White Paper: Email security

If used as part of computer security planning system, encryption software can ensure that email messages will not be overheard,...

If used as part of computer security planning system, encryption software can ensure that email messages will not be overheard, intercepted, altered or otherwise misused

Email v. snail mail

Hacker, cracker ( sniffer, spy

Encryption to the rescue


(c) 1994 ( 1998 Computer Law Section of the State Bar of Georgia

Compiled by Arlene Martin

Increasingly, electronic information processing and communication is replacing paper in many applications. A decade or so ago, the fax machine was used primarily by large law offices and a few other professionals. Today, the fax machine is a tool that most businesses require just to compete and a machine is frequently found in the homes of individuals. Email appears to be moving along a similar path and is becoming a mainstream business tool. Although email did not originate in the law office, it is beginning to find a home there. Widespread electronic document distribution, including multimedia messages, is in the foreseeable future. Once available, this application seems likely to affix itself widely and deeply into the practice of law. The Internet, the backbone of wide-area electronic mail communications, is growing at the phenomenal rate of 13 to 20 per cent each month. What advantages of electronic communications fuel this rapid switch from paper-based communications? First, there is the speed. Electronic messages move at the speed of light while paper moves at the speed of the postal service. From the earliest days of the Internet, conventional mail has been referred to as "snail-mail." Second, there is a cost advantage. Faxing a single page document across the country costs at least as much as a first-class stamp. Email can send about 100 pages, quicker, for the same amount. Next, the storage space for archiving electronic documents is a tremendous advantage, particularly to the small practitioner who keeps a sharp eye on office overheads. An 8mm tape cartridge that costs around £10 and is the size of an audio cassette can store 10 gigabytes (10 billion bytes) of data, the equivalent of 10 million pages of text. The savings in floor space and file cabinets alone is astounding. Electronic mail and other documents can be accessed more rapidly and accurately than paper documents. While the contents of the document are reviewed on-screen or printed onto paper, the original remains safely filed away on disk where it is less vulnerable to misfiling or loss. This access can be "content-based" as well. Searches for all documents of a certain content can be completed and the information retrieved in seconds. Similar paper searches may not be practical at all. Further, while each copy of a paper document is degraded somewhat, a copy of a digitally stored document is indistinguishable from the original. Thus, the reproducibility of electronic documents is superior as well. Finally, the convenience of typing correspondence and having it appear at its destination seconds later has an infectious appeal as well. Once accustomed to communicating by email, other modern forms of communications may seem plodding in comparison. Messages appear magically in the "in box" of a client, co-counsel, opposing counsel, consultant, or even the court, seconds after being sent. In some systems, even a "return receipt" is generated. Email messages may be forwarded, stored or replied to with the touch of a button. With the multiple-addressing capability of email, sending messages to several people is almost as easy as to a single recipient. Email is arguably the most efficient means of communication yet devised by humans, with the possible exception of gestures. So, what could be the problems with a tool that has such powerful advantages? Seasoned "netlawyers" need no warning about the party-line communications over the Internet. However, the average, unsophisticated email user is blissfully unaware of the potentially serious problems existing with communications over a far-flung computer network. The principle problem is privacy or, actually, a lack of privacy. There have been some notorious and embarrassing situations involving email messages that were thought to be private and untraceable. There is controversy about employer monitoring of employee email and the need to balance employee privacy against the needs of corporate, or even national, security interests. These problems are real, but to the extent that they are confined to Local Area Networks (LAN) existing internally to a law firm, they are irrelevant to this paper. While these are compelling and even intriguing discussions, they are beyond the scope of this paper. Primarily, this paper focuses on the problems that may be associated with the use of email communications over a wide area network, i.e., the Internet. What's in a name? In these names ( trouble for the attorney who communicates with clients or potential clients over the Internet. These are names of several of the potential eavesdroppers on the Internet. A hacker is simply someone who is intensely interested in complex computer systems. But, much to legitimate hackers' dismay, the term has also become synonymous with cracker ( one whose interest includes unauthorised entry and modification of these computer systems. True hackers are often system operators and administrators who detect, repair and prevent the break-in and damage caused by crackers. Crackers may be the computer equivalent of joyriders. They may just break in for a brief, exciting excursion through the files found on a computer. Coming across a file or document that seems particularly interesting, they may copy it, alter it, delete it, or simply read it. Their tools are myriad and new ones appear rapidly. Crackers can even present serious concerns for the attorney who, although connected to a network, does not even communicate by email. Recently, a tool for probing a remote computer for security vulnerabilities became available. This is known as the Security Administrator Tool for Analysing Networks (SATAN). SATAN not only analyses the remote computer's weak points, but it also provides extensive documentation on the vulnerabilities identified and how to repair them. SATAN is not the first tool of this kind. However, the problem is that SATAN was released to the Internet. This means that it is widely available for both legitimate use by system administrators and diabolical use by the crackers. It has become a race between the system administrators to find and plug the leaks in their computers' security and the crackers intent on finding and exploiting those weaknesses. A tremendous industry has arisen to provide security from break-in. However, break-ins are always a potential problem and simply devising a means of protecting email serves little purpose if the computer that originates and receives the email is left open for exploration via a network from outside the firm. So what are sniffers? Computer communications channels are party lines. The information intended for any computer on the network may pass through virtually any number of other computers while in transit. This sharing of the communications line means that computers can receive information that was actually intended for other machines on the network. Capturing this information as it is going over the network is called sniffing. One extremely common way of connecting computers is through Ethernet. This works by transmitting data "packets" to all of the computers that are on the same circuit. Each packet is preceded by a header. The header contains the "address" of the sender, the address of the recipient and other information required keeping the communications organised and reliable. Following the header is the actual message data