Join our mailing list!
©2007
StudentAffairs.com
All Rights Reserved
|
E-Mail Confidentiality and Data
Security
Will
Barratt
Indiana State
University
Information Technology Confidentiality
Disasters
Disaster One: Carol/Bob keeps papers and
confidential internship/field work/counseling practicum
notes on a laptop computer. All of the data files, papers
and notes are regularly copied onto two disks, keeping one
at home and taking one in the office.
- The laptop requires repair and is taken into the shop
for a few days.
- Carol/Bob loan the backup disk to a colleague to copy
a paper for class.
- Carol/Bob's child finds the backup disk and takes it
to school for a project, copying files onto the school's
computer.
Disaster Two: Professor Smith-Wilson finally gets
a new office computer. All of the old files are copied onto
the new machine, and the old machine is shuffled off to a
graduate student office. The graduate student soon discovers
lots of interesting files on the hard drive.
Disaster Three: In a series of E-mail exchanges a
counselor-in-training and a supervisor discuss a client in
detail. In the course of the exchange, sufficient
information is included to allow someone to learn the
client's identity. The student keeps all of the E-mail from
the faculty in an electronic folder. One day, the student is
using a public lab machine and forgets to log out. The next
person to use the machine clicks the E-mail icon and is
looking at the list of E-mails about the client.
About Confidentiality and Information Technology
(IT)
Confidentiality, keeping important information private,
is part of our student affairs lifestyle. We erase
audiotapes, we keep incident reports in locked drawers, we
password protect our computers, we shred notes and we do all
manner of things to protect documents. However, this is a
paper-and-pencil mentality - storing under lock and key,
shredding and the like. As information technology gains more
common use, more and more material is stored on disks.
Perhaps the confidential file is on a disk is under lock and
key in the file drawer next to the paper, or perhaps the
confidential file is on the hard drive on a computer
connected to the Internet.
Breaches of confidentiality can be serious. Ethics and
case law require lock and key approaches to paper, but
ethics and case law have not caught up to electronic storage
yet. Since most of us understand the basic concepts of file
drawers, locks and keys, we feel good when things are locked
up. Since most of us do not understand the basic concepts of
data storage, TCP/IP, or the Internet, we do not understand
the risks to confidentiality of electronic storage, or the
variety of solutions that are easily available. The paper
and pencil, lock and key metaphor is not really adequate for
electronic media, and we suffer from using it.
In addition to the accidental disasters listed above,
malicious disasters are moderately easy for most
systems by intentionally by-passing security systems to get
at confidential documents. For example:
- The password screen saver on Windows is easily
defeated with a DOS boot disk and the time it takes to
reboot your machine, which is about the time it takes for
a quick coffee break. Some features of Windows NT make it
impossible to reboot a machine and read the disk, solving
this problem.
- Retrieving your E-mail from archives is as easy as
getting access and reading a disk, which may take some
minor effort.
- Retrieving 'erased' files on a hard drive only takes
a utility program and access to the drive.
- Using an open Internet Explorer or Netscape browser
to examine the contents of your hard drive only requires
knowledge of your IP address and an active connection to
the Internet. While newer versions of IE and Netscape
solve this particular problem, many people are using
older browser versions.
IT Challenges to Confidentiality
Unintended Access. Access to your computer, your
working disks or your backup disks can be accidental or
malicious. A trip to the shop, or loaning someone a disk can
breach confidentiality. Malicious access is another matter
entirely, but that is why we have locks and keys, and use
current browsers.
Erased Computer Files. Files are not really erased
on computer disks with most operating systems. What occurs
when you 'delete' a file or drag it to the trash bin is that
the space previously occupied by that file is now listed as
vacant. The 'electronic maid' did not come in to vacuum out
the room, and did not really empty the wastebasket. New
files are written on top of old files, and so on and so on
and so on. Using the delete function never really erases
files. By using a readily available and simple utility
program anyone who has access can scan a disk for certain
files or keywords and recover the erased file, or pieces of
the files, that are on the drive.
E-mail. Messages go lots of places that you don't
know about. Depending on what E-mail program you are using,
there may be archive files of all messages sent, and unless
you have your own mail server, a copy of all messages is
most likely 'out there'. The rule of thumb is never to
E-mail anything you don't want to see on the front page of
the New York Times in 30-point print.
Internet Communication. Internet phone
conversations are becoming a common thing, and are subject
to the same perils as any Internet traffic. The underlying
Internet problem with any communication is that the most
commonly used Internet protocol, TCP/IP, is inherently
nonsecure. Anyone with the appropriate 'packet sniffer'
utility (easily available, just try a quick Internet search
on those words) can read your messages, your passwords, etc.
