Individual users don’t need to be worried about spy systems like Echelon listening in or reading their email, but business users should take care with their email, says software security expert, William Tonkin, managing director of Wellington-based Scientific Software and Systems.
“If, as an individual, I’m sending an email I wouldn’t worry about it too much - just so long as they realise it is the equivalent of a postcard and anyone can read it at any of its stops along the way.” Tonkin says most users don’t think about how the email they send will travel and simply imagine it arriving at its destination immediately that it is sent. Instead, he says, emails take several hops to get to their destination and at each point along the way it can theoretically be intercepted, read and perhaps altered.
“As a business user I’ve got to consider the confidentiality of my email and think a bit harder about what could happen if it’s read or changed.”
Tonkin says there are three things to consider about securing an email - making sure the sender is who they claim to be; making sure nothing has been altered in the body of the email itself and making sure the sender cannot deny their part in the email chain. Tonkin calls these three steps authentication, integrity and non-repudiation. To ensure these three points he says users need to consider not just encrypting their email but also should use digital signatures.
“Digital signatures will help you make sure the person who is sending the email is who you think it is and not some impostor or whatever.”
Tonkin says the risk to email security isn’t just from the likes of Echelon, but that any email travelling through the public network, ie the internet, is exposed to any number of potential threats.
Echelon is in the news this week following a draft report by the EU's Temporary Committee on the Echelon Interception System which concludes that while the existence of the system "is no longer in doubt," analysis shows that it "cannot be nearly as extensive as some sections of the media have assumed." Still, the committee urged EU member states, businesses and private citizens to use encryption software whenever possible.
The report, which is scheduled to be presented to the full parliament on September 4, is the latest in a series of reports spanning four years that have looked into claims of industrial espionage and civil liberties violations stemming from the Echelon system. Run by the US, Great Britain, Australia, Canada and New Zealand, Echelon is believed to be capable of capturing the vast majority of telephone, fax, email and radio communications around the globe for the purposes of being analysed by the intelligence services of the nations that run it. To date, officials in the US have publicly disavowed any knowledge of the Echelon system.