Hushmail betrays trust of users

Summary:One likes to think that a secure web based email provider would be able to secure your email. It is becoming more and more evident that there truly is a threat against your private communications.

One likes to think that a secure web based email provider would be able to secure your email. It is becoming more and more evident that there truly is a threat against your private communications. Governments are really eavesdropping on you. That threat translates into demand for secure communication products one of which is web based email. But, apparently any prosecutor that is on a fishing expedition for evidence can subpoena HushMail who will intercept a user's pass phrase and deliver complete records of decrypted email communications to help in an investigation. Great recounting of the events by Ryan Singel over at Wired.

My advice to anyone designing a secure communication service: make it impossible to comply with government requests. You don't have to risk going to jail. Sure, give up the encrypted data if required. But don't hand over the keys. Do that by not storing the keys.

My advice to anyone who truly wants to maintain their privacy: don't trust service providers. Control your keys. Encrypt on your desktop. If you still need to use web based email services go with providers that have cumbersome legal systems for your country to deal with. One of HushMail's advantages is that they are in Canada. That slows down the rate of spurious fishing expeditions on the part of US prosecutors.

Topics: Collaboration

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.