Weekly Edition
Return to the Press page
| |||||||||||||
|
| |||||||||||||
Keeping email under lock and (public) key (NewsForge)
Marcelo Rinesi
explains how to encrypt mail archives in a NewsForge article.
"With governments and law enforcement organizations pushing for increasingly intrusive monitoring and logging of business email messages, network administrators are put in an uncomfortable situation. Even disregarding privacy implications, such systems pose security problems at least as serious as those they attempt to solve. A "master archive" of emails is after all an extremely tempting target to external hackers, but it also has staggering potential for internal abuse. Ideally, we would want no centralized mail logs, but legal and corporate requirements mandate suitable record-keeping in the case of an internal or external audit. One way to meet both goals is by encrypting the archive using public key cryptography."
(Log in to post comments)
Stay Away from Gmail Posted Jul 3, 2005 2:34 UTC (Sun) by huffd (guest, #10382) [Link] People that use gmail should know that all mail coming and going from those accounts whether solicited or not are monitored.
Stay Away from Gmail Posted Jul 3, 2005 5:57 UTC (Sun) by TwoTimeGrime (guest, #11688) [Link] Not just gmail but probably any free email account.
Stay Away from Gmail Posted Jul 3, 2005 7:43 UTC (Sun) by danielpf (subscriber, #4723) [Link] This is why all my junk mail is redirected to gmail.
Stay Away from Gmail Posted Jul 5, 2005 2:15 UTC (Tue) by jabby (subscriber, #2648) [Link] Monitored by whom? Google or the spooks? If you mean Google, are you just raising that old scarecrow about them reading your email to deliver you targeted advertising? If so, any email service can "read" your email as it passes through. I don't know about you, but I don't mind an automated word-matching algorithm scanning my email. I know my email is not secure and I don't put anything secret in it.
Now if you meant that Google is letting the government monitor my email, then that's an entirely different story. I don't believe that they would do that without disclosing it, but then again maybe they're not allowed to... in which case, how would *you* know?
Basically, don't spread rumors like that without some information to back you up.
Keeping email under lock and (public) key (NewsForge) Posted Jul 3, 2005 5:56 UTC (Sun) by beejaybee (guest, #1581) [Link] If individual messages were encrypted the archive needn't be. And this would make spies jobs harder too.
But I suspect the soft spot in most email systems is the ability to infect the end users systems (mostly running windoze) with backdoor trojans incorporating key loggers, which obviously make moot the security or otherwise of any encryption strategy.
Keeping email under lock and (public) key (NewsForge) Posted Jul 3, 2005 6:22 UTC (Sun) by eru (subscriber, #2753) [Link] If individual messages were encrypted the archive needn't be. And this would make spies jobs harder too.But not encrypting the entire archive means that if the someone manages to covertly acquire the archive, he can still find out who communicates with whom and when, even if the message contents are hidden. This is sometimes almost as useful knowledge as the actual message contents.
Keeping email under lock and (public) key (NewsForge) Posted Jul 3, 2005 19:39 UTC (Sun) by brianomahoney (subscriber, #6206) [Link] Two comments:
First, the last poster is exactly correct, and such communication patten
Second, No ammount of encryption will save you or your corporation from
Only if the Policy, Methodology and records of daily operation all confirm
In these days of Sarbanes-Oxley compliance both the Policy, including when
Keeping email under lock and (public) key (NewsForge) Posted Jul 6, 2005 11:14 UTC (Wed) by cpm (guest, #3554) [Link] Under Duces Tecum, I've kinda always assumed that if giving "it" upimplies harsher consequences than a contempt of court charge, you don't give it up. Period.
|
|
||||||||||||