Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hushmail Passing PGP Keys to the US Government

Zonk posted more than 6 years ago | from the this-would-be-nonoptimal dept.

Security 303

teknopurge writes "Apparently Hushmail has been providing information to law enforcement behind the backs of their clients. Billed as secure email because of their use of PGP, Hushmail has been turning over private keys of users to the authorities on request. 'DEA agents received three CDs which contained decrypted emails for the targets of the investigation that had been decrypted as part of a mutual legal assistance treaty between the United States and Canada. The news will be embarrassing to the company, which has made much of its ability to ensure that emails are not read by the authorities, including the FBI's Carnivore email monitoring software.'"

cancel ×

303 comments

Sorry! There are no comments related to the filter you selected.

By the authorise? (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21391153)

emails are not read by the authorise
How do you possibly get "authorise" from "authorities"?

Re:By the authorise? (2, Insightful)

McGiraf (196030) | more than 6 years ago | (#21391185)

"How do you possibly get "authorise" from "authorities"?

First suggestion of the spell checker?

But more on topic:

What do you expect when you PRIVATE key is stored somewhere you do not control access to? kind of dumb, if you ask me.

Re:By the authorise? (0, Flamebait)

timberwork (1179859) | more than 6 years ago | (#21391275)

Considering the article is written for an Australian website, "authorise" is indeed the correct spelling.

So? Google and Yahoo do the same (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21391297)

So? Google and Yahoo do the same. Why do you care anyway? You get free mail.

Re:So? Google and Yahoo do the same (5, Interesting)

CaptainTux (658655) | more than 6 years ago | (#21391601)

The difference, I would think, would is fairly obvious to most people. GMail and Yahoo don't give you a promise of "unbreakable encryption for your emails" that even the government can't break. There's no question that Google will share your information when properly ask to do so by law enforcement. It's in their Terms of Service. You know what to expect and you use your GMail or Yahoo accordingly.

On the same token, while I am appalled at HushMail's actions, it's for a different reason than most here I suspect. I don't have a problem with HushMail sharing information about customers engaging in illegal behavior with the authorities. Those people don't deserve their activities to be protected - they're illegal. But I DO have a problem with HushMail not disclosing that they're doing it right up front. Now, I've not fully read their ToS so maybe they do but their statements on the website would lead you to believe they aren't.

Really though, why would anyone use a PUBLIC service to conduct illicit activities? Setting up a private mail system complete with encryption is trivial and MUCH more secure.

Re:By the authorise? (1)

d7415 (1068500) | more than 6 years ago | (#21391855)

It is if they mean "authorise" (or "authorize"), but not if they meant "authorities", which is what the AC was getting at.

Re:By the authorise? (1)

Torvaun (1040898) | more than 6 years ago | (#21391869)

Correct spelling, wrong word. It should say authorities.

Re:By the authorise? (0)

Anonymous Coward | more than 6 years ago | (#21391299)

First suggestion of the spell checker?

Maybe you meant a grammar checker?

Re:By the authorise? (1)

julesh (229690) | more than 6 years ago | (#21391467)

What do you expect when you PRIVATE key is stored somewhere you do not control access to? kind of dumb, if you ask me.

Except, according to hushmail's docs, that's not the case. They may have your private key, but according to the docs, it's AES-encrypted with your passphrase, and never leaves your local machine in any other state. That doesn't seem so dumb.

How did this happen? Fuck knows. It isn't supposed to be possible. Hushmail's system was supposedly designed so that they couldn't do this, even if they wanted to. Perhaps one of them was running with an incredibly weak passphrase and hushmail cracked it on behalf of the feds...? All I can think of.

Re:By the authorise? (0)

Anonymous Coward | more than 6 years ago | (#21391535)

Well the same system is supposed to make it so that they cannot reset your password. A friend of mine forgot his pass. It took him weeks. Maybe 5 or 6 weeks of constant badgering and they finally reset it. I never used hushmail again........

Re:By the authorise? (2, Insightful)

kdemetter (965669) | more than 6 years ago | (#21391775)

If they can reset the password , it means that the emails themselves are not encrypted using that password . Otherwise , resseting your password would result in loss of all your emails .

Re:By the authorise? (4, Informative)

Kadin2048 (468275) | more than 6 years ago | (#21391871)

How did this happen? Fuck knows. It isn't supposed to be possible. Hushmail's system was supposedly designed so that they couldn't do this, even if they wanted to. Perhaps one of them was running with an incredibly weak passphrase and hushmail cracked it on behalf of the feds...? All I can think of.
TFA is crappy in this regard, there are better articles which explain what happened in more detail. (Full disclosure: I submitted this Wired article [wired.com] to /. but apparently got beaten.)

Basically, Hushmail has two main modes of operation. One of them is (reasonably) secure, the other is a trainwreck.

In one mode, the 'secure' one, you -- the user -- access their site and download a Java applet to your browser, which contains the OpenPGP encryption engine. You type your emails, they're encrypted on your machine, and sent to the server that way. Hushmail never, at any point in the operation, knows the password to your private key.

