Email Piracy, Email
by Mike Banks Valentine
How much sensitive information do you send via email? Email
piracy is usually not a major issue for small businesses
online. If only because there's not enough *money* at stake
for expensive industrial espionage and undercutting by
competitors who beat you to the punch in launching a new
idea because they worked out how to intercept your emails
to a business partner.
I have signed fairly high-level Non-Disclosure Agreements
and faxed them over non-secured phone lines and discussed
them via email as we negotiate terms or propose changes to
sensitive parts of a contract. I have discussed important
decisions by email and brainstormed new ideas for incredible
new internet businesses with start-up firms risking their
financial future on an idea. Just a delicate idea, that if
stolen, could mean financial ruin for a few individuals.
But nobody I've ever dealt with has even once expressed any
concern that their email could be intercepted and read by
third party while in transit across the web. It's possible
but improbable that corporate spies or simply your neighbors
twelve-year-old may be able to access your email as it zips
across the span of the back yard phone line past his bedroom
window, via those little copper wires.
Well unless you are a criminal, a spy, or a brilliant
scientist with a billion dollar idea - it's not likely you'll
care if any of your email communications are intercepted in
transit online. But if you do have reason to keep your
communications private, say sensitive company information
meant for clients eyes only or a letter of resignation for
your boss or even that private conversation with a friend
lover, sit up and pay attention.
There is a simple, if time-consuming way to have your email
encrypted for privacy and signed for authenticity that is
rarely used. You might consider going through the process
of applying for a digital certificate for your email client.
This is a multi-step process done online through one of
several cerificate authorities or an email privacy service,
such as one called PrivacyX.com ( http://www.privacyX.com
If you use them, you are announcing to the world that your
email is private, since you become "username@privacyX.com"
It seems a bit incongruous but does make a statement.
In the case of the PrivacyX service, you are applying for
what amounts to an email service, either paid, or free in
this case. You can arrange to open this account directly
with PrivacyX and direct all your private email through
*their* service via your own Internet Service Provider's
PrivacyX collects little personal information and claims
that your email is secure from any prying eyes in transit
since it is encrypted and cannot be read unless the recipient
has a copy of your "Public Key" as it is referred
Digital Certificate that is saved by your email software to
identify you to those you *want* to receive and un-encrypt
your new private emails.
They have a rather long process to put you through with two
tutorials which show you how to set up either Explorer or
NetScape to accept their "root certificate". This
certificate identifies you as the *owner* of the PrivacyX
account and allows your emails to be encrypted by your email
software. Be prepared for anywhere between a half-hour to
hour to set this up for your new account.
Then you establish passwords and save a copy of your new
certificate to removable disks so that you can keep a backup
to be able to access your own mail should your computer ever
crash or the information in your software become corrupted.
You can also do nearly the same process with either of
several certificate issuing authorities online. Two related
companies that offer these certificates are Verisign and
Thawte, which is owned by Verisign, (go figure) at
and at http://www.thawte.com
The Verisign version costs $14.95 yearly and the Thawte
version is free, with the ability to upgrade to a
paid version they call the "Web of Trust".
Both of these certificate issuing authorities offer the
same long process of setting up your account and send you
emails to verify your address before providing usernames
and passwords to access and "install" your new certificate.
When you apply for the Thawte certificate, you will have to
swallow a big "trust-me" pill as they require extensive
information about you, including social security number or
driver license number along with five (yes, I said FIVE!)
reminder clues to retrieve your password should you ever
forget or misplace it. The application process offers some
very long, if occassionally humorous text in the
instructions and warns you sternly to "WRITE DOWN YOUR
PASSWORD AND REMEMBER IT" or it will be very difficult
So if you're just in the habit of telling embarrassing
personal secrets or gossiping to friends and family, it's
probably not worth the effort and energy to encrypt and
sign your emails. But if you are doing serious business
online and need to email sensitive contracts, non-
discolosure agreements or million dollar ideas, consider
applying for PrivacyX email or a digital certificate.
The digital signature allows you to assert that you *are*
who you say you are via email and encrypt your messages so
they can't be read if intercepted by prying eyes or even
nosy neighbors. Maybe you just want to be certain that
it is your mother you are talking to and not a houseguest
that signed on to the web on her computer and downloaded
her email. The passwords and encryption take a few extra
minutes and if you are using netscape, you'll have to go
through an additional step to set up another user profile.
Or there is also the option of being sweet and innocent
with no secrets and nothing to hide! ;-)
WebSite101 "Reading List" Weekly Netrepreneur Tip Sheet Ezine
emphasizing small business online http://website101.com/arch/
e-tutorial online at: http://website101.com/shortcourse.html
By week's end you're ready expand your business to the web!
to Privacy Resources at WebSite101