is telephone call communication.
Let's face it, even with Hushmail or its ilk, any email you send outside their system is unencrypted for half the trip, so chances are most of your email is snoopable -- and most people should know that and act accordingly.
But most people haven't caught on to the implications of the recent Bushite initiative the Congress rubber-stamped. This allows federal bureaucrats to snoop anywhere, any time, even just throw a dragnet out across all phone traffic between points in the US and overseas.
"So what?" say the naive, "I never call overseas." Wrong! Practically all order fulfillment call centers are now located overseas, which means every time you recite your credit card number, expiration date, verification # and name of cardholder to that order taker, that private financial information is potentially passing through the federal snoops' dragnet.
Now imagine you're a low-level security IT clerk working this thing. You're doing OK with your cushy federal job and all its perks, but know you're never going to get rich either. Then it dawns on you that there's a huge, lucrative marketplace for all this data that's passing across your screen every day.
Cobble together some voice recognition software with a filter that looks for the number pattern characteristic of credit cards. Slip it into the computer that's watching for words like "Al Qaeda", sit back for a while, and then harvest the results to a USB stick you can take home at night. Get into the on-line underworld community, peddle your data to them, collect your "private retirement bonus", quit your federal job, and go live out your life on a beach in South America.
It isn't a matter of If, it's a matter of When. Unless Congress gets some backbone and cleans up this mess, which doesn't appear likely.
Threat Chaos
Richard StiennonHushmail betrays trust of users
Summary
One likes to think that a secure web based email provider would be able to secure your email. It is becoming more and more evident that there truly is a threat against your private communications. Governments are really eavesdropping on you. That threat translates into demand for secure communication products one of which [...]
Topics
Blogger Info
Richard
Biography
Richard
Previously, Richard was VP Research at Gartner, Inc. where he covered security topics including firewalls, intrusion detection, intrusion prevention, security consulting and managed security services for the Security and Privacy group. He is a holder of Gartner's Thought Leadership award for 2003 and was named "One of the 50 most powerful people in Networking" by NetworkWorld magazine. His speaking engagements have included conferences and meetings throughout North and South America, Hawaii, Tokyo, Tel Aviv, Istanbul, Milan, Munich, Hannover, Madrid, London, and Cannes.
One likes to think that a secure web based email provider would be able to secure your email. It is becoming more and more evident that there truly is a threat against your private communications. Governments are really eavesdropping on you. That threat translates into demand for secure communication products one of which is web based email. But, apparently any prosecutor that is on a fishing expedition for evidence can subpoena HushMail who will intercept a user’s pass phrase and deliver complete records of decrypted email communications to help in an investigation. Great recounting of the events by Ryan Singel over at Wired.
My advice to anyone designing a secure communication service: make it impossible to comply with government requests. You don’t have to risk going to jail. Sure, give up the encrypted data if required. But don’t hand over the keys. Do that by not storing the keys.
My advice to anyone who truly wants to maintain their privacy: don’t trust service providers. Control your keys. Encrypt on your desktop. If you still need to use web based email services go with providers that have cumbersome legal systems for your country to deal with. One of HushMail’s advantages is that they are in Canada. That slows down the rate of spurious fishing expeditions on the part of US prosecutors.
Disclosure
Richard
http://blogs.zdnet.com/threatchaos/?page_id=455
Biography
Richard
A former ZDNet blogger, Richard Stiennon is an industry consultant. Most recently he was Chief Marketing Officer for Fortinet, Inc., the largest privately held security vendor. prior to that he was Chief Research Analyst at IT-Harvest. And before creating IT-Harvest, he was VP of threat research for Webroot Software, Inc. the leading commercial anti-spyware solution.
Previously, Richard was VP Research at Gartner, Inc. where he covered security topics including firewalls, intrusion detection, intrusion prevention, security consulting and managed security services for the Security and Privacy group. He is a holder of Gartner's Thought Leadership award for 2003 and was named "One of the 50 most powerful people in Networking" by NetworkWorld magazine. His speaking engagements have included conferences and meetings throughout North and South America, Hawaii, Tokyo, Tel Aviv, Istanbul, Milan, Munich, Hannover, Madrid, London, and Cannes.
More from “Threat Chaos”
Related Discussions on TechRepublic
Did you know you can take part in these discussions with your ZDNet membership?Talkback Most Recent of 6 Talkback(s)
-
paul@...11/08/2007 10:56 AM -
RE: Hushmail betrays trust of users
The worst part is the LIE from HushMail. They advertise the fact that "even Hushmail employees do not have access to your key." Obviously, with this development, that is a LIE. For that very provider to circumvent their own system to get the information and hand it over - for any reason, is a gross violation of trust. I would encourage all HushMail users to cancel their accounts and say, "Thanks anyway."
xrayman11/08/2007 03:29 PM -
Well here is a good case of deceptive advertising...
Maybe someone should charge them for that.
mrOSX11/09/2007 06:24 AM -
RE: Hushmail betrays trust of users
The soviet union didn't collapse, they just all emmigrated to North America. Are there really email privacy companies that have not been set up or taken over by the secret police of various countries?
alano301/02/2008 05:40 AM -
RE: Hushmail betrays trust of users
This is why users should try MailCloak.
fotoflo@...03/19/2009 08:22 PM -
RE: Hushmail betrays trust of users
If you fell for hushmail's claim that you were safe then you were foolish. If you are doing something illegal online you have to be an idiot to not think it can be tracked. period.
There is no such thing as total anonymity. The problem with other methods described here is that they requre software to be installed on the computer in order to work. If you own a business (Like myself) and you require people to send you sensitive data but its only once ina while you cant expect them to install software. We had a big issue with this. Recently we found the best solution. Private Information Exchange (im sure there are many others like this, this just happens to be the one we use) offers a simple solution. You initiate a request for info which is sent via email. However, the recipient gets the email with a link. they click the link and are asked for the info. The info isnt emailed back, its sent back to the requestor via SSL to their private information exchange account. The requestor simply gets an email that the request has been fulfilled. They log in and can see the info. If you want to find out more about it the website is http://www.privateinformationexchange.com
No system is fool proof, but this seems to be the most efficient that we have found.
Bryan
bryaninnj1@...07/10/2009 11:58 AM
Talkback - Tell Us What You Think
Get it the way you want it
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Blog Roll
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- A Developer's View
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Five Nines: The Next Gen Datacenter
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- India IT
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
Blog Archive
White Papers, Webcasts, & Resources
- Ten Things You Should Know about Windows 7There's a lot to Windows 7 - as one might expect, in a 17GB operating ... (Global Knowledge) Download Now
- Troubleshooting Slow Networks with WiresharkWireshark, the world's most popular open-source network analyzer, has ... (Global Knowledge) Download Now
- 2010 IT Skills & Salary ReportAre you wondering how your salary compares to your colleagues? Or how ... (Global Knowledge) Download Now
