by Mike Masnick
Fri, Nov 9th 2007 12:37am
Many people are familiar with the company Hushmail, who provides encrypted web-based email that the company claims is completely private. In fact, the company makes it clear: "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer." It turns out that isn't quite true. Wired reports that Hushmail handed the feds 12 CDs worth of plain text emails from the service following a court order. The Wired piece goes into great detail concerning what happened here -- and the folks at Hushmail were quite honest about how their service works. Hushmail has two different versions, one which requires a java app to be downloaded, which handles all the encryption locally. The other, more popular one, is entirely web-based, meaning that your passphrase is stored on the server ever so briefly -- and that's how Hushmail was able to access the accounts required in the court order. So, while it's true that Hushmail is mostly secure outside of a court order, the marketing material on the site is at least a little misleading, implying that even in such cases, your email will be encrypted.
If you liked this post, you may also be interested in...
- Court Says 10 Weeks Of Warrantless Surveillance Is Perfectly Constitutional
- Congressional Reps Submit Bill Banning Encryption Bans
- Senator John McCain Weighs In On 'Going Dark' Debate -- Insists That He Understands Cryptography Better Than Cryptographers
- FBI Almost Entirely Arbitrary In Redacting Info On Freedom Of Information Requests
- FBI Sent Informant Into Mosque To Find Terrorists... Mosque Gets Restraining Order And Reports Him To The FBI