I don’t think it matters which political side you lean to, we can all be saddened by the affects of South Carolina Governor Mark Sanford’s actions on his family. Having lived in SC just about all of my life I’m deeply upset by what he’s done to the image of South Carolina around the nation and the world. I don’t intend to delve into the personal or political fallout of Sanford’s revelation yesterday but there could be some email security implications worth exploring.
We know that The State newspaper in Columbia has had email purportedly between Governor Sanford and this Argentinian woman since as early as December of last year. The paper says that it did not publish the story because there was no way to corroborate the authenticity of the messages. While there are many important specifics we don’t know, The State says it was sent the emails “from the governor’s personal e-mail account by an anonymous person.”
Given this revelation, its easy to see why The State held the story. Let’s take a look at a couple of email basics:
- An email is just like a letter in the sense that you can write whatever you want on the return address and there is no way to determine if that information has any relation to the real sender. (Yes, we do have some newer options to help like SPF and domain keys but they aren’t foolproof and you have to be in control of the receiving server to use these tools).
- Sending a regular email message is just like sending a postcard. If anyone at the post office (or in this case any person in control of any router at any ISP that the data stream is routed through) wants to flip it over and read the back, they can.
- If you have truly sensitive information, it should be encrypted using TLS or another email encryption technology.
- Even if you encrypt a message, if someone has username and password access to your email client they’re going to be able to read your mail.
Now, lets pick our story back up. If The State was sent these messages by an anonymous person, the authenticity of the messages would be no more reliable than the credibility of the person producing them as he or she could have easily forged the information and created them out of thin air. So, it seems reasonable for The State to have sat on the story with no other corroborating data.
But, how did they get Gov. Sanford’s email messages in the first place? By “personal email account” we’re going to have to assume this was not an email account under control of the SC State Government since all of those messages would be subject to archiving and state disclosure requirements as well as under the control of an IT administration department. We assume the Governor must have known this and was using some other email account.
Given this assumption we have to conclude that the ‘anonymous’ person was either 1) a rouge admin at an ISP (seems highly unlikely) or 2) someone with close personal knowledge of the situation that had access to Governor Sanford’s email. I’ll have to leave that with you to ponder until we know more about ‘anonymous’. In the mean time, here are a few email security tips to safeguard the content of your email:
- Always use TLS encryption on your email server. If you don’t host your own, be sure your provider uses TLS to transmit your messages across the Internet.
- If you connect to your email server using a web client, make sure you use a secure connection such as SSL (look for the ‘https’ in the address bar of your browser)
- If you connect with a client such as Outlook make sure you are using a secure connection as well.
And finally,
- Whatever you do, don’t use “password”, “pass” or your username as your password. Create a password that is a combination of numbers, letters and symbols.
No related posts.
{ 3 comments… read them below or add one }
Great points, David! It’s amazing how complex something “simple” like email can be. I’m glad I have you guys to worry about issues like this for me so I can focus on things that I actually _know_ something about.
David, you bring up a number of good points, particularly about the inherently insecure nature of email. As you say, there’s a lot to learn in the Governor Sanford story.
Unfortunately, the security tips you recommend simply don’t apply in this case. Don’t get me wrong, they’re certainly good advice. However, users must understand that SSL/TLS is not a panacea. It only protects the emails while in transit and does nothing to secure it while at rest — either at an ISP or within your mail client.
A rogue administrator at an ISP could still read and divulge the information, even if TLS had been used. Email at the ISP would be stored in the clear, then (perhaps) re-transmitted over a secure wire…where it would be delivered to the destination, again in the clear.
Which means that if the second scenario occurred, a user with access to Sanford’s email inbox could still have accessed the information. Even if the inbox was protected with a username/password, innumerable utilities can be found online to bypass this protection on most mail clients.
The only solution that truly addresses the problem is email encryption — that is, encrypt the data, not just the pipe that carries it. This would protect against both scenarios you mention: neither the rogue admin, nor the “trusted” friend would be able to open the email.
Today, email encryption is very easy to use. The company I work for, PGP Corporation, specializes in making the process easier than ever (am I passionate on the topic because I work there, or do I work there because I’m passionate about it? Hard to say). But even without extra software, most mail clients offer message encryption built right in.
Given the pervasiveness of email interception and inspection, combined with the increasing value (personal and commercial) of the information contained in email, isn’t it time email encryption became the rule, instead of the exception?
And, as more services move into the cloud, or hosted environments, these issues will only increase. As the industry evolves, security needs to be baked into the data, not added on to the pipe.
Bryan, you’re right about TLS and SSL only encrypting the transmission, however this is a huge step in the right direction. Right now the vast majority of email is flying around the Internet, Cell, Data and Wireless networks (including hotels, airports and other public places) totally in the clear. By encrypting the transmission you eliminate a large population of sniffers either wired or wireless and reduce the potential culprits to a very small identifiable minority. It’s also a very easy step that users can take which doesn’t require any additional technological skill set on their part.
The voracity of internal security among email hosting organizations differs, I’m sure, by organization but at least in our case, we know that it would be easier for someone to break into a user’s home and crack their laptop than a rouge employee to open a customer’s email. While we still don’t know how The State obtained these messages, we can be fairly assured that were they obtained illegally by an ISP employee this person will be looking at criminal charges just as the college student that hacked Sarah Palin’s email account a few months back.
Don’t get me wrong, desktop-to-desktop encryption with a solution like PGP is good. But it takes a level of user sophistication and coordination generally not found in the populace. And, in the end, if the leak comes from someone with personal access to the local system it doesn’t matter how the messages are encrypted, they’ll be read.