Slashdot Mirror
Hushmail Passing PGP Keys to the US Government
teknopurge writes "Apparently Hushmail has been providing information to law enforcement behind the backs of their clients. Billed as secure email because of their use of PGP, Hushmail has been turning over private keys of users to the authorities on request. 'DEA agents received three CDs which contained decrypted emails for the targets of the investigation that had been decrypted as part of a mutual legal assistance treaty between the United States and Canada. The news will be embarrassing to the company, which has made much of its ability to ensure that emails are not read by the authorities, including the FBI's Carnivore email monitoring software.'"
the authorise overlords
"How do you possibly get "authorise" from "authorities"?
First suggestion of the spell checker?
But more on topic:
What do you expect when you PRIVATE key is stored somewhere you do not control access to? kind of dumb, if you ask me.
I really hope that they go out of business for this. I mean they extremely deserve it. I know that they probably didn't have much of a choice to hand over the keys, but to continue advertising such security... That's not cricket.
What alternatives are there besides Hushmail?
I guess this is a brief lesson in why one should never fully trust the encryption of your private materials to a third party.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
There are several facts missing from the article:
1) Was there a court order? Or Canadian equivalent?
2) Did hushmail lie? The obviously commited willful deception, but did they outright lie?
3) Did hushmail violate it's TOS?
4) Did hushmail do anything illegal?
Of course, what the article did mention is important, especially to hushmail, and potential hushmail users. However, it would have been nice if they had dug a little bit to answer these obvious questions.
Write your own Choose Your Own Adventure. http://www.freegameengines.org/gamebook-engine/
Surely this will do for them? How can they base their entire business around providing private email then just hand over CD's full of them whenever the authorities come knocking? Terrible.
"Physics is to math as sex is to masturbation." -R. Feynman
No mater how secure a company claims to be, you can't expect them to not fallow the law.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
This is only possible because users want the convenience of letting the Hushmail servers do the encryption on their behalf. To do this they have to hand over their encryption key, and once it's out of your control, so should be any expectation of privacy.
I'm not sure what users expect. If a legitimate legal request that is clearly going to stand up to any legal challenge comes in and you give the company the ability to decrypt the messages you send, the company has no option but to comply.
If Hushmail users want privacy they need to put up with the inconvenience of using an applet to sign their messages, and should be checking the hash of the Applet each time it is downloaded too so they can ensure it hasn't had a backdoor added. ideally the applet shouldn't send anything over the network, it should just encrypt the text and pass the pgp encrypted text content to the browser compose window. Then the user can check the data doesn't include anything they didn't put there themselves.
kind of defeats the purpose, I'd say.
Is everyone forgetting that this is a relatively small company. How many people believe that if The Suits show up with something that looks official on paper that a company with people who want to look out for their own families and such will say "No, we're not giving you that." If the algorithm is secure, you have to keep your own key. I'm not willing to go to prison for your secret, let me know if you find someone who think truly is.
Don't trust someone else to do what you should be doing yourself.
---- Booth was a patriot ----
--
Qrpelcgvat guvf rapelcgrq pbagrag vf n ivbyngvba bs gur Qvtvgny Zvyyraavhz Pbclevtug Npg.
I have used Hushmail for ages, and it is entirely secure. These users did something foolish - they demanded, then got, then used a "more convenient" version of Hushmail that did the encryption on the server instead of on the client.
Standard Hushmail downloads (& caches) an applet on your computer that encrypts & decrypts your private key with your passphrase. Only the encrypted private key is stored on Hushmail servers, and your email encrypted with the public key. They don't give your decrypted email up to authorities, even with a court order. Because, by design, they CAN'T. The unencrypted private key is never on their server.
The new & improved Hushmail works without you having to have Java support or download an applet. It can only work by decrypting the private key server-side, which means Hushmail has (at least briefly) the information to decrypt all your email. Which means that if they get a court order, they must capture that information and provide your decrypted emails or they go to jail.
