Hushmail Passing PGP Keys to the US Government

teknopurge writes "Apparently Hushmail has been providing information to law enforcement behind the backs of their clients. Billed as secure email because of their use of PGP, Hushmail has been turning over private keys of users to the authorities on request. 'DEA agents received three CDs which contained decrypted emails for the targets of the investigation that had been decrypted as part of a mutual legal assistance treaty between the United States and Canada. The news will be embarrassing to the company, which has made much of its ability to ensure that emails are not read by the authorities, including the FBI's Carnivore email monitoring software.'"

Re:By the authorise?

[McGiraf]

"How do you possibly get "authorise" from "authorities"?

First suggestion of the spell checker?

But more on topic:

What do you expect when you PRIVATE key is stored somewhere you do not control access to? kind of dumb, if you ask me.

Goodbye Market!

[Fallen Seraph4]

I really hope that they go out of business for this. I mean they extremely deserve it. I know that they probably didn't have much of a choice to hand over the keys, but to continue advertising such security... That's not cricket.

Alternatives?

[InvisblePinkUnicorn]

What alternatives are there besides Hushmail?

Not paranoid enough.

[Valdrax]

I guess this is a brief lesson in why one should never fully trust the encryption of your private materials to a third party.

End of Hushmail?

[hairykrishna]

Surely this will do for them? How can they base their entire business around providing private email then just hand over CD's full of them whenever the authorities come knocking? Terrible.

No mater how secure

[KevMar]

No mater how secure a company claims to be, you can't expect them to not fallow the law.

If you give away your key...

[Albanach]

This is only possible because users want the convenience of letting the Hushmail servers do the encryption on their behalf. To do this they have to hand over their encryption key, and once it's out of your control, so should be any expectation of privacy.

I'm not sure what users expect. If a legitimate legal request that is clearly going to stand up to any legal challenge comes in and you give the company the ability to decrypt the messages you send, the company has no option but to comply.

If Hushmail users want privacy they need to put up with the inconvenience of using an applet to sign their messages, and should be checking the hash of the Applet each time it is downloaded too so they can ensure it hasn't had a backdoor added. ideally the applet shouldn't send anything over the network, it should just encrypt the text and pass the pgp encrypted text content to the browser compose window. Then the user can check the data doesn't include anything they didn't put there themselves.

Re:Alternatives?

[John Hasler]

> What alternatives are there besides Hushmail?

GPG works fine.

Re:Alternatives?

[Bert64]

If you want encrypted mail, run the encryption yourself... GPG is freely available. Then it doesn't matter via which service you transmit the mail.

who the hell gives away their private keys???

[acvh]

kind of defeats the purpose, I'd say.

Re:Alternatives?

[Bieeanda]

Exchanging keys the old-fashioned way, maybe? This seems to be the perfect example of why convenience and security are ultimately mutually exclusive.

Why is this surprising?

[crypTeX]

Is everyone forgetting that this is a relatively small company. How many people believe that if The Suits show up with something that looks official on paper that a company with people who want to look out for their own families and such will say "No, we're not giving you that." If the algorithm is secure, you have to keep your own key. I'm not willing to go to prison for your secret, let me know if you find someone who think truly is.

Lesson Learned:

[nurb432]

Don't trust someone else to do what you should be doing yourself.

Wrong wrong wrong

[starfishsystems]

I've seen several comments already to the effect that we should know better than to trust PGP or other forms of asymmetric encryption.

These comments are misguided.

The crypto is fine. It's just been applied in an obviously flawed manner. Of course if some third party obtains your private key, your should assume that your communications are no longer secure. What part of that is hard to understand?

There way asymmetric crypto is supposed to work, you generate the key pair yourself. Then you give out the public key. You never ever give out the private key.

As an exercise, think about the following scenario. You go to a website which purports to offer some kind of secure service based on asymmetric crypto, using for example PGP keys or X.509 certificates. The site asks you to supply a bunch of identity information. It then generates a key pair for you.

What part of this scenario should you trust? The answer: no part! It's not the function of another party to generate your key pair for you. You must do this yourself. You must closely guard the private key, store it securely, never give it out, and avoid transmitting it in cleartext. Got that? Then your problems are over.

