest or most profitable.
Since its inception, the Lavabit team has always been a small, all-volunteer group of freedom fighters committed to the principle that everyone has the innate right to private and secure communication. Lavabit relies heavily on contributions from the broader development community and the help of numerous, unnamed, contributors whose dedication, makes the Dark Internet Mail Environment (DIME) possible. Over the past two years, Lavabit has completed the DIME architecture and specifications with all development efforts led by Ladar Levison. Given the complexity of our code base, global reach, inherent privacy concerns, and unique business applications, Lavabit will seek a highly seasoned executive team bringing Lavabit technologies to market.
Founder and Chief Executive Officer
Leading technology entrepreneur and privacy advocate. A technological warlock, and the team linchpin, he’s currently poised to become a corporate kingpin.
Richard Delgado, MBA
Chief Operating Officer
A serial deal maker, and former global director at American Express, he’s on the brink of being proclaimed a business guru.
Lavabit has enjoyed the support of many internationally recognized internet freedom fighters and security experts. It would be impossible to list them all. Rather, we’ll only say that DIME was developed in consultation with, and it’s design influenced by, some of the world’s foremost authorities on email standards and encryption.
When I started Lavabit, I could not have imagined the journey that lay before me. The more colorful portions of that journey are well documented, and for me, ancient history. What I’m looking forward to our the more interesting story, which is yet to be written. How I managed to take a series of unfortunate circumstances, and use them as a mandate to invent something new, with the Dark Internet Mail Environment, and then grow that invention into a billion dollar business. I believe our revolutionary encryption technologies will do what every entrepreneur hopes for: build shareholder value with a product that has a lasting positive impact on the world we all share.
With our relaunch in 2017, we started this journey towards freedom with the first deployment of Magma, our DIME-capable, free and open source mail server. Anyone with a domain can download the Magma bits, and host their own encrypted mail server. But getting the server online is only the beginning. We still have a long way to go before the DIME promise is fully realized. My hope is this crowd raise will provide the resources Lavabit needs to accelerate the process of turning the proof concept implementation we built while in stealth mode, into market disrupting products. Stat process starts with the completion of Volcano. Our graphical email client, and the critical missing piece we need to start providing the privacy protection we all so desperately need.
Taken together, Magma and Volcano, will solve security problems neglected by the competition, all while providing a fully federated, completely automatic, ridiculously secure solution to the email privacy problem. There are lots of security charlatans who make the claim they provide user-friendly end-to-end encryption for email. But there is only one Lavabit.
The way I see things, Lavabit was 10 years ahead of the competition when it launched a server-centric email encryption platform in 2004. Today the value of a service, which uses encryption to make it impossible for the service operators to access your data is obvious. And since we suspended operations in 2013, a number of companies have come out with platforms that make this promise. But while the competition is focused on protecting users against today’s threats, I moved ahead and developed DIME. And once I believe we are once again ahead of the curve. That’s because buried in the design of DIME, are the tools needed to defeat the threats we’ll be facing very soon. That’s because DIME provides incredible flexibility. It will be implementation and deployment choices that determine whether a DIME user is ready to face Evil: The Next Generation.
DIME is ambitious because I want to ensure the people who rely on Lavabit are ready to defeat the future face of evil. The good news is that unlike 2004, the market values innovations in security, and understands the nuanced nature of encryption. I believe that is why so many are waiting for Lavabit to finally deliver a true solution to the email privacy problem. And once we do, it won’t take long for my colleagues in the information security field to see the difference between the marketing hyperbole, and what we provide.
Of course, there will be those who don’t see the difference right away, and it will take a high profile security breach, or celebrity whistleblower to make them understand. My guess is the next wake up call will come in about 10 years. And when it does, our customers will once again be happy they chose to trust their data to Lavabit.
The smallest investment amount that Lavabit is accepting.
Lavabit needs to reach their minimum funding goal before
the deadline. If they don’t, all investments will be refunded.
A SAFE is a Simple Agreement for Future Equity. An investor makes a cash investment in a company, but gets company stock at a later date, in connection with a specific event. The Crowd SAFE is a modified SAFE that is better suited for crowdfunding.
