E-Mail Pitfalls

E-mail has the following vulnerabilities, each of which is discussed in greater detail below:

  • Lack of privacy.
  • Ease of accidental compromise.
  • Transmission of viruses.
  • Inability to ever fully erase.
  • Remote Access
  • Uncertain origin.

Lack of Privacy

Sending e-mail is like sending a postcard through the mail. Just as the mailman and others have an opportunity to read a postcard, network eavesdroppers can read your e-mail as it passes through the Internet from computer to computer. E-mail is transmitted over a public network where you have no right to expect privacy. It is not like a telephone call, where privacy rights are protected by law.

  When you exchange e-mail with a colleague, it may seem like a cozy, private conversation. "Legally and technologically, however, you are as exposed as dummies in a department store window." 1 Classified information must never be sent via e-mail. Sensitive but unclassified information should be encrypted prior to sending by e-mail whenever practical.

Ease of Accidental Compromise

E-mail is so easy to use that it is also easy to thoughtlessly or accidentally send others information they shouldn’t have. E-mail is a frequent source of security compromise. Here are two examples. In the first case, the e-mail writer put classified information into what he mistakenly thought was a private message to a few friends. The second is a situation that often arises in offices that have both classified and unclassified networks.

A few hours after participating in the successful rescue of a F-16 fighter pilot downed in Bosnia, an excited U.S. Air Force pilot sat down at his computer and banged out a first hand account of the mission. He hooked up to the Internet and sent the account by e-mail to Air Force friends at other bases, scooping the media coverage of the rescue. Friends passed it on to their friends until it was seen by thousands of people and posted on an America Online bulletin board accessible to millions. The account contained classified radio frequencies, pilot code names, exact times and weapons loads for the mission, etc. The pilot explained that he had intended the account to be a personal communication to other cleared officers and not for public review, but nothing that goes on the Internet is personal or private. 2

Two problems arise when individuals want to download an  unclassified file from a classified system and then transmit it to a colleague by e-mail on an unclassified system.

  • The first problem, which is very common, is failure to carefully review a file to ensure that it really is unclassified. The classification designation is not always readily apparent on every page of a computer file. Too often, the seemingly unclassified file actually has some classified material or classification markings that are not readily apparent when the file is viewed on line.
  • More important, even if the downloaded file really is unclassified, certain technical procedures are required prior to sending that file by e-mail or on diskette to anyone else. A file downloaded from a classified network may have recoverable traces of classified information. This happens because data is stored in "blocks." If a document does not take up an entire block, the remainder of that block may have recoverable traces of data from other files. (See Security of Hard Drives for further information on this.) Your system administrator must follow an approved technical procedure for removing these traces before the file is treated as unclassified.

One organization had so many violations dealing with downloading and retransmitting unclassified files from its classified system that it found it necessary to lock its computer drives. This means that only the system administrator can download from the classified system. The system administrator processes the material and authorizes transmittal by e-mail as appropriate.

Transmission of Viruses

Mail programs generally allow files to be included as attachments to mail messages. The files that come by mail are files like any other. Any way in which a file can find its way onto a computer is potentially dangerous. If the attached file is only a text message, the risk is limited. If the attached file is a program, an executable script, or a data file which contains a macro, extreme caution should be applied before running it, as this is the means by which many viruses and other types of malicious logic are spread.

One of the more dangerous types of malicious logic spread in this manner is a "Trojan Horse" that allows a remote user to access and control your computer via the Internet without your knowledge. One of these Trojan Horses was originally developed as a means of playing pranks on friends. When installed on another person's computer, you can control that computer via the Internet. For example, you can make the CD-ROM tray on that person's computer pop out repeatedly for no discoverable reason, or reverse the functions of the left and right buttons on the person's mouse. However, you can also read, change, or copy all the person's files without his or her knowledge. This Trojan Horse can be snuck onto someone's computer by burying it in a game program or other executable script sent by e-mail.

Happily, all known versions of this Trojan Horse are caught by any good virus checker. However, about 200 to 300 new viruses are being created each month, so your virus checker is rarely capable of detecting all malicious logic..

Inability to Fully Erase

The seemingly informal and temporary aspect of e-mail encourages people to use it to say things they would never commit to paper. But e-mail is like a cat with nine lives. It keeps coming back. It is almost impossible to eliminate all traces of an e-mail message.

  • Most e-mail messages remain retrievable on your hard drive and the recipient’s hard drive long after you think they have been "deleted," as discussed under Security of Hard Drives.
  • The recipient may have archived the message or transmitted it to others.
  • Computer servers routinely make back-ups of user accounts. One of the top priorities for any computer-system manager is to make sure he or she never loses any important information on the computer network. They archive backup tapes that record everything.

In short, e-mail messages sent years ago may live on in taped storage or on a hard drive beyond the reach of your delete key. You never know when an impulsive or ill-advised e-mail message will come back to haunt you. Three and four-year-old e-mail messages have played key roles as evidence in several high profile court cases.

Remote Access

If you can gain access to your e-mail from afar via the Internet, while traveling, others may be able to do the same thing without your knowledge. An eavesdropper would only have to know the modem phone number and then also know, guess, or be able to crack your password. The vulnerability is similar to that discussed under Voice Mail. See Weak Passwords to learn how easy it is to guess or crack weak passwords.

Uncertain Origin

It is easy to forge an e-mail message so that it appears to come from someone else or from some other location. Incoming e-mail from someone you do not know is always questionable, as the sender may not be who he or she claims to be. For example, a marketing survey that purports to come from a U.S. company may actually originate overseas and be part of a foreign intelligence collection operation. See Obtaining Information under False Pretenses.

Related Topics:  Using the Internet Securely, Viruses and Other "Infections".

1. Eryn Brown, "The Myth of E-Mail Privacy," Fortune, Feb. 3, 1997, p. 66.
2. B. Schulte, "Pilot’s Note Interfaces with Internet," Dayton Daily News, July 15, 1995.