In recent years our increased dependence on computers to run our daily lives has made Electronic Mail an emerging method of communication. For instance, people nowadays prefer to write documents using word processors on computers rather than writing them on a piece of paper. Electronic mail has taken over other forms of communications like conventional mail (postcards), because it is much faster and far less expensive. As more and more users switch to using electronic mail as a form of communication, the threat to privacy becomes an important issue that needs to be dealt with. Privacy means that only the intended receiver can read the message. The main threat with electronic mail is in the security of the mail sent to others. This is due to the presence of "hackers" and "crackers", who try to snoop into mail messages and files sent over the information highway. Like a postcard which contains the sender's and receiver's addresses, electronic mail contains the sender's and receiver's electronic mail addresses. It also contains the "stamps" of all the places (post offices) it has been through to get to your mailbox. These post offices are called nodes, and each of these nodes represents the opportunity for snooping. This occurs because, when you send your electronic mail it travels through one or more networks to reach your mailbox and any users on that network will be able to get hold of your electronic mail. A possible solution to electronic mail privacy is to "encrypt" the mail messages and files sent over the information highway. Encryption is the method of scrambling the data sent over the information highway in such a way that it would render it unreadable to anyone except for the sender and the intended recipient of the message.
In recent years there has been much debate on the subject of encryption with the passage of Senate Bill 266.
The main reason for the controversy is that imposing such a requirement, violates the privacy and freedom of an individual which is a fundamental right. This can also lead in the extreme case to a type of anarchy where the government has total control over everybody's rights and privileges. The passage of the bill also allows "hackers" and "crackers" in obtaining mail messages and files because it imposes the restriction that the government officials are not corruptible. The Senate Bill 266 also raises questions on what stops the illegal usage of "wiretaps" by the government. A question that might be posed is: Why do you need to encrypt your mail in the first place, when you don't have anything to hide?
Electronic mail is a less secure means of communication than the postal system. Therefore, if you feel the need to enclose your letter you are sending to your friend in a envelope (rather writing on a postcard) to keep prying eyes from reading it, it would be logical to encrypt your mail to prevent casual snooping by others. Encrypting your mail is not illegal, it keeps personal thoughts personal, as Duncal Frissell puts it:
Since some innocent fact about you may at some time put you at risk, and since no one can predict what that critical fact will be, a general habit of privacy preservation pays real dividends. (Duncal Frissell)
Encrypting your mail also leads to the notion of solidarity. This means that if people routinely encrypted their mail then no one will draw suspicion when they use encryption. Also with the passage of the Senate Bill 266 it has become of increasing importance to provide security in the transactions carried out over the information highway.
In response to the recent debate over the issue of privacy, new software has been created to help the users of the electronic highway to communicate with the satisfaction, that their mail was safely received by the recipient with privacy. For the software to implement privacy effectively it needs to be able to encrypt the mail messages or files sent using that software. Secondly, the software must be able to decrypt the message with a cryptographic key supplied. A cryptographic key is like a normal key used for locking. It can be used to secure the documents and files sent over the information highway. On the other hand, unlike an ordinary key a cryptographic key cannot be forged, due to the way it is constructed. Another feature to such a software would be message "authentication". Authentication is the method of acknowledging the sender of the message, it is a digital signature to a message, which proves the true originator of the message. Message authentication makes forgery of signed messages infeasible, so the sender cannot disavow his signature to a message.
A software that provides exchanging of files or messages with privacy, authentication and convenience is Pretty Good Privacy (PGP) mail, created by Phil's Pretty Good Software. PGP is a high security cryptographic software that can be used on different platforms, including MSDOS, UNIX, VAX/VMS and other computers. PGP uses public key encryption technology, this allows safe transfer of mail. In contemporary encryption technology one needs to produce a unique key that will be shared between himself and the person sending the encrypted mail. With PGP the user does not have to bother with the need to exchange keys (used for encryption) between the users. This means that there is no need to get a secure channel to exchange the keys between the users. Using PGP also increases the performance of the public-key functions compared to other software implementations. PGP does not cost the user any money. It is available on the internet for free. Other software that compete with PGP are (the following link is not part of my paper) RSA and (the following link is not part of my paper) RIPEM. They all use public encryption technology.
How secure is PGP? No data security system is impenetrable. PGP is vulnerable to viruses like Trojan horses, breaches in physical security and direct crypt analysis. Even though PGP may be breached it provides a level of security that would not be present if you did not use it. Therefore, it can be concluded that using this software results in better privacy, even though it cannot be assured to one hundred percent.
One problem with using PGP as the form of encryption technology is that it is (the following link is not part of my paper) illegal. The main reason behind this is that the government feels insecure in the fact that they will not be able to decrypt any of the messages sent over the information highway when they feel it is important. The only software that is currently available for usage legally is RSA. Using RSA, however, will cost in the millions of dollars for the individual, due to the high royalty demanded by the designers of this software (this may be a reason as to why it is legal to use this software). One solution to this problem would be by government intervention, making the software available to everybody at a reasonable price. This will allow every electronic mail server to have software that can be used by individuals to protect the mail they send to others.
There is no clear cut solution to the problem of electronic mail security in which both the government and users of electronic mail will be satisfied. One solution would be to legalize the use of encryption in electronic mail, but give the government the power to "wiretap" into the mail sent, provided they have a good reason for doing so. In order to ensure that illegal "wiretaps" do not occur, the organization (FBI, CIA) will have to get a court order. The software (RSA or PGP) will also ensure that "hackers" and "crackers" will not be able to snoop into mail messages sent over the information highway, since the encryption/decryption keys used are virtually unbreakable. This will provide the user with the security that his privacy is not being violated, while helping the government in keeping a tab on those people they feel might be violating national security.