Hushmail Passing PGP Keys to the US Government
teknopurge writes "Apparently Hushmail has been providing information to law enforcement behind the backs of their clients. Billed as secure email because of their use of PGP, Hushmail has been turning over private keys of users to the authorities on request. 'DEA agents received three CDs which contained decrypted emails for the targets of the investigation that had been decrypted as part of a mutual legal assistance treaty between the United States and Canada. The news will be embarrassing to the company, which has made much of its ability to ensure that emails are not read by the authorities, including the FBI's Carnivore email monitoring software.'"
I really hope that they go out of business for this. I mean they extremely deserve it. I know that they probably didn't have much of a choice to hand over the keys, but to continue advertising such security... That's not cricket.
I guess this is a brief lesson in why one should never fully trust the encryption of your private materials to a third party.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
This is only possible because users want the convenience of letting the Hushmail servers do the encryption on their behalf. To do this they have to hand over their encryption key, and once it's out of your control, so should be any expectation of privacy.
I'm not sure what users expect. If a legitimate legal request that is clearly going to stand up to any legal challenge comes in and you give the company the ability to decrypt the messages you send, the company has no option but to comply.
If Hushmail users want privacy they need to put up with the inconvenience of using an applet to sign their messages, and should be checking the hash of the Applet each time it is downloaded too so they can ensure it hasn't had a backdoor added. ideally the applet shouldn't send anything over the network, it should just encrypt the text and pass the pgp encrypted text content to the browser compose window. Then the user can check the data doesn't include anything they didn't put there themselves.
kind of defeats the purpose, I'd say.
These comments are misguided.
The crypto is fine. It's just been applied in an obviously flawed manner. Of course if some third party obtains your private key, your should assume that your communications are no longer secure. What part of that is hard to understand?
There way asymmetric crypto is supposed to work, you generate the key pair yourself. Then you give out the public key. You never ever give out the private key.
As an exercise, think about the following scenario. You go to a website which purports to offer some kind of secure service based on asymmetric crypto, using for example PGP keys or X.509 certificates. The site asks you to supply a bunch of identity information. It then generates a key pair for you.
What part of this scenario should you trust? The answer: no part! It's not the function of another party to generate your key pair for you. You must do this yourself. You must closely guard the private key, store it securely, never give it out, and avoid transmitting it in cleartext. Got that? Then your problems are over.
Parity: What to do when the weekend comes.
- Hushmail was served with a court order issued by the British Columbia Supreme Court (the Feds in Bakersfield, CA had to forward their request to the Canadian government)
- Hushmail glosses over the vulnerability to private key capture in their non-Java based web client, but it is mentioned. The Java client never transmits the private key (you still must trust the client, source code is available; compare the hashes)
- No, Hushmail's TOS do not prevent them with complying with a legal court order. Their users also must not break the law, per the TOS.
- Hushmail followed Canadian law perfectly.
So what can we learn from this? First, don't do illegal things (and use Hushmail or anything else). Second, while their non-Java client is convenient for avoiding the bulk of your traffic getting sucked up by programs like Carnivore, use the Java client and not even Hushmail can hand anything over (they never received the private key, even for an instant).If you want news from today, you have to come back tomorrow.
That may all be well and good, but the fact of the matter is that the design of Hushmail is flawed.
You never give your private key away to anyone ever. Period. Giving Hushmail a weakly encrypted private key is fishy to start with, but then entering the passphrase to decrypt it in a Hushmail controlled applet is just stupid.
And it's completely unnecessary because there are very good encryption utilities in existence and it's very trivial to set up a system that is a thousand times more secure than Hushmail. How about Debian + KMail + GnuPG? You don't trust Debian enough, because it's a binary distro and who knows what they secretly put in there? Use Gentoo.
Perhaps the tinfoil hat crowd will say things like "but there might be a backdoor in your hardware", but Hushmail wouldn't save you from that. And let's be honest here: no one really believes that anyway.
You may have thought yourself very witty when writing that penultimate paragraph, but the fact of the matter is that in today's world you can actually be as good as sure.
I just can't imagine sticking my PGP key and passphrase anywhere near my web browser. Sure, I use NoScript and all that jazz, but browsers are some of the most insecure programs in existence. Encryption keys are supposed to be kept as secure as possible; it strikes me as insane to let them touch the swiss-cheesiest app on the machine.
Laws do not persuade just because they threaten. --Seneca