contained in the packet. Unless some form of encryption is used, the message data is simply transmitted as text just as it would normally be displayed on the recipient's screen. Normally, the computers on the network will only accept the packets that are addressed to them. However, software is commonly available that, when running on a computer on the network, will accept the data regardless of what the packet header indicates the intended recipient to be. The sniffer software can be programmed to select only data coming from, or intended for, a specific machine or machines. Once this data is received, the software can be configured so that the message data is stored on a file on the sniffer's hard drive. Long messages may occupy many data packets, but the technique is the same regardless of message length. If necessary, the data from the packets stored on the sniffer's computer can be reassembled into a single contiguous block of data. Miraculously, the stolen message reappears in it's original form. It is somewhat similar to placing a cellular phone into a certain mode of operation and listening to phone calls intended for anyone talking on the phone at that time. The subtle thing about a sniffer is that they do not even have to know your password to steal your client's secrets, your litigation strategy, your analysis of potential jurors, your credit card number, or the Christmas shopping list you just sent to your relatives across the country. The sniffer does not even have to be a cracker to obtain highly damaging information that was (at one time) protected from exposure behind exhaustive security measures. Once the data is transmitted onto the Internet, it becomes fair game. But is sniffing a violation of law? Yes, it may violate federal statues and state codes. But so does burglary and arson from which an attorney has a duty to protect his clients' secrets, confidences and documents. Under the Electronic Communications Privacy Act (ECPA), reading electronic mail messages exchanged over public email systems by anyone other than the sender and receiver is a felony. However, sniffing may be a legitimate and even necessary function of a networks administrator who is monitoring the traffic load on certain parts of the network to ensure proper functionality. Even the most discrete network administrator might be tempted to read email legitimately sniffed off the network if he realises that it contains interesting material. Hackers are human too. Unencrypted email messages can be an unnecessary temptation to these legitimate sniffers. Not only can people try to pretend to be someone they are not, so can computers. This is called spoofing. The spoofer uses the recipient address in the data packet header that the sniffer uses, and configures their machine to emulate the recipient's machine. When data comes along the network that is intended for the actual recipient, the spoofer receives it instead and automatically sends a packet to the sender which makes the sender believe that the message was properly received. In fact, the spoofer can read the email, concoct a reply and send it back to the unsuspecting person who is unaware that he is communicating with an impostor. More subtly, the spoofer can alter the original email and then relay it on to the intended recipient. Of course, it is also possible for someone to gain access to another's password and use that person's computer to send out inauthentic messages. This is a common but low-tech method of spoofing as well. Perhaps this points out that effective confidentiality and privacy is no stronger than the weakest link in a chain. If co-counsel, support staff, consultants, or others have physical access to the practitioner's computer or password, then encryption alone may be of no use. Thus this paper assumes that proper physical security measures, staff screenings and other operational matters, spiced with both common sense and reasonable suspicion, are in place. So will encryption of email cure all problems? Can it make your office overhead decrease, opposing counsel more accommodating, your work day shorter, your golf or tennis game better, your clients actually glad to pay your fee, or guarantee that all client secrets and confidences remain so? Of course not. But, if part of total physical, operational and computer security planning, it can substantially ensure that your email messages will not be overheard, intercepted, altered or otherwise misused as it transits the twisty passages of the Internet labyrinth. Robust encryption can virtually guarantee that sniffers will not be able to read the data contained in the packets that they "hear". The text is so garbled that it is completely unintelligible. Spoofers are frustrated by this same feature but even if the message itself is not encrypted, i.e. it is transmitted in clear text, encryption can provide substantial certainty that any message received was transmitted by the individual purporting to have sent it. Certain encryption software can even scramble the packet header information so that it is impractical to spoof the message at all. Encryption itself is not without problems however. Tremendous controversy rages today about privacy concerns on the Internet and the role that encryption should play in addressing those concerns. How good should the resulting privacy be and privacy from whom? Just how good is the encryption that is available to the average attorney? Additionally, encryption software may not be as user-friendly as some would like. Also, the administration, distribution and authentication of a multitude of users' encryption keys is not a trivial concern. A great deal of current encryption software uses the principle of public-key cryptography. In public-key encryption there are two different keys that are used. One key is used by the sender to encrypt the message and another is used by the recipient to decrypt it. The keys come in pairs; an individual's encryption key is paired with the decryption key. One key cannot be derived from the other, so someone with the encryption key cannot decrypt messages using that key. For example, Alice, an individual who wants to communicate securely, generates an encryption key and a corresponding decryption key. She keeps the decryption key secret; this is called the private key. She publishes the encryption key; this is called the public key. The public key is made so that anyone can get a copy of it. Alice may email it to her friends, post it on bulletin boards, link it to her World Wide Web homepage, etc. When someone wants to send a message to Alice, first they find her public key. They encrypt their message in their public key and send the now-encrypted message to Alice. When Alice receives it, she decrypts it with her private key. Even the person who encrypted the message to Alice could not read the message once it was encrypted. They did not have the decryption key. Mail security means delivery to the addressee only, that is, with confidentiality. The modern standard for confidentiality in mail is the single white envelope, wherein almost all commercial mail moves. Only a small portion of mail requires higher security than that. However, unlike paper mail, the world of electronic mail is a world of postcards. Messages travel from machine, to machine open and available. Without encryption, only a combination of culture and law act to protect confidentiality. An attorney's communications with a client or about a client's matters have a heightened need for privacy. The prudent lawyer will add to those protections for email by placing their messages in the "envelope" of encryption. Encryption alone will not provide adequate security for the attorney's computer systems. However, it is an important link in the computer security chain that cannot be ignored.

Read more on Antivirus, firewall and IDS products