by Jeremy Malcolm
Electronic mail, or email, has existed in one form or another for more than 30 years. However the importance of maintaining security of email transmitted over public networks was not foremost in the minds of those who developed the technology, and this shortcoming has prevailed to the present day. In fact, it has been commonly observed that an email message is more closely analogous to a postcard than a letter, in that its contents can be quite easily intercepted and read by the operators of any network through which the message passes en route from sender to recipient.
Under Australian law, the interception of email, without lawful warrant of an investigating agency, is in most situations prohibited by the Telecommunications (Interception) Act 1979 (Cth). However the protection afforded by this provision of course falls away as soon as an email message traverses Australian borders, which may occur even when email is sent between parties who are both physically located in Australia. In any case, malicious computer hackers are known not to pay much heed to the dictates of the law!
Apart from the danger of interception of email in transit, there are other risks inherent in relying on email as a substitute for traditional paper correspondence. These include the dangers that the contents of an email message will be altered in transit (either intentionally or through mechanical error), that the sender's identity might be forged, or that the sender might, claiming such forgery, falsely deny responsibility for having sent a message.
To circumvent these dangers, a technology called public key cryptography can be employed to improve the security of the exchange of email correspondence. By the correct use of public key cryptographic technologies, four separate benefits may be obtained:
These four objectives are achieved by two processes: signing and encryption. To sign (or digitally sign) a message achieves the second, third and fourth objectives, whereas to encrypt a message achieves the first. Email may, of course, be both signed and encrypted, to achive all four objectives.
In general terms, public key cryptography works with email in the following manner. The sender and the recipient each possess their own computer-generated key pair. It is known as a key pair because it comprises a public key and a private (or secret) key. The public key may be disclosed freely; indeed, before sending encrypted email to each other the sender and recipient must have a copy of the other's public key. The private key must, however, be kept confidential and is never made known to the other party.
The sender of a message who wishes to encrypt it does so by using the recipient's public key. The recipient is the only person who can then decrypt the message, which he does using his private key. Even the sender cannot decrypt the message that he has sent, because the recipient's public key can only be used to encrypt a message, not to decrypt it again.
To digitally sign a message is achieved by a similar process. The sender uses his own private key to sign the message. The recipient can then verify the authenticity of the sender's digital signature using the sender's public key, without the need for the sender to disclose his private key to the recipient at any stage.
Although this process sounds laborious, a number of user-friendly products are available to automate the use of public key cryptoqraphy for the exchange of email. As in the case of home video recording technology, there are only two open standards that are widely implemented by vendors. The VHS of email security systems, so to speak, is Secure MIME (or S/MIME). The Betamax - commonly regarded as a better standard, but less widely deployed - is OpenPGP.
The most important distinction between S/MIME and OpenPGP, apart from differences in technical implementation, is that the former requires each party's public key to be digitally signed by a Certification Authority (or CA). The CA acts as a trusted third party whose responsibility is to make investigation into the identity of an applicant for the issue of a public key signed by that CA.
There is no technical reason why an unsigned public key could not be used, or why a party might not act as their own CA. However, all common email software that supports S/MIME will warn its user not to rely on a key unless it is signed by a recognised CA. By default, only a limited number of CAs, none of them Australian, are recognised by email software commonly in use.
By contrast, the OpenPGP system relies not on a small number of third party corporate CAs to sign the public keys of each party to an exchange of email correspondence, but rather allows those parties to rely on any other person whom they trust to fulfill that role. In this manner, firms of solicitors might choose to rely on the authenticity of any firm's public key that had apparently been signed by the Law Society of WA. It would only then be necessary for each firm to satisfy itself directly of the authenticity of the Law Society's public key.
One of the largest CAs, Thawte Consulting, has developed a system inspired by PGP's so-called "web of trust", which Thawte believes offers the best of both worlds; the procedural rigor of a corporate CA as utilised under the traditional S/MIME system, together with the decentralised trust model of OpenPGP systems.
The way in which this hybrid system works is that Thawte will sign your S/MIME public key on a provisional basis at no charge, but without incorporating your name into the key; in other words without actually making any assertion that you are who you say you are. To add your name to your public key, you must have your identity verified by several other Thawte key holders in your area whose identities have already been verified in like manner. Those who rely on the validity of your key are therefore not being asked to place their trust in Thawte's ability to verify your identity, but in the ability of your peers to do so.
S/MIME digital cryptography is built into many common email clients such as Netscape Messenger, Microsoft Outlook and Microsoft Outlook Express. To begin using this facility, it is first necessary to purchase a signed key from a CA, or to acquire a free but non-personalised signed key from Thawte Consultants. The Web site of the CA will guide you through the process of using your email program to generate the key signature request and to import the signed key into your email program for use in signing, encrypting and verifying digitally-signed emails.
Once this has been done, you can elect to digitally sign and/or encrypt all your email, or to do so on a selective basis. Encryption will only work for those who have their own digital certificates, but anyone using an email program that supports S/MIME will be able to see and verify your digital signature (typically the presence of a valid signature will be indicated by the email program using a "signed" stamp).
The use of programs that implement the OpenPGP protocol for sending and receipt of email is not quite so transparent, because the cryptographic software is not integrated into any popular email software by default. Instead you must use a "plug-in" that sits in between the cryptographic software and your email program, which makes the functions of encryption and authentication of email easier to perform.
Amongst the packages that support the OpenPGP system are PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard) . Of these, PGP is the easiest to integrate with common email clients for Microsoft Windows. It includes plug-ins for Microsoft Outlook, Outlook Express, Eudora and Lotus Notes. Plug-ins are separately available for other email clients such as Netscape Messenger and Pegasus Mail.
All of these work in a similar way: when digitally signing a message the sender is prompted to enter a passphrase to unlock their private key, whereupon the digital signature is generated and applied to the message. When encrypting a message, the sender is prompted to choose from a "key ring" (or address book) the recipients for whom the message is to be encrypted. If the sender does not already have the recipient's public key (which is required to encrypt a message to them) this must first be obtained. Many public keys are available for download over the Internet from directories known as "key servers", although keys downloaded from such servers should be checked for authenticity - for example with a telephone call to verify their unique code known as a "key fingerprint" - unless there are known authentic signatures from third parties attached to that key.
Public key cryptography is already in use within many law firms in Perth, perhaps unbeknownst to some of them, as the Australian Tax Office uses a system based on this technology for the on-line submission of Business Activity Statements. There is however surprisingly little evidence of the use of digital signature crytography in the exchange of email within legal practice in Western Australia.
This is despite the quite widespread use of Internet email for communications with clients and other practitioners, and despite the exacting responsibilities that practitioners assume to protect the confidentiality of such communications. It is unlikely that the mere presence of a confidentiality disclaimer at the foot of an email message will sufficiently discharge a practitioner's obligations in this regard, but in the writer's view the employment of public key cryptography is far more likely to do so.
The measures described in this article, which range in cost from inexpensive to free, are within the capacity even of small firms and sole practitioners to adopt, and with the use of appropriate software they are now simpler to employ than ever before. It is the writer's view that the widespread adoption of public key cryptography within the profession would be to its considerable benefit and