Embarrassing??

[samantha]

No. They should be sued into oblivion for clear breech of contract for starters. This is one of the most disgustingly slimey things I have seen in a while. Those that take privacy seriously, which should be all of us, were lied to by a company that was supposed to help. And don't give me that tired "well I have nothing to hide" bullshit. When the government and other busies make it their business to prohibit and/or punish a great number of activities that really are no one's business it behooves us as purportedly free people to limit access where we can.

Re:Missing from the article

[justzisguy]

This is all old news that was spelled out in a much more detailed article on Wired [wired.com] last week. To subvert those that don't RTFA, I'll answer your questions here on /.:

1. Hushmail was served with a court order issued by the British Columbia Supreme Court (the Feds in Bakersfield, CA had to forward their request to the Canadian government)
2. Hushmail glosses over the vulnerability to private key capture in their non-Java based web client, but it is mentioned. The Java client never transmits the private key (you still must trust the client, source code is available; compare the hashes)
3. No, Hushmail's TOS do not prevent them with complying with a legal court order. Their users also must not break the law, per the TOS.
4. Hushmail followed Canadian law perfectly.

So what can we learn from this? First, don't do illegal things (and use Hushmail or anything else). Second, while their non-Java client is convenient for avoiding the bulk of your traffic getting sucked up by programs like Carnivore [wikipedia.org], use the Java client and not even Hushmail can hand anything over (they never received the private key, even for an instant).

Re:Missing from the article

[Frosty Piss]

2) Did hushmail lie? The obviously commited willful deception, but did they outright lie?

Come on now. It's the same thing.

The principle behind Hushmail is flawed.

[Anonymous Coward]

That may all be well and good, but the fact of the matter is that the design of Hushmail is flawed.

You never give your private key away to anyone ever. Period. Giving Hushmail a weakly encrypted private key is fishy to start with, but then entering the passphrase to decrypt it in a Hushmail controlled applet is just stupid.

And it's completely unnecessary because there are very good encryption utilities in existence and it's very trivial to set up a system that is a thousand times more secure than Hushmail. How about Debian + KMail + GnuPG? You don't trust Debian enough, because it's a binary distro and who knows what they secretly put in there? Use Gentoo.

Perhaps the tinfoil hat crowd will say things like "but there might be a backdoor in your hardware", but Hushmail wouldn't save you from that. And let's be honest here: no one really believes that anyway.

You may have thought yourself very witty when writing that penultimate paragraph, but the fact of the matter is that in today's world you can actually be as good as sure.

War on drugs

[apparently]

How awesome is it that a company's reputation and income has to suffer (potentially unrecoverably) in order to comply with a court order, all in the name of The War on Drugs. Yay America: putting business out of business and restricting citizen's rights to their bodies, all at the same time!

Re:Web Mail

[N7DR]

Are there any alternatives for people that must use Web mail

FireGPG. I haven't used it, but the blurb seems to indicate that that does the trick, at least for gmail.

Re:Server-side Webmail Only!

[julesh]

If you use their client-side Java applet to do the encryption on your computer - as they strongly recommends that you do - then this is not an issue.

If they "strongly recommend" this, why is it off by default?

What does it mean...

[Deliveranc3]

That the NSA and CIA are widely believed to have the best hackers and cryptographers in North America.

The most successful hackers have been social hackers... and will continue to be.

Re:By the authorise?

[kdemetter]

If they can reset the password , it means that the emails themselves are not encrypted using that password . Otherwise , resseting your password would result in loss of all your emails .

Re:Missing from the article

[GuldKalle]

No, lying is what us normal people do. Willful deception is only for marketing executives, lawyers and politicians.

Re:Hushmail did NOTHING WRONG

[badfish99]

Hushmail gives you precisely as much security as they possibly can, and no more.

I don't know much about Hushmail, but I looked at their website, and they seem to want about $50 per year for what is basically GPG, and therefore available free. Except that, since java applets are downloaded from the server, there's no way to be sure that what you're actually running is what they claim that you are running, so their system might have all sorts of insecurities and backdoors, even if their source code looks OK. So they might give you as much security as they can, or they might be a bunch of cowboys. How do you tell? I certainly wouldn't trust them with my secrets.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Alternatives?