A SAFE is a Simple Agreement for Future Equity. An investor makes a cash investment in a company, but gets company stock at a later date, in connection with a specific event. The Crowd SAFE is a modified SAFE that is better suited for crowdfunding.
$150,000 – $1,070,000
Lavabit needs to raise
before the deadline. The maximum amount Lavabit is willing
to raise is $1.07M.
External authority problems:
The differences between current PGP or S/MIME email encryption and DIME encryption protocol are significant and critically important to security-minded customers:
PGP ENCRYPTION vs. DIME ENCRYPTION
Manual encryption and key management vs. Automated encryption and key management
No metadata protection vs. Metadata protection
Easily susceptible to manipulation vs. Resistant to manipulation
Susceptible to human error vs. Automation limits human error
Users choose to encrypt or not vs. Encrypts every email, every time
PGP encrypts messages at the user level, but the encryption process is manual and cumbersome. To manage encryption, a company must dedicate resources to monitor and manage encryption keys—a daunting task that is compounded as the number of users increase. Using PGP, users still have to actively decide to encrypt each message and may send sensitive information unencrypted at any point.
Even with the current encryption processes, there are still vulnerabilities to email and user manipulation due to the number of variables that are available through the visibility of metadata; these variables make it easier for attackers or state-sponsored agents to acquire the necessary keys to manipulate the message.
Lavabit’s DIME software is built on the PGP foundation as well but improves on this security by implementing capabilities to provide automatic email encryption and key management—both burdensome in current implementations. Because the process is automatic and universal, there’s no need for hands-on management or user decisions about which messages to encrypt and when.
The DIME encryption process also protects metadata and minimizes information leakage as messages are transmitted from system to system. Due to the complexity of cryptographic encryption and the restricted number of variables provided, DIME’s security protocol is extremely difficult to manipulate. This structure makes it nearly impossible for a person to acquire keys or break the encryption algorithm.
Lavabit & DIME websites
DIME code repositories
Developed by Lavabit, DIME is an open source secure end-to-end communications platform for asynchronous messaging across the internet. DIME follows in the footsteps of innovative email protocols, but takes advantage of the lessons learned during the 20-year history of PGP-based encrypted communication. DIME is the technological evolution of past current standards, OpenPGP and S/MIME, which are both difficult to deploy and are only narrowly adopted. Recent revelations regarding surveillance have pushed OpenPGP and S/MIME to the forefront, but these standards simply can’t address the current privacy crisis because they don’t provide automatic encryption or protect metadata. By encrypting all facets of an email transmission (body, metadata, and transport layer), DIME guarantees the security of users and the least amount of information leakage possible. A security-first design, DIME solves problems that plague legacy standards and combines the best of current technologies into a complete system that gives users the greatest protection possible without sacrificing functionality.
DIME encryption modes and federation
To accommodate radically different user needs, DIME operates in three account modes: Trustful, Cautious, and Paranoid. Each mode represents a unique point in the security-functionality spectrum and determines how accounts operate. The difference between each mode is based on where message encryption (or decryption) occurs and where the user’s private key is stored.
Federation was the thought from the beginning. We cannot be a secure email provider if users can only send to other Lavabit customers. We want to secure email, not keep it in a walled garden. Practically speaking, email as a service is not something that we can change dramatically to suit only one group. What works for privacy-aware consumers may drive away non-technical users, ease-of-use users, and businesses.
DIME mode functionality
Trustful mode: How is it secure?
We created Trustful mode for users who want a more secure email environment but require the ability to use existing email software. As the name suggests, Trustful mode requires users to trust the server to manage encryption. This mode ensures ease of use, as users do not need to worry about technical requirements or incompatibility with existing email clients. We envision Trustful mode as the mode of choice for businesses, which have regulatory requirements, data retention practices, and unique needs like escrow keys. Lavabit’s free and open source server, Magma, supports these users.
