Saturday, August 21, 2010

Why you need to self-destruct your email

Email, SMS and IM are the psychological equivalent of a voice conversation.

People often forget, however, that a text message or an email conversation is stored online in many different servers and can be replayed many years later, even without the authorization of any of the parties, and likely with undesired consequences.

The Internet "cloud", with webmail and more online processing services, just increases the privacy risks. According to a 2010 survey commissioned by Microsoft, 90 percent of the general population and senior business leaders are concerned about the privacy and security of their personal data in the cloud.

Your data privacy rights also vary in online versus local use (e.g., on an individual's USB token, or hard drive in the home or office), as well as "in transit" versus stored. Anyone familiar with the privacy limitations of current laws written in the pre-Internet era, such as the 1986 U.S. Electronic Communications Privacy Act, knows that the individual's legal rights to privacy and protection from unreasonable search are starkly reduced for information stored online. Data that individuals store online, in cloud computing services such as webmail, receives a much lower level of privacy protection than data "in transit" or stored locally.

Therefore, even though email may be the legal equivalent of a written conversation, email is mostly not legally protected online. That's one important reason to limit email liability. Other reasons include preventing harassment, coercion, blackmail, or just plain embarrassment.

But, how? An email message may live in many clients, servers, and repositories, some of which may be covert and unreachable by you and your ISP.

Surprisingly as it may seem, you can actually eliminate the disclosure risk of email by properly setting your email to self-destruct. This includes a combination of technical and legal measures, as done by secure email Zmail provided by ZSentry.

This is how it works.

ZSentry encrypts and self-destructs (expires, with no action on your part) your webmail, email, SMS or IM message, so that the intended recipients are allowed to read it only within its retention time, and neither you nor the recipients are responsible or liable for destroying it after it expires.

The command to expire is clearly noted and also provided with US and international legal support by notifying the reader that the message is copyrighted and that the sender only allows reading during its retention time. Therefore, if someone wants for example to take a picture of the message, then using that picture after the expiration could be considered a breach of copyright and illegal circumvention of protection. While the first motivation is to reduce exposure, the second is to provide a legal recourse in case of exposure.

After expiration there is no risk, as keys are deleted and any physical copy is therefore erased and not recoverable. Because self-destruct happens after a point in time that was known beforehand by all parties, claims of intentional destruction should be void.

What about before expiration? With ZSentry, you can request a Return Receipt so that any attempt to breach access security of your zmail is immediately logged and traced, and you can be notified as well by a Return Receipt that is sent to you with full access information including Who, Where, When, and How.

More information at How Zmail Works