SAN FRANCISCO (05/30/2000) - E-mail is about as private as undressing with your curtains open. You may think you're having a private moment, but the reality is quite different. The steamy love letter you sent to your sweetheart, the joke about your manager's new haircut, and the resume you sent to your company's competitor may all have passed under the eyes of your boss, as well as those of the systems supervisor and a few other unintended recipients. The fact is, thanks to modern technology and the approval of the courts, your employer can easily-and legally-keep tabs on everything that passes through your e-mail out-box at work. It's also not especially difficult for a hacker, your ISP's mail administrator, or a coworker to intercept and read your e-mail.
Thankfully, you can shield private messages from public scrutiny. With some security know-how and our e-mail tips, you can fight off the Big Brothers of the world.
The Power and the Peril
To understand why your e-mail is vulnerable, you must first understand how your messages move through the Internet.
E-mail programs such as Microsoft's Outlook Express and Qualcomm's Eudora Pro give you a feeling of control over your correspondence. As the mail comes in, you organize it, delete some of it from your mailbox, and fire off replies to friends. Because this all happens in a matter of moments, you have the illusion of beaming your letter directly to the recipient's computer.
In most cases, however, your out-box is only the first of several stops the message takes before reaching your recipient's in-box. E-mail follows a routing process similar to the postal system's-only without the added protection of a sealed envelope. Each stop along the way offers an opportunity for prying eyes.
Gone Today, Here Tomorrow
In the years since you started using e-mail, you've probably sent and received thousands of messages. Like most of us, you may assume that your messages of yesteryear have disappeared forever into the electronic ether. Just because you've deleted an e-mail from your system, though, doesn't mean it's really gone. With most e-mail applications, deleted messages live in a readily available Trash folder until you exit the program (or, in some cases, until you empty the folder manually). And even after you clear the Trash folder, the data remains on your hard disk until other files overwrite it.
Assuming you've managed to wipe a message clean from your own computer, chances are a copy still lives on your recipient's hard drive. If you sent or received the message at work, your employer may have backup tapes containing your messages (whether the company has backed up your personal hard drive or not).
And if you send and receive messages from home, your ISP probably has copies of your e-mail, because a responsible provider backs up its mail servers regularly. It's also possible for hackers to intercept the mail stream going to or from your ISP's servers. All of these copies are beyond your control.
Nosey NeighborsSnoopers have many ways to see your e-mail. The easiest is to sit down at your desk and open your mail program when you're somewhere else.
Programs such as Microsoft Corp.'s Outlook Express and Netscape Communications Corp.'s Messenger require passwords only when downloading new mail-not for the program as a whole. (Of course, if you've set up your account to remember your password, you don't have even this minimal level of security.) This can really be a problem if you ever share a computer with others in your office or at an Internet cafe. Unless you always take care to log out properly, the next person to sit down has complete access to your in-box. When using a public computer, you should delete all messages from your in-box and remove your account information from the Preferences panel before exiting the mail program. If you don't want to delete your messages permanently, open your e-mail preferences and select Leave A Copy Of Messages On Server before downloading your mail.
Whose Mail Is It, Anyway?
But why should you care if people are reading your e-mail? You probably don't transmit government secrets on a regular basis. In fact, most e-mail messages are simply routine correspondence with coworkers, family, and friends, of interest only to you and them (and sometimes not even to them!).
Although the spooks at the National Security Agency may not care about the racy joke you just forwarded to all of your coworkers and half of Michigan, your boss probably does. And if you're not careful, your next off-the-cuff rant or tasteless barb could land you right out of a job.
Their Ball, Their RulesYou probably assume that e-mail you send from work belongs to you. Unfortunately, the U.S. courts don't agree. Recent legal decisions confirm that when you use your company's computers, network, and Internet connection to compose and send e-mail, your mail belongs to- you guessed it- the company, not you. This includes messages to your mom, your better half, and the Buffy the Vampire Slayer message boards.