Of course, with the applet they could give you a new one that sends them the decrypted key - I'm not sure of the legality of them doing so, even with a court order. However, this is not what happened - all they did was provide information they had on their servers, as required by law.
The only way to be sure of your security is to build a device by hand that does all the decryption & display on the device, inspect all of the code you put on it by hand (preferably compiling using a compiler you wrote in machine language). Oh, and only read email on the device in an opaque faraday cage, naked.
Hushmail gives you precisely as much security as they possibly can, and no more.
Hushmail has 2 options, client side encryption which is done via a java plug in, and server side encryption.
They only had the keys to give away for those people who chose server side encryptions. They don't have the private keys for those who cleint side.
Also, when you choose you method, Hushmail tells you that server side is much less secure. They and anybody else operating in the US would have to turn over the private keys they heald with a court order.
Whats the leason? Key your private keys private. Duh.
Here is a link to a wired article about the same issue. However wired actually bothered to contact the Hushmail and got a response from the CTO Brian Smith. Apparently it is not a clearcut as the OP and TFA suggests. http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html
These comments are misguided.
The crypto is fine. It's just been applied in an obviously flawed manner. Of course if some third party obtains your private key, your should assume that your communications are no longer secure. What part of that is hard to understand?
There way asymmetric crypto is supposed to work, you generate the key pair yourself. Then you give out the public key. You never ever give out the private key.
As an exercise, think about the following scenario. You go to a website which purports to offer some kind of secure service based on asymmetric crypto, using for example PGP keys or X.509 certificates. The site asks you to supply a bunch of identity information. It then generates a key pair for you.
What part of this scenario should you trust? The answer: no part! It's not the function of another party to generate your key pair for you. You must do this yourself. You must closely guard the private key, store it securely, never give it out, and avoid transmitting it in cleartext. Got that? Then your problems are over.
Parity: What to do when the weekend comes.
This only applies if you use their webmail service with server side encryption. They have to have your key in order to encrypt/decrypt server-side, and they have to turn it over to the authorities if they have a valid warrent. It's the law.
If you use their client-side Java applet to do the encryption on your computer - as they strongly recommends that you do - then this is not an issue. Hushmail never see you keys and thus cannot be compelled to hand them over.
Several other sites covered this story earlier in the month all without the crappy sensationalism of slashdot. I first saw it at arstechnica, which linked to an interview with the CEO by wired.
I'm not usually one to hard on individual slashdot editors, but this is the 4th intentionally misleading troll that zonk has posted today. It is crap like this that caused me to not renew my slashdot subscription so many years.
It was on the Cypherpunks list - then picked up at CRYPTOME.
http://cryptome.org/hushmail-rat.htm
"Flyin' in just a sweet place,
Never been known to fail..."
Hushmail wasn't feeding a tainted applet, they were providing the keys of those who were identified and chose to use the server-side encryption option, rather than the applet.
Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
OK, I am embarrassed. They really didn't have much choice except to go out of business given both a fully legal (though it shouldn't be) court order and the fact that the users in question were foolish enough to make their private keys available. I should have read more before firing off. Mea culpa.
That may all be well and good, but the fact of the matter is that the design of Hushmail is flawed.
You never give your private key away to anyone ever. Period. Giving Hushmail a weakly encrypted private key is fishy to start with, but then entering the passphrase to decrypt it in a Hushmail controlled applet is just stupid.
And it's completely unnecessary because there are very good encryption utilities in existence and it's very trivial to set up a system that is a thousand times more secure than Hushmail. How about Debian + KMail + GnuPG? You don't trust Debian enough, because it's a binary distro and who knows what they secretly put in there? Use Gentoo.
Perhaps the tinfoil hat crowd will say things like "but there might be a backdoor in your hardware", but Hushmail wouldn't save you from that. And let's be honest here: no one really believes that anyway.
You may have thought yourself very witty when writing that penultimate paragraph, but the fact of the matter is that in today's world you can actually be as good as sure.
How awesome is it that a company's reputation and income has to suffer (potentially unrecoverably) in order to comply with a court order, all in the name of The War on Drugs. Yay America: putting business out of business and restricting citizen's rights to their bodies, all at the same time!
