Skip to main content
Springer Nature Link
Log in

LEAP: The LEAP Encryption Access Project

  • Chapter
  • First Online:
Reforming European Data Protection Law

Part of the book series: Law, Governance and Technology Series ((ISDP,volume 20))

Abstract

As demonstrated by the recent revelations of Edward Snowden on the extent of pervasive surveillance, one pressing danger is in the vast centralization of unencrypted messages by centralized silos such as Microsoft, Facebook, and Google. Peer-to-peer alternatives for messaging have failed to reach massive uptake amongst users. In response, we argue for a client-service federated model of messaging service providers that provide automatic encryption of messages such as email. We then present the threat model and design of LEAP, which currently provisions opportunistic email encryption combined with a VPN and cross-device synchronization. We also outline how the next steps for LEAP could allow massive deployment of mix networks and be extended to new services such as chat, file-sharing, and social networking.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    http://www.cypherpunks.ca/otr/

  2. 2.

    Although Tribler itself does not use encryption or anonymization techniques, but instead seems to mistakenly uphold that a peer-to-peer architecture is enough to be resistant to censorship threats.

  3. 3.

    http://www.enigmail.net/home/index.php

  4. 4.

    http://mailpile.is

  5. 5.

    To try, follow instructions on http://demo.bitmask.net

  6. 6.

    https://github.com/leapcode/

  7. 7.

    Note that parts of Sects. 15.2 and 15.4 are modified versions of material available on the LEAP wiki at http://leap.se/en/docs (Accessed May 23rd 2014).

  8. 8.

    https://gnunet.org/

  9. 9.

    https://crypto.cat/

  10. 10.

    https://mega.co.nz/

  11. 11.

    https://silentcircle.com/

  12. 12.

    https://lavabit.com/

  13. 13.

    http://www.openpgp.org/

  14. 14.

    Note that we do understand reasonable people may disagree over the exact values, and furthermore, that we are describing only a class of deployed systems rather than particular hypothetical systems or systems that do not have mass deployment.

  15. 15.

    For example, monitoring the patterns of communication in an IRC channel that allows anonymous identifiers can eventually reveal the identities of users of the IRC channel.

  16. 16.

    http://www.dkim.org/

  17. 17.

    http://tools.ietf.org/html/rfc5751

  18. 18.

    http://docs.puppetlabs.com/guides/introduction.html

  19. 19.

    https://tools.ietf.org/html/draft-perrin-tls-tack-02

  20. 20.

    http://openvpn.net/

  21. 21.

    https://git.torproject.org/checkout/thandy/master/

  22. 22.

    http://bigcouch.cloudant.com/

  23. 23.

    https://one.ubuntu.com/developer/data/u1db/

  24. 24.

    https://sqlite.org/

  25. 25.

    http://sqlcipher.net/

  26. 26.

    https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00

  27. 27.

    TOFU stands for “Trust On First Use,” which assumes the first transfer and use of a key is not compromised.

  28. 28.

    An Android version, with has considerable differences due to being coded in Java, is under development.

  29. 29.

    https://tools.ietf.org/html/rfc5054

  30. 30.

    Such as Thunderbird, Evolution, or Outlook.

  31. 31.

    http://www.symantec.com/desktop-email-encryption

  32. 32.

    http://www.w3.org/2012/webcrypto/

  33. 33.

    http://www.thoughtcrime.org/blog/lavabit-critique/

References

  • Danezis, G., Diaz, C., Troncoso, C., Laurie, B.: Drac: An architecture for anonymous low-volume communications. In Atallah, M., Hopper, N., eds.: Privacy Enhancing Technologies. Volume 6205 of Lecture Notes in Computer Science. Springer Berlin / Heidelberg (2010) 202–219

    Google Scholar 

  • Danezis, G., Serjantov, A.: Statistical disclosure or intersection attacks on anonymity systems. In: in Proceedings of 6th Information Hiding Workshop (IH 2004. (2004) 293–308

    Google Scholar 

  • Dingledine, R., Syverson, P.F.: Reliable mix cascade networks through reputation. In Blaze, M., ed.: Financial Cryptography. Volume 2357 of Lecture Notes in Computer Science., Springer (2002) 253–268

    Google Scholar 

  • Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. Proceedings of the 13th USENIX Security Symposium 2 (2004)

    Google Scholar 

  • Douceur, J.R.: The sybil attack. In Druschel, P., Kaashoek, M.F., Rowstron, A.I.T., eds.: IPTPS. Volume 2429 of Lecture Notes in Computer Science., Springer (2002) 251–260

    Google Scholar 

  • Greenwald, G.: No Place to Hide: Computer Hacking, Crashing, Pirating, and Phreaking. Metropolitan Books (2014)

    Google Scholar 

  • Gaw, S., Felten, E.W., Fernandez-Kelly, P.: Secrecy, flagging, and paranoia: adoption criteria in encrypted email. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. CHI ’06, New York, NY, USA, ACM (2006) 591–600

    Google Scholar 

  • Garfinkel, S.L.: Enabling email confidentiality through the use of opportunistic encryption. In: Proceedings of the 2003 annual national conference on Digital government research. dg.o ’03, Digital Government Society of North America (2003) 1–4

    Google Scholar 

  • Pouwelse, J.A., Garbacki, P., Wang, J., Bakker, A., Yang, J., Iosup, A., Epema, D.H.J., Reinders, M., van Steen, M.R., Sips, H.J.: Tribler: a social-based peer-to-peer system. Concurrency and Computation: Practice and Experience 20 (2008) 127–138

    Article  Google Scholar 

  • Whitten, A., Tygar, J.D.: Why johnny can’t encrypt: a usability evaluation of pgp 5.0. In: Proceedings of the 8th conference on USENIX Security Symposium - Volume 8. SSYM’99, Berkeley, CA, USA, USENIX Association (1999) 14–14

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LEAP Encryption Access Project, 4422, Seattle, WA, 98194, USA

    Elijah Sparrow

  2. W3C/MIT, 32 Vassar Street, Room 32-G515, Cambridge, MA, 02139, USA

    Harry Halpin

Authors
  1. Elijah Sparrow
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Harry Halpin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elijah Sparrow .

Editor information

Editors and Affiliations

  1. Law, Science, Technology & Society (LSTS), Faculty of Law and Criminology at the Vrije Universiteit Brussel, Brussels, Belgium

    Serge Gutwirth

  2. Tilburg Institute for Law, Technology, and Society (TILT), Tilburg University, Tilburg, The Netherlands

    Ronald Leenes

  3. Law, Science, Technology & Society (LSTS), Faculty of Law and Criminology at the Vrije Universiteit Brussel, Brussels, Belgium

    Paul de Hert

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer Science+Business Media Dordrecht

About this chapter

Cite this chapter

Sparrow, E., Halpin, H. (2015). LEAP: The LEAP Encryption Access Project. In: Gutwirth, S., Leenes, R., de Hert, P. (eds) Reforming European Data Protection Law. Law, Governance and Technology Series(), vol 20. Springer, Dordrecht. https://doi.org/10.1007/978-94-017-9385-8_15

Download citation

Publish with us

Policies and ethics