Tuesday, March 20, 2007

Guess Who Is Reading YOUR Email

The Authorities: If you watch the TV series 24, you know that CTU monitors all electronic communications around the world -- telephones, cell phones, email, IM and SMS.
"Jack, we're picking up chatter on the Internet. A nuclear explosion is planned for today in LA!"

The stories, characters, action, etc. involved in 24 are fiction. But read this, and you will see that the show's portrayal of our government's surveillance capabilities is realistic. www.answers.com.

In the interests of national security, most of us are happy to sacrifice a measure of privacy and freedom. Ditto to catch sexual predators. But where do you draw the line? What if they use surveillance to try and identify tax evaders, car thieves or adulterers?

It may surprise you to know many businesses are required to inspect and save email, IM and SMS traffic to prevent unlawful use and disclosure of confidential customer/client information. Many more organizations believe it is their duty to monitor employee communications to protect trade secrets and to insure compliance with the organization's policies and procedures.

In many cases, employees are unaware that their communications are being monitored by their employers. In one case, a woman found out when her boss questioned why she posted her resume on CareerBuilder.com.

You would be wise to assume that your boss is reading your email; even if he/she is not, others (inside and outside your organization) probably are.

Internet Service Providers: Internet communications are routinely "read" by Internet service providers at various points on the Internet. Most of us like the idea of spam filters and anti-virus programs reading our incoming mail since somewhere around 90% of email is spam, and none of us wants to catch a virus.

Most of us are comfortable with the idea of email service providers using advertising to obtain compensation for free services. All the major free email services work this way (Microsoft's Hotmail, Google's Gmail, Yahoo! Mail, etc.). Google now "reads" your incoming messages in order to present ads that are "relevant" to the content of the messages displayed (emails about your car will be shown in Gmail along side ads about car repair and new cars). Other providers are likely to follow Google's lead in this.

Privacy experts are concerned about the potential for Google to know all about us and use that knowledge against us in the future. Google assures us that no human reads Gmail messages (with certain significant caveats). Note that Google's assurances do not address the concerns of privacy experts directly.

How can you protect your Internet communications from prying eyes and ears? How can you reduce the chances of something you say coming back to bite you?

  • Be careful what you say.
    • Anything you say may be taken out of context and used against you at some point in the future -- in a law suit, criminal matter,or performance review, perhaps.
  • Know who you are communicating with.
    • You have varying degrees of trust with your coworkers, clients, family, et al. Don't trust a reporter or someone you don't know.
    • Be skeptical if you are contacted by someone claiming your trust and seeking information from you. Trust but verify.
  • Encrypt your communications.
    • This is not hard to do, but it requires the parties to exchange keys or use a service that handles the key exchange transparently to the users.
    • You can find information on how encrypt Internet communications using your particular email and messaging client software (Outlook, Outlook Express, Mail, Thunderbird, AIM, ICQ, Windows Live Messenger, etc.) on the Internet.
    • The major free email service providers such as Hotmail, Yahoo! Mail, Gmail, et al., do not support email encryption. Providers such as Hushmail, S-mail, et al. do provide free encrypted email services.
  • Use Skype.
    • Skype has user (sender and receiver) authentication so you know who you are communicating with.
    • Skype has encryption built-in, so your messages cannot be intercepted.
    • You can use Skype to make phone calls, leave voice messages and chat. Unfortunately, they don't do emails.

Black Hats: Spam filters, anti-virus programs, even G-men scanning messages all represent "white hat" surveillance activities primarily designed to protect us. However, many of us would be uncomfortable knowing our bosses, coworkers, competitors, spouses, rivals, enemies, the press, bored teenagers, et al. were spying on us. These are the men/women/kids in black hats. The tools of their trade are:

Be safe out there... Big Brother is watching.

No comments: