I've stumbled across an interesting find. There was a legal matter recently involving an individual and the DEA (Drug Enforcement Agency) in the U.S.
To be brief, the DEA had reasonable grounds to believe that a person was soliciting anabolic steroids, a crime with serious repercussions at least in
the U.S. This individual had setup shop on the Internet and used a free email service to communicate with potential buyers/sellers. The e-mail service
in question was Hushmail. The DEA obtained e-mail records from Hushmail and have since filed legal proceedings.
Here's where things get interesting. The DEA made requests via the MLAT or Mutual Legal Assistance Treaty. MLAT provides law enforcement with a means
to obtain legal assistance from other countries in matters such as these. The requests to Hushmail yielded several CD's worth of information in
regards to this case.
I have no issue with MLAT. I have no issue with the fact that law enforcement is doing their job. I have no issue with the ISP's relinquishing
information in this particular matter. However I do have a serious issue with Hushmail. For those not familiar with Hushmail, here is a brief
Hushmail is a Web-based e-mail service that lets you send and receive email in total security. Hushmail messages, and their attachments, are
encrypted using Open PGP standard algorithms. These algorithms, combined with Hushmail's unique key management system, offer users unrivaled levels
of security. Hushmail's security is end-to-end; messages are encrypted before leaving the sender's computer and remain encrypted until after they
arrive on the recipient's machine, where the contents are automatically decrypted.
Not even a Hushmail employee with access to the encrypted email stored on our servers can read your email, because the email remains encrypted in
storage. A Hushmail account lets you communicate in total security with any other Hush member anywhere else in the world.
Note that last paragraph, not even a Hushmail employee with access can read the e-mail and your communications have total security and privacy. So how
is then that numerous CD's of this persons wrongdoings were made available. To be specific this was the e-mail content. Again I'm not questioning
that this person did wrong. He has committed a crime, but this clearly indicates that encrypted e-mails are readily available. To make matters even
worse, here's another excerpt from Hushmail:
Hushmail's security cannot be broken or weakened by this government sponsored snooping software. Hush's security system is a lot like a circuit,
when one Hush user communicates with another Hush user, the circuit is complete and the mail they send is completely safe. To anyone other than the
sender or the recipient of a Hush message, email appears as a jumble of numbers and letters. It is completely illegible. The only way to decrypt or
unscramble Hush messages is by using your passphrase when you open up your Hushmail account. Carnivore cannot decrypt your mail, and is therefore,
powerless against messages sent between Hush users.
This outlines the alleged strategic advantages of using Hushmail. Even the FBI's notorious Carnivore data mining and analyzing software can't read
your email. So how exactly were the contents retrieved. A few have surmised that the users passphrase was somehow snagged but do we really know. Also
to be fair here Hushmail users can send to others who do not use Hushmail thereby negating the encrypted process. It seems though in this particular
case both parties were using the Hushmail address so there is strong belief that both sides were encrypted, otherwise what would be the point of using
Avoid Hushmail at all costs if privacy is your intention.
MLAT details travel.state.gov...
case details: static.bakersfield.com...