FireGPG. I haven't used it, but the blurb seems to indicate that that does the trick, at least for gmail.
The difference, I would think, would is fairly obvious to most people. GMail and Yahoo don't give you a promise of "unbreakable encryption for your emails" that even the government can't break. There's no question that Google will share your information when properly ask to do so by law enforcement. It's in their Terms of Service. You know what to expect and you use your GMail or Yahoo accordingly.
On the same token, while I am appalled at HushMail's actions, it's for a different reason than most here I suspect. I don't have a problem with HushMail sharing information about customers engaging in illegal behavior with the authorities. Those people don't deserve their activities to be protected - they're illegal. But I DO have a problem with HushMail not disclosing that they're doing it right up front. Now, I've not fully read their ToS so maybe they do but their statements on the website would lead you to believe they aren't.
Really though, why would anyone use a PUBLIC service to conduct illicit activities? Setting up a private mail system complete with encryption is trivial and MUCH more secure.
Anthony Papillion
Advanced Data Concepts, Inc.
"Quality Custom Software and IT Services"
That the NSA and CIA are widely believed to have the best hackers and cryptographers in North America.
The most successful hackers have been social hackers... and will continue to be.
If they can reset the password , it means that the emails themselves are not encrypted using that password . Otherwise , resseting your password would result in loss of all your emails .
Slipping shoelaces ?
Basically, Hushmail has two main modes of operation. One of them is (reasonably) secure, the other is a trainwreck.
In one mode, the 'secure' one, you -- the user -- access their site and download a Java applet to your browser, which contains the OpenPGP encryption engine. You type your emails, they're encrypted on your machine, and sent to the server that way. Hushmail never, at any point in the operation, knows the password to your private key.
Now, because a lot of people use browsers that don't support Java, as of a few years ago, Hushmail came up with an alternative, which doesn't require it. Instead of using a Java applet, it works like a regular HTML/HTTPS webmail system, and all the encryption is done on the server. This means you don't need to be able to run the Java applet on your client machine.
However, and this is the crucial part, when you use this second mode even once, you expose the passphrase to your private key to Hushmail. And that's how they could decrypt all the messages. Once a person used the insecure service, they had basically sold themselves down the river. Hushmail had their passphrase, and from there could decrypt their private key, and from there get at all their messages. (Or at least their incoming messages; I don't know whether Hushmail encrypts outgoing messages to the sender's private key as well as the recipient's.)
From what I can tell, if you used Hushmail and were careful to always use the Java-based service, you wouldn't necessarily be vulnerable to this sort of attack. Since Hushmail wouldn't have your passphrase, the most they could do would be to hand over your encrypted messages and encrypted keys to the Feds, who would then have to try to brute-force your private key. (Meaning, everything would rest on how good a passphrase you used...)
Of course, any time you're depending on a downloaded applet for encryption, you're at the mercy of whomever you're downloading it from
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I know it is more of a PITA, but there is a good reason why open source crypto like PGP exists. Encrypt it yourself, that way only you and the person YOU share the key with will be able to read it. Thats my 2c,anyway.
ACs don't waste your time replying, your posts are never seen by me.
You can't take the sky from me...
The company had no leverage. Even if they fought it to the end, they still would have lost.
Its not a brach of contract because you can not add illegal stipulations on a contract.
And the company is not allowed to inform the individual that they gave up the keys.
The law overides any right to privacy we think we have. We talk all we want, but when we step up to the law, we have nothing to stand on. The only way we can win is by chaning the law. Even if I do all the encryption myself, they can come to me and ask me for my keys. We just had a news item this week where that was threatened. We cant blame the companies, we have to fix the laws.
If the company breaks the laws, then do the public hanging.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
It is impractical for just about any of us to audit the claimed security of any provider, public or private. You can't be sure that they really provide the safeguards they claim. Unless you're an encryption genius, you can't even examine open source code to verify that it is secure and doesn't have weaknesses.
