|low graphics version | feedback | help|
|You are in: Sci/Tech|
Friday, 1 June, 2001, 14:30 GMT 15:30 UK
Warning over e-mail snooping
By BBC News Online technology correspondent Mark Ward
European citizens are being warned that encryption is no panacea against the tapping of electronic communications.
This week the European parliament recommended that citizens and companies adopt encryption to protect their messages from the Echelon electronic eavesdropping system.
Others fear that because encryption software can be tricky to use many citizens will be put off using it.
This week saw the publication of a long-awaited European Commission report on the Echelon electronic eavesdropping network.
The report confirmed the existence of the network, which is operated by intelligence services in US, UK, Canada, Australia and New Zealand, and revealed that it had the ability to routinely tap phone calls and faxes as well as almost any type of net-based communication.
The report recommended that citizens and businesses routinely use encryption technologies to scramble electronic messages to ensure that if Echelon captures them it will be unable to decipher them.
"You should not get a false sense of security by using encryption," said Caspar Bowden, director of internet thinktank the Foundation for Information Policy Research, "but that's not a reason not to use it routinely."
Mr Bowden said encrypting e-mails will confound Echelon-like surveillance in which intelligence services casually trawl through datastreams looking for "suspicious" activity or messages containing key words.
Although encryption scrambles the contents of a message, it does nothing to hide who it is being sent to, so intelligence agencies can still track who is communicating with whom.
But, he said, it is unlikely to protect people if they attract the undivided attention of intelligence services because they would be able to exploit vulnerabilities in the software on a machine despatching e-mail messages.
Mr Bowden said that many software packages that do protect e-mail messages are hard to use for people who are unfamiliar with computers.
Last year two US researchers from Carnegie Mellon University asked 12 test subjects to try to send an encrypted e-mail message using PGP 5.0 - one of the most popular encryption programs available.
Of the 12 subjects who underwent the 90 minute test, three failed to properly encrypt the message they were sending, seven used the wrong keys to encrypt it and one was unable to work out how to send the message at all. All those taking part were college undergraduates and very familiar with e-mail.
The test subjects struggled because they did not fully understand how the encryption system of PGP works. It uses a technique known as public key cryptography to scramble messages.
Public key encryption uses two keys to scramble and decipher messages. One key is known as a public key and is widely distributed; the other, the private key, is held securely by an individual.
Messages are protected by scrambling them with the public key of the person you are sending a message to. Mathematics ensures that only the private key held by the person you are mailing can decrypt the message.
But the Carnegie Mellon researchers said this concept proved tricky for their subjects to grasp. They concluded: "It does not make public-key encryption of electronic mail manageable for average computer users."
Mr Bowden said changes to e-mail and Web software were likely to make it easier for people to use encryption and stop their online activity being tracked routinely.
"It's only a year since cryptography export controls on US software were eased," he said. "So software designers are at an early stage of integrating encryption seamlessly."
Certainly the number of secure software packages and web-based systems that attempt to make encryption easier to use are increasing. Now citizens can use websites like Groove.net, that lets people collaborate securely over the web, and Hushmail that routinely encrypts mail messages.
However, British citizens should be aware that the controversial Regulation of Investigatory Powers (RIP) Act gives law enforcement agencies the right to demand decryption keys from anyone, and it imposes prison sentences on those that refuse to hand them over.
The RIP Act also forbids people, under threat of prison, from telling anyone that they have been asked to hand over their key. In at least two reports legal experts have condemned these decryption powers as a breach of human rights.
29 May 01 | Europe
E-mail users warned over spy network
29 May 01 | Sci/Tech
Q&A: What you need to know about Echelon
11 May 01 | Europe
EU investigators 'snubbed' in US
08 Mar 00 | UK
Big Brother delves into your inbox
22 Feb 00 | Washington 2000
Encryption for all
05 Mar 99 | E-conomy
What is encryption?
18 Apr 01 | Sci/Tech
Cybercops arrest online liberty
The BBC is not responsible for the content of external internet sites
Top Sci/Tech stories now:
Links to more Sci/Tech stories are at the foot of the page.
Links to more Sci/Tech stories
|^^ Back to top
News Front Page | World | UK | UK Politics | Business | Sci/Tech | Health | Education | Entertainment | Talking Point | In Depth | AudioVideo
To BBC Sport>> | To BBC Weather>>
© MMIII | News Sources | Privacy