| What
|
Digitally Sign and
Encrypt your Documents and eMails
|
| Why
|
Your data can get into the wrong hands
|
| How
|
Encrypting and digital signatures
protects your data for a long, long time
|
| Detailed Information This is not a recent article, but explains some of the reasons we should be practicing this. Why everyone should sign digital documents:
E-mail and electronic documents have become a normal part of today's business. Unfortunately, signing those documents using digital signatures is still relatively rare. Why should everyone sign e-mail and other forms of electronic communication? The problem is that forging messages is ridiculously easy in today's technical environment. Take word-processing documents, for example. The properties sheet can be filled out any way you want; it is simple to enter somebody else's name or somebody else's company in the appropriate fields. Send such a document to a recipient who assumes that the identification of the author must be correct, and you can have a real problem. In a famous case from the 1990s, a secretary at a large firm complained of sexual harassment. As evidence of systematic discrimination, she presented e-mail from the company system showing that her boss had fired her to protect the CEO against her claims of sexual harassment. The e-mail was convincing enough to win a $100,000 settlement from the company. However, a few months later, records of her boss' cellular phone calls strongly suggested that he had not been in the office when the incriminating e-mail had been written. It turned out that the secretary possessed her boss' e-mail account password; she was convicted of perjury for having forged that incriminating message using her boss' e-mail account. One obvious lesson is that absolutely nobody should have anyone else's e-mail account password. If one of your users needs to let someone else read and answer their e-mail, you should arrange for proxy privileges so that the colleague can help without being able to forge e-mail. Another problem that facilitates forgery is the ease with which anyone can forge e-mail headers for Internet delivery. Spammers do this all the time; junk e-mail arrives from countries all over the world - at least, so the headers would fraudulently indicate. Some criminals use easy forgery to cause trouble for their victims; they insert someone else's reply addresses in offensive or annoying e-mail so that recipients effectively mail bomb innocent people. There was a case in Texas a few years ago where a clueless junk mailer called Craig Nowak stupidly used the reply address "flowers.com" in his junk e-mail. As a result, the legitimate firm flowers.com received over 5,000 e-mail messages complaining about the junk. The company's angry CEO Tracy LaQuey Parker sued Nowak and won a $19,000 judgment against him for damage to her company's good name. Until we see authentication integrated into TCP/IP, it will be difficult to prevent criminals from forging e-mail sent through the 'Net. However, with a little effort, it is possible to make life harder for forgers. Wherever possible, everyone should sign their electronic messages using a digital signature. There are many products available that allow every message to be signed so that its integrity and authenticity can be confirmed. Personally, I have used pretty good privacy (PGP) for many years and sign my messages so that anyone can check to see that they are unchanged and really mine. Because I use digital signatures consistently, I could reasonably repudiate any message that is not digitally signed with my PGP private key. I also accept that I will not be able to repudiate authorship of these messages. However, honest people need have no fear of nonrepudiation. As long as I can be sure that no one has compromised the pass phrase that protects my PGP private key, I can be sure that no one will successfully forge communications in my name. There are still problems preventing widespread acceptance of digital signatures. For one thing, most signature software tools do not successfully interoperate with each other. For another, the tools fail to support all e-mail packages.
The USPS Electronic Postmark Service (USPS EPM) allows users to electronically sign and timestamp documents in Microsoft Word. Documents postmarked by the US Postal Service provide evidence-supporting non-repudiation of online transactions with an option to generate a registered receipt as proof of delivery. The USPS EPM detects tampering or altering of electronic data. Available as a downloadable Microsoft Word extension for Office 2000, XP and 2003--the software is FREE at www.uspsepm.com. See details at: https://www.uspsepm.com/crm/main.adate
|
|
| Resources
|
|
|
|
|