Now, because a lot of people use browsers that don't support Java, as of a few years ago, Hushmail came up with an alternative, which doesn't require it. Instead of using a Java applet, it works like a regular HTML/HTTPS webmail system, and all the encryption is done on the server. This means you don't need to be able to run the Java applet on your client machine.

However, and this is the crucial part, when you use this second mode even once, you expose the passphrase to your private key to Hushmail. And that's how they could decrypt all the messages. Once a person used the insecure service, they had basically sold themselves down the river. Hushmail had their passphrase, and from there could decrypt their private key, and from there get at all their messages. (Or at least their incoming messages; I don't know whether Hushmail encrypts outgoing messages to the sender's private key as well as the recipient's.)

From what I can tell, if you used Hushmail and were careful to always use the Java-based service, you wouldn't necessarily be vulnerable to this sort of attack. Since Hushmail wouldn't have your passphrase, the most they could do would be to hand over your encrypted messages and encrypted keys to the Feds, who would then have to try to brute-force your private key. (Meaning, everything would rest on how good a passphrase you used...)

Of course, any time you're depending on a downloaded applet for encryption, you're at the mercy of whomever you're downloading it from ... there's no reason (other than it being more difficult) that Hushmail couldn't be forced to "poison" their Java applet, or backdoor its encryption engine. Unless you're going to examine the code yourself each time, you have no way of really trusting it. But that's a lot more technically difficult than just grabbing the password from the server-side decryption engine, which appears to be what they did.

Re:By the authorise? (1, Funny)

Anonymous Coward | more than 6 years ago | (#21391249)

How do you possibly get "authorise" from "authorities"?
Remove the second t, second i, and reverse the e and the s.
(the summary was C/P'ed from TFA, so this is all I got...)

Re:By the authorise? (2, Interesting)

Anonymous Coward | more than 6 years ago | (#21391291)

'DEA agents received three CDs of decrypted emails which contained decrypted emails for the targets of the investigation that had been decrypted as part of a mutual legal assistance treaty between the United States and Canada.
I received three decrypted cds of decrypted emails that were once encrypted but are now decrypted so the encrypted emails are now decrypted. I've now reading through for formerly encrypted decrypted emails and by reading the decrypted emails that were encrypted but now decrypted I will find out what was so important that it had to be encrypted and now decrypted.

--
Qrpelcgvat guvf rapelcgrq pbagrag vf n ivbyngvba bs gur Qvtvgny Zvyyraavhz Pbclevtug Npg.

Re:By the authorise? (1)

xeoron (639412) | more than 6 years ago | (#21391809)

Your first round of decrypted messages are worthless meat eating mammal, for the the party of interest encrypted the messages twice-- once before going into Hushmail and again when Hushmail scrambled it before sending.

Re:By the authorise? (0, Offtopic)

larry bagina (561269) | more than 6 years ago | (#21391309)

emails aren't read by the authorise and submissions are edidet by the slashdot janitors.

Glad they cleared that up but (1)

DaSH Alpha (979904) | more than 6 years ago | (#21391165)

decrypted emails which contained decrypted emails for the targets of the investigation that had been decrypted
...and how do you decrypt a person? (assuming people were the targets of the investigation, and not the email)

Re:Glad they cleared that up but (1)

securityfolk (906041) | more than 6 years ago | (#21391239)

Well, I would start with a resurrection spell... sorry, GIGO...

Re:Glad they cleared that up but (1)

sethstorm (512897) | more than 6 years ago | (#21391281)

Wouldn't you need something to open it up first?

I welcome our new (2, Funny)

kaufmanmoore (930593) | more than 6 years ago | (#21391169)

the authorise overlords

Goodbye Market! (5, Insightful)

Fallen Seraph4 (1186821) | more than 6 years ago | (#21391187)

I really hope that they go out of business for this. I mean they extremely deserve it. I know that they probably didn't have much of a choice to hand over the keys, but to continue advertising such security... That's not cricket.

Hushmail did NOTHING WRONG (2, Informative)

wurp (51446) | more than 6 years ago | (#21391295)

I have used Hushmail for ages, and it is entirely secure. These users did something foolish - they demanded, then got, then used a "more convenient" version of Hushmail that did the encryption on the server instead of on the client.

Standard Hushmail downloads (& caches) an applet on your computer that encrypts & decrypts your private key with your passphrase. Only the encrypted private key is stored on Hushmail servers, and your email encrypted with the public key. They don't give your decrypted email up to authorities, even with a court order. Because, by design, they CAN'T. The unencrypted private key is never on their server.

The new & improved Hushmail works without you having to have Java support or download an applet. It can only work by decrypting the private key server-side, which means Hushmail has (at least briefly) the information to decrypt all your email. Which means that if they get a court order, they must capture that information and provide your decrypted emails or they go to jail.

Of course, with the applet they could give you a new one that sends them the decrypted key - I'm not sure of the legality of them doing so, even with a court order. However, this is not what happened - all they did was provide information they had on their servers, as required by law.

The only way to be sure of your security is to build a device by hand that does all the decryption & display on the device, inspect all of the code you put on it by hand (preferably compiling using a compiler you wrote in machine language). Oh, and only read email on the device in an opaque faraday cage, naked.