[drix]

FireGPG. It frikkin sticks buttons onto the Gmail UI for sign, encrypt, decrypt, verify, etc. Doesn't get much easier than that folks.

BTW as rummy as this story is, it's also a good sign that the Feds doesn't possess some magical method of factoring enormous primes that they're not telling anyone about.

Re:Why is this surprising?

[julesh]

Actually they are quite forthcoming, you just need to practice what is called 'Due Diligence' and READ. I know it's an uncommon skill nowadays.

Where does it say this? The only mention on the home page is at the bottom, "Hushmail without Java is now available". OK. Say I don't particularly care whether or not Java is used; I click on the "sign up for free email" button.

The text on this page is:

New Secure Email Account
Welcome to Hushmail, the world's premier free, secure web-based email and document storage system.

  Step 1
Choose your new email address:
Click here to use an automatically generated email address

  Step 2
The security of your account is determined by the strength of your passphrase. Please use a passphrase that is much longer than an ordinary password. For advice on generating a strong passphrase, see http://www.diceware.com./ [www.diceware.com]

Choose your passphrase:
Re-type your passphrase:

  Step 3
Five numbers are displayed below to help us distinguish between real people like you and computer programs trying to use our service.
Please type the five numbers you see below:

  Step 4 (Optional)
Show advanced options

  Step 5

By signing up for this service, you acknowledge that you have read and agree to abide by our terms of service.

Do you expect people to read the entire site before signing up, in order to realise that in order to be secure they have to click "Show advanced options", and press the "Enable Java" button that's hiding in that panel?

Re:Embarrassing??

[KevMar]

The company had no leverage. Even if they fought it to the end, they still would have lost.

Its not a brach of contract because you can not add illegal stipulations on a contract.

And the company is not allowed to inform the individual that they gave up the keys.

The law overides any right to privacy we think we have. We talk all we want, but when we step up to the law, we have nothing to stand on. The only way we can win is by chaning the law. Even if I do all the encryption myself, they can come to me and ask me for my keys. We just had a news item this week where that was threatened. We cant blame the companies, we have to fix the laws.

If the company breaks the laws, then do the public hanging.

Nothing Matters But Trust

[anorlunda]

It is impractical for just about any of us to audit the claimed security of any provider, public or private. You can't be sure that they really provide the safeguards they claim. Unless you're an encryption genius, you can't even examine open source code to verify that it is secure and doesn't have weaknesses.

I don't personally know the principle employees of Hushmail or of any other security service providers, nor do I personally know Phil Zimmerman or any other authors of the encryption software. For all I know, these companies and individuals could all be fronts for the NSA.

I also fail to see how other posters to this topic can claim that the technology is rock solid? How do they know? How do I know if they too are fronts for NSA?

So what am I left with. Nothing but trust. If I trust the provider, then their technology is irrelevant. If I don't trust them, then their technology is irrelevant. In this instance, Hushmail has proved that they are unworthy of trust.

if you read your mail...

[m2943]

If you use a company that promises to hide your messages from the government, you can be sure that that's the first place the government looks!

Re:The principle behind Hushmail is flawed.

[rm999]

The users demanded a less secure method because it was more convenient. They got what they asked for. Hushmail made it very clear in the process that they were giving up security, and the users still wanted it. We should be blaming the users for ruining Hushmail's reputation, not Hushmail for following the law.

Re:So? Google and Yahoo do the same

[shaitand]

'Those people don't deserve their activities to be protected - they're illegal.'

They deserve to have their activities protected unless those activities are wrong and it really isn't for Hushmail to say whether or not they are wrong. Illegal really has nothing to do with it. Many things were illegal in Nazi Germany or are illegal in China, or Russia, or the United States, or that doesn't mean they are wrong or immoral. Many laws are innately immoral.

