Disaster One: Carol/Bob keeps papers and confidential internship/field work/counseling practicum notes on a laptop computer. All of the data files, papers and notes are regularly copied onto two disks, keeping one at home and taking one in the office.
Disaster Two: Professor Smith-Wilson finally gets a new office computer. All of the old files are copied onto the new machine, and the old machine is shuffled off to a graduate student office. The graduate student soon discovers lots of interesting files on the hard drive.
Disaster Three: In a series of E-mail exchanges a counselor-in-training and a supervisor discuss a client in detail. In the course of the exchange, sufficient information is included to allow someone to learn the client's identity. The student keeps all of the E-mail from the faculty in an electronic folder. One day, the student is using a public lab machine and forgets to log out. The next person to use the machine clicks the E-mail icon and is looking at the list of E-mails about the client.
Confidentiality, keeping important information private, is part of our student affairs lifestyle. We erase audiotapes, we keep incident reports in locked drawers, we password protect our computers, we shred notes and we do all manner of things to protect documents. However, this is a paper-and-pencil mentality - storing under lock and key, shredding and the like. As information technology gains more common use, more and more material is stored on disks. Perhaps the confidential file is on a disk is under lock and key in the file drawer next to the paper, or perhaps the confidential file is on the hard drive on a computer connected to the Internet.
Breaches of confidentiality can be serious. Ethics and case law require lock and key approaches to paper, but ethics and case law have not caught up to electronic storage yet. Since most of us understand the basic concepts of file drawers, locks and keys, we feel good when things are locked up. Since most of us do not understand the basic concepts of data storage, TCP/IP, or the Internet, we do not understand the risks to confidentiality of electronic storage, or the variety of solutions that are easily available. The paper and pencil, lock and key metaphor is not really adequate for electronic media, and we suffer from using it.
In addition to the accidental disasters listed above, malicious disasters are moderately easy for most systems by intentionally by-passing security systems to get at confidential documents. For example:
Unintended Access. Access to your computer, your working disks or your backup disks can be accidental or malicious. A trip to the shop, or loaning someone a disk can breach confidentiality. Malicious access is another matter entirely, but that is why we have locks and keys, and use current browsers.
Erased Computer Files. Files are not really erased on computer disks with most operating systems. What occurs when you 'delete' a file or drag it to the trash bin is that the space previously occupied by that file is now listed as vacant. The 'electronic maid' did not come in to vacuum out the room, and did not really empty the wastebasket. New files are written on top of old files, and so on and so on and so on. Using the delete function never really erases files. By using a readily available and simple utility program anyone who has access can scan a disk for certain files or keywords and recover the erased file, or pieces of the files, that are on the drive.
E-mail. Messages go lots of places that you don't know about. Depending on what E-mail program you are using, there may be archive files of all messages sent, and unless you have your own mail server, a copy of all messages is most likely 'out there'. The rule of thumb is never to E-mail anything you don't want to see on the front page of the New York Times in 30-point print.
Internet Communication. Internet phone conversations are becoming a common thing, and are subject to the same perils as any Internet traffic. The underlying Internet problem with any communication is that the most commonly used Internet protocol, TCP/IP, is inherently nonsecure. Anyone with the appropriate 'packet sniffer' utility (easily available, just try a quick Internet search on those words) can read your messages, your passwords, etc. Many businesses use 'secure servers' to overcome some of these problems, but how many of us use secure servers on our campus?
There are at least five solutions to these types of problems:
Solution one sounds great, but even with risk management, backup disks and careful planning, accidents do happen. That is why most people have insurance, and why there are so many file recovery programs available.
Solution two is impractical in the modern digital information age.
Solution three is not possible in the computer record age, any more than not writing anything on paper.
Solution four is relatively trivial: Really erasing confidential files should be standard practice for everyone reading this material in the same way that we shred confidential papers and erase disks. Erase utilities are readily available as commercial products (Norton Utilities for example) and as freeware/shareware (BCWipe by Jetico, or Without a Trace by Karmadrome for example).
Solution five is more involved but is well with reach for most high school graduates and any college graduate. On a computer there are ways to truly protect saved files, and to protect E-mail from prying eyes. While there are lots of strategies, perhaps the easiest way to protect files and E-mail is to password protect and encrypt everything.
Password protection can restrict access to protected files. Most word processing programs come with the ability to assign a password to a file, and using a password will typically also encrypt the file. Without the password no one can get access to the saved document. Encryption means that the file is unreadable by any program without the encryption key or password. In MS Word the sequence for password protection is File, Save As, Tools, General Options, Password, and in WordPerfect the sequence is File, Save As, and click the Password box on the menu. In both cases the file is encrypted.
Password and encryption programs are available for lots of uses, and an Internet search will turn up thousands. A search for password recovery and decryption programs that break into files will also turn up quite a few. While the encryption that comes with most programs is getting better, it is still considered 'soft' encryption. I can only wonder why there are so many password recovery and decryption programs if the password and encryption programs are supposed to work well!
Many people have used simple 'soft' encryption algorithms like letter substitutions. The Dancing Men by A. Conan Doyle features a letter substitution using figures of dancing men in the place of English language letters. Such codes, encryptions, are easily cracked by looking for commonly used substitute letters like 'e' and using that information to work out the rest of the code. Most of the campus population has heard of the stories surrounding the famous Enigma machine used during WWII by the German military. Enigma produced what is termed 'hard' encryption. Hard codes are not at all easy to break. Electronic computers were developed during WWII especially to break codes. Computers were then applied to many other problems, which has given rise to problems with confidentiality.