Hushmail gives you precisely as much security as they possibly can, and no more.

Entirely secure? (1, Informative)

Pinky's Brain (1158667) | more than 6 years ago | (#21391489)

Passphrase encryption is weak shit, also it's trivially easy for them to launch a man in the middle attack ... having a secure and valid keychain is just as important as having a secure private key.

The principle behind Hushmail is flawed. (5, Insightful)

Anonymous Coward | more than 6 years ago | (#21391503)

That may all be well and good, but the fact of the matter is that the design of Hushmail is flawed.

You never give your private key away to anyone ever. Period. Giving Hushmail a weakly encrypted private key is fishy to start with, but then entering the passphrase to decrypt it in a Hushmail controlled applet is just stupid.

And it's completely unnecessary because there are very good encryption utilities in existence and it's very trivial to set up a system that is a thousand times more secure than Hushmail. How about Debian + KMail + GnuPG? You don't trust Debian enough, because it's a binary distro and who knows what they secretly put in there? Use Gentoo.

Perhaps the tinfoil hat crowd will say things like "but there might be a backdoor in your hardware", but Hushmail wouldn't save you from that. And let's be honest here: no one really believes that anyway.

You may have thought yourself very witty when writing that penultimate paragraph, but the fact of the matter is that in today's world you can actually be as good as sure.

Re:Hushmail did NOTHING WRONG (2, Interesting)

julesh (229690) | more than 6 years ago | (#21391597)

Of course, with the applet they could give you a new one that sends them the decrypted key - I'm not sure of the legality of them doing so, even with a court order.

If I were them, I'd wipe the private key that's used to sign the applet. That way, if they're ever forced to do this, they'd have to use a different signing certificate, and the users (at least those who had checked the 'always trust applets from Hush Communications' checkbox the first time they signed in) would get an unexpected security dialog. Those of us who are paranoid could then choose not to use the fishy version.

Re:Hushmail did NOTHING WRONG (2)

hpavc (129350) | more than 6 years ago | (#21391805)

I disbelieve .... "Hushmail gives you precisely as much security as they possibly can, and no more." is meaningless when they fail to share that they have a policy of going turn coat on you. Billing yourself as a oasis when its a mirage is more like it.

Re:Hushmail did NOTHING WRONG (4, Insightful)

badfish99 (826052) | more than 6 years ago | (#21391853)

Hushmail gives you precisely as much security as they possibly can, and no more.

I don't know much about Hushmail, but I looked at their website, and they seem to want about $50 per year for what is basically GPG, and therefore available free. Except that, since java applets are downloaded from the server, there's no way to be sure that what you're actually running is what they claim that you are running, so their system might have all sorts of insecurities and backdoors, even if their source code looks OK. So they might give you as much security as they can, or they might be a bunch of cowboys. How do you tell? I certainly wouldn't trust them with my secrets.

Alternatives? (4, Insightful)

InvisblePinkUnicorn (1126837) | more than 6 years ago | (#21391189)

What alternatives are there besides Hushmail?

Re:Alternatives? (4, Insightful)

John Hasler (414242) | more than 6 years ago | (#21391221)

> What alternatives are there besides Hushmail?

GPG works fine.

Re:Alternatives? (0, Offtopic)

krazytekn0 (1069802) | more than 6 years ago | (#21391577)


> What alternatives are there besides Hushmail?
^^^this got informative? Do the people with mod points this week own dictionaries?
GPG works fine.
^^^ Insightful? Well at least there is some grain of truth to that modding, this would be the place for informative...

and this post here would be offtopic, not flaimbait or troll, mod accordingly. Seriously though do people just try to use up all their points on the first two comments they see?

Re:Alternatives? (4, Insightful)

Bert64 (520050) | more than 6 years ago | (#21391225)

If you want encrypted mail, run the encryption yourself... GPG is freely available. Then it doesn't matter via which service you transmit the mail.

Web Mail (1)

Frosty Piss (770223) | more than 6 years ago | (#21391357)

If you want encrypted mail, run the encryption yourself... GPG is freely available.
I don't know anything about "HushMail", but I assume it has some kind of Web interface? Are there any alternatives for people that must use Web mail (for example on the road a lot)? Could some type of encryption program be carried on a USB drive that might translate the message locally into code?

Re:Web Mail (4, Insightful)

N7DR (536428) | more than 6 years ago | (#21391587)

Are there any alternatives for people that must use Web mail

FireGPG. I haven't used it, but the blurb seems to indicate that that does the trick, at least for gmail.

Re:Web Mail (1)

Nasarius (593729) | more than 6 years ago | (#21391707)

I concur with FireGPG. USB key drives of 2GB and larger are dirt cheap these days, so just install your fully-customized version of Firefox on one, if you're using many unconnected computers. Thunderbird/Enigmail is even better if you're using Gmail, especially now that they offer IMAP.

Re:Alternatives? (2, Insightful)

Bieeanda (961632) | more than 6 years ago | (#21391241)

Exchanging keys the old-fashioned way, maybe? This seems to be the perfect example of why convenience and security are ultimately mutually exclusive.