Unfortunately many people forget that even a democratic government is an entity in itself with interests that differ from yours and from the actual citizenry. Even if the books weren't filled with preposterous laws that would make criminals of good decent and ethical individuals total law enforcement would be a bad thing.

That's been recommended to me, but I can't do it.

[Grendel Drago]

I just can't imagine sticking my PGP key and passphrase anywhere near my web browser. Sure, I use NoScript and all that jazz, but browsers are some of the most insecure programs in existence. Encryption keys are supposed to be kept as secure as possible; it strikes me as insane to let them touch the swiss-cheesiest app on the machine.

Re:So? Google and Yahoo do the same

[PopeRatzo]

Encrypt it yourself

Mark my words, there's going to be an effort to make any personal encryption illegal. I know all the arguments about why this "can't happen" and why we'll all be able to get around any law regarding personal use of encryption, but that's not going to stop the government from trying to outlaw it. And it's going to happen under the guise of "fighting terrorism". Further, it doesn't really matter if Mrs Clinton or Rudy Ghouliani become president. Either one will try to outlaw personal use of encryption. I'm not one of those people who believe there's no difference between the two political parties, and I don't believe any of the other Democratic candidates would go this way, but my sense is that Mrs Clinton is as enamored with secretive authoritarianism as any Republican corporatist.

Now, to be fair, Hushmail was probably pushed pretty hard by the NSA or FBI or DOJ to give up the PGP keys. They're trying to make a go of their little business and some alphabet outfit comes and basically lays it out that they can either play ball and let go of the keys or cease to exist. They couldn't even go to court to fight it because the government just has to say that "national security" is at stake and the case is thrown out. That's how bad it's already become.

But still, any provider of online communication services who does this must be given the consumer death penalty. It may be unfair to boycott a company that is otherwise good when they come up against this type of government bullying, but if we don't make a stand, every single company we rely on is going to fold to the government. We have to let any company that is going to handle our information that giving up our stuff without a warrant means they lose their customers. We're going to have to be every bit as ruthless as the corporate power establishment that is masquerading as our government.

If any of you have Lexis/Nexis, just take a quick look at the unbelievable acceleration of the destruction of our constitutional freedoms that has happened in the last 7 years. Although there's always been a push/pull in this kind of thing (after the Nixon years, the pendulum swung the other way for a while, with many laws protecting our freedoms shored up by congress), there's never been an administration that has been so outright hostile to our Constitution, and never has there been a court system so willing to acquiesce to the "Unitary Executive". If you look at the current makeup of the Supreme Court for example, we have a majority of activist, anti-freedom, reckless justices from the Chief on down. It's chilling. If Bush gets one more appointment, it's game over for at least three generations. Even without one more appointment, the Court has never been this hostile to personal freedom and willing to lie, twist and simply ignore our Constitution.

It's time that we take privacy and our freedoms into consideration with every decision we make, especially the economic ones. My wife and kid and I have already decided to make every effort to subvert the consumerist agenda that is being forced down our throats. Instead of borrowing to spend, we save. Instead of investing in the corporations that are our adversaries, we invest in family and neighbors. No carrying balances on our credit cards. No home equity loans to take vacations or buy HDTVs. Interestingly, our standard of living has improved. And when a company is hostile to our interests, we don't do business with them, and we encourage all our friends to stop doing business with them too. We're rooting for a horrible xmas buying season. When we heard that consumer confidence fell dramatically, we cheered because it means people are waking up. Once we realize that corporations use the same FUD to keep us buying and borrowing that the government uses to get us to give up our freedoms and privacy, we learned that there are worse things than a downturn in the economy - especially since the current economic model is feeding on midd

Re:Embarrassing??

[rk]

In fairness to you, both the headline and the summary not only completely failed to mention that they did this only after receiving a legitimate court order from their jurisdiction for the information they turned over, the tone of the title and summary implies that Hushmail just handed over information voluntarily in violation of agreements. The Article is poorly written, but the summary and headline are even worse. In general, I think a lot of people are a little too hard on Slashdot, but in this case, the criticism is duly warranted. The summary as written is borderline libelous.

