Attention Hushmail users, your e-mail content belongs to them, page 1


Pages:
ATS Members have flagged this thread 0 times
Topic started on 8-11-2007 @ 07:15 PM by brill
I've stumbled across an interesting find. There was a legal matter recently involving an individual and the DEA (Drug Enforcement Agency) in the U.S. To be brief, the DEA had reasonable grounds to believe that a person was soliciting anabolic steroids, a crime with serious repercussions at least in the U.S. This individual had setup shop on the Internet and used a free email service to communicate with potential buyers/sellers. The e-mail service in question was Hushmail. The DEA obtained e-mail records from Hushmail and have since filed legal proceedings.

Here's where things get interesting. The DEA made requests via the MLAT or Mutual Legal Assistance Treaty. MLAT provides law enforcement with a means to obtain legal assistance from other countries in matters such as these. The requests to Hushmail yielded several CD's worth of information in regards to this case.

I have no issue with MLAT. I have no issue with the fact that law enforcement is doing their job. I have no issue with the ISP's relinquishing information in this particular matter. However I do have a serious issue with Hushmail. For those not familiar with Hushmail, here is a brief overview:

Hushmail is a Web-based e-mail service that lets you send and receive email in total security. Hushmail messages, and their attachments, are encrypted using Open PGP standard algorithms. These algorithms, combined with Hushmail's unique key management system, offer users unrivaled levels of security. Hushmail's security is end-to-end; messages are encrypted before leaving the sender's computer and remain encrypted until after they arrive on the recipient's machine, where the contents are automatically decrypted.

Not even a Hushmail employee with access to the encrypted email stored on our servers can read your email, because the email remains encrypted in storage. A Hushmail account lets you communicate in total security with any other Hush member anywhere else in the world.


Note that last paragraph, not even a Hushmail employee with access can read the e-mail and your communications have total security and privacy. So how is then that numerous CD's of this persons wrongdoings were made available. To be specific this was the e-mail content. Again I'm not questioning that this person did wrong. He has committed a crime, but this clearly indicates that encrypted e-mails are readily available. To make matters even worse, here's another excerpt from Hushmail:

Hushmail's security cannot be broken or weakened by this government sponsored snooping software. Hush's security system is a lot like a circuit, when one Hush user communicates with another Hush user, the circuit is complete and the mail they send is completely safe. To anyone other than the sender or the recipient of a Hush message, email appears as a jumble of numbers and letters. It is completely illegible. The only way to decrypt or unscramble Hush messages is by using your passphrase when you open up your Hushmail account. Carnivore cannot decrypt your mail, and is therefore, powerless against messages sent between Hush users.


This outlines the alleged strategic advantages of using Hushmail. Even the FBI's notorious Carnivore data mining and analyzing software can't read your email. So how exactly were the contents retrieved. A few have surmised that the users passphrase was somehow snagged but do we really know. Also to be fair here Hushmail users can send to others who do not use Hushmail thereby negating the encrypted process. It seems though in this particular case both parties were using the Hushmail address so there is strong belief that both sides were encrypted, otherwise what would be the point of using the service.

Avoid Hushmail at all costs if privacy is your intention.

MLAT details travel.state.gov...

case details: static.bakersfield.com...

brill


reply posted on 8-11-2007 @ 11:39 PM by dr_strangecraft
I remember hearing back about the millennium or so, that PGP had a built in key for the US intel and law enforcement.

My understanding was that PGP uses a system of "public key/private key," where you can give the other key to your confederate. But I thought the NSA had delayed the release of PGP until they had inserted a second "private key" just for them, rendering decrypt a trivial exercise.

I figure its only a matter of time until organized crime penetrates the govt and gets the USG key. Then PGP will quickly become old hat.


Here's the strategies I'd recommend:

1. Conlang.
Invent a new, authentic language, and use that to communicate. In that case, you can use ANY email you want. Constructing a language is not as hard as it sounds, and you can make a "model" language of just a few hundred words. The trick is to use an alien grammar system. My experience working with US feds is that they are extremely short on linguistics and liberal arts in general. They seek the technical solution over the human, which is why we weren't expecting the 1979 Iran revolution. But that's another thread. Making your own language is called "conlang," for constructed language. Wikipedia article has links to good sites, including the "language construction kit."


2. Download a computer model of the enigma machines, or purple code from WWII. There are dozens of downloadable enigmas online for free. A number of amateur cryptologists actuall re-decrypt the famous messages from the Abwehr from WWII. While they are obviously dated, local law enforcement wont have a chance. And even the Feds will have to spend a weekend or so figuring out exactly which one you used, and then a bit trying to suss out your settings. Enigma-type machines are not true encryption, but they will take resources to break, and buy you time. I suggest putting false information in PGP and enigma-ed emails, that could confuse them with your conlang or number 4 below.

3. A one time pad
This is the only truly unbreakable cypher. A random (not computer generated and thus pseudo-random) series of numbers on a pad. your correspondent has a copy. You use each page of the pad only once. each number tells you to shift the answer x number of spaces forward in the alphabet. This really IS unbreakable, until the man gets a copy of your pad.

4. Handwritten cyphers
I believe that the governments have become extremely dependent upon digital evidence; so much so that they are ill-prepared for handwritten cyphers. Just look at the trouble the online community has, trying to quantify the "letters" in the voynich manuscript. They can't even agree on how many letters there are in the text!
Pages:     ^^TOP^^



Dumbing down reality
  Posted 5 days ago with 103 member flags
The 800 Pound Gorilla Everyone Ignores
  Posted 16 days ago with 67 member flags
The Illusion of Choice and Truth
  Posted 10 days ago with 52 member flags
A chronical of the BANKSTER WARS
  Posted 7 days ago with 42 member flags
Conspiracy Theory:The Lost Episode
  Posted 4 days ago with 39 member flags
666, NWO, Aliens and You!
  Posted 13 days ago with 36 member flags