Hushmail - Compromises To Email Privacy

Compromises To Email Privacy

Until September 2007, Hushmail received generally favorable reviews in the press. It was believed that possible threats, such as demands from the legal system to reveal the content of traffic through the system, were not as imminent in Canada as they are in the United States and if data were to be handed over encrypted messages would be available only in encrypted form.

However, developments in November 2007 led to doubts among security-conscious users about Hushmail's security and concern over a backdoor. Hushmail has turned over cleartext copies of private e-mail messages associated with several addresses at the request of law enforcement agencies under a Mutual Legal Assistance Treaty with the United States.

An example of this behavior is in the case of U.S. v. Tyler Stumbo. In addition, the contents of emails between Hushmail addresses were analyzed, and a total of 12 CDs were turned over to US authorities. Hushmail also now states that it also logs IP addresses in order "to analyze market trends, gather broad demographic information, and prevent abuse of our services."

Hush Communications, the company that provides Hushmail, states that it will not release any user data without a court order from the Supreme Court of British Columbia, Canada, and that other countries seeking access to user data must apply to the government of Canada via an applicable Mutual Legal Assistance Treaty. Hushmail states that "...That means that there is no guarantee that we will not be compelled, under a court order issued by the Supreme Court of British Columbia, Canada, to treat a user named in a court order differently, and compromise that user's privacy." and additionally "...If a court order has been issued by the Supreme Court of British Columbia compelling us to reveal the content of your encrypted email, the "attacker" could be Hush Communications, the actual service provider."

The issue originally revolved around the use of the non-Java version of the Hush system. It performed the encrypt and decrypt steps on Hush's servers and then used SSL to transmit the data to the user. The data is available as cleartext during this small window; additionally the passphrase can be captured at this point. This facilitates the decryption of all stored messages and future messages using this passphrase.

Hushmail has stated that the Java version is also vulnerable in that they may be compelled to deliver a compromised java applet to a user.
Hushmail recommends using non web-based services such as GnuPG and PGP Desktop for those who need stronger security.