I don't personally know the principle employees of Hushmail or of any other security service providers, nor do I personally know Phil Zimmerman or any other authors of the encryption software. For all I know, these companies and individuals could all be fronts for the NSA.
I also fail to see how other posters to this topic can claim that the technology is rock solid? How do they know? How do I know if they too are fronts for NSA?
So what am I left with. Nothing but trust. If I trust the provider, then their technology is irrelevant. If I don't trust them, then their technology is irrelevant. In this instance, Hushmail has proved that they are unworthy of trust.
If you use a company that promises to hide your messages from the government, you can be sure that that's the first place the government looks!
'Those people don't deserve their activities to be protected - they're illegal.'
They deserve to have their activities protected unless those activities are wrong and it really isn't for Hushmail to say whether or not they are wrong. Illegal really has nothing to do with it. Many things were illegal in Nazi Germany or are illegal in China, or Russia, or the United States, or that doesn't mean they are wrong or immoral. Many laws are innately immoral.
Unfortunately many people forget that even a democratic government is an entity in itself with interests that differ from yours and from the actual citizenry. Even if the books weren't filled with preposterous laws that would make criminals of good decent and ethical individuals total law enforcement would be a bad thing.
I just can't imagine sticking my PGP key and passphrase anywhere near my web browser. Sure, I use NoScript and all that jazz, but browsers are some of the most insecure programs in existence. Encryption keys are supposed to be kept as secure as possible; it strikes me as insane to let them touch the swiss-cheesiest app on the machine.
Laws do not persuade just because they threaten. --Seneca
Mark my words, there's going to be an effort to make any personal encryption illegal. I know all the arguments about why this "can't happen" and why we'll all be able to get around any law regarding personal use of encryption, but that's not going to stop the government from trying to outlaw it. And it's going to happen under the guise of "fighting terrorism". Further, it doesn't really matter if Mrs Clinton or Rudy Ghouliani become president. Either one will try to outlaw personal use of encryption. I'm not one of those people who believe there's no difference between the two political parties, and I don't believe any of the other Democratic candidates would go this way, but my sense is that Mrs Clinton is as enamored with secretive authoritarianism as any Republican corporatist.
Now, to be fair, Hushmail was probably pushed pretty hard by the NSA or FBI or DOJ to give up the PGP keys. They're trying to make a go of their little business and some alphabet outfit comes and basically lays it out that they can either play ball and let go of the keys or cease to exist. They couldn't even go to court to fight it because the government just has to say that "national security" is at stake and the case is thrown out. That's how bad it's already become.
But still, any provider of online communication services who does this must be given the consumer death penalty. It may be unfair to boycott a company that is otherwise good when they come up against this type of government bullying, but if we don't make a stand, every single company we rely on is going to fold to the government. We have to let any company that is going to handle our information that giving up our stuff without a warrant means they lose their customers. We're going to have to be every bit as ruthless as the corporate power establishment that is masquerading as our government.
If any of you have Lexis/Nexis, just take a quick look at the unbelievable acceleration of the destruction of our constitutional freedoms that has happened in the last 7 years. Although there's always been a push/pull in this kind of thing (after the Nixon years, the pendulum swung the other way for a while, with many laws protecting our freedoms shored up by congress), there's never been an administration that has been so outright hostile to our Constitution, and never has there been a court system so willing to acquiesce to the "Unitary Executive". If you look at the current makeup of the Supreme Court for example, we have a majority of activist, anti-freedom, reckless justices from the Chief on down. It's chilling. If Bush gets one more appointment, it's game over for at least three generations. Even without one more appointment, the Court has never been this hostile to personal freedom and willing to lie, twist and simply ignore our Constitution.
