Hushmail in U.S. v. Tyler Stumbo

Greg Broiles gbroiles at
Sat Nov 3 15:23:14 EDT 2007

On 11/1/07, Jon Callas <jon at> wrote:
> I'm sorry, but that's a slur. Hushmail is not a scam. They do a very
> good job of explaining what they do, what they cannot do, and against
> which threats they protect. You may quibble all you want with its
> *effectiveness* but they are not a scam. A scam is being dishonest.

I was unable to read the document discussed in the message that
started this thread, so I retrieved the complaint in US v. Tyler
Stumbo from PACER. I have placed it online at

In particular, the one of the passages referred to in the initial
message states:

["Item #5"]
A review of e-mails from e-mail address osocabro at between
February 14, 2007 and May 17, 2007, revealed OSOCA filled 88 separate
anabolic steroid orders for a total sale of $36,024.00. During a
review of the e-mails, SA Shawn Riley identified OSOCA'S Chinese SOS
for bulk powdered anabolic steroids as "GLP". GLP was using the email
address glpinternational at to communicate with OSOCA. The
e-mails between osocabro at and
glpinternational at showed there were two shipments of bulk
powdered anabolic steroids from GLP to OSOCA. Both orders were sent to
Tyler STUMBO at 9530 Hageman; Suite B #192, Bakersfield, CA. An
address check revealed 9530 Hageman, Suite B, Bakersfield, CA is a UPS

[end quoted material]

According to Hushmail's "About -> How Hushmail Works" page at Figure
1, "The user's passphrase encrypts and decrypts the user's private key
so that no one but the user ever has access to it. Not even Team

At Figure 4, same page, Hushmail states "    [...] The email may only
be decrypted by using the one-time message key.
    * The message key can only be decrypted by using the recipient's
private key.
    * The recipient's private key can only be decrypted by entering
the recipient's personal passphrase."

At Figure 5, same page, Hushmail states "So, not only is the email
securely coded before it is ever stored on a server, but the key to
decode the email is also encoded. Further, the private key needed to
decrypt this key is also encrypted. Only the recipient can retrieve
their private key by entering their secret personal passphrase."

On the page "About -> The Need For Hushmail", Hushmail states "[...]
By contrast, Hushmail keeps your online communications private and
secure. Not even a Hushmail employee with access to our servers can
read your encrypted email, since each message is uniquely encoded
before it leaves your computer. A Hushmail account lets you
communicate in total security with any other Hush member or
PGP-compatible email user anywhere in the world."

In its "Hush Encryption Engine White Paper" available at
Hushmail states on page 4: "When the Private Key is residing on a Hush
Key Server, it is encrypted with a passphrase. That passphrase never
leaves the user's computer. Hence, at no point is the Private Key or
any private data ever accessible to anyone at Hush. As long as you
have a good, strong passphrase, even if Team Hush tried, we couldn't
get your Private Key.

Furthermore, even if the company were subpoenaed by a court of law, a
private key wouldn't be accessible. This can be verified by reviewing
our published source code at"

In its "Webmail Using The Hush Encryption Engine" document available
at <>
 at page 3, Hushmail states: "Hushmail fulfills the following
requirements: [...] 3. Private keys and private data may only be
decrypted on the client computer, never on any server."

In the introductory e-mail sent to new Hushmail users, Hushmail
states: "Hushmail users can send encrypted email to anybody with an
email address.  If the recipient of your email is another Hushmail or
PGP user, the encryption will take place automatically without any
action on your part."

As a longtime paid Hushmail user, I am surprised to learn that it is
possible to send email to another Hushmail user which is accessible to
Hushmail corporate employees and, by extension, the Canadian
government, and any organization they choose to cooperate with. I was
unable to identify the Hushmail documentation which would explain the
company's ability to comply with the MLAT requests as demonstrated in
the Stumbo matter. I was able identify a number of statements which
would lead the average reader to conclude that the company is unable
to provide the sort of cooperation discussed in the Stumbo complaint.

I agree that it is possible that one or both of the correspondents in
the Stumbo case used a weak passphrase which was susceptible to a
dictionary attack. I would be surprised to learn that Hush
Communication actively engages in dictionary attacks versus its users
at the request of the Canadian government. If that is the case, this
would seem to go beyond an obligation to merely turn over existing
information, and become active participation in an attempt to subvert
the security of communication between Hushmail users.

Greg Broiles, JD, LLM Tax, EA
gbroiles at (Lists only. Not for confidential communications.)
Legacy Planning Law Group
San Jose, CA
California Estate Planning Blog:

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list