Using Secure Email & Digital Signatures
Many businesses have a policy to include a lamentable disclaimer at the bottom of every email they send:
This e-mail and its attachments are confidential and intended solely for the addressees. If you are not the intended recipient of this message, then please delete it and notify the sender. Since the integrity of this message cannot be guaranteed on the Internet, Example, Inc. cannot be considered responsible for its content.
The reason I say this is lamentable is that ensuring the confidentiality of message and the authentication of its sender requires very little effort. All you need to start sending secure emails (S/MIME) is a regular email client such as Thunderbird and a digital certificate.
Several certification authorities (CA) give personal email certificates for free. Thawte has scheme that allows accredited individuals to check your identity so that your full name can be included in your digital certificate. From this point you'll be able to digitally sign all your emails; thus allowing your correspondants to:
- trust that a message was really sent by you and not someone pretending to be you
- verify that a message hasn't been changed by a third party, and therefore that its content can be trusted
In order to ensure the confidentiality of messages, you will additionally need that all recipients also own a digital certificate, so that messages can be encrypted.
Digitally signed emails are accepted as legally binding in the US and many countries in Europe.
Comments
The texts giving legal force to digital signatures are in the US the Electronic Signatures In Global and National Commerce Act (E-SIGN Act), and in Europe the
EU Directive 1999/93/EC.
Posted by: John | October 18, 2006 03:42 AM