E-Mail Security
E-mail is exposed as it
travels through the web. Furthermore, the privacy of an e-mail message can be
compromised on the sender's or receiver's side, without warning.
Consider the differences
between e-mail and regular letters. Regular mail is handled by a postal system
that by law is forbidden to look inside letters. A letter is sealed inside an
opaque envelope, making it almost impossible for an outsider to see the
contents. The physical envelope is tamper-evident, meaning it shows if someone
opens it. A sender can drop a letter in any mailbox, making the sending of a
letter anonymous. For these reasons, we have a high expectation of privacy with
regular mail. (At certain times in history, for example during a war or under
an autocratic ruler, mail was inspected regularly. In those cases, citizens
knew their mail was not private.)
In this section we look at
the reality of privacy for e-mail.
Where Does E-Mail Go, and Who Can Access It?
We cover e-mail and privacy
-enhanced e-mail in Chapter 7. In this
section we look only at the mechanics of transmitting e-mail with attention to
privacy impacts.
E-mail is conceptually a
point-to-point communication. If Janet sends e-mail to Scott, Janet's computer
establishes a virtual connection with Scott, the computers synchronize, and the
message is transferred by SMTP (simple mail transfer protocol). However, Scott
may not be online at the moment Janet wants to send her message, so the message
to Scott is stored for him on a server (called a POP or post office protocol
server). The next time Scott is online, he downloads that message from the
server. In the point-to-point communication, Janet's message is private; in the
server version, it is potentially exposed while sitting on the server.
Janet may be part of a large
organization (such as a company or university), so she may not have a direct
outbound connection herself; instead, her mail is routed through a server, too,
where the message's privacy is in jeopardy. A further complication is aliases
and forwarding agents that add more midpoints to this description. Also,
Internet routing can make many hops out of a conceptual point-to-point model.
What started as a simple case
can easily have at least five parties: (a) Janet and her computer, (b) Janet's
organization's SMTP server, (c) Janet's organization's ISP, (d) Scott's POP
server, and (e) Scott and his computer. For now, we are most interested in the
three middle parties: (b), (c), and (d). Any of them can log the fact that it
was sent or can even keep a copy of the message.
Interception of E-mail
E-mail is subject to the same
interception risks as other web traffic: While in transit on the Internet,
e-mail is open for any interceptor to read.
In Chapter 7 we described techniques for encrypting e-mail. In
particular, S/MIME and PGP are two widely used e-mail protection programs.
S/MIME and PGP are available for popular mail handlers such as Outlook, Outlook
Express, Eudora, Apple Mail, Netscape Communicator, and others. These products
protect e-mail from the client's workstation through mail agents, across the
Internet, and to the recipient's workstation. That protection is considered
end-to-end, meaning from the sender to the recipient. Encrypted e-mail
protection is subject to the strength of the encryption and the security of the
encryption protocol.
A virtual private network,
also described in Chapter 7, can protect
data on the connection between a client's workstation and some edge point,
usually a router or firewall, at the organization to which the client belongs.
For a corporate or government employee or a university student, communication
is protected just up to the edge of the corporate, government, or university
network. Thus, with a virtual private network, e-mail is protected only from
the sender to the sender's office, not even up to the sender's mail agent, and
certainly not to the recipient.
Some organizations routinely
copy all e-mail sent from their computers. Purposes for these copies include
using the e-mail as evidence in legal affairs and monitoring the e-mail for
inappropriate content.
Monitoring E-Mail
Companies and government
agencies can legitimately monitor their employees' e-mail use. Schools and
libraries can monitor the computer use of patrons. Network administrators and
ISPs can monitor traffic for normal business purposes, such as to measure
traffic patterns or to detect spam. Organizations must advise users of this
monitoring, but the notice can be a small notice in a personnel handbook or in the
fine print of a service contract. Organizations can use the monitoring data for
any legal purpose, for example, to investigate leaks, to manage resources, or
to track user behavior.
Network users should have no
expectation of privacy in their e-mail or general computer use.
Anonymous E-mail and Remailers
We have described anonymity
in other settings; there are reasons for anonymous e-mail, as well.
As with telephone calls,
employees sending tips or complaining to management may want to do so anonymously.
For example, consumers may want to contact commercial establishmentsto register
a complaint, inquire about products, or request informationwithout getting on a
mailing list or becoming a target for spam. Or people beginning a personal
relationship may want to pass along some information without giving away their
identities. These are some of the reasons people want to be able to send
anonymous e-mail.
Free e-mail addresses are
readily available from Yahoo, Microsoft Hotmail, and many other places. People
can treat these addresses as disposable: Obtain one, use it for a while, and
discard it (by ceasing to use it).
Simple Remailers
Another solution is a
remailer. A remailer is a trusted
third party to whom you send an e-mail message and indicate to whom you want it
sent. The remailer strips off the sender's name and address, assigns an
anonymous pseudonym as the sender, and forwards the message to the designated
recipient. The third party keeps a record of the correspondence between
pseudonyms and real names and addresses. If the recipient replies, the remailer
removes the recipient's name and address, applies a different anonymous
pseudonym, and forwards the message to the original sender. Such a remailer
knows both sender and receiver, so it provides pseudonymity, not anonymity.
Mixmaster Remailers
A more complicated design is
needed to overcome the problem that the remailer knows who are the real sender
and receiver. This approach is similar to the concept of onion routing
described in Chapter 7. The basic tool
is a set of cooperating hosts that agree to forward mail. Each host publishes
its own public encryption key.
The sender creates a message
and selects several of the cooperating hosts. The sender designates the
ultimate recipient (call it node n) and places a destination note with the
content. The sender then chooses one of the cooperating hosts (call it node
n-1), encrypts the package with the public key of node (n-1) and places a
destination note showing node (n) with the encrypted package. The sender
chooses another node (n-2), encrypts, and adds a destination note for (n-1).
The sender thus builds a multilayered package, with the message inside; each
layer adds another layer of encryption and another destination.
Each remailer node knows only
from where it received the package and to whom to send it next. Only the first
remailer knows the true recipient, and only the last remailer knows the final
recipient. Therefore, no remailer can compromise the relationship between
sender and receiver.
Although this strategy is
sound, the overhead involved indicates that this approach should be used only
when anonymity is very important.
Spoofing and Spamming
E-mail has very little
authenticity protection. Nothing in the SMTP protocol checks to verify that the
listed sender (the From: address) is accurate or even legitimate. Spoofing the
source address of an e-mail message is not difficult. This limitation
facilitates the sending of spam because it is impossible to trace the real
sender of a spam message. Sometimes the apparent sender will be someone who
knows the recipient or someone on a common mailing list with the recipient.
Spoofing such an apparent sender is intended to lend credibility to the spam
message.
Phishing is a form of spam in
which the sender attempts to convince the sender to reveal personal data, such
as banking details. The sender enhances the credibility of a phishing message
by spoofing a convincing source address, or using a deceptive domain name
These kinds of e- mail
messages entice gullible users to reveal sensitive personal data. Because of
limited regulation of the Internet, very little can be done to control these
threats. User awareness is the best defense.
Summary
E-mail is exposed from sender
to receiver, and there are numerous points for interception. Unless the e-mail
is encrypted, there is little to prevent its access along the way.
For businesses, governments,
schools, and other organizations, network administrators and managers may read
any e-mail messages sent.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.