Safe use of Emails

Most of us cannot get by whether at work or socially without using emails on a daily basis. However, there are a great number of problems that can arise out of you using the email service if you do not understand the risks involved.

As discussed in some detail in the identity and privacy section there are a number of serious privacy, identity theft, scam, spam, etc, issues associated with emails. In this section we will not focus on those, but on the implications of using emails.

So lets get emails into prospective.

Emails are like postcards – everyone (who has access to the various system components) including the postman can read them as they travel to your inbox.

Emails can end up being stored for years on various mailservers, even though you may have deleted it from your inbox and or outbox (or any other place you store your emails). It is very hard to guarantee that a particular email has been properly deleted. Your employer may have a email retention policy that emails entering and leaving their system will be stored for X years regardless of whether the user actually deletes the email or not. Worse still due to various backup policies, most email servers are backed up on a daily basis just in case the hardware fails. However, those backups (typically on tapes) are held for long periods of time even years. Thus even if you have purge the email from your mailbox, your employer or Internet Service Provider may still have multiple copies of it floating around.

Worse still the recipient who has received your email will have multiple copies for exactly the same reasons as stated above.

Once you have sent an email you lose control over it, i.e. what happens to it. The recipient can mass mail it out to lots of other people, choose to publish it on blogging website, etc.

The risks described above can be dramatically reduced if you use some of the following rules:
Email Rule A

Never put in an email what you would be a shamed of or embarrassed by or could cause you other problems if that email was make public to the world!

This is heavy statement to make and sometimes quite hard to follow – but you must follow it. Pause for a moment and think about what you have sent in your emails over the last few days. If you are a business person or an employee, the ramifications are probably even worse. Most businesses have strict rules about what can and cannot be sent by email. Some businesses even enforce email encryption. Make yourself familiar with the email policy / rules at your place of work.

Furthermore, DO NOT under any circumstance include your bank account, credit card or PIN details – this information is very dangerous to you, especially if criminals get hold of it.
Email Rule B

If possible, use strong email encryption for sensitive information (assuming the law allows this in country where you live and work and where the recipient lives and works).

By the way..... wanting privacy is a basic human right and human need if we are to function correctly as a society. However, in recent years a number of governments are trying to adopt various measures which erode this basic right. It is a difficult balance trying to protect the population from terrorist attacks vs the eroding of human rights (whether they are explicit or implicit). Arguments used can be summarized as follows: “If you are doing nothing wrong ... then you have nothing to worry about” as they erode our privacy. To which a counter argument can be summarized as follows: “If I am doing nothing wrong then you have no need to spy on me.” Worse still the authorities may do something wrong with that information. Bruce Schneier has an excellent essay on this very topic see "The Value Of Privacy ".

Bruce Schneier is a recognised expert, author and commentator on the subject of security.

You may be required by national laws (depending which country you live in) to provide the plain text and or decryption keys to your emails if requested by a suitable person, e.g. judge or some authorised official. Using encryption in some countries is banned and may attract unwanted attention from the authorities. Thus think carefully before you use it, why you want to use it. Is the information you are sending in an email worthy of encryption. On balance using encryption is worthwhile (assuming it is allowed by the laws where you live and work).

How do you use strong encryption to protect your emails? If you are in business, you will probably want to automate the process and you will end up buying a commercial package to do so. As a private individual there a number software packages that you can use, some of which are free for personal use. Check the licences carefully. Also some packages are easier to use and integrate much more easily with your email client.

Have a look at the following, most of these are available for all operating system types include Microsoft Windows, Mac OS, Linux, etc.

* PGP (Pretty Good Privacy) - a good reputable encryption and security package.
* GnuPG – Free open source implementation of the pgp standard. (www.gnupg.org).



As with all things you must invest some time to read the documentation carefully and learn how to use these tools. Also learn what the limitations are. Some of the main limitations of all these tools is that even though the email itself is encrypted in transit the email will remain in plain text on your machine and on the recipient's machine. Furthermore, once the recipient has decrypted it you have totally lost control of what they can do with that email – i..e they may choose to forward it with encrypting it.
Email Rule C

Check and then re-check the “To” address field before you send the email. It is so easy to send the emails to the wrong people – which could end up with significant ramifications for you. However, if you had followed Email Rule A the damage could possibly limited in some small way. E.g. if you are sending out your job application and CV to a prospective employer and you send it to your present employer by mistake. There are many worse examples than this.

Check and then recheck the content of the email to determine if it breaks Email Rule A!

Note: Even if you think you have deleted something from your computer, e.g. an email it still may be present. Assuming your emails are stored on your computer, the email package will typically mark the email as deleted but will not actually delete it until some you run the “compact folders” option in the email client. Worse still, it is still possible using tools from the Internet to recover deleted from your computer (assuming you have emptied the recycle bin), by examining the hard disk at a very technical level.