Hushmail encrypted email company hands over emails to government

Hushmail is a company that promises to keep your email encrypted, and safe from prying eyes. They have two versions of their service, one more secure, and one less. Turns out that "less" means "able to hand over clear-text."

First off, Hushmail's technology is sound, and they are frank about what happened (they are located online at hushmail.com). They complied with a legal warrant (Wired) from the government who were tracking down illegal Chinese wholesale steroid chemical providers who had been using the service. The point of this story is to make sure people understand the strengths, and limitations of cryptography. Encryption is a powerful tool to protect personal privacy, but any encryption which takes place on your behalf on hardware controlled by an other entity will _always_ have the additional risk of the other entity betraying your trust, either for personal gain, or as required by law. Encryption works best when you keep control of the client-side process. Commercial programs like PGP(Wikipedia) or open source versions like GPG(Wikipedia) are excellent choices for such personal protection.