|Volume 18, Number 4||The CPSR Newsletter||Fall 2000|
|Email is Not Private||
by Netiva Caftori
What we write is not private even if it is never published or mailed . Once we type, scan, or dictate information it is subject to being read by persons unknown to us. What is on our computer disks may be read locally and remotely. If we email a file it will likely be scanned and analyzed while in transit. Once the file arrives at its destination, as long as it is available to be read by the intended recipient it may also be available to others. The general conclusion is that Email is not private.
The General Loss of Privacy
Jeffrey Rosen says in his book The Unwanted Gaze that there was a time, in England, when the papers stored in a desk at home were considered private. Rosen shows by listing several high profile cases that courts no longer consider diaries that have never been shared to be private to the writer. Notes written on a computer, but never disclosed to anyone by the author can be captured by prosecutors and disclosed to the public, even if the person who wrote the notes is not "on trial."
President Clinton said, "Even Presidents have private lives." He is wrong. No one has a private life. Rosen claims that Brandeis and Warren worried about this loss of privacy more than 100 years ago, saying, "What is whispered in the closet shall be proclaimed from the housetops."
We agree with Rosen's warnings about the loss of privacy and its implications. However, our job in this article is to identify the ways that privacy is technically compromised rather than to argue the social implications.
The Email Process
Email is created as a file. Typically a Mail User Agent (MUA) is used to compose and to read messages which are then sent over the Internet. Older MUA's such as PINE  are accessed via a telnet session. When PINE is used, the file is stored on a time-shared machine in some central location where it is connected to the Internet. More modern MUA's run on the user's personal computer. Eudora by Qualcomm and Outlook by Microsoft are two popular MUA's.
Using Eudora or Outlook for example, the user composes and reads mail on her own PC. To send and/or to receive email, the PC connects via an ISP or private network to SMTP  or POP3 servers that handle the email transmission and reception. Email is stored for periods of time ranging from minutes to many days on these servers. Whenever email is stored it can be compromised in various ways.
Recently, ISP's have been offering NETMAIL  or WEBMAIL  to permit their customers to have access to email using browsers. Some ISP's do not expose their POP3 server to the Internet . WEBmail via a browser is very similar to the use of PINE in that email is composed and stored on the modern equivalent of a time-shared machine. The user is certified by a login. The email file is stored at the ISP site on shared media. Some sites claim that the users password is encrypted and some say that the files are encrypted .
Email authors often have more than one machine, perhaps a desktop at home, a desktop in the office, and a laptop for the road. Lotus Notes and IMAP servers make it convenient for all of these machines to handle a single user's email. They allow email and other files, to be replicated. Replication is really duplication with some scheme for having all copies being synchronized. For instance, if the author starts an email on one machine and then wants to edit it on another, the system will attempt to provide the latest copy for editing. The replication process requires some cooperation from the user, but apparently the ritual is easy enough to learn that these systems are quite popular. The important point is that in these systems, as in the case with Netmail and WEBmail, the users files are stored on a shared media machine that is subject to being read by numerous schemes that we discuss in the next few paragraphs.
Once email is composed it is sent across the Internet, mostly in clear text, where it can be compromised by a variety of methods that we discuss below.
The Tools for Privacy Violation
Email privacy violation is a very easy process. We list some of the most obvious and perhaps for some of you the not so obvious methods in the next few paragraphs. What may surprise you is that there are tools that are being used by employers and could be used by crackers  that operate automatically to find targeted information from files and email.
ZDNET  reported that some employers now insert keystroke monitors  as hidden tasks on user machines. These products were at first developed as ways of restoring keystrokes in the case of a system failure. Those who remember TECO an early text editor will remember that it was easy to wipe out all your work by typing a wrong command. The keystroke recorder saved many sleepless nights and probably a few careers.
Now keystroke recorders keep track of writing, WEB pages, programs used, etc. Rob Graham reports that keystroke loggers often find information that is embarrassing to individuals in companies .
The ZDNET article reports that Keystroke monitors can even be inserted into home machines via Trojan Horse type devices such as Back Orifice.
The popular figure that is often quoted is that over 80 percent of the damage caused to companies due to theft of company secrets is from its own employees. Furthermore, all cases of sexual harassment of interest to a company's HR department are from employees. A vehicle for exporting secrets and for sexual harassment is email. Mailsweeper by Content Technologies  is one of the products that is used to catch email violators.
Mailsweeper operates silently at the e-mail servers to scan outgoing and incoming email. Email with certain key words or phrases can be blocked or can be flagged. Flagged email is copied to some authority, often the HR department for review.
Stuck Queue Clearing
System managers report that the email processors get stuck on a regular basis. Many of us have this experience from time to time when someone sends us an unusually large file. When queues stick the system manager may have to look through the messages that are outgoing or incoming to find out what is wrong. In this case clear-text messages can be read.
It is possible for the sendmail or POP3 server to be hacked such that email from all or some people is diverted. This is essentially a home brew Mailsweeper.
According to The Computer Security Institute (CSI)  report there are gangs of hackers who set off scripts or batch the scripts to break into machines. Any computer connected to the Internet will be attacked from time to time. As Rob Graham of Network Ice points out, firewalls are insufficient to prevent hackers from getting to a site. Site protection requires IDS or intrusion detection on every machine and a process of constant vigilance by system managers or owners.
