Email Privacy, Email Piracy

Email Piracy, Email Privacy?
by Mike Banks Valentine

How much sensitive information do you send via email? Email piracy is usually not a major issue for small businesses online. If only because there's not enough *money* at stake for expensive industrial espionage and undercutting by competitors who beat you to the punch in launching a new idea because they worked out how to intercept your emails to a business partner.

I have signed fairly high-level Non-Disclosure Agreements and faxed them over non-secured phone lines and discussed them via email as we negotiate terms or propose changes to sensitive parts of a contract. I have discussed important decisions by email and brainstormed new ideas for incredible new internet businesses with start-up firms risking their financial future on an idea. Just a delicate idea, that if stolen, could mean financial ruin for a few individuals.

But nobody I've ever dealt with has even once expressed any concern that their email could be intercepted and read by a third party while in transit across the web. It's possible but improbable that corporate spies or simply your neighbors twelve-year-old may be able to access your email as it zips across the span of the back yard phone line past his bedroom window, via those little copper wires.

Well unless you are a criminal, a spy, or a brilliant scientist with a billion dollar idea - it's not likely you'll care if any of your email communications are intercepted in transit online. But if you do have reason to keep your communications private, say sensitive company information meant for clients eyes only or a letter of resignation for your boss or even that private conversation with a friend or lover, sit up and pay attention.

There is a simple, if time-consuming way to have your email encrypted for privacy and signed for authenticity that is rarely used. You might consider going through the process of applying for a digital certificate for your email client.

This encrypts those little personal information files and claims that your email is secure from any prying eyes in transit since it is encrypted and cannot be read unless the recipient has a copy of your "Public Key" as it is referred to. Your Digital Certificate that is saved by your email software to identify you to those you *want* to receive and un-encrypt your new private emails.

There is a rather long process to put you through with tutorials which show you how to set up either Explorer or NetScape to accept a "root certificate". This digital certificate identifies you as the *owner* of the account and allows your emails to be encrypted by your email software. Be prepared for anywhere between a half-hour to an hour to set this up for your new account.

Then you establish passwords and save a copy of your new certificate to removable disks so that you can keep a backup to be able to access your own mail should your computer ever crash or the information in your software become corrupted.

You can also do nearly the same process with either of several certificate issuing authorities online. Two related companies that offer these certificates are Verisign and Thawte, which is owned by Verisign, (go figure) at http://www.verisign.com and at http://www.thawte.com . The Verisign version costs $14.95 yearly and the Thawte version is free, with the ability to upgrade to a paid version they call the "Web of Trust".

Both of these certificate issuing authorities offer the same long process of setting up your account and send you emails to verify your address before providing usernames and passwords to access and "install" your new certificate.

When you apply for the Thawte certificate, you will have to swallow a big "trust-me" pill as they require extensive information about you, including social security number or driver license number along with five (yes, I said FIVE!) reminder clues to retrieve your password should you ever forget or misplace it. The application process offers some very long, if occassionally humorous text in the instructions and warns you sternly to "WRITE DOWN YOUR PASSWORD AND REMEMBER IT" or it will be very difficult to retrieve.

So if you're just in the habit of telling embarrassing personal secrets or gossiping to friends and family, it's probably not worth the effort and energy to encrypt and sign your emails. But if you are doing serious business online and need to email sensitive contracts, non- discolosure agreements or million dollar ideas, consider applying for a digital certificate.

The digital signature allows you to assert that you *are* who you say you are via email and encrypt your messages so they can't be read if intercepted by prying eyes or even nosy neighbors. Maybe you just want to be certain that it is your mother you are talking to and not a houseguest that signed on to the web on her computer and downloaded her email. The passwords and encryption take a few extra minutes and if you are using netscape, you'll have to go through an additional step to set up another user profile.

Or there is also the option of being sweet and innocent with no secrets and nothing to hide! ;-)

  --------------------------------------------------------
WebSite101 "Reading List" Weekly Netrepreneur Tip Sheet Ezine emphasizing small business online http://website101.com/arch/ e-tutorial online at: http://website101.com/shortcourse.html By week's end you're ready expand your business to the web!
--------------------------------------------------------


Email Tutorial Index