On Wed, 7 Nov 2007, J.A. Terranson wrote:
My guess is that Hushmail has had subpoenas before and had to develop and install a modified java applet which captures the passphrase when the user enters it. With that and the stored keys, it can decrypt all the stored communications.
I wouldn't be so certain -- getting subpoenas is no big deal for companies. At Anonymizer, I answered lots of them. Most of the time, I couldn't comply. (If you pay for your Anonymizer account with your credit card, and the Feds want to know if you bought an Anonymizer account, well, you screwed up. Otherwise, I told the guy on the phone the truth -- I had nothing in my logs about that IP address, sir. And they went away, quickly and without fuss, unlike when I've had to deal with the same thing as a private remop.) Of course, that was in 2003 and times have changed all around -- I don't think Hushmail was handing out info to TLAs back then either. Possibly, the problem here is Hushmail's move away from using its Java applet as default. (It has two modes now -- securish and securisher, from what I can tell, and the more secure "everything happens in the browser, including all key operations" part is the optional step now. In the less secure case, while I haven't analyzed it yet, I believe the keys in those cases are being stored decryptable on the server. The passphrase is almost certainly passed to the server.) But, also, bear in mind that Hushmail has *always* allowed people to send non-PGP messages, especially to non-Hushmail users. If one party was a Hushmail user, and one party was not a PGP user, then PGP's not going to be involved. Regardless, boo for Hushmail for not disclosing that they were answering subpoenas like this. ... There *are* bigger forces at play, though. The "mutual assistance" provisions of the Council of Europe cybercrime treaty are horrible, as are these data retention laws. These are going to affect companies based in any country signed to that treaty, including the US. Hushmail, in the end, is relatively weak compared to other Cypherpunk tools, and other ways of using them. The big They are trying to make those other tools and uses illegal. Already we have people in the academic privacy field scampering to appease their new masters, and trying to find ways to do backdoored anonymity safely (are you kidding me? We haven't even worked out the kinks with regular anonymity systems.) But in the end, those are academics scared that their field is going to be made illegal, and so their actions are understandable, if deplorable. Likewise for whatever Hushmail may be doing. A statement from the folks over there would be nice. --Len.