JAMES DERK: How private is e-mail?

April 13, 2001

Scripps Howard News Service

(April 13, 2001 9:58 a.m. EDT) - I get a lot of mail from people who are concerned about their privacy. One question is: Can other people read my e-mail?

The answer, of course, is yes. If you send mail from work on a company-owned computer, you should assume it is being read by others. A good rule of thumb is don't put anything in e-mail that you would not want on the company bulletin board. (And e-mail, as some people have learned, is subject to discovery in a lawsuit.) Company officials have the right to read your mail, scan it for certain keywords or just log it. It's their equipment.

What about home computers? While this is more difficult, your mail is not all that secure there, either. Any nerd at your Internet Service Provider can read your mail. The FBI or police (hopefully armed with a warrant) can read your mail. And people can go "back in time" using the backup tapes on your ISP's server, to get mail you thought was deleted.

Even "deleted" mail and files on your hard drive can be pretty easily retrieved with the correct tool and some talent.

If you are concerned about this sort of thing, you may want to consider "encryption" software. This is not something for beginners (or those with AOL e-mail accounts) but this is a way to keep your information relatively private.

The software is called PGP, or "Pretty Good Privacy." It integrates with major e-mail programs such as Outlook, Outlook Express, Lotus Notes and Eudora. You can download it from the PGP Security Web site (in the downloads section). It is free for home users.

What the software does is install optional encryption technology into your e-mail program. You use it for every message you send or just those you pick. Once you install the software, you are issued two "keys." One is your "public" key, which you share with people with whom you correspond. The second is your "private" key, which you use to read and send your messages.

It works like this: If you are using Outlook Express, for example, your new message window now has three new icons, "Launch PGP Keys," "Encrypt" and "Sign." The first keeps the keys from your correspondents handy on a so-called "key ring." The Encrypt command scrambles your outgoing messages using the recipient's public key on your key ring. (When they get it, they use their private key to read it.)

The Sign function works like a digital signature, assuring the recipient the note came from you.

What privacy buffs enjoy most is that even when your mail resides on a server (or your hard drive) the notes are still encrypted and cannot be read without the password. (There's also a "Wipe" function that purports to remove all traces of a file or message from your hard drive. I somehow imagine the FBI has found a way around that, though.)

James Derk is computer columnist for Scripps Howard News Service.