This morning I heard about thousands of Sarah Palin's emails being used in a new book, and her discontent over the matter. This once again set me thinking about the misnomer "email" and all the icons and preconceived ideas we live with.
Warning to the technically inclined - I am oversimplifying here, but you are welcome to read the actual spec for the message format RFC2822 or SMTP protocol RFC2821 for a more detailed overview.
Lets first look at mail, not email. We have a sender, and a recipient. If they are located in the same country, normally only one carrier is involved (that country's postal service) that takes responsibility for the delivery. If the sender and recipient are in different countries, there would normally be only two carriers involved - the sender's carrier, and the recipient's carrier, with a single handover. Both the sender and the receiver normally know exactly which carriers are involved. If the mail is in an envelope, tampering or interception is detectable by the recipient, unless expertly done (and such tampering or interception is normally prohibited by law, with rather strict penalties). It is almost impossible to do a bulk intercept, and in general you have a reasonable expectation of privacy.
In the electronic world, we have the rather unfortunate case of email, where the name suggests an electronic version of the manual process (RFC2822 even refers to an envelope and contents), which seems to imply that all (or most) of the assumptions for mail still holds for email.
In actual fact, and I think this is what is missed by most people, there is no "envelope" in email that wraps the "message" and protects it from prying eyes. In this aspect, calling email epostcards would have been more appropriate, as the message is clearly visible to anyone handling it, without leaving any traces, regardless of the expertise (or lack thereof) of the interceptor...
Even worse, there can be many carriers involved, and it is normally not possible to predict which ones will be involved. This allows for bulk interception and tampering by anyone on the mail path. This gives email its resilience, since the sender's carrier and recipient's carrier do not have to be directly connected, and the failure of any nodes on the path would normally not prevent delivery (the wonders of TCP/IP...)
There are also generally no laws protecting email with anything even close to the rigor of normal mail. Deleting an email is also not equivalent to burning a normal piece of mail, as quite a few copies would still be floating around...
In short then, expect very little privacy in your email communications, and if you need more, use PGP.
In fact, I think this blog is being read by fewer people than my email :-)
(And yes, I know that this is not how Sarah Palin's emails came to light. At least not this time.)
No comments:
Post a Comment