Recent headlines involving General Petraeus and others have once again put the spotlight on the vulnerability of e-mail as a secure communications tool. While many people are shaking their heads at the fall from grace of such a decorated military commander, there are others who are just as concerned about the ease with which the FBI was able to access private e-mail correspondence between two individuals who had at least some expectation of privacy.
The truth is that e-mail has never been private and you could put yourself and others at risk if you think otherwise. A former colleague of mine once compared sending an e-mail to mailing a postcard. At any point in that postcard’s journey, someone can simply pick it up, turn it over and read its contents. That includes the postman who collects the mail, the handlers at the various sorting offices, the postman delivering the mail, anyone who happens to pass by your mailbox, your cleaning lady… OK, you get the picture.
E-mail sent via the Internet (Gmail, Hotmail, Yahoo) passes through multiple servers and routing terminals before it reaches its destination. At each point in its journey, it can be intercepted, stored for an indeterminate amount of time, or even altered. We have all read about server security breaches that led to the exposure of thousands of credit card and social security numbers, and e-mail is no less vulnerable.
In many ways, e-mail sent through private intranets (i.e. company networks) is even more at risk, a point that was brought home to me by a previous employer when I was asked to go through the e-mail of a top salesperson after he left to join a competitor. All it takes is a suspicious boss or an IT administrator with a grudge and all your e-mail, both professional and private, can be exposed to the world without anyone even telling you.
There is a popular misconception that deleting an e-mail means it can no longer be retrieved but that is far from the case. Deleting an e-mail message in Outlook merely removes it from that desktop application, with no impact on the copies held on employer or third-party servers. E-mail archiving policies will vary by organization but many e-mail providers backup their servers constantly, preserving correspondence for months if not years. Even if you manage to successfully delete e-mail from your own servers, the correspondence will still be available via the recipient(s).
If you really need to mask your e-mail – note I didn’t say hide – then you should create a separate Gmail account with no obvious connection to your true identity and then visit a distant Starbucks so you’re using a public server. Even then you might want to buy a secret laptop that you keep at a separate location, so no-one can search for your regular machine’s IP address.
But perhaps the better solution is not to send any incriminating e-mail in the first place. In the digital age there are no secrets, a maxim that the head of the CIA should have known only too well! Personally I think the most disquieting aspect of this affair (pardon the pun!) is the fact that our top spook was so carried away that he ignored this most basic of rule of discretion!
What is your expectation of privacy on email? Twitter? Facebook? Cellular communications? Any?
Monica Vila is “Chief Technology Mom,” born and raised in Mexico and co-founder of The Online Mom, the market leader in providing online and off-line tools to make parents of kids K-12 smarter and more comfortable with the technology that touches their family. The Online Mom is a website, an online newsletter, a forum for discussion, a network of certified experts and a social community devoted to promoting a healthy understanding and appreciation for the positive role technology can play in a family’s life.