J.A. Terranson wrote:
I am shocked that Hush appears to have been in a position to have provided the requesting authority with actual *content* of a Hush user account: my prior belief was that this was non-possible. The pwnage of this alone is staggering in scope if correct. Anyone from Hush care to entertain us with an explanation of why this interpretation is incorrect?
I suspect given the circumstances (i.e. using hushmail as an smtp endpoint for web orders) a large proportion of the mail will be normal unencrypted SMTP rather than hush2hush traffic or conventionally openpgp encrypted from outside the system (I have extracted keys for conventional crypto on occasion from the hushmail web interface, but doing so on a regular basis is like pulling teeth)