The prying game
Email Security IS THE GOVERNMENT
SENDING OUT THE WRONG MESSAGE?
Ever get the feeling you're being watched? When you write an
e-mail, you should. What seems
like a safe and secure way to send information is in fact an easy target
for prying eyes. Of course, many people are well within their rights to sneak
a peek: your boss, for example. Last week, Barclaycard was cleared by an
industrial tribunal of any wrongdoing after snooping on an employee's e-mails.
It had sacked a worker after he was found to be using the company's internal
system to insult colleagues, supply cannabis and divulge confidential information
to rival firms.
THE LAW |
Unlawfully intercepting e-mails is a criminal
offence that carries a maximum sentence of two years imprisonment. It can
also give rise to civil actions for damages and/or an injunction. According
to lawyer Clare Griffiths of intellectual property law firm Briffa, employers
are generally allowed to monitor employees' e-mails where necessary for genuine
business reasons or where the employee has consented to it (this consent
is often given in an employment contract). But employers must not invade
the privacy of their employees, or they may fall foul of various laws and
regulations.
|
Homing in
The Government can also take a look. Thanks to Ripa (the Regulation of
Investigatory Powers Act), a host of Government agencies can read anyone's
e-mails on any network after getting the necessary judicial consent. while
subject to criticism, these powers are no more extensive than the authorities'
ability to tap phone lines. The real concern is the ease with which your
messages can be read by anyone. E-mails are sitting ducks for illegal
interception. Nowhere is this more so than in the office. Even taking standard
precautions, such as not leaving your inbox open when you leave your desk,
is not enough to stop colleagues spying on you. A variety of simple prograrns
downloaded from the Internet, such as Colasoft, can enable office workers
to pick up all e-mail traffic passing on a company's internal server. But
even when they're on the public network, e-mails are not secure. There are
several ways to redirect them through a third party before they reach the
intended recipient without anyone finding out. It does require a modicum
of technical knowledge but, if someone wants to do it, they can. This security
problem is quite simple to solve. Encryption programs, such as Xenomail from
British Internet security company Indicii Salus, have never been cheaper
or easier to use. Yet the Government, according to groups like die Campaign
For Digital Rights and FIPR (Foundation for Information Policy Research),
has failed to raise awareness of the need for them.
Don't panic
The Home Office claims there is no real problem. A spokesman said: 'The expert
opinion here is that intercepting someone's e-mails is very difficult to
do even for someone with a vast amount of technical knowledge.' Yet Richard
Allan, a Lib Dem MP who chairs the All Party Internet Group, says Government
e-mail, let alone everyone else's, is wide open to interception. 'There are
still serious weaknesses in die system,' he said. 'As soon as messages leave
the Government's secure intranet, they're on the public Internet - and unless
encryption is used, they can be read.' For people such as Richard Clayton,
spokesman for FIPR, the Government has deliberately fostered ignorance over
the need for encryption software. 'Until recently, it was Government policy
to discourage encryption in the wider community,' he said. 'The security
services want to be able to tap into and listen to lots of networks. If they
are very secure, then they have less material they can look at.' The Home
Office refuted this claim in the strongest terms. Yet it also said there
are no plans for a campaign to encourage the use of encryption in e-mail
systems. Whether it's official policy or not, the Government is in no rush
to make networks watertight.
Edited by JAMIE WALTERS
atmetro@ukmetro.co.uk |