Just How Secure is E-Mail?

from the September 2003 Newsletter
by Rob Zorn

We've all sent or received postcards before. We probably haven't thought too much about it, but there are general commonsense rules we usually employ when sending them without really even thinking in depth about it. We're a privacy conscious species, so usually what we write is pretty generic. "We're having a great time, weather's been great, picked up a bit of a tan, this is the prettiest postcard I could find, wish you were here, back soon, etc etc."

Now the reason we stick to pretty basic stuff when using postcards is because we are fully aware that they can be read easily by many individuals, both in transit, and after they've arrived at their destination. The postal delivery person can read them, the mail sorters can read them, as can anybody else who happens to be near the postcard as it travels from place to place. We don't tend to put embarrassing details about ourselves and others on postcards, and we certainly don't put our credit card details, or the location of all the money we have hidden under our beds on them either! To sum up, we only commit to a postcard information that we wouldn't be too concerned about the whole world reading.

What some people may not realise is that the same situation applies to any ordinary e-mail you send. E-mail is really very much like an electronic version of a postcard. In most cases, once you click Send in your e-mail program, your message just becomes a text file wrapped up in some computerised protocol (agreed upon way of accomplishing something on the Internet) designed specifically for the passing of e-mail messages from one server (computer designed to be part of the Internet) to another. In most cases, the protocol used is called SMTP (Simple Mail Transfer Protocol). SMTP is freely available and easy to obtain and use.

The steps would be as follows: Your e-mail program sends your e-mail to your ISP's mail server. Your ISP's mail server then passes the e-mail to the destination ISP's mail server. If the destination mail server is along way away or in another country, your e-mail may well have been passed through several servers before it finally gets to the destination ISP. When the destination ISP's mail server finally receives the e-mail, it stores it on its own servers in the mailbox file of the intended recipient. It stays there until the intended recipient connects to the destination ISP's mail server and downloads the email to his or her own machine.

Now, anyone who can gain access to your e-mail as it travels from place to place can read it. For example, the mail technicians at your ISP, or any of the technicians that look after any of the servers your e-mail may travel through, could configure their mail server to save a copy of every e-mail that passes through them, or perhaps just to save e-mails from or to certain people, or which contain certain words or whatever. If they wanted to, these technicians could stop any e-mail they chose, and even change the message in it. That would be a bit like the postman changing what you have written on your postcard.

Now it is unlikely that e-mail technicians are going to do this. Firstly, e-mail servers usually handle thousands upon thousands of e-mails per hour. Saving copies would amount to a gross abundance of pointless information. Mail technicians are bound to have instant dismissal clauses in their contracts too, if they're caught at this sort of thing, so why risk looking at people's e-mails? If voyeuristic thrills are desired, there's no shortage of opportunities available online that don't necessitate risking your job.

However, mail servers can be interfered with by hackers, and this has been known to happen plenty of times. Usually the hacker will do so because he is targeting an individual and wants copies of certain e-mails for nefarious purposes of his own. They might sneak a rule onto a mail server that copies mail from or to a certain person to them so they can know about it or perhaps even alter it. Depending on how clever they are, hackers can often get away with this for a little while, but they will usually be detected and blocked (it's often impossible to trace them) very quickly.

Lastly, of course, your e-mail could be read by anyone who has access to your mailbox. Again, mail technicians don't usually need a password to get into the mailboxes on their mail servers. They are frequently required to go into mailboxes, delete corrupted e-mails, or even corrupted characters within individual e-mails. Mailboxes are transferred from one server to another for maintenance reasons etc, etc. At any stage, e-mail waiting for you to download could easily be read by anyone who has the root password to the mail server.

I probably should stress here that Actrix has very strict rules for all its staff in dealing with people's e-mail. No e-mail is ever opened or deleted without the owner's express desire and direction.

So what's the upshot of all this? Treat e-mail like a postcard. There is very little reason to fear that someone will read your e-mail, or even that they'd want to, unless they have some vested interest in getting at you. There is more chance that your postcards will get read. But by the same token you have to be aware that e-mail is not secure and it would be foolish to include sensitive information, such as credit card or password details in them, and it would be unwise to put anything potentially embarrassing (to yourself or to someone else) in them either. This is also why Actrix help desk staff work under the policy of not supplying passwords of any sort by e-mail.

Is there a way to send e-mail securely?

Well, yes there is. It is possible to have your e-mails digitally signed which will confirm to any sender that they have come from you and they haven't been tampered with in any way. Digital signatures use formulas to give an original e-mail a specific "fingerprint." If the e-mail arrives and it's message differs from the original fingerprint, the recipient can be alerted.

It is also possible to send and receive e-mails in encrypted format. This involves you arranging to have a specific key (cryptographic algorithm) that can be published to the world through Internet security specialist companies such as VeriSign Inc, or Thawte. People then use that key to send you encrypted e-mail, but only you can un-encrypt things at you end, because only you know the pass-phrase that works specifically with your key.

Admittedly, this sounds like a lot of complication and bother, and for most people it probably is. Exercise a little "postcard protocol prudence" and there's really little need for encryption or digital signatures, but if you are concerned, there are options available for you to investigate further. One simpler option might be to go with a product known as PGP (Pretty Good Privacy) which comes in both commercial and free versions. PGP uses its own scheme of key servers where you can find the keys of others with whom you'd like to exchange mail.

A good page explaining PGP in more detail can be found here:

http://www.keysystem.de/yeti/online/keysystem.nsf/webview/1315B72D1FEB1EC3C1256C9000090F7A

The PGP homepage is at www.pgp.com.