Technology Untangled: Some thoughts on email security and encryption

June 15, 2016

technology-bourI recently was asked to email some depositions that the attorneys had designated “confidential.” As a very basic level of security, I decided to simply password protect the PDF attachments. Instructions were included in the body of the email requiring the recipient to phone in and ask for the password in order to open the documents. While not bulletproof, this was at least an attempt to keep the information contained within these documents away from prying eyes and shielded from casual review by those not involved in the case. I was intrigued to notice on my read receipt confirmation that the law office’s email system had added a notice to the header stating “Warning: Message Encrypted.” The simple act of adding a password to a PDF was noticed and flagged. At least the message got through and wasn’t tagged as spam. Some overly aggressive filter systems can occasionally send important emails and attachments straight to spam, encrypted or not.

That got me to thinking about other methods for sending encrypted or protected attachments. Password protection is not as straightforward when dealing with plain TXT documents or JPG images. I downloaded the latest version of WinZip Pro to try it for this purpose. I like WinZip because it allows me to package all relevant documents of various formats into one zip folder and send it as one compressed password-protected attachment. This often helps with keeping attachment file size below the maximum size some email systems impose. A large exhibit photo set, for example, may never be delivered and be bounced back, or simply sent straight to spam. WinZip also allows various strengths of password-protected encryption to safeguard your ZIP files.

One nice extra feature I discovered with WinZip is the ability to add custom watermarks to images and PDFs. This can be useful to deter unauthorized copying of depositions, for example, or to protect intellectual property and add traceability. Date/time stamping can also be included.

Unfortunately, ZIP attachments are also often sent in malicious spam emails. My office has been receiving and filtering out several of these every week for quite a while now. In spite of the worthy and beneficial uses of ZIP files for legitimate purposes, one must constantly be on the lookout. One footer I saw in a law firm email summed it up this way. “Please note that in order to safeguard the integrity of our computer network and our client information, emails containing .ZIP and .EXE files are automatically blocked and quarantined.” The instruction advised to contact the office in advance for instructions before sending a ZIP file.

Because of these computer network security concerns, some companies I work with will not accept emails with ZIP or EXE files (as well as many other file types). In those situations, sometimes an actual disc with files in their native formats must be physically delivered. This is a simple low-tech answer to a high-tech security concern.

Sending ZIP files also adds a level of difficulty because it requires your recipient first to trust you and then go through the process of unzipping it and storing the delivery. There are other alternatives to password protecting your email files and attachments. You can try web-based file sharing services like Microsoft OneDrive, Dropbox Pro or Hightail. With these services, you can email a link to your recipient that allows them to download your file using the password you provide.

Email security is about more than just keeping attachments secure until they reach the intended destination. There is also the concern about who may be looking at the body of your transmissions along the way.

Free email services such as Gmail and Yahoo mail specifically state that they can and will read your email (and attachments) and save it indefinitely as it passes through their systems. Outlook does this also. They analyze your messages for key words and details to add to your marketing profile. Be aware that deleting messages from your end does not ensure thorough deletion from their servers.

StartMail offers a secure alternative for a yearly subscription of $59.95. It was created by the same people behind the secure search engines StartPage and Ixquick. StartMail encrypts your email from end to end. Only you and the person you write to can read your email. StartMail cannot read them, nor can your ISP. Deleted messages are truly gone forever.

Because StartMail is based in Europe, it is not subject to the Patriot Act or other U.S. data collection mandates. It is not even capable of complying with a court order to turn over your emails because the only copies that pass through their system are fully encrypted.

While it is easiest to securely communicate with other StartMail users, it is also possible to send secure emails to others from your StartMail account using a pre-arranged security question process or Pretty Good Privacy and public key encryption protocols. It is not as complicated as it sounds, especially if email security is an important issue for you.

Keep email security in mind, especially when sending sensitive or confidential information. Be aware that unless your communications are fully encrypted, someone may well be watching.•

Stephen Bour (bourtech@iquest.net) is an engineer and legal technology consultant in Indianapolis. His company, the Alliance for Litigation Support Inc., includes Bour Technical Services and Alliance Court Reporting. Areas of service include legal videography, tape analysis, document scanning to CD and courtroom presentation support. The opinions expressed in this column are those of the author.


Recent Articles by Stephen Bour