Re:Alternatives? (2, Interesting)

Zonk (troll) (1026140) | more than 6 years ago | (#21391393)

FireGPG? [tuxfamily.org] . Quoting the website:

"FireGPG is a Firefox extension under GPL which brings an interface to encrypt, decrypt, sign or verify the signature of text in any web page using GnuPG. FireGPG adds an contextual menu to access to some useful functions. We will support some webmails. Currently, only Gmail is supported (some useful buttons are added in the interface of this webmail!)."

I haven't used it or Hushmail*, but it looks interesting. It does lack the portability, though. Maybe it could be made to work with Portable Firefox.

* I trust no one with my private keys.

Not paranoid enough. (5, Insightful)

Valdrax (32670) | more than 6 years ago | (#21391191)

I guess this is a brief lesson in why one should never fully trust the encryption of your private materials to a third party.

Re:Not paranoid enough. (0)

Anonymous Coward | more than 6 years ago | (#21391657)

Oh, I never trust any party to encrypt my privates..

Oh..

You said... *blush*

Missing from the article (5, Interesting)

WK2 (1072560) | more than 6 years ago | (#21391195)

There are several facts missing from the article:

1) Was there a court order? Or Canadian equivalent?
2) Did hushmail lie? The obviously commited willful deception, but did they outright lie?
3) Did hushmail violate it's TOS?
4) Did hushmail do anything illegal?

Of course, what the article did mention is important, especially to hushmail, and potential hushmail users. However, it would have been nice if they had dug a little bit to answer these obvious questions.

Re:Missing from the article (5, Informative)

Albanach (527650) | more than 6 years ago | (#21391285)

The Register ran an article on this last week. From their piece:


US federal law enforcement agencies have obtained access to clear text copies of encrypted emails sent through Hushmail as part a of recent drug trafficking investigation.

The access was only granted after a court order was served on Hush Communications, the Canadian firm that offers the service.

Hush Communications said it would only accede to requests made in respect to targeted accounts and via court orders filed through Canadian court.

Re:Missing from the article (2, Informative)

e9th (652576) | more than 6 years ago | (#21391311)

From their FAQ [hushmail.com] .

Re:Missing from the article (3, Informative)

bcrowell (177657) | more than 6 years ago | (#21391417)

The Wikipedia article [wikipedia.org] has a bunch of good references. The slashdot summary seems to be incorrect in some of its particulars. If you read the various articles, none of them seem to say that hushmail turned over private keys. They turned over cleartext of messages. Yes, there was a court order (see the more recent wired article). No, hushmail doesn't seem to have lied to their users in general -- the wired article praises them for their honesty -- but they do seem to have put a strong marketing spin on the lack of real security in the JS implementation of their service (as opposed to the original, more secure Java applet, in which the private keys never left the client machine).

Re:Missing from the article (5, Insightful)

justzisguy (573704) | more than 6 years ago | (#21391421)

This is all old news that was spelled out in a much more detailed article on Wired [wired.com] last week. To subvert those that don't RTFA, I'll answer your questions here on /.:
  1. Hushmail was served with a court order issued by the British Columbia Supreme Court (the Feds in Bakersfield, CA had to forward their request to the Canadian government)
  2. Hushmail glosses over the vulnerability to private key capture in their non-Java based web client, but it is mentioned. The Java client never transmits the private key (you still must trust the client, source code is available; compare the hashes)
  3. No, Hushmail's TOS do not prevent them with complying with a legal court order. Their users also must not break the law, per the TOS.
  4. Hushmail followed Canadian law perfectly.
So what can we learn from this? First, don't do illegal things (and use Hushmail or anything else). Second, while their non-Java client is convenient for avoiding the bulk of your traffic getting sucked up by programs like Carnivore [wikipedia.org] , use the Java client and not even Hushmail can hand anything over (they never received the private key, even for an instant).

Re:Missing from the article (1)

Jinjuku (762364) | more than 6 years ago | (#21391447)

You do realize you have the only reasonable response so far? As the years go by I see more /s'ers losing grip with reality. It's sad to see so many otherwise intelligent people not think for themselves and going off half-cocked.

Re:Missing from the article (0)

Anonymous Coward | more than 6 years ago | (#21391451)

Was there a court order? Or Canadian equivalent?

Yes, we do have courts in Canada, along with juries, judges, lawsuits, court orders, warrants and appeals.

One thing we don't have have is the "lawsuit lottery" where you can get millions for frivolous cases.

Re:Missing from the article (5, Insightful)

Frosty Piss (770223) | more than 6 years ago | (#21391477)

2) Did hushmail lie? The obviously commited willful deception, but did they outright lie?
Come on now. It's the same thing.

Re:Missing from the article (2, Insightful)

GuldKalle (1065310) | more than 6 years ago | (#21391841)

No, lying is what us normal people do. Willful deception is only for marketing executives, lawyers and politicians.

End of Hushmail? (2, Insightful)

hairykrishna (740240) | more than 6 years ago | (#21391199)

Surely this will do for them? How can they base their entire business around providing private email then just hand over CD's full of them whenever the authorities come knocking? Terrible.

