Thought for the day:The silence of the LANs

Hard-hitting IT commentator Dr Simon Moores gives his personal take on the hot issue of the day.

Hard-hitting IT commentator Dr Simon Moores gives his personal take on the hot issue of the day.

It seems that everyone is worrying about e-mail at the moment and not without reason. You could be Ford or Allied Irish Bank or simply paranoid like me, the Hannibal Lecter of IT, with a taste for good Chianti and a raw information scandal.

Like it or not, most companies now need to think pretty seriously about having an e-mail auditing programme (EAP) in place. They are, after all, being increasingly squeezed between flesh-coloured concerns over personal privacy and the risk of corporate liability; a rock and a hard place.

Nobody, of course, wants to see his or her e-mail auctioned-off to the highest bidder. That is what happened on eBay, when an auctioneer, using the alias of "Cruvdog" offered 64 pages of personal e-mail between Enron's former Chairman, Kenneth Lay and its CEO Jeffrey Skilling to the highest bidder.

What happens then, if someone steals your mail? Who is responsible and can you protect yourself from the risk?

Fortunately in the UK we have the 1998 Data Protection Act which offers us some protection in law. We have the right to see any personal information that is stored electronically as well as physically, the kind of progressive legislation which can make a Civil Servant's bottom twitch. Unfortunately if an opportunist like Cruvdog, sniffing around an abandoned Mail Server, manages to find a few interesting scraps with your name attached and then proceeds to auction these from an offshore site, outside of the reach of the Data Protection Registrar, there's not much you can do about it other than protest at the injustice.

There are of course many different examples of content "insecurity". My travels in the Middle-east have revealed that at the most senior and influential levels of government and industry people are using Hotmail and Yahoo accounts to bypass the routine monitoring of local Internet traffic. Osama Bin Laden had one such account and I'll bet that Mr Arafat does too. It would be naïve to think that Western security services hadn't spotted this little opportunity a long time ago.

Although such services are allegedly secure, e-mail conversations still have to be kept on file "for reasons of national security". Here, if the government gets its way, every little indiscretion passed over the Internet will be available for seven years, including my innocent chat-room encounters with the fabulous "Pussycat-1" in Vancouver.

One security consultancy, is, I know, itching to sell the Whitehall mandarins an e-mail auditing service and most recently, the very public confrontation between Mr Byers and Mr Sixsmith at the Department of Transport has once again got the civil service agonising over their own use of e-mail. You'll remember the character of Sir Humphrey Appleby in Yes Minister, arguing that "The Official Secrets Act is there to protect officials' secrets and the very idea of open government and e-mail would have been anathema to him.

There's a strange irony that people will write and include in an e-mail indiscretions and images that they would never dream of committing to a letter. E-mail encourages a feeling of invisibility, a splendid isolation from responsibility, which only exists in the imagination of the user, so remember, that everything you ever type in a message may be stored both locally and remotely and that a touch of paranoia isn't such an unhealthy condition in a digital society.

Have you ever sent a business-related e-mail you've later regretted? Would you be concerned if the government were to tap into your e-mail "Sent Mail" basket? We'd like to hear your views on e-mail privacy >>

Zentelligence: Setting the world to rights with the collected thoughts and ramblings of the futurist writer, broadcaster and Computer Weekly columnist Simon Moores.

Read more on IT risk management

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close