Section . This protocol has been implemented
Section One: Consider how you can ensureprivate communication With the prevalence of email inday-to-day company life, it is important for businesses to consider ways ofensuring privacy when sending emails; this can be implemented via emailencryption, which will distort the contents of emails so that it cannot be readif it happens to be intercepted during transit. Pretty Good Privacy (PGP) is aprotocol that is implemented by email encryption services and it is used forsigning, encrypting and decrypting emails, texts, and other formats. PGP worksby first compressing the plain texts to add an extra barrier againstcryptanalysis, and then creating a unique session key to securely and quicklyencrypt the plain text into a cipher text 1.Once the data has been encrypted the public key of the recipient will be used toencrypt the session key resulted in another key. This encrypted key along withthe cipher text will be sent to the recipient 1. Uponreceiving this message, the recipient’s private key can be used to decrypt thesession key, which will be used to decrypt the cipher text 1.
This protocol has been implemented by GPG4Browsers, which is an extension for GoogleChrome that is capable of encrypting Gmail messages 7. Companies who wish to use PGP to encrypt theiremails must ensure that both the receiver and the sender are using the same PGPservice. Furthermore, companies can ensureemail privacy by adopting certain easily implementable practices. For example,companies can disable the forwarding messages feature as this will ensure thatthe email contents will remain only with the intended recipients.
2. Althoughthis isn’t an entirely conclusive method preventing these messages from beingsent to unintended recipients, it’s a simple and effective surface-levelsolution to this problem. Additionally, certain email plug-in exists (e.
g.Virtru) that can be used to revoke any message after it has been sent. Thismight be useful for removing another party’s access to sensitive informationafter an extended period or in the event of a contract expiry 2.
Having saidthis, the best methods of protecting email privacy is through email encryption,and thus this should be implemented before any other approach. For many company environments faxeshave been the primary means of securely and privately distributing sensitiveinformation mainly because they are often considered to be a more securecommunication methods than email 4. This is supported by the fact that documentssent by fax are considered legally binding, and the ubiquity of these machines certainlyadds to this argument as it ensures that almost all companies can receive thesemessages 3. Having said this, traditional faxmachines are by no means a secure method of communication due to their usage ofunsecured phone lines, which can still be intercepted by attackers.
The introduction of electronic faxing hasresulted in a much more secure and private means of communication with all theadvantages of traditional faxing; for example, eFax is an electronic faxingservice that enable a user to send a fax through to an email inbox as well asphysical fax machine and it also uses encryption to protect the contents of themessages sent 5. Although electronic faxing services are incredibly expensive, they areessential secure communication mediums for companies that still require use offaxing. Over the years there has beendrastic rise 10 in the usage of instant messaging platforms and many of these platformsare taking great leaps to ensure that they provide the highest level of securecommunication; the popularity of secure messaging apps is continuing to grow,probably as a response to the largescale data collection by massivecorporations. With over one billion users the most popular secure messaging appis WhatsApp, which boasts many messaging features (e.g. GIFS, stickers) andsupports end-to-end encryption enabling private communication. Despite thepopularity of WhatsApp, one should consider using Signal for private companycommunication instead. While Signal doesn’t contain as many messaging featuresas WhatsApp, it is an open-source, regularly appraised and peer reviewedplatform that is more privacy-oriented seeing as it actively tries to keepup-to-date with security threats.
Furthermore, WhatsApp collects meta data(e.g. contact, location and device information) and backs up data includingchat history to a 3rd party cloud service, which can result inpossible data breaches. WhatsApp only recently acquired the end-to-endencryption protocol behind Signal so company employees who wish to securelycommunicate via WhatsApp mush ensure that they have the most recent version 8. Because ofthe many security advancements in messaging apps, companies should pursue thismethod, especially the Signal platform, for communicating outside theworkplace. While the invention of thetelephone is widely considered as the most pivotal communication method everconceived, it has also been observed to lack security and privacy. Bothlandline and mobile telephones make use of circuit switching, where ‘a completeend-to-end circuit is established for each pair of voice and data users anddedicated for the full duration of use’ during the call and is terminated oncethe parties involved in the call decide to hang up 12.
Althoughthis is the best method of switching for making telephone calls, it makes iteasier for hackers to intercept all the data during communication therebyreducing the overall security of this medium. Many mobile phones utilise theGSM network for wireless communication, which only incorporated a ‘moderatelevel of security ’11; for example, GSM uses a weak A5/1 encryptionprotocol and thus, it’s reasonably easy for a skilled hacker to decrypt dataintercepted whilst eavesdropping on calls ’11. Due to these reasons, it would bein the best interests of companies to limit their use of telephones and/orreplace it with another medium. A more secure alternative to landlineand mobile telephones that is being widely adopted in companies is VOIPtechnology, which can be found in popular platforms such as Skype and Googlehangouts. VOIP technology makes use of packet switching, which will break upthe message into several packets, route each packet across the network to thereceiver through different paths, and reassemble each packet to form theoriginal packet at the destination.
Packet switching is a more secure switchingmethod compared to circuit switching because the data is sent across many differentroutes so it is much more difficult to intercept all the data. Additionally,some examples of VOIP (e.g. Skype) uses secure end-to-end encryption 6.to ensurethat any packets intercepted cannot be read.
Finally, many companies arechoosing to use skype and other VOIP technologies because they provide cheaperglobal communication enabling international conference calls. Section Two: Consider how you can ensure anonymouscommunication One way of achieving anonymous communication isthrough remailer software that allows users to send an email while hiding theidentity of the person who sent the email; for example, type II remailersutilise message pooling and padding (see diagram) to attain such anonymity. Although solelyensuring sender anonymity might be enough for some companies, others mayrequire use of type III remailers to completely prevent eavesdroppers fromfinding out any of the parties, including the receiver, involved in theinteraction 9. These type III remailers use the same technology found in the previousremailers alongside specialised servers that prevent users from having to usethe receivers real email address when sending the email 9. While thereare some free type II remailers such as paranoia , they tend to require specialistknowledge to use them effectively; for example, Ultimate privacy is a highlyrecommended paid remailer service that allows users to easily send anonymousmessage and directly control who they appear as 14. This remailer service evenincludes downloadable software that can encrypt and anonymise messages passingthrough it.
Companies that need to send emails anonymously should considerusing ultimate privacy.