Sidebar: Don't Take Candy from StrangersA common concern of people new to e-mail is the threat of a computer virus hitching a ride on that incoming mail from Grandma. If this describes you, sit back and smile appreciatively at your Mac. For the most part, Mac users have little to worry about, as relatively few Mac viruses are circulating. This is because, like the majority of computer users, most of the pinheads who create computer viruses use Windows machines. Thus they write code that specifically exploits the soft underbelly of that platform. Because Windows programs don't run on the Mac OS, neither do most Windows viruses.
That's not to say you can't get a Mac virus by e-mail. It's possible-and like most viruses, it would come as a file attachment. Here are some tips for protecting your Mac from pesky, uninvited guests.
Always approach e-mail attachments with suspicion. If you double-click on an infected file, you could download a virus right to your Mac. To prevent this, most e-mail clients warn you before launching attached programs. Keep in mind that not all viruses come directly from malevolent strangers; some can attach themselves to e-mail messages without the infected sender's knowledge. Here's a good rule of thumb: Never open an attachment unless you know the sender and have a pretty good idea of what the file is.
One troublesome and highly infectious e-mail microbe is the macro virus. Macros are little snippets of program code used by Microsoft's Office suite; they allow documents to perform useful tasks such as running a series of calculations in an Excel spreadsheet. Unfortunately, hackers can write evil macros. One particularly annoying macro virus that hit the Mac arrived through attached Word documents and transformed all Word documents on the user's hard drive into templates, rendering them uneditable.
Fortunately, because of differences in the operating systems, the most vicious macro viruses have their worst effects on Windows machines. Although to date no one has discovered a macro virus on the Mac that will destroy data, it pays to be careful.
To make sure your Mac isn't infected already, and to safeguard your system in the future, consider buying a virus-protection program, such as Symantec Corp.'s $70 Norton AntiVirus (800/497-6180, www.symantec.com). Make sure to keep the virus definitions up-to-date.
If you get a message from a friend telling you not to open any e-mail containing the subject line 'Good Times' ignore it. This is one of the oldest myths circulating on the Net. An e-mail message itself is just plain text; it cannot fry your hard drive, steal your financial data, or check to see if you have spinach in your teeth. (You can keep track of the latest virus hoaxes at www.urbanlegends.about.com.)Many organizations use monitoring software to see how employees are using the company's computers and fast, expensive Internet connections. A wide variety of monitoring software is now on the market. Some simply monitors the frequency of e-mail and Internet use, looking for employees who may be spending too much time online. Other programs can scan messages for keywords such as sex or resume, saving any suspect messages for later review or even blocking them altogether. The practice is already common; a report by the American Management Association showed that nearly 30 percent of the companies it surveyed were monitoring e-mail in early 1999. As more and cheaper monitoring software becomes available, the likelihood that your employer will scrutinize mail increases.
Why would your company even bother to monitor your e-mail? To protect itself, for one thing: The company can be held liable for what you say if it gets sued for sexual harassment or job discrimination. Say you don't like an obnoxious coworker, and you e-mail some tasteless jokes about him to a friend in your company. A few years later, the obnoxious coworker gets fired and sues the company. His lawyer demands copies of all e-mail that mentions him, and next thing you know, your joking (if a bit mean-spirited) old message becomes exhibit A in the lawsuit as proof of a hostile work environment.
This isn't just theoretical; over the past several years, demand for e-mail records has become one of the primary requests in the discovery phase of lawsuits. Joe Kish, a partner at the law firm of Severson & Werson, teaches legal seminars on methods of electronic discovery. "People seem to drop their guard when they send e-mail," Kish comments. "It's become an incredible legal resource for both plaintiffs and defendants."
