Most users of the Internet regularly use email to communicate with others on
the Internet. Most have wondered how secure their email is from the prying
eyes of others. This is a brief discussion of how secure your email is.
Just to get your attention: If you don't want someone other than the intended
party(s) to see your email, don't use the Internet. Now that I have your
attention; there are ways you can secure your email from unwanted readers.
But, the general rule of thumb for Internet communications is: If you couldn't
put your message on a post card because of its sensitivity, don't send it on the
Internet without using additional security.
An email originating on your computer, to be sent over the Internet to another
person, may travel through several other computers, many other networks,
and probably be temporarily stored on at least one, if not more, computers
before arriving at its intended destination. At any one of the computers on
which your email is stored, the operator of that computer can read that email.
The security of your email transiting one of these intermediate computers is
solely dependent upon the integrity of the operator(s).
Though more difficult, your email can be "snooped" while it is traveling
through an intermediate network on its route to its destination without even
being temporarily stored on an intermediate computer. This requires a much
higher level of technical capability than simply reading a stored message, and
could be considered to be only remotely likely. You could generally assume
you are safe from this type of snooping unless your messages contain
information of such sensitivity that someone would be willing to spend some
amount of effort and/or money to capture them.
Some people correctly point out that the greatest risk of your email being seen
by unintended parties is either on your computer or on the computer at the
intended destination. What they many times neglect to point out is that the
next most likely place for your email to be intercepted is on the computer of
the Internet service provider who supplies the connection to your intended
recipient. Your email will be stored on that ISP's computer for an
indeterminate amount of time until your intended recipient retrieves his email
from his account. The only thing that stands between the security of your
email and its interception is the integrity of the operator.
For example: Let's assume that your a CPA (if you're reading this you may
be a CPA). You have been exchanging sensitive business information with a
major client via email on the Internet. Let's also assume that your client is in
a highly competitive industry (which one isn't), and has a competitor who
would really benefit from knowing the contents of your emails. The future of
your client's business now rests only upon the integrity of your ISP, that of
your client's ISP, and the amount of money your client's competitor is willing
to invest in an improper (read illegal) transaction.
The
same or similar situations could exist for lawyers, doctors, elected
officials, ad infinitum.
This doesn't mean you should forget the Internet as a communication
medium. But it does mean you should be highly selective in the information
you exchange over the Internet, or you should be using protection.
If you want to exchange sensitive information on
the Internet, you should be using some type of data encryption.
By using encryption on your email prior to sending it, most of the intermediate
security risks are alleviated. The only potential leaks are at the originating
computer or at the recipients computer. Baring an intense interest on the part
of large government agencies, or a disloyal employee, or a physical break and
enter, your email should be secure when using a current state-of-the-art
encryption program.
The details of how these encryption programs work is beyond the scope of
this introductory article. If you want to know more about these types of
programs before the next installment, visit one of the following Internet sites
or search the web for "pgp encryption".
Additional Information
More Information
And More Information
Encryption Privacy and Security Resource Page
RSA Laboratories
PGP Home Page
Author: Douglas R. Locke is an accountant with 15 years experience and
also an electrical engineer with 20 plus years in the electronics industry
and operates a small internet service in Pampa, Texas.