Blogs on Filtering (continued)
Two recent incidents point out the ever-present risk that "secure" communications are often only as secure as the provider of the communication service:
Nart on Google handing over the IP address of an Orkut user who posted allegedly criminal content to the site. Google declined to respond to a pointed request by a CNet reporter inquiring whether the company was required by law to provide the IP address or merely complied with law in voluntarily turning over such information.
Ethan Zuckerman points out this article, detailing the fact that the web-based version of HushMail's encrypted email service is still subject to interception by law enforcement. Law enforcement officials apparently required HushMail to alter its general policy of immediately deleting the passcode required to read encrypted email, instead turning that passcode and various email over to the police. The article questions whether HushMail's signature product, which relies on a client-side Java application to perform encryption instead of a Web interface, would also be subject to interception.
Companies wishing to do business in any nation are, of course, required to comply with national laws. Whether they should voluntarily disclose information where not compelled to do so, and whether they should inform customers of the fact that account information can be obtained in this manner, are separate questions.