Hushmail in U.S. v. Tyler Stumbo

auto37159 at auto37159 at
Tue Oct 30 12:27:53 EDT 2007

Maybe this is off topic, but I think it does relate to the 
implementation of cryptography.

I stumbled across this filing:

relating to a drug case where the defendant and others used 

What I found interesting was:
1.  The amount of data which Hushmail was required to turn over to 
the US DEA relating to 3 email addresses.  3 + 9 = 12 CDs  What 
kind of and for what length of time does Hushmail store logs?

2.  That items #5 and #15 indicated that the _contents_ of emails 
between several Hushmail accounts were "reviewed".  

3.  The request was submitted to the ISP for IP addresses related 
to a specific hushmail address (#9).  How would the ISP be able to 
link a specific email address to an IP when Hushmail uses SSL/TLS 
for both web and POP3/IMAP interfaces?

Since email between hushmail accounts is generally PGPed.  (That is 
the point, right?)  And the MLAT was used to establish probable 
cause, I assume that the passphrases were not squeezed out of the 
plaintiff.  How did the contents get divulged?


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list