It's time that we take privacy and our freedoms into consideration with every decision we make, especially the economic ones. My wife and kid and I have already decided to make every effort to subvert the consumerist agenda that is being forced down our throats. Instead of borrowing to spend, we save. Instead of investing in the corporations that are our adversaries, we invest in family and neighbors. No carrying balances on our credit cards. No home equity loans to take vacations or buy HDTVs. Interestingly, our standard of living has improved. And when a company is hostile to our interests, we don't do business with them, and we encourage all our friends to stop doing business with them too. We're rooting for a horrible xmas buying season. When we heard that consumer confidence fell dramatically, we cheered because it means people are waking up. Once we realize that corporations use the same FUD to keep us buying and borrowing that the government uses to get us to give up our freedoms and privacy, we learned that there are worse things than a downturn in the economy - especially since the current economic model is feeding on midd
You are welcome on my lawn.
In fairness to you, both the headline and the summary not only completely failed to mention that they did this only after receiving a legitimate court order from their jurisdiction for the information they turned over, the tone of the title and summary implies that Hushmail just handed over information voluntarily in violation of agreements. The Article is poorly written, but the summary and headline are even worse. In general, I think a lot of people are a little too hard on Slashdot, but in this case, the criticism is duly warranted. The summary as written is borderline libelous.
I'm opposed to the stupid and wasteful "war on drugs"*. But that doesn't mean if I run a network service that drug runners are using I'm going to go to jail for them so they can stay in business, either. If you expect strangers to go to jail for you so you can continue to break the law then you're pretty stupid.
* - My brother-in-law got busted for toking up in September. He's in prison. It's a common story, right? Thing was, when he was toking up, HE WAS IN PRISON THEN, TOO. And he has been since 1991. Now tell me: If we can't keep drugs out of maximum security prisons, how the fuck are we going to keep them out of the country?
In principle I agree with you, but I think there is the same problem with focussing on immorality as there is on illegality. Standards of morality differ, and what's worse is that when something is 'immoral' people get much angrier than when something is illegal.
Prostitution, for example, varies widely in whether it is considered illegal or immoral. I would be appalled if supposedly secure communications could be seized because they contained evidence of consensual sex for money.
The only position I find tenable is that secure communication must be considered a right of free people. Yes, that means that the murderers, child molesters and terrorists will have it too, but the alternative is that nobody has secure communication.
Certainly there are technological solutions, such as proper use of encryption. But because of cases like this I would like to legal and social support for the right, such as laws making communications that were 'reasonably believed to be secure' inadmissable as evidence. I would also love to hear a group like the NRA saying that the right to secure communication is as essential as the right to bear arms. It certainly is in my mind.
.evom ton seod gis eht
Calm down. No need to be appalled. If you look into it, you will see that the account owners intentionally disabled the "troublesome" secure interface (enabled by default), which hushmail discourages. They also inform you of exactly what that means when you do it. This article is FUD designed to scare people away from using a really good free service.
(Of course, if you use a single dictionary word or only a handful of ASCII characters, then the brute forcing is trivial, but that's a PEBKAC problem, not a cryptographic one.)
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Detailed here back in October.
https://www.w4ck1ng.com/board/showthread.php/secure-hushmail-6246.html?p=26237#post26237
Additionally here's the DEA's case
http://static.bakersfield.com/smedia/2007/09/25/15/steroids.source.prod_affiliate.25.pdf
No mater how secure a company claims to be, you can't expect them to not fallow the law.
I'll assume you meant "follow." This is true. However, we have absolutely no evidence that HushMail attempted to FIGHT this order. This should have made a big stink about it and tried to come up with ways to protect their users both technically and legally, but instead they just rolled over and tried to keep it quiet to avoid letting it hurt their bottom line.
They lied to their customers by pretending to offer them a security that was as ephemeral as their own spine.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
The following is inexact, but illustrative. FireGPG just calls GPG. You click encrypt, it sends the text to be encrypted to GPG, you enter your passprhase in GPG, and GPG encrypts it and returns it to FireGPG, which puts it into the e-mail in place of the plaintext. Enigmail for Thunderbird works the same way.
Not a sentence!
>that's 2.15805661 × 10^29 years, based on my quick envelope-back numbers.
I know this is slashdot but I refuse to define a quick back-of-an-envelope calculation as having 8 significant digits.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Even people that believe in pre-destiny look both ways before crossing the street.