If you are like me, you haven't really payed that much attention to email
privacy. I decided to look into it simply because there has been so much
talk these days about an encryption program called PGP (Pretty Good Privacy)
I found some very alarming facts about email and, after a very short learning
curve, found PGP software pretty good.
I started this study by obtaining and reading a book by Andre Bacard called THE COMPUTER PRIVACY HANDBOOK. This book has some very interesting information in it about privacy in general, encryption technology, how to government doesn't really like encryption technology and how they want everyone to use communications encryption and scrambling they can decode and read via a Clipper Chip. That is, the government wants a Clipper Chip in every form of communications we use which scrambles voice communication and encrypts text communication. That's fine and dandy. You have a clipper chip and the party to whom you are sending can decode it. If need be, the government will be able to decode it also. I'm not sure I appose the clipper chip, I certainly see a law enforcement need for it. However, I'm sure you can think about a great deal of abuses of it like I can. The Clipper Chip has become a very big controversy.
The Computer Privacy Handbook goes
into depth about the hows and whys of email and why you should just as easily
be broadcasting your message over a public radio station. Email is just
not secure and anyone with a little computer savvy can intercept email.
When sending email without any coding or encryption, it's like sending a
letter on a postcard. On it's way to the sender, anyone can read it's contents.
When you route electronic mail through the Internet, you don't know how
many systems it's going through to reach the addressee. E-mail messages
can be entercepted easily, automatically and in a why in which you'll never
have the slightest clue someone else read your private message. Scanned
e-mail is more common than the average person thinks. People can scan e
mail for key words and/or scan for mail tocertain addresses or mail from
The fact that email is a kind of open book for anyone who wants to take a look alarmed me and it should alrm you. What really alarmed me more than that is how the government attempted to suppress this encryption program called PGP.
The book then goes into a detailed discussion of crypto technology and explained the use of a two key system. You have a public key and a private key. You send your public key to people you want to open encrypted messages from you and you, in turn, obtain their public key so you can open encrypted messages from them.
Unless you have worked around encryption technology before, this seems a little confusing at first, the two key system. You will have both a public key and a private or secret key. You give your public key to whomever you want encrpted messages from. They, in turn, give you their public key. When you send a message you want encrypted, you use the person's public key to encrypt. But you have to have both the public key and secret key to decrypt.
Once I got through reading The Computer Privacy Handbook, I felt like I had gained a much needed grounding in computer privacy and encryption. I became so impressed with the book that we have added it to the PI Library.
My next logical step was to obtain PGP software and try this stuff out myself. I first tried to use some of the freeware and shareware programs floating around but quickly found that you need a little user support, you need some of what we might call extensions to use with the software and you need a very good PGP user manual. I have found the this very situation before when I tried to use other freeware and shareware programs. That is, they either made my system crash because they had bugs in it or when they where bug free, they were too hard to figure out without some user support and a well documented user manual.
You might have a little more luck with some of this freeware stuff. If
you do that's fine. I finally ended up getting the best version of PGP on
the market through Joseph Seanor's office (firstname.lastname@example.org) for a little
over a hundred dollars called VIACRYPT PGP. I had studied the different
PGP bundles you can obtain and picked this one because of the user support
you get when you obtain it, it's widely known easy to use setup, the well
written user manual and all the other add ons and extensions that come with
When you first start to use this software, there is a short learning
curve but I found , after a little trial and error by sending out a few
messages, obtaining a few public keys of people who were willing to help
me on this and then figuring out what went wrong was easy to work through
with the manual by my side. Here is one of the first messages I decrypted.
I had sent this friend my public key and he sent me his public key. I then
got a message back from him that looked like this:
SAMPLE VIACRYPT PGP ENCRYPTION
Subj: First message
Date: Tue, Jun 25, 1996 1:57 PM EDT
-----BEGIN PGP MESSAGE-----
-----END PGP MESSAGE-----
(GEE WIZ-TRY RUNNING THE ABOVE THROUGH YOUR SPELLING CHECKER!)
