I’ve been on the fringes of the phreaker, hacker and pirate communities since the early 1980s and have seen a lot of people and organizations come and go over the years. I’ve also seen a lot of people’s lives destroyed when the government thugs came kicking in their doors, absconding with all of their equipment and even locking them away in cages for years on end. As a result, I’ve been aware of Hushmail since 1999 and am saddened, but not surprised, to see today’s article in Wired–
Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that “not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer.”
But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.
A September court document (.pdf) from a federal prosecution of alleged steroid dealers reveals the Canadian company turned over 12 CDs worth of e-mails from three Hushmail accounts, following a court order obtained through a mutual assistance treaty between the U.S. and Canada.
In fact, Hushmail’s Chief Technology Officer, Brian Smith stated in an email interview that your data has never been safe at Hushmail-
[Hushmail] is useful for avoiding general Carnivore-type government surveillance, and protecting your data from hackers, but definitely not suitable for protecting your data if you are engaging in illegal activity that could result in a Canadian court order.
That’s also backed up by the fact that all Hushmail users agree to our terms of service, which state that Hushmail is not to be used for illegal activity. However, when using Hushmail, users can be assured that no access to data, including server logs, etc., will be granted without a specific court order.
In other words, Hushmail is just another corporation looking out for its own self-interest first. While that may seem like an attack on them, it’s not. Hushmail should be looking after its own self-interest first. The fault is not theirs, its their users who have failed to look after their own self-interest by depending on someone else being willing to take the fall for them.
Just another reminder that any security devised by man can be defeated by man and any security devised by a computer can be defeated by a computer. My question becomes – why isn’t Representative Tom Lantos blasting Hushmail for assisting in the arrest of these dissidents?