Times 7/3/2000: "How secure is your e-mail?"

[Caspar Bowden]

http://www.the-times.co.uk/news/pages/tim/2000/03/07/timnnfnnf01001.html?100
7000.html
How secure is your e-mail?

Questions & Answers

The arrest of Julie-Ann Davies in connection with an alleged breach of the
Official Secrets Act warns us that e-mails may not be as private as we
assume.

Ms Davies, a mature student at Kingston University, Surrey, who was released
on police bail today, was traced by police who gained access to her computer
at the university. We expect an envelope not to be opened by the Post Office
but can we expect e-mails not to be opened by anybody else?

Questions & Answers

Q. Is my e-mail secure?

A. In a word, no. They are about as secure as postcards. E-mails can be read
by Internet Service Providers (ISPs), hackers and, potentially, the State.

Q. The State?

A. Yes. The Regulation of Investigating Powers Bill, was debated in the
House of Commons on Monday. If enacted, it will give the Security Services
and police the power to read your e-mails and hand over your passwords.
Refusal to do so could carry a two-year prison sentence.

Q. How can I make my e-mail secure?

A. The most effective way is to buy an encryption system. Two good ones are
available from www.pgpi.com and www.freedom.net. Both of these encode your
e-mails, making it hard for others to hack into them.

Q. What if I don't really mind who reads my e-mails?

A. You should. Most people use e-mail to correspond about their business and
personal lives. Such information could be dynamite in the hands of say, a
business rival or a divorce lawyer. Private detectives can and do hire
hackers to gain access to a target's e-mails.

Q. How about my e-mail address at work?

A. Unless your company uses an encryption system it is unsafe. Most
companies do not. Of course, many companies reserve the right to have access
to their employees' e-mails.

Q. Are free mail providers such as Yahoo and Excite secure?

A. Not really. Again, it is best to use an encryption system.

Q. What is Echelon and what does it have to do with security?

A. Echelon is the codename for a global electronic surveillance network run
by the USA, the UK, Canada, Australia and New Zealand. Originally designed
to sweep up every signal on the planet, it was used to monitor every piece
of Iron Curtain traffic during the Cold War, right down to the radio phone
inside a Zil limousine in Moscow.

It is now online and it has been alleged that it is used for industrial
espionage by the United States and the UK on other EU countries. If you find
the police knocking on your door after an e-mail session with David Shayler
it is likely that somebody has been watching you via Echelon.

Q. Are there any good pressure groups who deal with e-mail security?

A. Have a look at www.fipr.org. The Foundation for Information Policy
Research is an independent body that studies the interaction between
information technology and society. Its goal is to identify technical
developments with significant social impact, commission research into public
policy alternatives and promote public understanding and dialogue between
technologists and policy-makers in the UK and continental Europe.