Email Piracy, Email Privacy?

    August 28, 2000

How much sensitive information do you send via email? Email piracy is usually not a major issue for small businesses online. If only because there’s not enough *money* at stake for expensive industrial espionage and undercutting by competitors who beat you to the punch in launching a new idea because they worked out how to intercept your emails to a business partner.

I have signed fairly high-level Non-Disclosure Agreements and faxed them over non-secured phone lines and discussed them via email as we negotiate terms or propose changes to sensitive parts of a contract. I have discussed important decisions by email and brainstormed new ideas for incredible new internet businesses with start-up firms risking their financial future on an idea. Just a delicate idea, that if stolen, could mean financial ruin for a few individuals.

But nobody I’ve ever dealt with has even once expressed any concern that their email could be intercepted and read by a third party while in transit across the web. It’s possible but improbable that corporate spies or simply your neighbors twelve-year-old may be able to access your email as it zips across the span of the back yard phone line past his bedroom window, via those little copper wires.

Well unless you are a criminal, a spy, or a brilliant scientist with a billion dollar idea – it’s not likely you’ll care if any of your email communications are intercepted in transit online. But if you do have reason to keep your communications private, say sensitive company information meant for clients eyes only or a letter of resignation for your boss or even that private conversation with a friend or lover, sit up and pay attention.

There is a simple, if time-consuming way to have your email encrypted for privacy and signed for authenticity that is rarely used. You might consider going through the process of applying for a digital certificate for your email client.

This is a multi-step process done online through one of several cerificate authorities or an email privacy service, such as one called ( ). If you use them, you are announcing to the world that your email is private, since you become “username@p…” It seems a bit incongruous but does make a statement.

In the case of the PrivacyX service, you are applying for what amounts to an email service, either paid, or free in this case. You can arrange to open this account directly with PrivacyX and direct all your private email through *their* service via your own Internet Service Provider’s email network.

PrivacyX collects little personal information and claims that your email is secure from any prying eyes in transit since it is encrypted and cannot be read unless the recipient has a copy of your “Public Key” as it is referred to. Your Digital Certificate that is saved by your email software to identify you to those you *want* to have receive and then un-encrypt your new, private emails.

They have a rather long process to put you through with two tutorials which show you how to set up either Explorer or NetScape to accept their “root certificate”. This digital certificate identifies you as the *owner* of the PrivacyX account and allows your emails to be encrypted by your email software. Be prepared for anywhere between a half-hour to an hour to set this up for your new account.

Then you establish passwords and save a copy of your new certificate to removable disks so that you can keep a backup to be able to access your own mail should your computer ever crash or the information in your software become corrupted.

You can also do nearly the same process with either of several certificate issuing authorities online. Two related companies that offer these certificates are Verisign and Thawte, which is owned by Verisign, (go figure) at and at . The Verisign version costs $14.95 yearly and the Thawte version is free, with the ability to upgrade to a paid version they call the “Web of Trust”.

Both of these certificate issuing authorities offer the same long process of setting up your account and send you emails to verify your address before providing usernames and passwords to access and “install” your new certificate. With both of these options you keep your own email address and use the Digital Certificate to encrypt and sign email.

When you apply for the Thawte certificate, you will have to swallow a big “trust-me” pill as they require extensive information about you, including social security number or driver license number along with five (yes, I said FIVE!) reminder clues to retrieve your password should you ever forget or misplace it. The application process offers some very long, if occassionally humorous text in the instructions and warns you sternly to “WRITE DOWN YOUR PASSWORD AND REMEMBER IT” or it will be very difficult to retrieve.

So if you’re just in the habit of telling embarrassing personal secrets or gossiping to friends and family, it’s probably not worth the effort and energy to encrypt and sign your emails. But if you are doing serious business online and need to email sensitive contracts, non- discolosure agreements or million dollar ideas, consider applying for PrivacyX email or a digital certificate.

The digital signature allows you to assert that you *are* who you say you are via email and encrypt your messages so they can’t be read if intercepted by prying eyes or even nosy neighbors. Maybe you just want to be certain that it is your mother you are talking to and not a houseguest that signed on to the web on her computer and downloaded her email. The passwords and encryption take a few extra minutes and if you are using netscape, you’ll have to go through an additional step to set up another user profile.

There is also the option of being sweet and innocent with nothing to hide! 😉

Mike Banks Valentine operates SEOptimism, Offering SEO training of
in-house content managers
as well as the Small Business Ecommerce Tutorial at and blogs about SEO at
where this article appears with live links to SMO stories, buttons, blog posts and examples.