In Trustful mode, the user’s key is within our server's memory only while they are logged into the server. The server performs the encryption on the user’s behalf, and as such, they must trust that the server will not be rewritten in such a way that it captures their password or peeks at their messages during processing. This magic black box mode is no different from many other encryption systems, which perform encryption automatically. The only difference is where the encryption takes place. The key question is whether the customer is comfortable trusting the implementation to function securely. If they feel that trusting our servers to perform the encryption is unacceptable, we offer other modes of operation: Cautious and Paranoid.
Cautious mode: How is it secure?
Cautious mode is the first level of true end-to-end encryption. The user’s encryption key is only in plaintext within the memory of their device, be it phone, laptop, desktop, or mainframe. The key is encrypted on this device and then transmitted through a secure tunnel to our servers, where it is safely stored in space designated specifically for their account.
If users have an account on one phone and decide to also install the client software onto a laptop, the cautious mode client can request the encrypted key from the server when the user logs into the system. Then on the laptop, using the user’s passphrase, the client will be able to decrypt the key and allow the client software on the laptop to access your messages. The key exists in a format that can be "seen" only on the devices controlled by the user. We anticipate most users will want the privacy and security of Cautious mode as it ensures they don’t have to trust the provider, but also doesn’t require them to alter the way they access their email. Users who believe they face a higher threat level and don't want a key to exist anywhere in any format except on devices where they maintain ABSOLUTE technical control may prefer Paranoid mode.
Paranoid mode: How is it secure?
Paranoid mode is our most advanced and ultimate security mode. In Paranoid mode, the key is never transmitted anywhere; users maintain ABSOLUTE control. It is up to the user to move their key to any new device. If they create the original key within client software and wish to also use it on their phone, they must devise a secure method to move the key. This will allow users to export it to a file while ensuring it’s secure and encrypted. They can use a data cable or their own trusted digital method to copy the key to the new device. They can use a device to communicate for a period and then destroy the key or device without storing a copy of the key. This renders all communication that the key opened inaccessible from that point on. Paranoid mode is ultra-secure; however, it requires technical proficiency in user key management.
We are using Republic's Crowd SAFE security. Learn how this translates into a return on investment here.
MTD Season 2 Episode 6
Jesse Draper: Go to meetthedrapers.com. But first, let's take a look at what's happening behind the scenes.
Ladar Levison: My name's Ladar Levison, I'm the CEO and founder of Lavabit.
Richard Delgado: I'm Richard Delgado, and I'm the COO and co-founder of Lavabit.
Ladar Levison: We're all about providing and advancing secure communications. Our focus is on building a federated encryption standard that will protect people's email.
Richard Delgado: We've traded our privacy for convenience, and we're trying to take back that power.
Ladar Levison: The biggest challenge was probably with the Department of Justice over the encryption key for the company because they wanted to get into Edward Snowden's email account. In turning it over, I would have compromised the privacy of active users, so instead I decided to suspend operation and rewrite the mail protocols. And that just present all sorts of technical challenges, to live in this interconnected world that we're in but still do it in a way where you retain control over who can read your messages.
Richard Delgado: One of the reasons that we're certainly here, and so excited to meet with Tim Draper, his interest in cryptocurrencies and just him being a trailblazer and pioneer for all thing tech, we think he's the natural fit for us for an investor.
Ladar Levison: He already has a background in email and he loves cryptography.
Jesse Draper: Well, welcome to Meet the Drapers. Give us your pitch.
Ladar Levison: Thank you. My name's Ladar Levison, I'm the CEO and founder of Lavabit. This is my co-founder, Richard Delgado. He handles all the money and stuff. Our job is about building platforms that make encryption automatic and accessible to the average person. Last year, there were 74 trillion emails sent between approximately 3.7 billion people. Email is the most important written form of communication on this planet, and yet you get more privacy and more security by dropping a postcard in the mailbox down the street than you do by sending an email.
Ladar Levison: Our job is to build a new generation of protocols, 'cause you have to remember, email was created before the World Wide Web. It was created all the way back in the 1970s, and those same protocols are with us today.
Speaker 18: Online terminals are devices through which a person communicates directly with a computer, either to give it information or to ask for and receive the results of a transaction.