I'm opposed to the stupid and wasteful "war on drugs"*. But that doesn't mean if I run a network service that drug runners are using I'm going to go to jail for them so they can stay in business, either. If you expect strangers to go to jail for you so you can continue to break the law then you're pretty stupid.

* - My brother-in-law got busted for toking up in September. He's in prison. It's a common story, right? Thing was, when he was toking up, HE WAS IN PRISON THEN, TOO. And he has been since 1991. Now tell me: If we can't keep drugs out of maximum security prisons, how the fuck are we going to keep them out of the country?

Re:Alternatives?

[Niten]

What alternatives are there besides Hushmail?

This isn't meant as one of those haughty, holier-than-thou remarks that it might initially sound like: The best solution is to run your mail user agent yourself, on your own hardware. Really.

These days it's easy to find an old PC or Mac / Soekris box / Linksys router and install OpenBSD or Linux on it. Then you not only have a more powerful and secure router than you started out with, you also have a general-purpose Unix server at your disposal; set up a free dynamic DNS account from DynDNS.com [dyndns.com] or the likes (in conjunction with the ddclient update script from the OpenBSD ports tree or Debian repositories) and OpenSSH, and you have a secure and efficient way to log into this system from anywhere on the public Internet. That's one step away from a remote access mail client with far greater security than any web-based company will provide you.

A few pointers:

• Set up daily, automatic backups of your mail folders with rsync! Don't lose your mail.
• You'll need a command-line mail user agent so that you can access all this by SSH. Mutt is my favorite, but others swear by Pine or the Emacs client.
• You can use msmtp to relay, and fetchmail to download, your messages from a remote server; or you can set up your own mail service if your ISP allows it. Consider using procmail to sort incoming messages.
• Configure S/KEY passwords on your home server: this way you can login from a somewhat untrusted client, yet rest assured that your password cannot be surreptitiously cached and used again.
• Access your mail on the server as a non-wheel user. Now even if somebody does compromise that account (a risk that is, in my opinion, far lower than the risk taken in using web-based systems), they will not have immediate control over the entire system.
• Carry Putty [greenend.org.uk] around with you on your USB memory device, in case you need to login from a Windows client. Putty is much smaller and more manageable than keeping your own personal copy of Firefox, and it will happily run from the USB stick without any installation or modification required.
• Install GPG on the server and import your keyrings.

This approach has a number of advantages over using any third-party web based system. The most obvious one is that in this configuration, GPG runs entirely on the server, keeping your encryption keys safe from untrusted clients. Also, because you are not using a web application, this system is immune to CSRF and XSS attacks. And OpenSSH offers a wide variety of authentication options, many of them far more secure in real-world scenarios than the simple username/password schemes implemented by most web apps.

Real information security takes real work, and as Hushmail has so kindly demonstrated for us, it isn't sound to exclude your own hosting company from your threat analysis. Why not simplify things and host part of your mail system yourself - the part that matters, where your encryption keys are stored and your messages are cached. Sure, it won't protect you from every vector of attack; but if your system does get attacked, it will be much more difficult for the attacker to do so entirely behind your back.

I'm not claiming that such a setup is for everyone. But if you want better security than what Hushmail was able to provide, this is what you need to do. If this is more work than you're willing to put in, it important to realize what you're giving up, and that there are no vastly "better alternatives" in the web-based secure email cottage industry. Or in other words: if you want something done right, do it yourself.

Re:Alternatives?

[legirons]

Except that the government can [theregister.co.uk] put you in prison for trying to keep a secret from them

how ironic, a fascist government in the UK. Good thing all the WW2 veterans are dead, so they didn't have to see it...

Re:Alternatives?

[Deanalator]

"... a good sign that the Feds doesn't possess some magical method of factoring enormous primes that they're not telling anyone about."

These are Canadian feds :-) Even in the US, only a few get access to the code cracking mountains. Not that it would take much, as you can silently hijack any ssl connection with a single cracked verisign/thawte key. Then you win the internet :-)

Also, on a side note, prime numbers are the easiest numbers to factor :-p

Re:So? Google and Yahoo do the same

[Anti_Climax]

If you give me six lines written by the most honest man, I will find in them something to hang him.

- Richelieu