Art Alexion on 5 Jan 2009 09:11:48 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Reasonably secure email

On Monday 05 January 2009 11:43:15 am Randall A Sindlinger wrote:
> *Any* service out there is vulnerable to subpeonas.  

Quite true.

> This one is quite a 
> twist, 

I thought so.

> but the emails are still encrypted;  they're just making the 
> password accessible, if I read it correctly.  

The way I read it, Hushmail sent the targets a hacked version of the encryptor 
that seemed to add a "backdoor key" that allowed decryption.  Whether or not 
the Feds used the backdoor key or Hushmail used the key and delivered the 
email to the Feds unencrypted seems of no significance.

> Nothing the feds *couldn't* 
> do, just hushmail is doing it for them, IMO.

Are you suggesting that the Feds could crack the PGP keys without Hushmail 
deceiving their customer with a hacked encryptor?

I think this is comparable to the complicity of the telcos in the NSA's 
warrantless wiretaps.

Hushmail honors the subpoena by delivering the encrypted email, and letting 
the Feds try to do with it what they can.  Deceiving customers with a hacked 
encryptor is well beyond their legal obligations under the subpoena.  

What complicates this one is the international aspect.  Hushmail was 
responding to a Canadian subpoena.  I don't have a clue what a Canadian 
subpoena requires.  The Canadian authorities issued the subpoena at the US 
authorities' request.

Attachment: signature.asc
Description: This is a digitally signed message part.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --