Internet, Email & Telephones > Email & Communication Services
Using Your Computer > Using the Internet & Email

Advice by Email - security issues

By Lasa Information Systems Team

How confidential is electronic mail? Millions of e-mail messages are sent every day, and most people are quite happy with the level of security it offers. But what if we want to send confidential client information using electronic mail? Is the level of security good enough? Is e-mail to be trusted?

The short answer is no. If I send you an e-mail there is the possibility that it can be read by someone as it makes its way between my computer and yours. Sending an e-mail is a bit like sending a postcard. It could be read by the postman, or at the sorting office and by whoever collects the post at the home or office. So if I send you an e-mail containing identifiable client sensitive information it is as much a breach of confidentiality as if I wrote it on a postcard.

Store and forward

All e-mail messages spend time sitting on computers called mail servers, usually at your service provider, waiting to be forwarded to your PC. An e-mail message is a simple text file and can be read by anyone with access to your service provider’s computers. If I send the e-mail from an office network it may also spend time sitting on the hard disk of the machine that acts as the gateway between the company and the Internet.

Such emails can be read by the system administrator and this may be done as a matter of routine, to ensure that company e-mail isn't being used to transmit libellous statements or company secrets. E-mail is potentially vulnerable to mass monitoring as it can be searched automatically, so thousands of messages can be scanned in seconds to look for key words or a particular name.

Return to sender?

Another problem with my e-mail is that you can't be absolutely certain that it is really from me. The sender’s name and address can be faked, and in any case I may share my e-mail accounts and the actual sender may not be me at all despite having my e-mail address on it. Worse still, a genuine e-mail can be tampered with or modified on its way through the system.

Good practice with e-mail

Despite these potential pitfalls e-mail offers many benefits and is a massively expanding method of communicating. After all, most messages don't need to be absolutely secure. But, how can advice agencies and others benefit from the use of e-mail while retaining proper confidentiality and security? You can deal with some of the problems by making sure that your confidentiality policy is applied to e-mail (see sidebar).

But, if you want to be certain that your e-mail isn't going to be read or tampered with, you will have to encrypt that message.

Encryption

Encryption is a way of scrambling a message so that it can only be read by the person you are sending it to. Once a message is encrypted it will appear as a meaningless garble of characters to anyone except the person who has the key to unscramble it. An encrypted e-mail is no longer an open message – if open e-mail is like a postcard then ‘encryption seals the envelopes of the digital age.’

The simplest way to encrypt a message is to write your message in a word processing program and save it with a password. You can then attach the file to your e-mail. The main problem then is that the recipient must also know the password in order to be able to read the file. How do they find out what the password is? Obviously it can't be sent in the e-mail as this would defeat the purpose of encrypting – anyone who reads the e-mail could then open the file. It is possible for me to tell you the password by phone or letter, but this can make the process clumsy and involved.

Public key encryption

Public key encryption provides a way to send an encrypted message, and ensures that the recipient has the key to decode them. All encryption uses a key (i.e. a password) to scramble and unscramble a message, but public key encryption is different because instead of using a single key, every individual has both a public key and a private key (which is kept secret).

If I want to send a confidential message to you, I encrypt my message with your public key. When you receive the encrypted message, you decrypt it into readable text with your private key.

The trick is that the encryption is a one-way process. Once a message is encrypted with the public key it cannot be decrypted with the public key but only by the corresponding private key. You make your public key available to everyone so that they can encrypt messages to you, but only you can read those messages using your private key. This means that you can exchange a completely secure message with a client or another agency without having to have previously agreed a shared secret key.

Authentication

Public key cryptography can also authenticate that a message originates (and has not been altered en route) from a person using a kind of signature. To send a signed message, I encrypt it with my private key, before sending to you. This time you can only decrypt the message using my public key (it works this way round as well). If you can do this, it verifies my signature, because the message must have been sent using my private key (which only I should know). Note that in this example, anyone else can use my public key to decrypt the message (and thus verify the signature) as well, so the message is not confidential.

How does it work in practice?

If this all sounds hopelessly complicated, it is fortunately a little more straightforward in practice. The latest version of Microsoft's Outlook, Outlook Express and Netscape's Messenger are all able to encrypt messages using a form of public key encryption called S/MIME. I decided to use Outlook Express to test how to encrypt and authenticate messages.

The first step is to sign on at a certifying authority and be issued with a Digital ID, which will contain your public and private keys. In Outlook Express this is done by selecting Tools, Accounts and then the Security tab in the Properties of your mail account. Clicking on the 'Get Digital ID...' button launches Internet Explorer and takes you via the Outlook web site to the certifying authority web site (I chose Verisign).

I filled out a simple form (name, e-mail address etc.) to register for my ID and chose a 60-day free trial; to obtain a permanent ID you will have to pay a fee to Verisign. Later the same day I got an e-mail message back from Verisign, and following the instructions on their 'Install Your Digital ID' web page, I downloaded my new digital ID into Outlook Express.

The first thing I did with my digital ID was to send an authenticated message containing my public key. This is done in Outlook Express by clicking on 'Digitally Sign Message' in the 'Compose Message' window. A rosette icon appeared to show me that the message had been signed by my private key. I then sent the e-mail to Vince at Resource Information Services who, using Outlook 98 which incorporates S/MIME, would hopefully be able to confirm that it came from me and has not been tampered with.

Once Vince had successfully received my signed message, containing my public key, he was able to encrypt a message back to me. In Outlook Express this is simply done by selecting 'Encrypt Message' (indicated by a padlock icon).

Note that if I wanted to send an encrypted message to Vince I would need his public key, so first he would need to send me a message signed with his digital ID.

Once I have his digital ID I can also send him a message which is signed and encrypted. This confirms that the message came from me (and hasn't been altered) and encrypts the contents so only he can read it. This should be the proper form for any e-mail message containing confidential client information.

Conclusion

If you're using e-mail for client information you should alert people to the confidentiality issues and the possible need for encryption if confidential information is going to be exchanged. The latest e- mail packages provide a fairly straightforward way to encrypt and authenticate messages, although each person needs to obtain a digital ID (i.e. a public and private key pair).

Encryption and authentication provides a way for us to use e-mail for confidential exchanges. But it will only become really useful if people start to digitally sign their confidential messages as a matter of routine.

For more on using PGP email encryption software see the tutorial at email privacy or download the user guide from the PGPI website.