With his public key and my public key and secret key, the sender simple sent me the above crypted message that only I could open and decode. Once decoded the message read:
Through a little trial and error, I was able to quickly start using PGP with ease. This software has some other features that is very nice. You can select options in which the file you send can only be opened one time and then not saved to another file. As you can see by reading the decrypted message, I had not signed my key so Jeff could utilize decryption on his end to decode my original message. I also used the wrong type of encryption which was then corrected. The second try, everything worked well. It took maybe two or three hours to install this program and learn how to use it but I have found it well worth the protection you get.
After a little time and effort, I was able to configure the software correctly and sent this message:
Decrypted by the other party, it reads:
You have several levels of encryption you can use. The manual states that the higher level of encryption you use, the longer it takes to decode and open files but I found that coding and decoding higher level encryption doesn't take hardly any longer if you are running a computer at 75 Mhz or above. It make make somewhat of a difference if you are running slower machines. When you create your RSA keys, this program asks you the following concerning your key:
I tried all three and on a 75 Mhz machine, it didn't seem to make much difference as to speed unless you get down to measurements in seconds.
The other nice thing about this program is it is completely password protected and the manual goes to great lengths on how to develop a good password that would be very difficult to crack. Unless you know the password, you can not use ViaCrypt PGP. Moreover, I keep another password protection program that locks the actual file in which my PGP resides. Still further, there is a password boot lock. What all that means is that if you happen to break into the place where my computer is located and try and use my PGP, you'll have to:
That's all just extra addded protection from a physical security standpoint. An alarm will be going off long before anyone could ever attempt to crack the first code.
One of the strange little twists of PGP is that the US Government does not want these programs exported outside the USA. That means, of course, that PGP must work pretty good. Can the files be decoded? Given enough time and money likely they can. In fact, a group of 900 people who worked on individual parts of a message were able to crack PGP codes in something like nine months. I'd say that's still pretty good privacy. If it takes 900 people nine months to crack such an encryption code, I would feel fairly safe. If, one the other hand, you are still worried about something you send across the internet being able to be cracked with 900 people in nine months, that type of stuff doesn't belong on the Internet in the first place.
AND SOME IMPORTANT INFORMATION ON VOICE PRIVACY
Voice communications can also be very important. Everyone should know that telephone lines can easily be tapped into with today's technology by anyone with a twenty dollar bill. Despite the fact that it's illegal, it's widespread. With a inexpensive scanner and attached tape recorder, anyone can tap into and record your wireless communications these days over wireless telephones and cellular telephones. Recently federal government codes took effect that ban all scanner equipment that scan cellular frequencies. Although you can no longer walk into Radio Shake and purchase a $79.95 scanner that will scan cellular frequencies, this type of equipment is still widely available and scanner frequency ranges are easy to modify.
Just like email can become an open book when sent across the internet, voice communications over telephone lines can also be an open book. Talking on cordless phones or even cellular phones is about as private as broadcasting your communications over a public radio station. Just like PGP will scramble your text messages, voice scrambling equipment is easy to use and moderately priced.
If you want to impress and new or important client, give them a portable voice scrambler to call you on.
Not only are you insuring communications between you and your client, your
client is going to be very impressed. You are telling the client that you
are concerned about the privacy of their case and are giving a level of
secure telephone communications to them. Every time I have done this in
the past, a large percentage of clients evidently ask where they can obtain
some of these voice scramblers.
REVIEW NEW BOOK SUBJECT ON COMPUTER INVESTIGTIONS FOR THE PI
REVIEW COMPUTER PRIVACY HANDBOOK
REVIEW VOICE SCRAMBLER AND OTHER PRIVACY EQUIPMENT
READ REVIEW OF VIACRYPT PGP SOFTWARE
REVIEW ALL KINDS OF PRIVACY PRODUCTS
RETURN TO NAIS NEWSLETTER MENU