http://www.osopinion.com/perl/story/16306.html
=====================================
By Tim McDonald
www.NewsFactor.com,
Part of the NewsFactor Network
February 13, 2002
The September 11th terrorist strikes in the United States have had a dramatic effect on attitudes toward security. But most people still are not using available tools.
By some estimates, well over 900 million people -- nearly one out of every seven people on Earth -- have access to e-mail. Most of them are, or should be, familiar by now with the saying, "Sending e-mail is like sending a postcard over the Internet."
In other words, most people now realize that what are intended to be personal messages can become public documents on the Web if the sender is careless.
There are e-mail encryption options, including a software program called PGP (Pretty Good Privacy) that is free to use and distribute. So, in this time of heightened awareness about security and privacy issues, why doesn't everyone use it?
"It really boils down to what your take on security is," Mark McArdle of
Network Associates, which offers PGP-related services, told NewsFactor. "A lot of people do get the freeware and download it -- one click, easy-to-use encryption -- and they secure their communications, which certainly isn't national security-related.
"Other people don't have that urgency to protect their e-mail," he said. "They have the mindset, perhaps, of, 'Well, who really cares?'"
Changing Attitudes
The September 11th terrorist strikes in the United States have had a dramatic effect on attitudes toward security.
"It's changing a lot," McArdle said. "September 11th definitely raised that another level of magnitude. People are generally more aware of their environment."
And they are becoming still more aware as electronic communications become more sophisticated.
Instant messaging (IM), for example, is becoming increasingly popular around the globe, and most common IM applications send data through a central server where all communications are recorded and stored.
The data remains on that server until law enforcement authorities request it -- or until someone steals it. There are also network "sniffers" that can help turn IM messages into public domain messages on the Web.
Privacy Tools
There are several simple ways to find services that claim to protect e-mail and IM privacy. The Electronic Privacy Information Center (EPIC) offers an
online guide that shows users how to get PGP and other encryption programs.
Such programs include Ziplip.com, a free service that scrambles, locks and shreds e-mail; SafeMessage, which features encryption and shredding services; HushMail, a Web-based, secure e-mail service; and Ensuredmail.
The EPIC guide also shows users how to download PGP from a variety of sources, including via e-mail: Just send a request to ftp-request@netcom.com with the line "SEND mpj/getpgp.asc."
International versions of PGP released by a programmer named Stale Achumacher of Norway are available at www.pgpi.org.
Naivete a Problem
Still, the majority of e-mail users do not use any type of encryption.
"The average person doesn't understand public key cryptography," Michael Johnson, who maintains an FAQ page on PGP, told NewsFactor.
"Therefore the whole concept of how PGP works is foreign and not at all intuitive until they learn the basics. PGP is not fully integrated into the most popular email clients, although it has some decent plug-ins available for many of them."
And there are other reasons, mostly concerning a level of naivete.
"Most people really don't believe that most of their email will be read by unintended recipients and used against them, or that they will unintentionally misdirect sensitive email to someone. Most people aren't really concerned about authentication as a cure for forgery and identity theft. [But] what you don't know can hurt you. PGP or GnuPG, properly used, can prevent lots of problems."
Harried by Feds
PGP was created in 1991 by a software designer named Philip Zimmerman, who became the center of a three-year federal investigation involving violation of U.S. export regulations.
A grand jury heard evidence for about two years before federal prosecutors dropped the case. The United States lifted export controls on cryptographic software in 1999, when it determined that existing policies were hurting U.S. businesses.
Later versions of PGP have been developed and distributed by the Massachusetts Institute of Technology (MIT), ViaCrypt, PGP Inc. and Network Associates, which bought PGP Inc., the company Zimmerman founded. Today, PGP has become the standard for e-mail encryption, with millions of users globally.
PGP for IM
PGP claims to ensure message privacy for e-mail, file attachments and ICQ instant messaging. It encrypts, decrypts, signs and verifies files for either e-mail or secure storage on a computer. Plug-ins exist for such e-mail programs as Eudora, Outlook, Outlook Express, Netscape Messenger, Mozilla, Lotus Notes, Pegasus Mail and Claris Emailer.
The PGP technology for instant messaging is called PGPicq; the company claims more than 41 million users worldwide.
PGP is legal to use and distribute if certain intellectual property rules are followed, although those wanting to use it commercially must license it from Network Associates.
Zimmerman: 'No Back Doors'
The software's creator does not claim the service is bug-free. "Any PGP version can be cracked, provided the attacker has enough time and resources for the job," the site says, although it adds that cracking the code would be extremely difficult and that most people are safe.
Also, all PGP 5.x and 6.x versions contain features that allow companies to recover messages written by employees. However, these features are optional and, with a few exceptions, must be set in motion by a user.
In addition, the service is the target of intermittent Internet rumors. Zimmerman once had to deny publicly that PGP contained "back doors" for the U.S. government to access plain-text messages or keys.
=====================================
