E-mail scrambling still a rare practice

When doing business, would you send your corporate plans, budgets or even personal letters to someone on a postcard? Would you mail important documents with the envelope unsealed?
You’d probably answer no, yet millions of people use electronic mail for all kinds of messages and documents without thinking about privacy issues or risk.
E-mail messages sent over the Internet hop from several different mail forwarders and dozens of packet-switching nodes on its way to the destination. A system administrator or someone who has gained privileged access to any of these transfer points can read and alter those messages.
“E-mail messages are just too easy to intercept and scan for interesting keywords. This can be done easily, routinely, automatically and undetectably on a grand scale,´ said Boulder’s Phil Zimmermann, developer of e-mail encryption software Pretty Good Privacy, or PGP (http://web.mit.edu/network/pgp.html).
And sometimes, “your e-mail gets caught when the computer is being backed up,´ said Scott Evans, president of Loveland’s Scrambler Technologies Inc. (http://www.scrambler.com/scrambler). “This means your message could be archived for weeks or months on someone’s tape backup, unbeknownst to you.”
Scrambler makes a Windows-based e-mail encryption technology that “scrambles” e-mail, graphic and word-processing documents so that they are unreadable to anyone except a designated party.
“Think about it,” Evans said. “I’d encourage all e-mail users, especially large corporations, to reflect on the liability and losses they can face when their e-mail privacy is compromised. For example, public companies are allowing earnings information or other privileged information to travel on the Internet before it is publicly released. Many of our local engineering-based companies send millions of dollars worth of design information and intellectual property through the Internet. Whether these companies use Scrambler or another product, they have a fiduciary duty to protect this information.”
A survey of 24 companies in Northern Colorado with 50 or more employees revealed that none routinely used encryption software, although some individuals in those companies did.
Part of the reason people don’t encrypt their e-mail, contends Evans, is because they’re “too busy to spend time becoming cryptography experts, and they won’t use it if it’s too difficult. Scrambler avoids what some of our customers have called Rcryptographic mumbo-jumbo.'”
With Scrambler software, you highlight the text or graphic you want encrypted, select RScramble’ from the system menu and choose a keyword. The message automatically encrypts and is ready for transmission over the Internet. Scrambler is based on the Federal Data Encryption Standard, or DES, which requires a single keyword, or password, for both encryption and decryption.
“You exchange the keyword over the phone or through snail mail (standard mail) so you know it’s transmitted,” Evans explained. “Only one other person besides you knows it. You can use as many keywords as you wish, say, one for a distant sales office and one for the office manager. Although public key technology has advantages, you must spend time managing the keys appropriately.”
Zimmermann said PGP, considered by some a bit tricky to use, “sounds more complicated than it is. PGP performs the public-key functions faster than most other software implementations. It’s public key cryptography for the masses.”
Public key cryptography is where everyone has two related complementary keys: One is your own private key that you keep secure. The other is your public key that you give away or post on a public-key server, which is a publicly accessible database of PGP keys.