Home|
|
|
The short answer is, you have none.
When you send an e-mail message to someone, you're message will pass through at least one other computer (the mail server), and then through 10, 20, or more other computers as it makes it's way across town or across the world. Every computer, every person with access to those computers, and probably their cousin Earl, has full access to your mail. It can be saved for later, silently copied to another location, or even read in transit by network 'sniffers' that scan all internet traffic passing through.
The problem is more evident at public e-mail sites such as Yahoo or Hotmail. Being public, high-volume systems, hackers and 'security experts' are constantly testing (and defeating) their security systems. One hacker even posted a page that would let anyone access any Hotmail account without needing a password. All e-mail sites are vulnerable to the same attacks, but you won't hear about most of them
Most systems, including our mail system, have checks in place to ensure that no one ever sees anyone else's mail, but there's still a lot of unsecured systems between you and your recipient. So what do you do if you MUST get the secret plans back to headquarters with complete privacy?
Options
One option is anonymizer.com. They claim to be able to protect your privacy while surfing the net, plus they have an anonymous mailer at http://www.anonymizer.com/3.0/services/email.cgi . Another option is at http://www.hushmail.com . If your recipient also has a hushmail account, no one (even your local system administrator), can read your e-mail.
There are also desktop options. Entering the search word 'encryption' at a place like www.download.com will turn up hundreds of programs. I like Quick:CRYPT ( the author, Stephan Darlington, was kind enough to allow us to host the freeware QCrypt.zip (337 kb zip file)), which puts encryption on your right-click menu. For any desktop option, your recipient must also have encryption software.
MIT offers a freeware edition of PGP, which stands for Pretty Good Privacy. Pretty good is actually Very good in this case. If you make the commitment to learning it, PGP may be all you'll ever need.
Reality
All of these options are still vulnerable to what's known as a Tempest attack, where special equipment can read the radiation from your computer screen to enable them to see what you see. The plans for the equipment are available on the web, and a demostration was built for about $600. Tempest is the name of the shielding technology used to stop the eavesdropping.
If you aren't allowed to install shielding on your office computer, the only encryption/privacy tool (that I know of) that can defend against the Tempest attack is a special viewer installed as part of PGP Desktop from Network Associates.
Our E-Mail Policy
Our servers, like any servers on the net, come under periodic attacks from the Unwashed. Every activity of any kind is logged and reviewed by the system administrator seven days a week. The logs show the sender and recipient e-mail addresses, time, size, and some other small stuff, but not the contents.
Our e-mail policy is:
No one, including the sysadmin, will ever see your mail.
No one except for the sysadmin will see the log for e-mail, and the sysadmin never talks about the log files.
The sysadmin doesn't care what you do anyway, you freakshow Sir.
Exceptions to the rule:
You can authorize someone else to view your e-mail. Authorization must be either face-to-face or over the telephone; e-mail, fax, or other requests will be made fun of, your ancestry will be questioned, and then your address will be sold to Cruella's House of Pain.
If someone mis-addresses mail to you and is undeliverable, it will automatically go to the sysadmin (unavoidable), who will forward it to you (one time only; it's up to you to fix the mistake, as all subsequent mis-addressed mail is deleted by the server). The sysadmin treats all mail as strictly confidential at all times.
Questions?
If you have any questions, notice anything that doesn't seem right, or if you're just uneasy about something, never hesitate to ask your e-mail administrator.
An explanation for some of the satellites up there...
echelonwatch.org