Ladar Levison: Security is really an afterthought, so what we set about doing three years ago was reinventing those protocols, and I think we've done that. We've created a new generation of protocols that's more secure, more versatile, than anything on the market today. So we're out here seeking capital so that we can expand our development team and really build out our full implementation. Because we wanna go beyond email. We sort of see email as the heart of your digital identity.
Tim Draper: How does the technology work? Typing in an email, I'm about to send an email, I send an email, goes. Where is your security piece and then where are all these other pieces that you're talking about?
Ladar Levison: What we've done is we've integrated the ability for your software to look up the encryption key of the person that you're sending a message to, and tell you does this person support end to end encryption or not. But fundamentally, it looks up to see if the other domain supports encryption, and if it's a secure domain, your mail client will tell you. And if you're about to send out an unencrypted message, it'll tell you that, too. We like to think that if Hillary Clinton was using our software, there may not have been a scandal during the last election.
Richard Delgado: So the law of the story is very well documented.
Speaker 19: Edward Snowden cared enough to use a service called Lavabit to protect his message.
Speaker 20: And so the government came and said, "We want all the incoming and outgoing information from his account.
Speaker 21: Ladar, facing this circumstance, made the really tough decision to shut down his entire company to try to actually deliver a degree of security and privacy to his customers.
Speaker 19: And protection.
Richard Delgado: We fundamentally believe that everyone deserves the innate right to privacy and freedom, and that's what we are, we're freedom fighters, essentially. All one has to do is look at the jaw-dropping headlines that [inaudible 00:19:17] to see exactly how dire these problems are, and what we trying to do is restore privacy back into modern communications [crosstalk 00:19:24].
Andy Tang: Isn't security and convenience a zero sum game? As far as consumers go?
Ladar Levison: It's a difficult problem.
Richard Delgado: Sure.
Ladar Levison: There's this tradeoff. They say the more automatic you make something, the less secure it is. And that's why it took us three years, because we really had to develop things from the ground up. And I like to think that what we did is gave you the most amount of security you can get while keeping it automated.
Q Motiwala: In case you sent me an email, if I had to forward your email to Tim or Andy, would they be able to see that email or no?
Ladar Levison: Because you forwarded it, it would be wrapped in another layer of encryption, which would encapsulate the information necessary to decrypt the original message, as long as you were on a compatible system.
Tim Draper: As a user, here's what I'm thinking. I'm thinking, great, it's gonna be secure and all that stuff, but I'm gonna keep getting these messages, "Would you like to send this on a non secure thing?" If I were in the CIA that would matter a lot more than just being in the venture business.
Ladar Levison: You say that until you get hacked, and then you'll be coming to us in a hurry.
Tim Draper: On the web. Right, we have been.
Andy Tang: I'm surmising that, if we were on the Microsoft Exchange, maybe someone is on the Gmail, I'm surmising that that mail server needs to be Lavabit-compatible.
Ladar Levison: Yes, at the most basic level.
Andy Tang: So you probably have to do some major business development deals, 'cause these guys kind of monopolize-
Ladar Levison: And we've already started that process, but we're also working on an exchange plug-in. There are ways of integrating these protocols into other platforms. And what we really hope is to develop our platform and use the security and encryption as a way to disrupt the existing players like Exchange, like the big cloud providers.
Tim Draper: How do you make money?
Richard Delgado: Well, we have subscription model right now.
Tim Draper: Oh. You have customers?
Richard Delgado: Yes, we have over 100,000 customers right now.
Andy Tang: Why did you decide to restart the business after shutting it down?
Ladar Levison: When we shut it down, we didn't walk away from the problem. We put on our thinking caps and tried to develop a solution that would solve this problem permanently for everybody. We spent two or three years developing and documenting this solution and now we're moving into the implementation phase. What we need to do now is build marketable products that the average person can use.
Tim Draper: Terrific. Well, thank you so much for coming to Meet the Drapers.
Ladar Levison: Thank you.
Richard Delgado: It's our pleasure.
Jesse Draper: Thanks, guys, so nice to meet you.
Ladar Levison: It's a pleasure, thank you.