Examples abound. As we wrote this article, the U.S. Justice Department opened up a criminal investigation to determine whether the Clinton White House had deliberately withheld potentially embarrassing e-mail from congressional subpoenas. And Bill Gates knows all about e-mail messages returning from the electronic grave to haunt you. In the Microsoft antitrust trial, Department of Justice lawyers skillfully used old e-mail he wrote and received to undermine the credibility of his videotaped testimony. Interestingly, Gates and his correspondents wrote many of these messages after the government filed suit, showing how even someone as savvy as the Microsoft king thought of e-mail as ephemeral.
Loose Lips Sink Careers
Lawsuits aren't all your boss may worry about. Here's another possibility: Say you use the company e-mail system to gripe about your working conditions and coworkers to a friend. When your next performance review comes up, your supervisor pulls out the e-mail and denies you a raise or promotion because of your poor attitude. An employer has the right to use e-mail records to monitor employees' job performance. That's because the courts have held that companies have a legitimate interest in assuring the quality of their employees' work and in protecting themselves against workplace theft and fraud. If one of the factors in your performance evaluation is how you handle teamwork, negative e-mail could affect your standing.
Keeping Your Mail Private
Although a responsible employer should inform its workers that it monitors e-mail, companies may or may not be legally required to do so, depending on the laws of the state where the company is located. The best way to avoid getting in trouble with e-mail is to be cautious about what you write when you're at work. Kish says, "Treat your e-mail as if it were as important as any other business correspondence. Don't let the ease and convenience of sending e-mail replace common sense."
At times, though, you may have a legitimate need to send out sensitive material such as client correspondence or business plans. You can protect the privacy of these messages, but it's going to take a little work.
Hiding behind a Web Site
For casual purposes, you can get the privacy you need from a Web-based mail service such as Hotmail or Yahoo Mail. These free services let you send and receive e-mail from their Web sites, so you can write personal stuff at work without using your company e-mail account. Because Web sites store the mail on their own servers-not on your company's-your employer can't get access to the data through monitoring software or a backup copy. That doesn't mean your company doesn't still 'own' the mail you send from work, but in practice it reduces your employer's ability to get at it.
The Web-based accounts also provide a degree of anonymity. When setting up your account, you select a user name. It doesn't have to be your real name-you could call yourself firstname.lastname@example.org or email@example.com. These services generally ask for your name and some address information, but they don't verify the data, so you could provide bogus information. Keep in mind, however, that many newsgroups object to the use of fake identities for posting messages.
Don't think that you're untraceable just because you haven't associated your real name with an account. When you send a message through Hotmail or Yahoo, the Web site places your computer's IP address (the identifying number that your system uses on the Internet) into the message header. Many work-based computers, as well as home computers with DSL or cable connections, have a fixed IP address that points directly to you. Even if your computer has a dynamic IP address (one that changes each time you log on to the Internet), your ISP can check its server logs to find out which user occupied a specific IP address when a particular message was sent.
At times, you may need complete anonymity in e-mail communications. For example, you might be a whistle-blower reporting an illegal act to the authorities. If you want to make sure that absolutely no one can trace your messages back to you, send them through a remailer service. Remailers strip all identifying address information from outgoing messages, then send them on to their destination, often encrypting them in transit.
You can send messages to a remailer using your regular e-mail program or through a Web interface, such as the one at the Anonymizer Web site (http://www.anonymizer.com).
Naturally, the downside to having all of your address information stripped off your messages is that the recipient has no way to respond. Also, the e-mail can take a long time to go through-one test message took more than a day. Keep in mind that remailers won't protect you from unintentionally identifying yourself through your writing style or subject matter.
Padlock Your E-mail with PGP
Encryption gives you the highest possible level of privacy protection. One of the most popular encryption tools is PGP (Pretty Good Privacy). Used in conjunction with many popular e-mail programs, this freeware encryption package can provide everything you'll need to encrypt, authenticate, and decrypt your most sensitive correspondence. Our guide walks you through setting up and using PGP with Microsoft's Outlook Express 5.02; however, the process is similar with other e-mail programs.
