Wednesday, July 6, 2011

Burn after reading

I received an unencrypted email yesterday which had in the title "CONFIDENTIAL AND PRIVATE". It also had instructions that if I were to print out its PDF attachment, I must shred it immediately after reading it.

Clearly we Computer Scientists are doing a bad job with public outreach here. So, hey, chance to educate.

Email is hardly ever secure. I say 'hardly ever' because it is possible to encrypt email, and it is also possible to send email on secure, closed networks, free from the pull of the internet sea.

But most of the average email your average person is sending is being sent in the clear, unencrypted. This is a lot like walking down the street holding a big sign with the contents of your email. Which is recorded by a camera. And a lot of people can watch the video at any point in the future. Also, the video is archived in a library 4ever*.

The metaphor of a paper postal letter may have made sense about 15-20 years ago, but it's no longer valid. A letter sent by physical mail is much harder for lots and lots of people to read, unless someone tampers with the mail, makes a photocopy, etc. It also had ephemerality - you really could burn it after reading.

I pretty much operate under the assumption that any determined person can read my email and all unencrypted files on my computer. I also assume any emails I send could end up being forwarded to others, printed out, or posted on some blog somewhere.  Err on the side of caution, and all.

(*) Ok, except a library is a bad metaphor because it's not necessarily easy for people to find this video. (aka. "security through obscurity"). Nor is it necessarily around for ever, but it could be.