Re:End of Hushmail? (1)

nurb432 (527695) | more than 6 years ago | (#21391305)

How many of their users will even know this happened? Enough to put a dent in them? without a doubt. Enough to put them out of business? I donno.. lots of uninformed people out there.

Re:End of Hushmail? (1)

eipgam (945201) | more than 6 years ago | (#21391653)

I don't know, maybe because a court order said they had to?

Re:End of Hushmail? (1)

corsec67 (627446) | more than 6 years ago | (#21391889)

But, why would they be able to comply?

If they really lived up to their name, they would never have the private keys, unencrypted emails, or any way to get either of those.

No mater how secure (4, Insightful)

KevMar (471257) | more than 6 years ago | (#21391203)

No mater how secure a company claims to be, you can't expect them to not fallow the law.

Re:No mater how secure (-1, Redundant)

Volante3192 (953645) | more than 6 years ago | (#21391245)

Based on what I read, there was no warrant involved. At least, not mentioned.

This just looks like a case of "Gimme your email!" and Hushmail bending over covering their ass and going "Here! Here! Don't sodomize me, bro!"

Re:No mater how secure (2, Informative)

Anonymous Coward | more than 6 years ago | (#21391695)

http://www.theregister.co.uk/2007/11/08/hushmail_court_orders/ [theregister.co.uk]

The access was only granted after a court order was served on Hush Communications, the Canadian firm that offers the service.

Hush Communications said it would only accede to requests made in respect to targeted accounts and via court orders filed through Canadian court.
(emphasis mine)

They followed a court order, this story is a non-issue.

Re:No mater how secure (1)

LeafOnTheWind (1066228) | more than 6 years ago | (#21391263)

heh, "fallow the law"
Maybe they just need to find a new crop to plant?
P.S. Just because you say you make a lot of spelling and grammar mistakes doesn't mean we can't rip on you for it. http://www.answers.com/fallow&r=67 [answers.com] http://www.answers.com/follow [answers.com] http://www.answers.com/mater [answers.com] http://www.answers.com/matter [answers.com]

Re:No mater how secure (1)

julesh (229690) | more than 6 years ago | (#21391433)

No mater how secure a company claims to be, you can't expect them to not fallow the law.

The point is that according to hushmail's end-user documentation, *they can't do this*.

Hushmail supposedly store everything, including your key, encrypted. The encrypted key is sent to an applet running on your computer, which decrypts it *locally* without sending a copy of your passphrase to the server. If you send e-mail to another hushmail user (as was the case in this instance) it is supposed to be encrypted with their public key *before it leaves your computer*.

If all of this was true, hushmail would not have been able to supply the FBI with the documents they did.

Re:No mater how secure (0)

Anonymous Coward | more than 6 years ago | (#21391777)

As many others have pointed out, hushmail has 2 versions: the better version is an applet that does the encryption client side, and is completely secure; the lesser (and probably the one involved here) does the encryption server side, which has obvious issues.

If you give away your key... (5, Insightful)

Albanach (527650) | more than 6 years ago | (#21391213)

This is only possible because users want the convenience of letting the Hushmail servers do the encryption on their behalf. To do this they have to hand over their encryption key, and once it's out of your control, so should be any expectation of privacy.

I'm not sure what users expect. If a legitimate legal request that is clearly going to stand up to any legal challenge comes in and you give the company the ability to decrypt the messages you send, the company has no option but to comply.

If Hushmail users want privacy they need to put up with the inconvenience of using an applet to sign their messages, and should be checking the hash of the Applet each time it is downloaded too so they can ensure it hasn't had a backdoor added. ideally the applet shouldn't send anything over the network, it should just encrypt the text and pass the pgp encrypted text content to the browser compose window. Then the user can check the data doesn't include anything they didn't put there themselves.

who the hell gives away their private keys??? (5, Insightful)

acvh (120205) | more than 6 years ago | (#21391229)

kind of defeats the purpose, I'd say.

Re:who the hell gives away their private keys??? (1)

goodmanj (234846) | more than 6 years ago | (#21391359)

In other news, a breakin and robbery was reported at 42 Elm Street after the owner gave his front door key to a gang member to hold for safekeeping. "He seemed like such a nice guy", said the owner.

right. (1, Troll)

apodyopsis (1048476) | more than 6 years ago | (#21391253)

you'd be expecting hushmail to turn up on fuckedcompany.com soon...

...if the website was not currently fucked.

Really though, come on. A firm that sells privacy as a feature and then gives it away to anybody who asks is about as crooked as your doctor telling your friends about your medical records on request. I had a hunt for the hushmail T&C to try and see if this was mentioned in any legalese but had no joy locating it.... The Internet being notoriously unforgiving on such matters I would not give too hoots for hushmail's future business regardless of whether they claim they had no choice or not

Re:right. (0, Troll)

Jinjuku (762364) | more than 6 years ago | (#21391383)

They were compelled under court order you dolt.

Last time I looked at hushmail... (1)

DamnStupidElf (649844) | more than 6 years ago | (#21391269)

They used to release the full source code to their Java applet that handled encryption/decryption, and provided instructions for building a byte-exact replica of what they distribute.

