Hushmail.com is the latest entrepreneurial endeavor to look for profit in privacy. The company is beta testing a free, advertiser-supported, Web-based email service, which -- unlike established players such as Hotmail and Yahoo! -- protects each message with a data scrambling technique strong enough to resist the most earnest attack.
The strength of Hushmail's system lies in a powerful 1024-bit encryption algorithm embodied in a Java applet that runs on the end-users' machine. Eavesdroppers only see meaningless garbage, and even the Hushmail proprietors can't read their users' private messages. The company is based in Austin, Texas, but the Hushmail server is located in Canada, and the software was developed entirely outside of the United States.
On Monday, start-up Zero Knowledge Systems began beta testing an ambitious system that it says will soon provide Internet security and privacy on all levels to purchasers of its $50 Freedom software package. The system employs heavy duty crypto, with keys as long as 4,096 bits. The company is based in Montreal, and the software was masterminded by cypherpunk legend Ian Goldberg, who happens to be Canadian.
It's no coincidence that these pro-privacy businesses are sprouting outside the Land of the Free. Under U.S. law, any crypto programs stronger than a pathetic 56 bits are considered "munitions," which cannot be exported without explicit approval from the government. That restriction keeps major U.S. software makers from incorporating significant privacy measures into their applications -- which are, after all, marketed to the borderless Internet community.
Complicating matters further, the export laws apply not just to technology, but to people. "If U.S. citizens work on any of our cryptography software, those people can be charged with a crime," says Austin Hill, president of Zero Knowledge Systems. "We've looked at hiring U.S. citizens, but we had to turn them down."