E-mail Insecurity in a Litigious Society

Computerworld - I don't need to tell you that e-mail has changed the way the world communicates. I get more e-mails by far than I do letters delivered the old-fashioned way. That said, there's one aspect of e-mail that many of us overlook at our peril, and that's the information we put in our messages.

E-mail was not intended as a secure means of communication. Whether you're an attorney, an accountant, a CEO, a chief financial officer or an internal auditor -- even if you work at home or are retired -- you need to know that what you put in an e-mail could one day become key evidence in litigation.

Remember that the vast majority of e-mails traverse the globe in an unencrypted format. This is analogous to sending a postcard via regular mail. Think about it: What's to stop your mail carrier (or anyone else in the postal delivery chain) from reading the messages you write on postcards? Unless you've written in some obscure language used by only a handful of people, nothing can stop such peeping. Yet e-mails (containing information like account numbers, Social Security numbers and/or other sensitive and personal data) are passed around by millions each day with nary a thought to potential consequences.

And e-mails not only are vulnerable to snooping and contribute to a general loss of privacy; they have also become an increasingly used tool in litigation. The use of e-mail information as evidence in the Microsoft antitrust trial was just one of the most visible examples.

According to Jack Seward, a digital forensic accounting technologist in New York, some users still believe that digital encryption of e-mail isn't necessary. They argue that e-mail carries the reasonable expectation of privacy. Although that may have been true once, Seward warns, "known technological vulnerabilities of unencrypted e-mail make this presumption an old wives' tale at best."

What about e-mail accidents? It is easy to have e-mail accidents, and accidents are more common in important business and personal communications than most people may realize. An e-mail message can be easily sent to anyone in an instant -- and there's no hope of retrieving it once you hit Send. It takes just a single errant keystroke or mouse click to send a message to the wrong recipient.

With password protection and encryption, a user can have some measure of security for misdirected messages. However, the best way to prevent accidents is to teach users what to do when things go wrong, as well as how to do it right in the first place. If possible, IT managers should also configure e-mail software so that the default setting produces the safest outcome.