Theoretically, hushmail can be used in a perfectly secure manner; download the source, check it for back-doors, compile the applet yourself and memorize its hash. Then whenever you use hushmail, just verify that the hash of the downloaded applet is the same as the one you compiled yourself.

Probably hushmail was just feeding a tainted applet to the specific targets of the investigation, otherwise I'm sure some other astute user would have noticed the change in the applet signature. The typical muscle-bound steroid dealer probably doesn't have the time to memorize and compare hashes though...

Re:Last time I looked at hushmail... (3, Informative)

jjohnson (62583) | more than 6 years ago | (#21391407)

Hushmail wasn't feeding a tainted applet, they were providing the keys of those who were identified and chose to use the server-side encryption option, rather than the applet.

Why is this surprising? (4, Insightful)

crypTeX (643412) | more than 6 years ago | (#21391271)

Is everyone forgetting that this is a relatively small company. How many people believe that if The Suits show up with something that looks official on paper that a company with people who want to look out for their own families and such will say "No, we're not giving you that." If the algorithm is secure, you have to keep your own key. I'm not willing to go to prison for your secret, let me know if you find someone who think truly is.

Re:Why is this surprising? (1)

julesh (229690) | more than 6 years ago | (#21391685)

If the algorithm is secure, you have to keep your own key

Of course, hushmail's original selling point was that you _do_ keep your own key, or at least your key's AES-encrypted while on their servers and not decrypted there. That's the story that most people here about the service, even now.

However, at some point in the not-too-distant past, hushmail added a new service that didn't require a java applet to work, but that does require them to have your key. They're not forthcoming enough (IMO) about the difference between the two services.

Lesson Learned: (4, Insightful)

nurb432 (527695) | more than 6 years ago | (#21391287)

Don't trust someone else to do what you should be doing yourself.

This is nothing more than another example and .... (0, Troll)

3seas (184403) | more than 6 years ago | (#21391289)

....reminder of the typical "make a claim of one thing and do the opposite --- and profit"
Oh so typical of the computer.....

Hushmail are okay (0)

Anonymous Coward | more than 6 years ago | (#21391303)

They complied with court orders for their SSL webmail product, the more secure variant uses a java applet. Nothing of note here except how stand-up hushmail have been about it.

trust any electronic devices (1)

FudRucker (866063) | more than 6 years ago | (#21391315)

do not trust anything electronic for communications anymore...

Re:trust any electronic devices (1)

Bill, Shooter of Bul (629286) | more than 6 years ago | (#21391389)

what exactly do you propose for long distance communication?

Re:trust any electronic devices (1)

FudRucker (866063) | more than 6 years ago | (#21391533)

i never said not to use anything for long distance communication, just don't trust the devices used for long distance communication...

Re:trust any electronic devices (1)

Bill, Shooter of Bul (629286) | more than 6 years ago | (#21391807)

So basically what you're saying is that you cannot send a message long distance with %100 assurance that it is secure. So either don't send sensitive information long distances, or live with the fact that they may be intercepted. Right?

Not as big a deal as you think (5, Informative)

headhot (137860) | more than 6 years ago | (#21391327)

Hushmail has 2 options, client side encryption which is done via a java plug in, and server side encryption.

They only had the keys to give away for those people who chose server side encryptions. They don't have the private keys for those who cleint side.

Also, when you choose you method, Hushmail tells you that server side is much less secure. They and anybody else operating in the US would have to turn over the private keys they heald with a court order.

Whats the leason? Key your private keys private. Duh.

Wired article with an interview (5, Informative)

tommyatomic (924744) | more than 6 years ago | (#21391347)

Here is a link to a wired article about the same issue. However wired actually bothered to contact the Hushmail and got a response from the CTO Brian Smith. Apparently it is not a clearcut as the OP and TFA suggests. http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html [wired.com]

MOD PARENT UP (0)

Anonymous Coward | more than 6 years ago | (#21391491)

Much better article... amusingly, the one that had bubbled to the top on digg about 2 weeks ago.

Sounds like a honey-pot (1)

Marc_Hawke (130338) | more than 6 years ago | (#21391363)

I guess some of you actually use it, so maybe it does do some legit service, but from the description of the thing it sounds like a great "honey-pot" to me.

1. Present yourself as a way to keep secrets from people.

2. Sell/Give those secrets to the people directly.

Wrong wrong wrong (5, Insightful)

starfishsystems (834319) | more than 6 years ago | (#21391365)

I've seen several comments already to the effect that we should know better than to trust PGP or other forms of asymmetric encryption.

These comments are misguided.

The crypto is fine. It's just been applied in an obviously flawed manner. Of course if some third party obtains your private key, your should assume that your communications are no longer secure. What part of that is hard to understand?

There way asymmetric crypto is supposed to work, you generate the key pair yourself. Then you give out the public key. You never ever give out the private key.

As an exercise, think about the following scenario. You go to a website which purports to offer some kind of secure service based on asymmetric crypto, using for example PGP keys or X.509 certificates. The site asks you to supply a bunch of identity information. It then generates a key pair for you.

