- The fate of Michael Simmonds is a timely
reminder that when it comes to sending a top secret message, you can do
a lot better than e-mail.
- Mr Simmonds quit his job as the Conservative
Party's director of membership after leaking a draft document which set
out the opposition's break with its Thatcherite past.
- Computer experts exposed him after scouring
the hard drives of senior staff at the party's headquarters in Smith Square.
Faced with concrete evidence, the Tory activist took it on the chin, and
- It will be cold comfort to Mr Simmonds,
but he is not the first to have been caught out this way. When it comes
to trusting e-mail Oliver North, Bill Gates and Monica Lewinsky have all
come a cropper.
- In the mid-1980s, the Tower Commission
used back-up files of Colonel Oliver North's e-mail to chronicle the Iran-Contra
scandal. Last year, Monica Lewinksy's e-mails to her once trusted confidante
Linda Tripp found their way into the Starr Report.
- And Bill Gates, who - one might think
- should have known better, came to eat his words after saying in 1994
"our e-mail is completely secure". Almost five years later, during
the Microsoft anti-trust trial, he claimed not to remember asking in e-mail:
"Do we have a clear plan ... to undermine Sun?"
- Police officer Laurence Powell, implicated
in the 1991 beating of Rodney King, is another who found his electronic
missive came back to haunt him. Those exact words were: "Oops, I haven't
beaten anyone this bad in a long time."
- Andy Mulholland, of the computer services
consultancy Cap Gemini, calls it a "cultural problem". Like the
telephone and postal service before, people have yet to the realise the
full risks of e-mail communication.
- He recalls the notorious "Squidgygate"
tape, which alerted mobile phone users to the technology's limitations
in the early days. The 1989 recording, of a conversation between the late
Diana, Princess of Wales and bachelor James Gilbey, was made by a third
party listening in.
- "If you were going to write a sensitive
note to the chief executive of your employer would you put it in an 'internal
mail' envelope, with the flap folded and not sealed, and then leave it
at the end of the room to be picked up?
- "One of several things could go
wrong," says Mr Mulholland, summoning forth scenarios involving nosey
colleagues, post room mishaps, wrong delivery or the note dropping out
of the envelope.
- "In an equivalent way, all of these
things can happen with e-mail." Considering that more than 10 million
people in Britain used the Internet in 1998, it starts to look like a potentially
- Using a web-based e-mail account is certainly
a much safer way of sending sensitive messages if you don't want your employer
to find out.
- Encryption is another answer. But only
five to 10% of all electronic messages sent over the Internet are encrypted.
- Checks in place?
- The weak-link is the e-mail server. While
most big companies and Internet service providers will build in checks
and balances to stop a system administrator dipping in willy-nilly to read
confidential mails, this is less likely in smaller businesses.
- Although these measures have been available
for a long while, they have only become important recently, as people have
begun to use e-mail for personal communication, says Mr Mulholland.
- "You can buy a server from the local
PC company, install it in the office quite easily. But you forget that
[the system administrator] has actually got the 'key'."
- Software can also threaten confidentiality,
and not just for small companies. The UK government was left a little red-faced
earlier this week when an extensive test into its e-mail sites threw up
some worrying results.
- Software flaws
- The five-month test by NTA Monitor revealed
possible confidentiality problems among almost half the government's 345
e-mail servers. The reason - outdated software.
- It sounds alarming, says NTA security
services manager Deri Jones, but is actually on a par with online security
surveys in the commercial sector.
- The trouble with old software is that
hackers know its flaws and can play on them to crash a system or access
confidential e-mail messages.
- "Some of the more organised hacking
communities are keeping an eye out for these things and go and target sites
that are using the old programmes. In some cases they could actually take
control of a mail server and then delve in to read e-mails."
- It all sounds highly technical, but when
it comes to tightening security, e-mailers should first guard against human
error, says Andy Mulholland.
- "The most regular way people get
caught out is by their own fault - mistakenly sending copies, or not addressing
their mails correctly or simply hitting the wrong key and sending a copy
when they don't mean to."