Sending an ordinary e-mail to someone is like sending that person a postcard. It's easy to read the message at any point along the electronic chain over which the message travels.
The only way to protect the privacy of the message is to encrypt it. Encryption scrambles the message using mathematical formulas that make it unreadable. Only someone possessing the correct "key" can convert the message back to readable text.
Numerous companies (e.g., PGP) have developed programs to allow PC users to send and receive encrypted e-mails. The best of these programs provide protection so strong that even the super-computers used by national intelligence agencies can't decipher messages created with them.
But learning to use these programs requires some effort. It also requires a little additional time to encrypt or decrypt a message. As a result, most PC users don't bother to encrypt their e-mail.
To make using encryption easier, in 1999, a Canadian company introduced a revolutionary service to make sending and receiving encrypted e-mail easier and faster. Hushmail allows users to encrypt their e-mail messages through a Web-based interface similar to Yahoo! or Hotmail e-mail.
And it's not modest about its capabilities. It claims "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer." Only, it turns out that this isn't necessarily true if a government agency wants to read your e-mail.
In 2006, acting through the U.S.-Canada Mutual Legal Assistance Treaty (MLAT), U.S. prosecutors requested copies of decrypted, "plain text" e-mails from alleged steroid dealers. Subsequently, in response to a Canadian court order, Hushmail turned over 12 CDs of plain-text e-mail messages to U.S. investigators.
It turns out that the only way that Hushmail could comply with the order was to exploit a vulnerability in the way it encrypts messages. Fortunately, the vulnerability only affects a relatively new offering from Hushmail that doesn't require users to load and run a program called Java.
Loading a Java "applet" takes a few seconds and delays access to a Hushmail account. So, in 2006, Hushmail developed a service that didn't require loading the applet. But, this introduced the vulnerability into the Hushmail service.
In the new service, instead of the encryption occurring on your PC, it occurs in Hushmail's servers. This requires that Hushmail briefly retain a copy of your "passphrase"—the string of characters you type in to authenticate yourself as the legitimate owner of your account. Someone with access to Hushmail's servers can get at the passphrase and thus all of the messages in the account.
Again, this vulnerability only affects Hushmail's newer, non-Java-based system. If you don't mind waiting a few seconds for the Java applet to load when you log on to Hushmail, the company doesn't have a copy of your passphrase.
[UPDATE 11/20/07: Hushmail now admits that the Java-based system may also be compromised in response to a court order.]
Is waiting a few extra seconds worth the sacrifice? Only you can decide that question, but if you value your privacy, the answer is an unequivocal "yes."
Click here to learn hundreds more ways you can protect your privacy and wealth, on or off the Internet.
Copyright © 2007 by Mark Nestmann
Comments