Binary Business

Email is convenient, fast, and ubiquitous. In most cases it is the perfect tool for writing to colleagues and associates. A couple issues remain. There is that pesky canned meat problem (SPAM) and then there is the security problem. Imagine the postman reading every bit of your mail before it gets delivered. Due to the way that email crosses the Internet, it is possible to intercept email, read it, alter it and even respond to it pretending to be recipient. This of course has significant repercussions for businesses such as law firms where confidentiality and integrity are essential. Quite a gloomy picture, however you can relax, there is a solution. First let's take a look at how we got here.

It started as many computer technologies have, a toy for the computer experts. Over time it grew in popularity as the convenience that it provides grew in popularity. Eventually it became a staple of everyday business. The technology in question is email. For many people email has become an indispensable part of our every day lives. Only one thing has been lacking, security. The open nature of the Internet also has drawbacks. Unless precautions are taken the information that traverses the Internet can be intercepted and read by anyone who has the sophistication required to master the tools of the Internet. As the number of Internet users increases so too does the number of users who possess the skills to eavesdrop on the information moving across the Internet. For this reason email has not been considered a safe and reliable delivery method for information that must remain confidential. Ensuring that the author of the email is actually who it appears to be was also problematic.

Realizing the shortcomings of email, a solution to these problems was developed by Phil Zimmerman. His software was called PGP, which stands for Pretty Good Privacy. This software used a system of encryption keys to allow email users to encrypt their email and provided a method for digitally signing email. These two functions provide the ability to prevent anyone other than the intended recipient from reading the email and allow the writer to sign the email with a digital signature, which can only be created by his computer. For lawyers, financial workers, health care workers and others for whom the privacy of information must be maintained, PGP allows computer users to take advantage of all of the conveniences of email while also being confident that their email has not been tampered with.

The answer to these email problems is a comprehensive encryption system. Encryption is a very complex topic, depending upon a lot of high-level math. In the interest of not boring you to death we will skip over most of the details spare one, the encryption is strong enough that not even the NSA can break it. In essence PGP works by splitting the encryption method into two interlocking pieces. Envision a puzzle made of two pieces that is unique for every user. The two parts are known as your public key and your private key. As you might imagine your public key is the one that you give out to everyone. Your private key remains on your computer and is not given to anyone else. When someone wishes to send you an encrypted message that only you can decipher they encrypt this message using your public key. The only way to decrypt the message is by using your own private key, which only you have. Public keys can be distributed by regular email, a download from a website or any other method that you can think of to move a file from one place to another. Additionally public key servers exist at places such as MIT, which automate the process of locating public keys. The second important function of PGP is the ability to digitally sign a file. Signing a message ensures that the message came from you and also that the text has not been altered again utilizing your public and private keys.

There are a couple of different applications that provide PGP functionality. The first is PGP from the PGP corporation (www.pgp.com) and the version that we use at Binary Business, GnuPG (www.gnupg.org). PGP is the more user friendly of the two but is somewhat expensive depending upon the software package you select. GnuPG is free but takes a little effort to get working. However considerable efforts have been made to allieviate this difficulty. A pre-built Mac version is available (www.macgpg.sourceforge.net) that installs just like any other application and Windows users can download a pre-built version from here.