PGP Tool Kit--After you install the PGP package, this encryption menu appears in your e-mail program.
Crypto in a Really Small NutshellPGP is based on a technology called public key cryptography. It uses two encryption keys (long strings of letters, punctuation marks, and numbers) that work together to maintain security. You can give your public key, which encrypts data, to anyone you want. Your private key, which stays in your possession, unscrambles the data encrypted with your public key.
Anyone with a copy of your public key can encrypt information so that only you can read it. You can collect other people's public keys and add them to an encrypted file called a keyring.
PGP can also affix a digital signature to documents you send. This allows recipients to verify that messages actually came from you, not an impostor.
(For an explanation of how PGP works, see "PGP Basics" at http://www.macworld.com/2000/07/features/pgpbasics.html.)Picking Up Your KeysYou can download the freeware PGP software from http://web.mit.edu/network/pgp.html. After unstuffing and installing the package, you'll end up with a folder that includes the PGP Tools program, which lets you work with files and folders, as well as the PGP Keys program for managing your encryption keys. The package also adds PGP tools to your control-click contextual menu, allowing you to encrypt and decrypt items from the desktop.
Before you can begin encrypting e-mail, you must first create your public and private keys. The PGP Key Generation Wizard, which launches when you install PGP, walks you through this process. When setting up your keys, you'll have to establish a pass phrase (which is like a password but should be longer and therefore more secure). Take great care here-if you forget your pass phrase, nobody in the universe can retrieve it for you. When you have the keys, upload your public key to one of the Internet's public-key servers so that others can use it to send you mail.
The PGP Recipients window is your keyring for the public keys of all your regular correspondents. As you obtain public keys, just drag them into the PGP Recipients window to add them to your keyring.
Next, you'll need to obtain the public keys of the people to whom you want to send encrypted messages. You can use the PGP Keys program to retrieve their keys from a key server, or each correspondent can send his or her public key to you in a plain-text e-mail message. To save public keys to your keyring, simply drag them into an open PGP Keys window. Now you are ready to send off your top-secret e-mail messages.
Encrypting Your E-mail
The PGP package places a new PGP menu-denoted by a padlock icon-in your e-mail program. Open Outlook Express and compose your message. When you're done, click in the message body and choose Select All from the File menu; then choose Encrypt from the PGP menu.
If you don't already have the recipient's public key on your keyring, the PGP Recipients dialog box appears, prompting you to get the key over the Internet from the public key server. With the keys in place, PGP then encrypts the text and replaces the plain text with the ciphertext. Now click on Send Now.
This gibberish is actually the text of this article after encryption with a friend's public key. It's unreadable until the recipient unlocks it using his or her private key.
To decrypt a message you've received, open it in Outlook Express. You must open the message in its own window for PGP to work; Outlook Express can't decrypt messages within its three-pane Preview mode. Select all text in the body of the message, then choose Decrypt/Verify from the PGP menu. PGP asks for your pass phrase, then decrypts and replaces the ciphertext in the message window with the plain text. If the sender signed the message digitally, Outlook Express adds a few lines at the top attesting to the signature's status and who the signer is, as well as timestamps for signing and verification.
Scrambling for Privacy
Perhaps you don't need absolute anonymity, but you don't want anyone except your intended recipient to read your e-mail. You may, after all, be exchanging confidential company information with your business partner. For cases like this, you should look into encryption software. Encryption scrambles plain-text messages using a mathematical algorithm, so that only the intended recipient can read them.
The Weak and the StrongOne of the world's experts in cryptography, Bruce Schneier, once said, "There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files." As a Macintosh user, you have ready access to both kinds.
You'll find relatively weak cryptography in Aladdin Systems' DropStuff (831/761-6200, http://www.aladdinsys.com). This shareware program lets you compress and encrypt one or more files or folders into an archive file using a password. If you're using Apple Computer Inc.'s $99 OS 9 (800/692-7753, http://www.apple.com), you don't need DropStuff, as OS 9 includes a similar security feature for files. To use it, choose Encrypt from the File menu in the Finder and select a password.
