Chapter 8. E-mail Security

Electronic mail, or e-mail, is one of the most used resources on the Internet. It's up there with HTTP (Web surfing), and having access to both e-mail and HTTP is enough reason for most people to get their first computer. E-mail has been around since the earliest days of the Internet. During the dawn of the ARPAnet, predecessor of today's Internet, e-mail was built to facilitate electronic communication between people geographically dispersed, but connected by a network of computers. Today, e-mail serves much the same purpose, but in many more ways. E-mail is no longer a novelty item; it has become a common and almost necessary part of everyday life.

When you tell some folks that their e-mail is not private, they shrug it off and say, “I don't care.” They might think that because they are law-abiding citizens, they have nothing to hide. Well, having nothing to hide is one thing, but allowing anyone to read your personal conversations is another. Sending e-mail today is like using post cards instead of letters. At least a letter is sealed in an envelope, so you and the recipient will know when someone has tampered with it. Would you send all your correspondence through the mail on a postcard?

It is important for you to understand that your e-mail is not private. It can be easily read by anybody, and anybody can send mail that appears to come from you. Not only that, but computers, or servers, are used to store e-mail and can be accessed by anybody responsible for the mail servers. These e-mail server system administrators have complete access to the e-mail that is stored on them. That means the computer administrators for your work and ISP e-mail accounts can read your e-mail whenever they want and forward them to other people. The capability of the U.S. government to monitor e-mail has existed for years. With public awareness of the FBI's DCS-1000 system (originally called Carnivore), the government's ability to monitor e-mail is becoming common knowledge. (DCS-1000 is an e-mail monitoring system that can filter e-mail based on keywords in the subject and body, or by e-mail address. DCS-1000 is discussed in more detail later in this chapter.)

Until recently, if U.S. law enforcement wanted to invade a person's privacy, it had to go through some legal hurdles. For a wiretap to be placed on phone lines or e-mail systems, a court order was required, as well as some monetary and labor investment. With the attacks against the U.S. on September 11, 2001, the laws quickly changed. The Combating Terrorism Act of 2001 expanded the FBI's wiretapping powers, giving it the ability to monitor e-mail in the U.S. for up to 48 hours without a judge's approval.

A common notion is that because of quantity, it would be too difficult for anyone to monitor or read a person's e-mail. After all, millions of e-mail messages are sent across the Internet every week. Some people question the government or anybody's ability to monitor millions of e-mail messages. The fact is, this is not as difficult as it first appears. Increasingly powerful computers are used to filter e-mail, searching for specific e-mail addresses or keywords in the subject and body. When a match is found, the e-mail is flagged so that a person can more closely analyze it.

You probably use e-mail on a daily basis. Maybe you are working out the details of a business contract, planning a political event, or just communicating with friends overseas. Those messages are nobody else's business. Our face-to-face conversations in the past were private. We could go into the park and have a personal talk with nobody eavesdropping on us. The Postal System is largely private because our letters are sealed to prevent tampering. We shouldn't allow the privacy of our electronic communications to be jeopardized either. Just because our thoughts, words, and ideas are more easily intercepted and read across electronic media rather than traditional media doesn't make it acceptable to do so.

Pretty Good Privacy (PGP) is the best means of e-mail privacy that is available. PGP is software you install that allows you to encrypt and decrypt messages between people so that nobody else can read them. It has been around for years and has proven itself in countries across the world. The trick is that you have to spend the time learning what it is and how to use it. After you figure out the system and share PGP with your friends and family, you will see just how fun it is to encode and decode messages.