Hushmail Turned Over Customer E-mails To Feds

There is a big case right now in the news about the Chinese wholesale steroid chemical providers, underground laboratories and steroid retailers. A big bust and the usual media exposé, yada…yada. Now, something else has just popped up on radar today and that news is that the Chinese companies were doing business via Hushmail.

In case you’ve never heard of Hushmail, they offer a very secure email set up with servers in Canada and it’s often the favorite of digital currency users. The business has been around since 1999 and they use the industry-standard cryptographic and encryption protocols [OpenPGP & AES 256] even encrypting all of the messages on their Canadian servers. Consequently, even if you are the operator of the server, you still can’t see the emails. The customer has the only key.

The US DOJ requested the email information and all of the events are now headlining in a Wired magazine article containing an interview with Brian Smith the CTO of Hushmail Communications Corp. Mr. Smith made it very clear that…

“…government agencies can also order their way into individual accounts on Hushmail’s ultra-secure web-based e-mail service, which relies on a browser-based Java encryption engine.”

One of the many convenient Hushmail services is the basic Hushmail web based version. While it is very secure, the basic model is web based and very easy to use. The freebie webmail is not the Hushmail flagship product and apparently, without getting into all the technical details, there is a way for Hushmail to capture a user’s password, get into your box and make copies of all emails –> under specific court ordered surveillance. (of course)

For the Chinese case, it would appear that a US Federal request for the information forced Hushmail to use their inside knowledge, grab the users’ keys, decrypt the emails and give up 12 CDs full of evidence. (I’m no technical expert so it may have happened in a different order :-)

This activity by the Hushmail Communications Corp. should really not surprise anyone. In today’s post 9/11 world a government investigation CAN open your encrypted email.

It’s not clear to me right now typing this if I could always agree with this type of intrusion, but today, since my car did not get blown up on the way to the supermarket and no one for 2000 miles around me was blown up by crazy terrorists, today, I’m going to have to say….YES, I agree with the .gov’s action. You can’t expect a provider of any Internet service to be full proof and stand up and protect any illegal activity especially such a headliner.

Do you agree? Let me hear from you.

Hushmail provides some exciting privacy options.

“Hush uses industry standard algorithms as specified by the Open PGP standard (RFC 2440) to ensure the security, privacy and authenticity of your email. With Hushmail, users need only create and remember their own passphrases, and the secure Hushmail server does the rest. Encryption and decryption are transparent to the user, making Hushmail the most user-friendly secure mail solution available. Through the Hush Encryption Engine™, the Hush key servers take care of Public/Private key exchange in a completely seamless fashion. When a user wishes to encrypt/decrypt data or verify/sign a signature, a connection is automatically made to a Hush Key Server to retrieve the necessary Public/Private Key. It’s that simple! Only Hush’s solution provides such a high level of security combined with total ease of use. The descriptions below will give you an overview of how the Hush system secures email.”

Basic accounts are free so if you’re looking for privacy you may want to give them a try. Just don’t start a wholesale Chinese Steroid business or any other large criminal enterprise and I’m quite sure you will be happy with their services. Did I mention, they accept e-gold.

Source: Wired, By Ryan Singel November 07, 2007 Categories: Crime, Hacks and Cracks