Encryption, and cracking passwords, is an arcane art, and a source of constant tension between those who want to keep secrets and those who want to know what you know. One would hope that confidential files, like nuclear secrets, are heavily encrypted. Alternatively terrorist or drug smuggling plans may also be encrypted. In either case there are parties who want to read those files. If material on a disk has economic, political or even criminal value then some party would like to be able to read the disk. The US government is very concerned about criminal uses of encryption but has been unsuccessful so far in making 'hard' encryption illegal. Our government has suggested that we all share our encryption keys and passwords 'in escrow' with our government for our own protection. Banks and businesses have traditionally have used password protection and encryption to maintain privacy when there is economic value in digital information like bank transfers.
Password protection, without encryption, is common for all of us as we log into our LAN in the morning, or as we get cash from the ATM. Passwords are like keys, and once opened a door stays open until locked. ATM machines automatically shut the electronic door at the end of the transaction, and if we remember to log out, our computers shut an electronic door.
PGP is a password, encryption and digital signature program that stands out among the available thousands for three good reasons:
PGP is really a suite of tools to solve different problems. The complete description of PGP is available as an FAQ at http://www.cam.ac.uk.pgp.net /pgpnet/pgp-faq/. If your concern is security, then the PGP Attack material is available at http://www.stack. nl/~galactus/remailers/attack-faq.html.
PGPkeys is the principle tool in which a pass phrase (longer than a password and harder to crack) protects encrypted files. The 'keys' refers to 'public key encryption' where I have a public key that I share with everyone, and I have a private key that I keep secret and pass phrase protected. I share my public key with everyone enabling them to encrypt files for me only and I keep the secret private key that will decrypt files; the public key will only encrypt, it will not decrypt. My keys (really long numbers) are created by PGP and protected by a pass phrase. PGPkeys can operate on any open window (any document or E-mail message) encrypting the contents using anyone's public key, yours or mine. To secure my own document, I simply use my own keys and pass phrase.
Using E-mail, I can password protect and encrypt a file using your public key that only you can read. PGPkeys has plug-in components for MS Outlook, Eudora, Pegasus Mail and GroupWise that enables pass phrase encryption with a mouse-click. Encrypted E-mail will remain encrypted even when it is saved. The decrypted message appears in a special window, and can be saved as text if desired. Using E-mail involves sharing keys, and all users have a 'key ring' of public keys. The downside of PGPkeys is that you need to have a key ring somewhere with your public and private keys on it.
PGPtools provides an interface that is relatively easy to use for any document. Using the software requires a little reading, a basic understanding of computers, and the ability to remember a short 'pass phrase', not a password. The ease-of-use issue is a problem. While other programs may be easier to use, PGP provides an unsurpassed measure of protection against accidentally and intentionally read files.PGPnet has the capability to open a secure connection between any two computers on the Internet. Any voice transmission or video transmission between the computers is automatically encrypted. This may become more useful as supervision at a distance becomes more popular because it can secure two way audio and video.
PGP (keys, tools and net) is available from MIT as a single zip file (including documentation) and is freeware, as long as you meet US citizenship and US residency requirements. A commercial version is available from many retail outlets, or from Network Associates. It may be a Federal offense to export PGP.
PGPdisk will create a pass phrase protected and encrypted section of a disk. By keeping any confidential files is this protected area confidentiality can be maintained. The files can be transferred to another disk or copied, and they remain encrypted. I keep an encrypted PGPdisk as a matter of principle and as a place to store confidential information. To access the files, I click on "Mount Disk", enter my pass phrase and away I go. You can have all the access you want to my drive, you can even copy the files, but you will get nothing from them. PGPdisk is subject to the same ownership and export considerations as is PGP.
One feature of PGP that goes beyond confidentiality is its ability to create, use and verify digital signatures. For authorizations using E-mail this ability is unparalleled. Digital signatures require an infrastructure to create a certification server on a campus (so that I can verify signatures sent to me), or individuals can use already existing certification servers to authenticate digital signatures. As more business is conducted over E-mail, there is an advantage to having signed E-mail that can be verified.
Password protection programs are not all alike in security and ease of use, and several good ones are available for download as free/share ware and as commercial products. An Internet search will reveal several, and a your word processing program probably has a password feature for files. Below are two shareware password and encryption programs designed to work similarly to PGPdisk.
Interestingly enough, both of these programs compare themselves with PGP.
There are many similar commercial products too numerous to list. Prices range from US $15.95 well into the hundreds of dollars and present a bewildering set of claims and encryption schemes. It is quite likely that most of these programs, commercial or shareware, are similar in functionality for keeping records confidential.
Technology is generally designed to allow us to work more efficiently, but most new technologies enable us do things never before possible. Technology also creates problems never before evident. Word processors, E-mail and the Internet have presented unprecedented challenges to confidentiality. The mental models of lock, key and paper that we have developed since the invention of paper and locks has served us well for several thousand years. The digital information age is presenting us with new opportunities and new challenges, and the old models don't work.
I am much more concerned with someone gaining access to my office and making off with one of my techno-gadgets than I am with someone gaining access to my confidential files. However, I lock my office and keep my files pass phrase protected. Losing an object is immediate and tangible, but losing a file is intangible and the loss is hard to measure. I can always purchase another techno-gadget, but I cannot replace a breach of confidentiality. The amount of security that you want should be proportional to the amount of problem that will arise when you lose something. The answer to confidentiality and computers is that something should be done; doing nothing invites disaster.