Report: Cricket blocked encrypted emails for months

Some Cricket customers were unable to send or receive encrypted email for months, according to The Washington Post, citing security researchers.

AT&T (NYSE: T), which acquired the Cricket brand when it bought Leap Wireless, did not respond to a request for comment by the Post. Cricket said in a statement to the publication that it "is continuing to investigate the issue but does not intentionally prevent customers from sending encrypted emails."

It all came to light when a Golden Frog software engineer in rural Texas, who relied on Cricket for his mobile Internet service, configured his email program to allow his emails to be sent only if encrypted. Golden Frog, which sells privacy-focused software that includes an encrypted messaging service, reported the problem in a July filing with the FCC.

Soon after TechDirt published an article about the issue, the problem ended, Golden Frog told the Washington Post. It was unclear how long it lasted or how many customers were affected.

When Golden Frog first noticed it was not receiving the employee's emails, it began looking into why, according to the Post. Golden Frog found that the engineer was trying to send emails through a virtual doorway known as Port 25. That portal has been used to send emails for years, but some Internet service providers began blocking it because they were concerned that it was dominated by spammers. The system remains popular among some tech experts who use it to operate their own mail servers.

Cricket allowed customers to send and receive emails through Port 25 software but stripped the traffic of the encryption request, known as STARTTLS, the article says.

In its FCC filing, Golden Frog said it was concerned that Cricket's practices violated the spirit of net neutrality, or the idea that Internet service providers should allow Internet traffic to move freely across their networks.

A commenter to the TechDirt article attributed the problem not to a deliberate attempt on Cricket's part to block encrypted email but to a configuration problem with Cisco ASA-Firewalls. "Frankly, having deployed a fair number of Cisco ASA's myself, this sounds more like a missed configuration setting followed by an 'oh crap' moment on a new deployment than a malicious 'let's break encrypted email' conspiracy," said the commenter using the screen name "sigalrm."

This comes as more consumers are relying on digital encryption. About half of the emails received through Gmail in October were encrypted, up from about 30 percent in January, according to the report citing Google (NASDAQ: GOOG).

For more:
- see this TechDirt blog
- see this Washington Post article

Related articles:
Verizon says Golden Frog speaking with silver tongue on Netflix throttling claims
AT&T's $1.2B bid for Leap is mostly about spectrum
AT&T snaps up Leap Wireless for $1.2B