Many businesses use 'secure servers' to overcome some of
these problems, but how many of us use secure servers on our
campus?
There are at least five solutions to these types of
problems:
- Don't have any accidents with disks.
- Keep your office locked and don't use E-mail or the
Internet.
- Don't save any files to any disk.
- Use a utility that really erases the files.
- Password protect and encrypt your files and
disks.
Solution one sounds great, but even with risk management,
backup disks and careful planning, accidents do happen. That
is why most people have insurance, and why there are so many
file recovery programs available.
Solution two is impractical in the modern digital
information age.
Solution three is not possible in the computer record
age, any more than not writing anything on paper.
Solution four is relatively trivial: Really erasing
confidential files should be standard practice for everyone
reading this material in the same way that we shred
confidential papers and erase disks. Erase utilities are
readily available as commercial products (Norton Utilities
for example) and as freeware/shareware (BCWipe by
Jetico, or Without a
Trace by
Karmadrome for example).
File and Disk Password Protection and
Encryption
Solution five is more involved but is well with reach for
most high school graduates and any college graduate. On a
computer there are ways to truly protect saved files, and to
protect E-mail from prying eyes. While there are lots of
strategies, perhaps the easiest way to protect files and
E-mail is to password protect and encrypt everything.
Password protection can restrict access to protected
files. Most word processing programs come with the ability
to assign a password to a file, and using a password will
typically also encrypt the file. Without the password no one
can get access to the saved document. Encryption means that
the file is unreadable by any program without the encryption
key or password. In MS Word the sequence for password
protection is File, Save As, Tools, General Options,
Password, and in WordPerfect the sequence is File, Save As,
and click the Password box on the menu. In both cases the
file is encrypted.
Password and encryption programs are available for lots
of uses, and an Internet search will turn up thousands. A
search for password recovery and decryption programs that
break into files will also turn up quite a few. While the
encryption that comes with most programs is getting better,
it is still considered 'soft' encryption. I can only wonder
why there are so many password recovery and decryption
programs if the password and encryption programs are
supposed to work well!
Many people have used simple 'soft' encryption algorithms
like letter substitutions. The Dancing Men by A.
Conan Doyle features a letter substitution using figures of
dancing men in the place of English language letters. Such
codes, encryptions, are easily cracked by looking for
commonly used substitute letters like 'e' and using that
information to work out the rest of the code. Most of the
campus population has heard of the stories surrounding the
famous Enigma machine used during WWII by the German
military. Enigma produced what is termed 'hard' encryption.
Hard codes are not at all easy to break. Electronic
computers were developed during WWII especially to break
codes. Computers were then applied to many other problems,
which has given rise to problems with confidentiality.
Encryption, and cracking passwords, is an arcane art, and
a source of constant tension between those who want to keep
secrets and those who want to know what you know. One would
hope that confidential files, like nuclear secrets, are
heavily encrypted. Alternatively terrorist or drug smuggling
plans may also be encrypted. In either case there are
parties who want to read those files. If material on a disk
has economic, political or even criminal value then some
party would like to be able to read the disk. The US
government is very concerned about criminal uses of
encryption but has been unsuccessful so far in making 'hard'
encryption illegal. Our government has suggested that we all
share our encryption keys and passwords 'in escrow' with our
government for our own protection. Banks and businesses have
traditionally have used password protection and encryption
to maintain privacy when there is economic value in digital
information like bank transfers.
Password protection, without encryption, is common for
all of us as we log into our LAN in the morning, or as we
get cash from the ATM. Passwords are like keys, and once
opened a door stays open until locked. ATM machines
automatically shut the electronic door at the end of the
transaction, and if we remember to log out, our computers
shut an electronic door.
Pretty Good Privacy (PGP)
PGP is a password, encryption and digital signature
program that stands out among the available thousands for
three good reasons:
- PGP has become the industry standard with add-in
encryption and signatures for Outlook, GroupWise, Eudora
and Pegasus E-mail programs.
- Of all encryption programs, the US government only
wants to stop the distribution of PGP. This is a strong
endorsement by itself.
- The third reason has to do with the nature of the
program, and I will simply refer the reader to
Introduction to Cryptology by Phil Zimmerman who
does a delightful job of making the opaque at least
translucent. The Introduction comes free with all
versions of PGP as part of the zip file.
PGP is really a suite of tools to solve different
problems. The complete description of PGP is available as an
FAQ at http://www.cam.ac.uk.pgp.net
/pgpnet/pgp-faq/. If your concern is security, then the
PGP Attack material is available at http://www.stack.
nl/~galactus/remailers/attack-faq.html.
