Personal Computing: Who’s Reading Your Email?

Personal-Computing-Logo color web jan14By Reid Goldsborough

One old saw about newfangled e-mail is that it’s as private as a postcard. Problem is, many people feel it’s as secure as a Registered Mail letter.

Two recent events shed interesting, and useful, light on the issues surrounding email security.

A new study by Forrester Research, commissioned by e-mail security provider Proofpoint (www.proofpoint.com), found that 41 percent of companies with 20,000 or more workers pay employees to manually read or automatically analyze the e-mails sent by other employees.

These companies are looking for instances of confidential data being leaked, either purposely or inadvertently, to those outside the company. Such snooping is perfectly legal, with U.S. courts ruling that e-mails sent or received using company equipment are company property and are therefore rightfully accessible by management.

You can be fired for revealing too much in e-mail, instant messaging, and texting as well as for posting unauthorized information in blogs, Internet discussion groups, social networking sites such as MySpace, and media-sharing sites such as YouTube. According to the Forrester study, 26 percent of large companies indicated they had fired at least one employee for violating its e-mail policy.

Another common fallacy is that if you want to avoid potential problems down the road with e-mail, delete the message after sending or reading it and ask your correspondent to do so as well.

The fact is that even if it’s not immediately intercepted, an e-mail may be read by others later. E-mail endures. As with files on your hard drive, when you delete an e-mail message, it’s not really gone. It can be retrieved, among other ways, from tape backups months or even years later.

On the other hand, don’t think that because management has the right to read your e-mail, you have the right to read the e-mail of management or other employees.

In one recent high-profile case still playing itself out, the FBI is investigating a Philadelphia TV news anchor for allegedly reading the e-mail of a former co-anchor.

The FBI raided the home of Larry Mendte of KYW-TV, seizing his computer after a fellow employee had discovered that he may have signed on to Alycia Lane’s Yahoo e-mail account at work and read her e-mail (if he did, it’s not clear how he got her password).

Lane had been fired by KYW six weeks earlier after several “embarrassing” events, such as allegedly striking a police offer and e-mailing bikini photos of herself to a married man. The authorities were trying to determine if Mendte used Lane’s e-mails to leak information about her to gossip columnists.

It’s a federal crime to pry into another person’s e-mail in this way.

In general, it pays to be smart about e-mail. This applies to employers too, large as well as small. One frequently repeated piece of advice is to create a company e-mail policy that explicitly spells out appropriate, and inappropriate, uses of e-mail and management’s legal right to it. This will help prevent problems in the first place.

Companies may also be required to retain old e-mail. According to new corporate reform legislation, public companies that deliberately delete e-mail with the intention of obstructing a federal investigation can face a fine of up to $1 million.

A number of programs can help with both archiving and analyzing company e-mail. MailMeter Archive from Waterford Technologies (www.mailmeter.com), for instance, is used by companies having from five to 5,000 employees.

The program captures all e-mail that employees send or receive and archives messages in a database. It also lets you analyze e-mail to detect patterns. This can help you determine who’s sending too many e-mail messages or too few, who’s e-mailing an important client, or who might be using e-mail inappropriately for sending jokes, music, porn, or your customer list.

If you need to ensure that e-mail isn’t seen by eyes other than those you intend, one option is to use an e-mail encryption program. For some time now the standard has been Pretty Good Privacy, now called PGP Desktop (www.pgp.com).

The program automatically encrypts e-mail and lets you send “self-decrypting” messages to those who don’t have the program. It’s available to try out for free for 30 days.

E-mail has great utility, whether for business or home use. But it’s no panacea. Like any communications medium, it has its strengths and weaknesses. Sometimes it makes more sense to pick up the phone, mail a letter, use an overnight delivery service, or stop by the cubicle of a coworker to chitchat in person.

Comments (0)

There are no comments posted here yet