- — 01 June, 2000 14:05
You've probably heard that you shouldn't put anything in an e-mail message you wouldn't put on a postcard. That's sound advice. Your boss and your IS department can lawfully read any e-mail sent to a corporate e-mail box. But since e-mail hops around in unencrypted form between servers on the Internet and ends up in online e-mail boxes that are extremely vulnerable to hacking, anyone intent on invading your privacy can read it.
Lock it up: if you have nothing to hide but occasionally send a sensitive message, you can attach the message as a password-protected Microsoft Word file (select Save As, and from the dialogue box click either Tools or Options), and send the password in a separate message. Or you can use a zip compression utility (which also has a password-protection option) to compress a file in any other format. When you create a zipped file, click the Password button and enter a password. To extract that file, you must first type the password. These techniques aren't ideal - the encryption that's used in Word and WinZip isn't particularly complicated, and you have to send your password in unencrypted form.
Get all keyed up: you can achieve a more robust level of e-mail security by using key pair encryption. The sender encodes mail with one key - the recipient's "public" key - and the recipient decodes it using a unique "private" key. You never know the other party's password, and they never know yours. It's much like a bank's safe deposit box: to open it, you need your key and the bank's key.
Probably the best-known encryption program is PGP (Pretty Good Privacy), which lets you pick a level of encryption from a range of 768 bits to 3072 bits - much higher than the 40- or 60-bit level of encryption in your browser. PGP is distributed in various forms, including PGP Freeware, a download for non-corporate use that integrates with Eudora and Outlook Express. If you use another e-mail client, you can copy messages to the Clipboard and then encrypt the contents of the Clipboard by using a little program in your Windows tray called PGPKey. In general, the higher the encryption level, the slower the process, so something in the middle of PGP's range - say, 1024 bits - is usually best (that is, it protects like Fort Knox and doesn't take forever to use).
Hush-hush sweet e-mail: end-to-end encryption without the hassle of separate keys is available with the free HushMail e-mail service at www.hushmail.com. Web-based HushMail uses encryption as strong as PGP's default setting (1024 bits). Encryption and decryption take place inside your system, via a PC-based Java app, so everything on the Web remains indecipherable even to sophisticated hackers. Both sender and recipient must use HushMail accounts - a minor inconvenience.
Use a digital shredder: register for a free secure e-mail account at www.1on1mail.com. The site's software encrypts mail up to 2048 bits and uses a virtual private network to connect your PC and the mailbox. The virtual shredder obliterates messages immediately after the reader closes them, or after a specified interval. The service is free, supported by advertising in the e-mail client software, and very secure.