PGPkeys is the principle tool in which a pass
phrase (longer than a password and harder to crack) protects
encrypted files. The 'keys' refers to 'public key
encryption' where I have a public key that I share with
everyone, and I have a private key that I keep secret and
pass phrase protected. I share my public key with everyone
enabling them to encrypt files for me only and I keep the
secret private key that will decrypt files; the public key
will only encrypt, it will not decrypt. My keys (really long
numbers) are created by PGP and protected by a pass phrase.
PGPkeys can operate on any open window (any document or
E-mail message) encrypting the contents using anyone's
public key, yours or mine. To secure my own document, I
simply use my own keys and pass phrase.
Using E-mail, I can password protect and encrypt a file
using your public key that only you can read. PGPkeys has
plug-in components for MS Outlook, Eudora, Pegasus Mail and
GroupWise that enables pass phrase encryption with a
mouse-click. Encrypted E-mail will remain encrypted even
when it is saved. The decrypted message appears in a special
window, and can be saved as text if desired. Using E-mail
involves sharing keys, and all users have a 'key ring' of
public keys. The downside of PGPkeys is that you need to
have a key ring somewhere with your public and private keys
on it.
PGPtools provides an interface that is
relatively easy to use for any document. Using the
software requires a little reading, a basic understanding
of computers, and the ability to remember a short 'pass
phrase', not a password. The ease-of-use issue is a
problem. While other programs may be easier to use, PGP
provides an unsurpassed measure of protection against
accidentally and intentionally read files.
PGPnet has the capability to open a secure
connection between any two computers on the Internet. Any
voice transmission or video transmission between the
computers is automatically encrypted. This may become
more useful as supervision at a distance becomes more
popular because it can secure two way audio and
video.
PGP
(keys, tools and net) is available from MIT as a single zip
file (including documentation) and is freeware, as long as
you meet US citizenship and US residency requirements. A
commercial version is available from many retail outlets, or
from Network
Associates. It may be a Federal offense to export
PGP.
PGPdisk will create a pass phrase
protected and encrypted section of a disk. By keeping any
confidential files is this protected area confidentiality
can be maintained. The files can be transferred to
another disk or copied, and they remain encrypted. I keep
an encrypted PGPdisk as a matter of principle and as a
place to store confidential information. To access the
files, I click on "Mount Disk", enter my pass phrase and
away I go. You can have all the access you want to my
drive, you can even copy the files, but you will get
nothing from them. PGPdisk
is subject to the same ownership and export
considerations as is PGP.
One feature of PGP that goes beyond confidentiality is
its ability to create, use and verify digital signatures.
For authorizations using E-mail this ability is
unparalleled. Digital signatures require an infrastructure
to create a certification server on a campus (so that I can
verify signatures sent to me), or individuals can use
already existing certification servers to authenticate
digital signatures. As more business is conducted over
E-mail, there is an advantage to having signed E-mail that
can be verified.
Other Password and Encryption Programs
Password protection programs are not all alike in
security and ease of use, and several good ones are
available for download as free/share ware and as commercial
products. An Internet search will reveal several, and a your
word processing program probably has a password feature for
files. Below are two shareware password and encryption
programs designed to work similarly to PGPdisk.
- ScramDisk
is available for download and provides very good
protection for files on a disk by creating password
protected and encrypted virtual disk space similar to
PGPdisk. For ease of use ScramDisk meets most criteria,
and for its ability to protect confidentiality it rates
very high.
- E4M
similarly provides password protected and encrypted
virtual disk space in an easy-to-use fashion. Like
ScramDisk, E4M provides strong protection for
confidential files.
Interestingly enough, both of these programs compare
themselves with PGP.
There are many similar commercial products too numerous
to list. Prices range from US $15.95 well into the hundreds
of dollars and present a bewildering set of claims and
encryption schemes. It is quite likely that most of these
programs, commercial or shareware, are similar in
functionality for keeping records confidential.
In Conclusion
Technology is generally designed to allow us to work more
efficiently, but most new technologies enable us do things
never before possible. Technology also creates problems
never before evident. Word processors, E-mail and the
Internet have presented unprecedented challenges to
confidentiality. The mental models of lock, key and paper
that we have developed since the invention of paper and
locks has served us well for several thousand years. The
digital information age is presenting us with new
opportunities and new challenges, and the old models don't
work.
I am much more concerned with someone gaining access to
my office and making off with one of my techno-gadgets than
I am with someone gaining access to my confidential files.
However, I lock my office and keep my files pass phrase
protected. Losing an object is immediate and tangible, but
losing a file is intangible and the loss is hard to measure.
I can always purchase another techno-gadget, but I cannot
replace a breach of confidentiality. The amount of security
that you want should be proportional to the amount of
problem that will arise when you lose something. The answer
to confidentiality and computers is that something should be
done; doing nothing invites disaster.
Printer
Friendly Version
|
