Encrypted Email Not So Safe After All

Sat Nov 10, 2007 4:22PM EST

See Comments (2)

Many online services tout their security and privacy by noting that they offer encryption technology to prevent your data from being accessed even if someone manages to break into their servers. For those storing business information, financial records, or sensitive material online, this can be a dealbreaker. However, that's not always a real guarantee: This week, encrypted email provider Hushmail turned over 12 CDs full of email from three of its user accounts to the Canadian government, part of investigation into online steroid dealers.

Hushmail began offering encrypted email services in 1999, a very secure service in which Hushmail never had possession of unencrypted messages. In 2006, it launched a new, simpler service that worked a little differently and was popular because it didn't require a Java software download. In this newer, non-Java scenario, Hushmail runs the encryption on its own servers and can access the passphrase you use to decrypt the messages. The government exploited this weakness and told Hushmail to give up the passphrase along with the email. And Hushmail complied. (To date, the company says it has not challenged any court order.)

As Wired's Threat Level blog notes, Hushmail has not been exactly clear on the privacy and security risks of its non-Java service (and there are even some possible implications that the Java-based service may not be as secure as you think). However, the company's CTO engaged in a lengthy discussion on these issues with a Wired reporter, and the company deserves some credit for being open about its policies and, frankly, your risks as a user.

The bottom line is that it's important to remember the limits of "encryption" as a feature of web-based services. While encryption may help you in the event of a run-of-the-mill security breach from a garden-variety hacker, it's probably not going to shield you from a serious government investigation... for better or worse. Consider yourself informed.

LINK: Encrypted E-Mail Company Hushmail Spills to Feds

Comments on Encrypted Email Not So Safe After All

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 2 Posted by brozenec on Mon Nov 12, 2007 7:51AM EST Report Abuse

    Hi Chris Since you appear to work for yahoo, maybe you can answer this question. Why was yahoo mail down for over 5 hours this weekend and why didn't yahoo have the professional courtesy to publish some sort of update on the main splash page? Likewise, why no explanation or apology?

More Posts: First Prev 1 Next Last

Post a Comment

Sign In to Post a Comment

 

Sign In to see your profile information, saved products and more...

Register Sign In

My Favorite Gadgets

 



Quick Compare See All Favorite Gadgets
 

Recent Activity

 

Recently Viewed

on | off on | off
 

Recent Searches

on | off on | off
 
 
 

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.