What part of this scenario should you trust? The answer: no part! It's not the function of another party to generate your key pair for you. You must do this yourself. You must closely guard the private key, store it securely, never give it out, and avoid transmitting it in cleartext. Got that? Then your problems are over.

Re:Wrong wrong wrong (1)

Ghubi (1102775) | more than 6 years ago | (#21391639)

As an exercise, think about the following scenario. You go to a website which purports to offer some kind of secure service based on asymmetric crypto, using for example PGP keys or X.509 certificates. The site asks you to supply a bunch of identity information. It then generates a key pair for you.
The way asymmetric encryption works is the public key is used for encrypting messages and the private key is used to decrypt them. If you are sending identity information to some website then they do need to be the ones to generate the key pair and send you the public key so that they have the private key to decrypt your information. If they are sending sensitive account information back to you once your identity has been verified then a second key pair must be generated by your computer.

Re:Wrong wrong wrong (1)

lawpoop (604919) | more than 6 years ago | (#21391649)

The crypto is fine. It's just been applied in an obviously flawed manner.
What about a technology that is theoretically sufficient to accomplished the job it was designed for, but the implementation of such is so counter-intuitive that any human user stands a good chance of thinking it's working when it's not?

In other words, crypto works -- but the problem is getting human beings to do proper crypto.

Re:Wrong wrong wrong (1)

Jay L (74152) | more than 6 years ago | (#21391669)

Of course if some third party obtains your private key, your should assume that your communications are no longer secure. What part of that is hard to understand?

Duh! I agree - even my grandmother knows the difference between a private key generated on her PC by a Java applet running in a browser pointed to hushmail.com and a private key that's generated server-side and displayed in her browser pointed to hushmail.com.

Oh, wait, no she doesn't.

Server-side Webmail Only! (4, Informative)

pavon (30274) | more than 6 years ago | (#21391371)

This only applies if you use their webmail service with server side encryption. They have to have your key in order to encrypt/decrypt server-side, and they have to turn it over to the authorities if they have a valid warrent. It's the law.

If you use their client-side Java applet to do the encryption on your computer - as they strongly recommends that you do - then this is not an issue. Hushmail never see you keys and thus cannot be compelled to hand them over.

Several other sites covered this story earlier in the month all without the crappy sensationalism of slashdot. I first saw it at arstechnica [arstechnica.com] , which linked to an interview with the CEO by wired [wired.com] .

I'm not usually one to hard on individual slashdot editors, but this is the 4th intentionally misleading troll that zonk has posted today. It is crap like this that caused me to not renew my slashdot subscription so many years.

Re:Server-side Webmail Only! (2, Insightful)

julesh (229690) | more than 6 years ago | (#21391619)

If you use their client-side Java applet to do the encryption on your computer - as they strongly recommends that you do - then this is not an issue.

If they "strongly recommend" this, why is it off by default?

Re:Server-side Webmail Only! (0)

Anonymous Coward | more than 6 years ago | (#21391667)

If you use their client-side Java applet to do the encryption on your computer - as they strongly recommends that you do - then this is not an issue. Hushmail never see you keys and thus cannot be compelled to hand them over.


One vector for attacking this would be to force Hushmail to send you Java file with a backdoor.

While client-side caching would keep the proper, secure, version on your machine for a while, it can expire eventually and then you're running the hacked code.

Not sure how feasible this is. (Of course no system is perfect--it could be possible to install a keysniffer on your system to get your passphrase.)

Caveat emptor (1)

iminplaya (723125) | more than 6 years ago | (#21391391)

Trust no one.

May I assume that the contract has a clause stipulating that they will give up anything "with a court order"?

Re:Caveat emptor (1)

John Hasler (414242) | more than 6 years ago | (#21391673)

I doubt it. I also doubt that they have a clause saying "If our servers are struck by a meteorite there will be an interruption of service".

Embarrassing?? (1, Insightful)

samantha (68231) | more than 6 years ago | (#21391401)

No. They should be sued into oblivion for clear breech of contract for starters. This is one of the most disgustingly slimey things I have seen in a while. Those that take privacy seriously, which should be all of us, were lied to by a company that was supposed to help. And don't give me that tired "well I have nothing to hide" bullshit. When the government and other busies make it their business to prohibit and/or punish a great number of activities that really are no one's business it behooves us as purportedly free people to limit access where we can.

Re:Embarrassing?? (2, Interesting)

samantha (68231) | more than 6 years ago | (#21391435)

OK, I am embarrassed. They really didn't have much choice except to go out of business given both a fully legal (though it shouldn't be) court order and the fact that the users in question were foolish enough to make their private keys available. I should have read more before firing off. Mea culpa.

Re:Embarrassing?? (1)

Neon Aardvark (967388) | more than 6 years ago | (#21391481)

That's ok Samantha. Just don't let it happen again.

Re:Embarrassing?? (1)

hyades1 (1149581) | more than 6 years ago | (#21391709)

Can I be really old-fashioned for a minute? Hushmail made a promise, then didn't keep it. Perhaps they should have informed the people in question they were about roll over on them. Perhaps they should have told the DEA they'd fight the court order all the way to the top. Perhaps they should have gone to the media, and damn the consequences.

