Is e-mail private and secure? Not really. As one pundit put it, “E-mail is about as secure as whispering in the White House.” That’s not to say you should avoid using it.
The key to using e-mail safely is to understand where the privacy and security problems reside in the systems that transmit and receive e-mail. You then have the tools to properly evaluate when to use e-mail and when to avoid it.
Remember that once written or sent almost any e-mail can be retrieved if a person is willing to put enough time and effort into it. E-mail is sent “in the clear,” which means it’s sent in clear text and can be read by anybody with access to the data stream.
When you type an e-mail into a system on your computer, it’s stored on your hard drive. If you delete the e-mail, it’s still there. Deleting an e-mail will free the disk space that the e-mail resides on, but with specialized tools it can still be reconstructed. Normal use of the computer may not write over that section of the drive for a long time. If you type it on your computer, it’s probably still there. If you store an e-mail on a central server and then delete it later, you can be sure that it is still stored on a backup tape or drive and will reside there until the tape is written over. This could easily be years. But it still takes effort to find it.
When you send an e-mail, it will go through a number of different machines before it gets to its destination. You can see this track in Microsoft Outlook by opening a received e-mail and clicking on ‘View-Options.’ Your e-mail has been sent through each of the machines that show up in the headers, plus a number of machines that don’t show up on this list. Any of these machines may have cached your e-mail and stored or backed it up. Furthermore, routers that pass your messages along may be inspecting the data and looking for certain e-mails (this is the method that the famous FBI sniffing program Carnivore used). You just don’t know. If you are on a wireless network, that brings up a whole other set of problems.
How about where the e-mail is received? Again, those servers and machines are probably being backed up to tape or drives. If the person receiving your e-mail deletes it, it’s probably still around somewhere. The question is how much effort someone is willing to make to recover your e-mail.
What can you do about it? Not much. There are programs that will encrypt your e-mail. This goes a long way to making e-mail secure, but the trouble with encryption is that both ends of the e-mail (sender and receiver) must have compatible products. The glory and the horror of e-mail is that anybody can e-mail anybody else in the world. That’s why we have spam, by the way.
The rule for using e-mail can be simply stated: If you really don’t want anybody but the recipient to read your e-mail, don’t send it. In reality, it comes down to the amount of effort it is worth for a person to find and read your e-mail. If you are e-mailing your sister in England pictures of your rose garden, it’s perfectly safe. If you are e-mailing the latest plans for your secret product launch, you better be careful. It’s plausible that someone else may be reading it.
John C. Shovic is a partner at MiloCreek Consulting in Coeur d’Alene, Idaho.