Kind of scary how they asked for all PM's mentioning BFL. I recall a while ago theymos discussed the idea of adding javascript PM encryption as a way to protect the forum from unreasonable searches and seizures. It isn't the best way to do it, as of course theymos could modify the javascript at anytime (he could even potentially be compelled to do so by law), but modifying the javascript is detectable, and messages that were sent and viewed with the unmodified javascript are still safe. It adds an extra layer of security, which should be sufficient for most PM's. It would also be very useful should BitcoinTalk's database ever get compromised... again. Anyone who has something really secret to tell should use something like PGP instead of this however.
I think we should consider adding this to the new forum software.
The other big problem with that is how to handle private keys. If the private key is generated from your password, for example, then forgetting your password would mean losing all of your PMs. Most people aren't prepared for this.
I don't see a reason why the forum would need to automatically decrypt your PM's for you. If you were to have everyone give a public key to the forum to have your PM's automatically encrypted to, then decrypting a PM would only be a matter of using your PGP client to decrypt the message manually for you which really would not take that much effort. This would let people determine how much security their PGP private keys have.
We're not talking about using PGP or any third party software at all. We're talking about doing this via javascript, so everything happens in the browser, and the user doesn't even need to know it's happening. PM's will function just like they do now except you'll need to enter a password to read your PM's, the password and plaintext PM's are never sent to the server and all encryption/decryption is done in-browser, similar to blockchain.info/wallet. This is SIGNIFICANTLY less safe than PGP, but it's probably sufficient to mitigate really invasive subpoena's etc.
Well to avoid the problem of people potentially forgetting their password to decrypt their PM's the forum could automatically encrypt PM's sent to someone using javascript, users would then store the private key locally, outside of their browser in order to decrypt the message. If PGP is used, and the user is using
GPGTools as their PGP client, and their private key is stored locally, then decrypting it would be as arbitrary as highlighting text and making two clicks (and entering your passphrase).
In theory, the javascript could be modified so that whenever someone enters their password to decrypt a PM that the password is transmitted to either the forum or a third party attacker which would essentially allow them to decrypt any PM for that user.