I think your answer was right, and the fact that both the U.S. and Canada seem intent on turning themselves into police states (get a load of what happened to that Polish guy in Vancouver Airport if you think the Mounties are all like Dudley Doright) doesn't absolve Hushmail of their moral responsibility to deliver what they promised or shut down.

Sooner or later we'll have to make some hard decisions about how much we value the rights and freedoms a bunch of elected cowards and fascists have been treating like toilet paper. I, for one, am getting sick and tired of watching a bunch of tight-assed old white men who look like they just swallowed a rancid pickle tell us we're all going to die if we don't surrender everything earlier generations bled and died to protect.

HushMail supports spammers (0)

Anonymous Coward | more than 6 years ago | (#21391459)

I've been getting text message SPAM advertising a site, whose WHOIS records point to a HUSHMAIL account.

Andy

Re:HushMail supports spammers (1)

julesh (229690) | more than 6 years ago | (#21391705)

I've been getting text message SPAM advertising a site, whose WHOIS records point to a HUSHMAIL account.

Andy


Err.. right. So spammers (who conduct often-illegal activities) are using a webmail service that makes it a little more difficult than usual for law enforcement to get hold of their details.

And you're surprised... why?

Always read the disclaimer (0)

Anonymous Coward | more than 6 years ago | (#21391511)

The actual disclaimer page isn't even that long. Heck it fits into one page with normal size font. http://www.hushmail.com/login-disclaimer [hushmail.com]

"Hush Communication Corporation (hereby known as "Hush" or "Hush Communications") does not represent or endorse the accuracy or reliability of any of the information, content or advertisements (collectively, the "Materials") contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website (the "Service"), nor the quality of any products, information or other materials displayed, purchased, or obtained by you as a result of an advertisement or any other information or offer in or in connection with the Service (the "Products"). You hereby acknowledge that any reliance upon any Materials shall be at your sole risk."
Basically, whatever we say about keeping your privacy, we may not mean it.
Lovely.

Avoid using "services" like this. (1)

rice_burners_suck (243660) | more than 6 years ago | (#21391563)

If you need to email trade secrets, banking information, or any other sensitive information, the way to do this is by learning to use PGP or your encryption standard of choice on your own, and then generate and store your own private keys, and send the emails through any service of your choice, already encrypted.

For added security, send the public key to the other party by postal mail so none of the keys ever see email; only the encrypted content. Furthermore, encrypt the sensitive content between streams of random length from /dev/random, so that anyone trying to crack the encryption will see a bunch of hogwash even if they attempt brute force methods.

War on drugs (3, Insightful)

apparently (756613) | more than 6 years ago | (#21391573)

How awesome is it that a company's reputation and income has to suffer (potentially unrecoverably) in order to comply with a court order, all in the name of The War on Drugs. Yay America: putting business out of business and restricting citizen's rights to their bodies, all at the same time!

'incorrect', sensational, summary (0)

Anonymous Coward | more than 6 years ago | (#21391581)

The company, based in Canada, was issued a warrrant by a Canadian court to hand over information. That information, via an agreement between the two countries, was then given to US investigators who made the original request.

Technically speaking what happened was the alleged criminal was using a more "insecure", but also more convenient, version of Hushmail's product. What occurred was that said individual typed their password/phrase into their web browser and sent it to Hushmail. HM was then able to decrypt the individual's messages and had to send them off to the police as it was legally required to.

Hushmail has a version of their product where the encryption and decryption occurs on the individual's machine via Java. The catch is that you have to wait for the applet to download and run, which it seems the alleged crimincal was not willing to do.

The company was clear in their description of their more "convenient" product offereing: if you give us the key, we can decrypt your message. If you don't want us to decrypt your messages then use the 'more secure' version of our product.

--
I'm not related to the company in any way (not even a customer), just like to set things straight as the summary is a bit sensational.

Even security companies have to follow the law and the courts. If you don't like that live in a place where there are neither.

The situation here is not like the (alleged) AT&T-NSA program. Everything was done above-board.

broader issue (1)

bcrowell (177657) | more than 6 years ago | (#21391633)

This seems to me like an example of a much broader issue, which is the plethora of concerns, including privacy concerns, that surrounds the whole concept of using the browser as a platform for applications. People have been struggling with this forever, ever since Sun and MS first locked horns over Java applets. Over and over, we've seen security holes in IE caused by MS's poor handling of the javascript security model. Over and over, we've seen nonproprietary, multiplatform solutions (javascript, ajax) battling with proprietary ones (flash) and proprietary, single-platform ones (silverlight). In the present situation with hushmail, the problem was that although hushmail had a good, secure design that used a java applet, a lot of people didn't want the hassle of installing a java runtime, so they provided an alternative using JS. But JS isn't fast enough to do encryption, so the encryption had to be done on the server side. Maybe tamarin [wikipedia.org] will help with this kind of thing, but in general, security, privacy, and user control are always going to be serious problems with web applications.

What does it mean... (2, Insightful)

Deliveranc3 (629997) | more than 6 years ago | (#21391763)

That the NSA and CIA are widely believed to have the best hackers and cryptographers in North America.

The most successful hackers have been social hackers... and will continue to be.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>