Richard Delgado: One of the great takeaways that I have from this is they're interested in our platform technology. Tim is certainly invested in this space, so this is very top of mind.
Ladar Levison: I developed a server based encryption program, which is what led to the whole Snowden litigation in 2013. 2004, I was 10 years ahead of the curve and when I started working on this in 2014, I was once again 10 years ahead of the curve. In other words, in another year's, 50% of the world's gonna be using our technology or something like it.
Richard Delgado: We're certainly a startup but we have this very long and storied history that revolved around an important problem.
Ladar Levison: We're poised to change the world. All we need is the resources to hire the development team to finish building out this platform and bring it to the masses. We like the idea of the fact that we're building a technology by the people for the people and we like the idea of Republic giving us an opportunity to raise the funds to do it from the people.
Ladar Levison: What the crisis in 2013 taught me is that the way we think about security today doesn't work, and it sent me back to the drawing board to build this next generation.
Jesse Draper: (silence)
Jesse Draper: Well, so, what did we all think? Q, start us off.
Q Motiwala: It's a really interesting idea. We think there are some challenges. They got to standardize their particular protocols and then make sure all the servers are taught that protocol. Because if you got only 20% of the people doing this, it's not gonna work.
Andy Tang: I like how committed they were, because it sounds like they were on a mission to do this, it failed. And back when they were in the school days, they've been on this for a long time.
Jesse Draper: Yes.
Andy Tang: Yeah, and they kept going, so I thought that really got my attention, hey, these guys are committed so if you invest in them, you're not gonna lose your money because they won't give up.
Jesse Draper: They'll make it happen.
Andy Tang: Yes.
Jesse Draper: Where you look at it as commitment, I looked at it as like, "Well, this is the way we're gonna go," and so I don't know if that's good. As founders, as culture, I think they could be a little more open, but they also understand this space. And I do think that we need more secure email, but it's a big undertaking.
Tim Draper: I did like their commitment to the mission, and I like that this is one of the big problems. Email is so important. I think giving it the 15-year test, is this thing gonna be alive in 15 years, or is it gonna be important in 15 years? I did get the viral part of this. This is gonna be very viral.
Jesse Draper: What do you guys think? Do you wanna vote for them and do you like Lavabit? Go to meetthedrapers.com, because we are the only show on television where you can invest in the companies.
Tim Draper: We wanna get the vibe up from the crystal ball.
Jesse Draper: I feel like we have to say something, like a [bippedy boppedy boo 00:24:51], or something.
Tim Draper: Lavabit, Lavabit.
Q Motiwala: [inaudible 00:24:54].
Jesse Draper: Yeah, Lavabit.
Q Motiwala: Lavabit, chili beanie.
Jesse Draper: Did you just say chili beanie?
Q Motiwala: Chili beanie.
Jesse Draper: Okay.
Q Motiwala: I got the energy, I got it.
Jesse Draper: Did you get it?
Tim Draper: Okay, I'm there.
Jesse Draper: Okay, what do we think, guys? Thumbs up, thumbs down, thumbs all around.
Jesse Draper: Whoa.
Q Motiwala: Oh [crosstalk 00:25:15].
Jesse Draper: I thought you were into it.
Tim Draper: No, I'm into the market. I think identity wins here.
Andy Tang: I think you were thinking in the 20 years. We're thinking in maybe five, 10 [crosstalk 00:25:24].
Q Motiwala: Yes.
Investors should verify any issuer information they consider important before making an investment.
All securities-related activity is conducted by OpenDeal Portal LLC doing business as Republic, a funding portal which is registered with the US Securities and Exchange Commission (SEC) as a funding portal (Portal) and is a member of the Financial Industry Regulatory Authority (FINRA). Republic is owned by OpenDeal.
Investments in private companies are particularly risky and may result in total loss of invested capital. Past performance of a security or a company does not guarantee future results or returns. Only investors who understand the risks of early stage investment and who meet the Republic's investment criteria may invest.
Republic does not verify information provided by companies on this Portal and makes no assurance as to the completeness or accuracy of any such information. Additional information about companies fundraising on the Portal can be found by searching the EDGAR database.