Wednesday, April 28, 1999 Published at 17:24 GMT 18:24 UK
Who's reading your e-mail?
By BBC News Online's Jonathan Duffy
The fate of Michael Simmonds is a timely reminder that when it comes to sending a top secret message, you can do a lot better than e-mail.
Mr Simmonds quit his job as the Conservative Party's director of membership after leaking a draft document which set out the opposition's break with its Thatcherite past.
Computer experts exposed him after scouring the hard drives of senior staff at the party's headquarters in Smith Square. Faced with concrete evidence, the Tory activist took it on the chin, and resigned.
It will be cold comfort to Mr Simmonds, but he is not the first to have been caught out this way. When it comes to trusting e-mail Oliver North, Bill Gates and Monica Lewinsky have all come a cropper.
And Bill Gates, who - one might think - should have known better, came to eat his words after saying in 1994 "our e-mail is completely secure". Almost five years later, during the Microsoft anti-trust trial, he claimed not to remember asking in e-mail: "Do we have a clear plan ... to undermine Sun?"
Police officer Laurence Powell, implicated in the 1991 beating of Rodney King, is another who found his electronic missive came back to haunt him. Those exact words were: "Oops, I haven't beaten anyone this bad in a long time."
Andy Mulholland, of the computer services consultancy Cap Gemini, calls it a "cultural problem". Like the telephone and postal service before, people have yet to the realise the full risks of e-mail communication.
"If you were going to write a sensitive note to the chief executive of your employer would you put it in an 'internal mail' envelope, with the flap folded and not sealed, and then leave it at the end of the room to be picked up?
"One of several things could go wrong," says Mr Mulholland, summoning forth scenarios involving nosey colleagues, post room mishaps, wrong delivery or the note dropping out of the envelope.
"In an equivalent way, all of these things can happen with e-mail." Considering that more than 10 million people in Britain used the Internet in 1998, it starts to look like a potentially big problem.
Using a web-based e-mail account is certainly a much safer way of sending sensitive messages if you don't want your employer to find out.
Encryption is another answer. But only five to 10% of all electronic messages sent over the Internet are encrypted.
Checks in place?
The weak-link is the e-mail server. While most big companies and Internet service providers will build in checks and balances to stop a system administrator dipping in willy-nilly to read confidential mails, this is less likely in smaller businesses.
"You can buy a server from the local PC company, install it in the office quite easily. But you forget that [the system administrator] has actually got the 'key'."
Software can also threaten confidentiality, and not just for small companies. The UK government was left a little red-faced earlier this week when an extensive test into its e-mail sites threw up some worrying results.
The five-month test by NTA Monitor revealed possible confidentiality problems among almost half the government's 345 e-mail servers. The reason - outdated software.
It sounds alarming, says NTA security services manager Deri Jones, but is actually on a par with online security surveys in the commercial sector.
The trouble with old software is that hackers know its flaws and can play on them to crash a system or access confidential e-mail messages.
"Some of the more organised hacking communities are keeping an eye out for these things and go and target sites that are using the old programmes. In some cases they could actually take control of a mail server and then delve in to read e-mails."
It all sounds highly technical, but when it comes to tightening security, e-mailers should first guard against human error, says Andy Mulholland.
"The most regular way people get caught out is by their own fault - mistakenly sending copies, or not addressing their mails correctly or simply hitting the wrong key and sending a copy when they don't mean to."