Please Scroll Down to See Forums Below 
Guys,
Let me try and explain my understanding of the points of the article:
http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html
This is important as EF Mail uses the Hush engine. I will also ask Hush to post on this thread.
First, let's go over how things work at other ISPs like Yahoo or hotmail.
1. Feds want to get access to someone's Hotmail account:
2. They subpoena hotmail.
3. Hotmail turns over all the person's email all of which can be read since none of it is encrypted.
Next, let's look at how this would work with hushmail:
1. Feds want to get access to someone's Hushmail account.
2. They send a subpoena to Hushmail.
3. The subpoena is ignored since Hush is based in Canada.
4. The Feds decide they really want to see what's in that email account.
5. Hush only accepts court orders issued by the British Columbia Supreme Court.
6. The Feds make a formal request to the Canadian government whose Justice Department then applies, with sworn affidavits, for a court order.
7. With the Canadian court order, Hush is compelled to turn over the contents of an email account to the Feds.
Here's what the Feds can and cannot read:
All email that is not encrypted can be read. That would include email you sent to or got from a yahoo.com account or a hotmail account or any other regular email account.
If you selected the encryption option, and sent encrypted email to someone else using PGP, elitefitness.com email, hushmail, or cyber-rights, that mail could not be read unless it was decrypted first.
To decrypt that email, the Feds need the passphrase you used when you created the account.
Hushmail does not have that passphrase if you are using the Java applet version of their software. The EliteFitness.com email system here, ONLY uses the Java applet version, so neither hushmail (nor elite) has access to your passphrase.
If you are using a hushmail.com email address, there are two ways to get your email. The java applet way like we use here, or a more traditional method that does not require the applet.
The advantage of this second method, which is not available to EF members, is that it is faster to login and check your mail. The disadvange is that hush gains access to your passphrase in the process. Hush has always posted this distinction to their users. And EF does not make this second option available to you.
So, long post made short, you are much better off to use an elitefitness.com account and send email to others using PGP, hushmail, or cyber-rights than you are without it. If your email was sent or received using PGP encryption, then it cannot be read when it is turned over pursuant to a subpoena without your pass phrase.
Here is the question I would like Hushmail to address.
Have the Feds or anyone else, ever gotten the Canadian government to force you to send a different applet to a particular user, which could then capture and send the user's passphrase to you, and then on to the government? In other words, have you ever been compelled to break your own software in order to get someone's passphrase for the authorities.
And secondly, if you were to be compelled to break your own software in order to get someone's passphrase for the authorities, how would you respond to the authorities and to your community of users?
Let me try and explain my understanding of the points of the article:
http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html
This is important as EF Mail uses the Hush engine. I will also ask Hush to post on this thread.
First, let's go over how things work at other ISPs like Yahoo or hotmail.
1. Feds want to get access to someone's Hotmail account:
2. They subpoena hotmail.
3. Hotmail turns over all the person's email all of which can be read since none of it is encrypted.
Next, let's look at how this would work with hushmail:
1. Feds want to get access to someone's Hushmail account.
2. They send a subpoena to Hushmail.
3. The subpoena is ignored since Hush is based in Canada.
4. The Feds decide they really want to see what's in that email account.
5. Hush only accepts court orders issued by the British Columbia Supreme Court.
6. The Feds make a formal request to the Canadian government whose Justice Department then applies, with sworn affidavits, for a court order.
7. With the Canadian court order, Hush is compelled to turn over the contents of an email account to the Feds.
Here's what the Feds can and cannot read:
All email that is not encrypted can be read. That would include email you sent to or got from a yahoo.com account or a hotmail account or any other regular email account.
If you selected the encryption option, and sent encrypted email to someone else using PGP, elitefitness.com email, hushmail, or cyber-rights, that mail could not be read unless it was decrypted first.
To decrypt that email, the Feds need the passphrase you used when you created the account.
Hushmail does not have that passphrase if you are using the Java applet version of their software. The EliteFitness.com email system here, ONLY uses the Java applet version, so neither hushmail (nor elite) has access to your passphrase.
If you are using a hushmail.com email address, there are two ways to get your email. The java applet way like we use here, or a more traditional method that does not require the applet.
The advantage of this second method, which is not available to EF members, is that it is faster to login and check your mail. The disadvange is that hush gains access to your passphrase in the process. Hush has always posted this distinction to their users. And EF does not make this second option available to you.
So, long post made short, you are much better off to use an elitefitness.com account and send email to others using PGP, hushmail, or cyber-rights than you are without it. If your email was sent or received using PGP encryption, then it cannot be read when it is turned over pursuant to a subpoena without your pass phrase.
Here is the question I would like Hushmail to address.
Have the Feds or anyone else, ever gotten the Canadian government to force you to send a different applet to a particular user, which could then capture and send the user's passphrase to you, and then on to the government? In other words, have you ever been compelled to break your own software in order to get someone's passphrase for the authorities.
And secondly, if you were to be compelled to break your own software in order to get someone's passphrase for the authorities, how would you respond to the authorities and to your community of users?
