Why Your Email Is Not Secure

Email has become a primary means of communication for many people. We often dash off a quick message without considering security risks. It's cheaper and faster than 'snail mail', but is it more secure?

What happens to your email when you click "Send" ? It's important that you have some understanding because you'll probably be surprised.

    A slang term for the United States Postal service is "Snail Mail". Referring to (mostly) harmless mollusks doesn't imply that your letters will get slimy or be delivered to you in tiny shells. Snails are perceived as slow-moving creatures; the US mail is slow-moving compared to electronic mail.The term is not intended to be complementary.

    Drop a letter in a mailbox. It magically appears at the recipient's mailbox a day or two later, hopefully. Betwixt and between, who knows? Knowing who handled it or where it traveled is problematic. The stamp cancellation may give some clue, but any other intermediate stops cannot be determined. Careful examination of the envelope usually tells us that the package wasn't tampered with, but we can never be completely sure. Perhaps a bored clerk in Poughkeepsie steamed it open for lunch hour entertainment. Perhaps it passed through numerous automated sorting machines, never to be touched by human hands until a trusted mail carrier dropped it in your mail slot. We simply don't know.

Electronic cannot be steamed open by unscrupulous intermediaries, but technology presents another set of opportunities. Compose an email, click send, and a few seconds later your message arrives on the other side of the world. How'd it get there?

Your message moves across the world in the form of electrons. Electrons move at the speed of light. For example, the sun is 92 million miles away; its light reaches us in 9 minutes. Theoretically your email could travel around the world (25,000 miles) and back to you in .15 seconds. As fast as email appears to be, our experience tells us that transmitting a message usually take at least a few seconds. What are those electrons doing with their 'down time'?

You compose a birthday greeting for dear old Aunt Mabel and click send: your email electrons move through multiple computers on their way to Aunt Mabel's inbox. Each computer is referred to as a hop. The process of determining a reasonable sequence of hops is called routing. Routing is not trivial; every hop wastes time and consumes space in the Internet pipeline. Ideally, a direct route from your hard drive to Aunt Mabel's hard drive would be available, but that hasn't yet been invented. Instead, you depend on the kindness of numerous intermediate servers to relay your kind words across the Internet. Even if Aunt Mabel is living in your spare bedroom, sending her an email requires multiple hops through remote Internet servers. You could always buy her a Hallmark card and deliver it personally.

Each hop makes a copy of your message. The copy may persist for a few microseconds or it may live on for eternity. You have no control. It may be backed up onto a tape drive. Rest assured that most email servers have no interest whatsoever in Aunt Mabel's birthday card. Generally, a computer acting as a relay will save your message long enough to be sure that it arrived safely at the next relay point, then delete it.

On the other hand, a relaying computer may be scanning every email that passes through. Innocent best wishes to Aunt Mabel could be scanned for words,phrases, recipients, or attachments. You have no guarantee of privacy whatsoever.

     A client software program is the tool that lets you create and edit email. The client then passes your message to a server software program that begins the routing process. Email users generally fall into two categories; those that use a local client and those that use a web based client. Popular local clients are Thunderbird, Outlook, and Outlook Express. Popular web-based email clients are Gmail (Google), Yahoo Mail, and Hotmail. Local clients live on the computer sitting in front of you; copies of your mail reside on your hard drive. Web-based clients store virtually no information on your local computer. All your transactions exist on a computer somewhere in cyberspace (these days referred to as 'the cloud').

     Which client is more secure? That depends on who you trust. An enterprising hacker may be capable of guessing your Gmail password, so from that perspective your local computer may seem more secure. On the other hand, a nasty virus may provide a hacker in Yugoslavia with the keys to your local kingdom; your entire email history could be downloaded without your knowledge. It's also extremely unlikely that Google servers will all crash at the same time. Sometimes it's safer to trust the cloud with your data, but each one of us must make that decision.

Electronic mail as employed by most users is not at all secure. Messages pass through different servers before arriving at final destinations. Text and attachments can be read or scanned without the consent of either party.