Encryption strength is measured in bits-the more bits a cipher has, the tougher it is to crack. The protection factor in DropStuff is fairly low, with only 40-bit encryption. By comparison, the level of encryption in most online banking transactions is 128 bits. Still, 40-bit encryption will baffle all but the most determined and sophisticated code-crackers. One big drawback to both DropStuff and OS 9's encryption features is that they work only on files or folders; you can't encrypt individual e-mail messages unless you save them as file attachments. Also, you must agree on a password with the recipient before you send the encrypted archive. If you exchange this password in an unprotected e-mail message, you'll shoot a giant hole in your carefully constructed wall of security.
Another option is a Web-based encryption service. These allow you to encrypt e-mail, which your recipient can then pick up securely. For example, Ziplip (http://www.ziplip.com) lets you compose your message on its secure Web site; the service then encrypts the e-mail and stores it on the Ziplip server. Ziplip sends the e-mail to the recipient, announcing that he or she has a Ziplip message waiting, and provides a special URL for retrieving the mail. To pick up their messages, recipients can visit the Ziplip site, provided they're using a 128-bit secure browser such as Internet Explorer 5 or some versions of Navigator 4.7 and later. For added protection, Ziplip destroys messages 24 hours after they're read. Because someone else could intercept Ziplip's e-mail to your recipient, you can optionally use a password or phrase known only to you and the recipient.
Pretty Good Privacy
For strong cryptography, turn to the freeware PGP (Pretty Good Privacy). It uses 128-bit encryption as well as digital authentication, which tracks down the origin of a message, verifying the sender's identity. PGP offers an advantage over other encrypting methods because it uses public key encryption, a process that doesn't require agreeing on passwords in advance. (For an explanation of how PGP works, see "PGP Basics" at http://www.macworld.com/2000/07/features/pgpbasics.html.)You can download the software from MIT's PGP distribution page (http://web.mit.edu/network/bgp.html). When you install PGP, a new menu appears in most Mac e-mail programs-including Outlook Express, Eudora Pro, and Claris Emailer-that allows you to encrypt and decrypt mail messages. The free download includes separate programs that help you encrypt files or folders on your hard disk, manage encryption keys (bits of code that encrypt and decrypt files), and securely erase files you've thrown in the Trash.
Learning Curve Ahead
The positive aspect of using PGP is that you can be pretty confident that the information you send is secure and that only the intended recipient can read it. The files also remain encrypted on the recipient's hard drive, preventing snoops from perusing them after transmittal.
However, you'll encounter some significant obstacles in using PGP. The first is the setup required. You have to generate your code keys, which identify you, and upload one of them to a public key server, where others can download your key and use it to send you messages. You also have to understand how the PGP system works before you can use it securely. It comes with a good manual, but the process is inherently complex and confusing-especially for cryptography newbies. And finally, encrypting and decrypting mail messages takes some extra steps. If you're transmitting sensitive business information or trying to conceal a love affair, you'll find the added effort worth the trouble. But for your average e-mail chatter, you probably shouldn't bother.
By the way, it's perfectly legal to use encryption software, although your employer may not want you to use it at work and can probably demand that you refrain.
The Last Word
As Bruce Schneier once said, "Security is a process, not a product." There's no quick and easy way to ensure that your e-mail messages stay strictly between you and your correspondents, but you can do a lot to protect yourself. Treat work e-mail as if your boss were going to shout your messages from the rooftops. Use alternative e-mail services or encryption when you need more privacy. And remember, sometimes it's easier (and safer) to pick up the phone or use registered mail. Still, with a little forethought and willingness to change how you deal with e-mail, you can speak your mind-with peace of mind.
Contributing Editor TOM NEGRINO's latest book is Quicken 2000 for Macintosh, Visual QuickStart Guide (Peachpit Press, 1999).