Is email secure?

No:  As secure as a postcard

What can happen to email? Here are some alarming facts!

1. Email systems are often very simple and insecure. See separate notes on ‘ultra-security’ for more detail on the meaning of ‘encryption’ and ‘anti key stroke monitoring’.

  • Most email systems – including in particular Google’s GMail & Microsoft’s Hotmail – are not encrypted – or only partially. In June of 2009 GMail were asked why ‘they were “needlessly” putting people at risk’. Ben Edelman, an assistant Professor at Harvard Business School said it was a ‘frightening prospect’ that criminals could ‘snoop on unencrypted data, pose as a user, send emails in the owner’s name, abuse their identity, change a password or hijack an account’.
  • Logging on is usually a very simple process, one stage and no anti key stroke monitoring (to prevent your key strokes being recorded by some rogue software in the computer and so give the unscrupulous the ability to ‘read’ your passwords) and is also highly unlikely to be encrypted.  Or if it is encrypted, then this is turned off once sign-in is completed! As is the case for Google (August 2009).
  • A number do not even have entry by password.
  • Many systems allow passwords to be left on computers so that the system opens automatically on start up.
  • Many email systems do not shut off after a period of inactivity so others could access your account hours after you have left the computer.
  • It is very easy to forge email, that is, to send email as if it came from someone else.

2. Emails can be automatically forwarded

  • The person to whom you send an email is away and they have set their system automatically to forward emails to friends, family, colleagues, etc – who you may not wish to see the email!
  • The recipient does not know that there is a virus in his system and that his emails are automatically forwarded to other people.
  • Many people do not have up to date anti-virus software. How is the sender of an email to know what the recipient has installed and how effective it is?
  • It is very easy for somebody to forward an email in error.

3. Emails can get lost

  • Because the SPAM or Junk filter prevents them getting through to the recipient.
  • Emails can end up not being delivered and disappear (where to?) because the attachments are larger than the recipient’s email will accept.

4. Once sent an email cannot be stopped. So if sent in error the sender cannot retrieve it.

5. Emails are easily intercepted.

  • They pass through many networks to get to their final destination, and all the network managers can read your mail if they wish.   If the email transfer goes wrong e.g. the address is corrupted, your email will be read. Network managers are told automatically if something goes amiss. Your email will appear on their screen along with an error message, giving them the chance to correct the problem and make sure it gets to its destination. If you have sent confidential information they will be able to see it.
  • If you send and receive email at work, it may be intercepted by your company for security reasons. They have every right to do this and you won’t know it is happening.
  • Hackers can and do break into email servers and networks from time to time and who knows what they are looking for?
  • It is possible for snoopers to install a “sniffer” on the Internet that intercepts all your incoming or outgoing mail. It’s very hard to protect against this as email is largely ‘unencrypted’ i.e. not ‘scrambled’ to prevent it being read by people other than the direct participants.

6. Copies of emails are stored.

  • Many Internet service Providers (ISP) store copies of your e-mail messages on their mail servers before they are delivered. The backups of these can remain up to several months on their server, even if you delete them in your mailbox. Never mind what the Government might additionally require!

7. Commercial pressures.

  • ISPs and mail service providers may also compromise e-mail privacy because of commercial pressure. A number of online e-mail providers, allegedly such as Yahoo Mail or Google’s Gmail, may display context-sensitive advertisements depending on what the user is reading. While the system is automated and typically protected from outside intrusion, industry leaders have expressed concern over such ‘data mining’.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.