[Infowarrior] - Hushmail Spills to Feds
Richard Forno
rforno at infowarrior.org
Fri Nov 9 13:59:00 UTC 2007
Encrypted E-Mail Company Hushmail Spills to Feds
By Ryan Singel EmailNovember 07, 2007 | 6:39:41 PMCategories: Crime, Hacks
and Cracks
Hushmail, a longtime provider of encrypted web-based email, markets itself
by saying that "not even a Hushmail employee with access to our servers can
read your encrypted e-mail, since each message is uniquely encoded before it
leaves your computer."
But it turns out that statement seems not to apply to individuals targeted
by government agencies that are able to convince a Canadian court to serve a
court order on the company.
A September court document (.pdf) from a federal prosecution of alleged
steroid dealers reveals the Canadian company turned over 12 CDs worth of
e-mails from three Hushmail accounts, following a court order obtained
through a mutual assistance treaty between the U.S. and Canada. The charging
document alleges that many Chinese wholesale steroid chemical providers,
underground laboratories and steroid retailers do business over Hushmail.
The court revelation demonstrates a privacy risk in a relatively-new, simple
webmail offering by Hushmail, which the company acknowledges is less secure
than its signature product.
A subsequent and refreshingly frank e-mail interview with Hushmail's CTO
seems to indicate that government agencies can also order their way into
individual accounts on Hushmail's ultra-secure web-based e-mail service,
which relies on a browser-based Java encryption engine.
< - >
http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html
More information about the Infowarrior
mailing list