The implications of the hacker potential means your email is vulnerable if:
As an experiment we set up a Windows 2000 Professional system on a dial-up modem. This machine was then made into an Internet Connection Sharing system by following the simple instructions in the Windows manual. This machine was subjected to the scan  by www.grc.com . The resulting scan showed that the system resources were vulnerable to a hacker. We also know that it is possible to make configuration changes to reduce the system vulnerabilities. The point is that a simple set-up is vulnerable. If any system used by either the author or receiver of email is vulnerable, then the email messages are not private.
Court Required Disclosure
Most of us have heard of the high profile Microsoft case or of the flaps over email in the White House. Perhaps fewer of us recognized that a number of the emails that were disclosed in the Bill Clinton impeachment files were ones that were written but unsent by Monica Lewinsky. She was not on trial, yet the Starr prosecutors submitted to Congress, which published, writing that was on her computer disk, but that was never sent.
There are many instances in which disk drives or files are confiscated by authorities for search and whatever is encountered on these drives can be used without even legal protection. While we cannot reference search situations due to legal issues, the authors have positive information that files are searched on a regular basis.
Improving Email Privacy
There are techniques for improving email privacy. None of them are completely effective, but they do give you some measure of security. It may be important for you to be able to demonstrate in some cases that you at least used the best available practices in protecting your email. This paper contains a brief survey of how to improve email privacy. There are many more ways and products. For instance the Electronic Privacy Information Center (EPIC) Website lists a number of privacy tools .
Encryption is a process that turns a text file into another file that can not be interpreted by the casual or even dedicated observer. Strong encryption should be good enough to hide a file against intruders until the end of the universe. Every once in a while, what is considered to be strong encryption is broken, but for most of us, encrypted email is orders of magnitude safer than clear text.
Encryption software is available for free from the MIT site http://web.mit.edu/network/pgp.html and is also available from McAfee, a business unit of Network Associates. Network Associates purchased Phil Zimmermann's company PGP Inc in 1997. PGP stands for Pretty Good Privacy. In a letter that is linked to the MIT site, Phil assures  us that the PGP team is dedicated to email privacy and has not even considered a back-door for government agencies.
Encryption prevents Mailsweeper or other diversion program from reading the content of email. As the headers are not encrypted it is still possible to capture email from certain senders or to certain receivers for further analysis, but the email itself will be difficult to read if PGP is used to encrypt the body of the text.
The problem with Encryption to date is that both the sender and the receiver have to install the programs and have to follow a ritual that is not quite natural. You cannot decide on the spur of the moment to send encrypted email to one of your colleagues unless you know that they have a PGP agent, an up to date Key Chain, and practice using these tools.
There are several problems with encryption:
Keys and Do you trust me?
Once you decide to use encryption there are a number of choices to be made that complicate the process even as they make it more secure:
MaAfee PGP and File Encryption
The McAfee PGP Personal Privacy product acknowledges the problem with email only encryption and with requiring the receiver to have PGP software. The problem is that the files are vulnerable to being read while they are on your own machine or the machine of the recipient, in spite of the fact that the messages were encrypted in transit.
Note that a file that cannot be read, can still be detected and deleted. The McAfee product is one solution to the privacy problem. However it is an extra burden on those who use it. If steps are missed either privacy is compromised or the files could be lost even to the author.
Have you ever sent a note to someone with the instructions, "Tear this up after reading". They then read the note, put it into their briefcase or desk and proceed with life. The transient note has been archived and can later compromise either the reader or rhe writer.
Disappearing Ink has a product that causes email keys to have time-outs like Mission Impossible; this email self-destructs after a fixed interval. The concept is that the sender is in control because she gives the email a time-window for reading and after that it is "lights out." This scheme is not perfect.
However, even with these flaws the Disappearing Ink product certainly is a strong step in the right direction for privacy advocates.
In the general case email is not private. It can and is read by unintended humans and search engines for a variety of purposes including general searches for things that are "undesirable" in the eyes and minds of someone. There are three ways to improve email security:
Encryption adds overhead to the process of creating and of reading email, and also requires discipline. If the encryption discipline is compromised the email can be lost or sent to the wrong parties.
Professor Netiva Caftori, Northeastern Illinois University
 Rosen, J (2000), The Unwanted Gaze, Random House
 Program for Internet News and Email
 SMTP = Simple Mail Transport Protocol, POP3 -= Post Office Protocol 3
 netmail.att.net for Worldnet
 webmail.mapinet.net for MPINET
 Worldnet does not expose their POP3 server to the Internet
 However, at least two of the services also claim that their WEBmail service is experimental or beta level. One service transmits passwords in clear text, while another service uses encrypted passwords.
 Schwartau, Winn(2000), Cybershock, Thunder's Mouth Press, pg 41
 Invisible KeyLogger by Amecisco
 Self-extracting compressed files refers to files that are shipped with a self contained extraction tool. Similarly McAfee facilitates the transfer of encrypted files that contain a decryption tool.
© Computer Professionals for Social Responsibility
|[ top ]||Newsletter Index|
Created before October 2004