• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

R.K. Raghavan

E-mail is a wonderful but much abused tool of communication. Some dos and don'ts of security and propriety worth following.

We take e-mail for granted, but it is a truly wonderful medium. It's flexible, automatable, asynchronous and fast. — Mike Elgan, Editor, Windows Magazine (June 1999)

TELL me honestly, how many of you can stay away from accessing your e-mail account for longer than a day?

As for me, I can't. I'm an addict beyond cure. I feel as if the whole world has come to an end if I can't get into my mail box once every hour. I am sure there are millions who are as obsessed as I am, and there is no remedy for this obsession, except to go on browsing!

E-mail is an amazing facility that comes almost free. But we tend to abuse it, employing it for a variety of chores, some vital, some of no consequence at all.

If we reflect for a moment on the content of all the messages that we send each day, we may be amused at the futility of it all!

Seldom do we so reflect, or exercise any restraint in our mailing activity. If some uncertainties have crept into this remarkable and one of the most reliable tools that human ingenuity has ever conceived, they are directly traceable to our avarice and thoughtlessness.

The ease with which our e-mail goes through to the recipient lulls us often into a false sense of security. As a result, we convey through cyberspace the most confidential of information, personal as well as that which pertains to the organisation we work for.

We don't stop with this. Sometimes we use language — both against bosses and `friends' — that we would not use in conversation.

All because we mistakenly think mail is purely a two-way communication between the sender and the receiver. That is, no one else can peep in.

Nothing can be farther from the truth. Believe it or not, an e-mail is as secure and confidential as the contents of a postcard!

This is no exaggeration because each mail is processed by a number of servers en route until it reaches the addressee.

Anyone who has something to gain by snooping needs only to plant a sniffer in the path of a message. This facilitates easy copying of messages passing through a system and its delivery to the mischief-monger.

So, next time you want to use language that is offensive, make sure it is not defamatory or disrespectful to the addressee or a third person.

Right now, there are no doubt grey areas with regard to defamation over cyberspace, especially when your e-mail is addressed only to an individual or to a closed group. There can be divergent interpretations as to whether sending such an e-mail is tantamount to publication.

My feeling, however, is that even if the Indian cyber law does not directly deal with defamation — which is a serious lacuna in the Information Technology Act 2000 — it is a question of time before the judiciary intervenes to protect a victim who receives defamatory mail but has no recourse except going to court.Even if the long arm of the law does not catch up with you, your own organisation can take exception to rude and provocative mail and initiate disciplinary action. This is where we need to spend a minute or two on organisations' e-mail policy.

While some private companies do not believe in putting in place a corporate e-mail policy, it is a rare IT organisation that does not have a policy these days that regulates the content and tenor of mail.

First, there is a definite requirement that what you convey does not breach the confidentiality clause of your agreement with your employers.

When caught, you cannot get away with saying you did not know that a particular piece of information in your mail was protected. Just as in private life you cannot claim ignorance of law as an excuse, in your official setting too, you do not have the privilege.

The best formula is: When in doubt, seek clarification from your supervisor.

I know of many young IT professionals erring on this, and paying dearly with their career.

Also, many are incensed that their mail has been read by someone in the organisation, in violation of the basic canons of privacy, and therefore they think in terms of suing the latter.

Nothing can be more preposterous. Organisations reserve the right to eavesdrop into e-mail traffic in their official systems, and often put it down as part of the contract of employment. Effectively, this would mean that your interaction with the rest of the world through your office computer system is not secure and protected, and that as far as possible, you use it only for your official business.

This is as far as your code of conduct is concerned. The second half of the battle concerns how best to ward off the aggressive designs of the `underworld' of cyberspace.

Yes, for every legitimate user of the space, there are hundreds prowling around to make a quick buck through illegal intrusions. It is not as if they are personally known to you and nurse a grievance against you. They are total strangers looking for opportunities to earn money by destroying your reputation or your organisation's. The less vicious of these individuals distract you by flooding your inbox with unsolicited mail.

`Spamming' is a favourite `pastime.' According to MessageLabs, which provides managed e-mail services, nearly 70 per cent of all e-mail that flits across cyberspace can be justifiably called `spam'.

Sending spam had innocuous overtones, to start with. More recently, however, it has become a vehicle to unleash viruses. Worse, there is `convergence' of spam and viruses. This poses serious threats to your system.

According to a security intelligence report by MessageLabs for the first half of 2004, this `convergence' is growing because of the assessment of some criminal elements that merely unleashing spam is not profitable. It is much more lucrative to use spam as the medium to spread viruses and inflict losses on corporations at the behest of interested elements.

This is one strong reason why you should not open mail from a total stranger. It is equally advisable not to open an attachment to a mail that seems dubious. You will be throwing caution to the winds if you do not heed these basic principles of e-mail security. The same holds good for maintaining the confidentiality of your password. Sharing your password with another, however close he may be to you, could prove disastrous.

`Phishing' — where a bogus Web site is created to resemble a genuine one — is another form of crime that is easily perpetrated by misusing the medium of e-mail. The spurious Web site lures you into surrendering purely private data such as the user name and password connected to a bank account, and the net result is a cleaning up of what is to your credit.

Barclays Bank was a target sometime ago. Many of its clients were taken for a ride. The bank had to issue a detailed advisory to clients on protecting themselves against scam e-mails.

Again, recently, a Brazilian bank with online banking facility was defrauded by an 18-member gang that stole huge sums of money using a Trojan horse virus sent to millions of computers through e-mail.

Microsoft was another victim early this year of scamsters urging its customers, through e-mail, to download a security tool from a particular Web site.

Enquiries traced the Web site to one hosted from Romania. Once an unwary Microsoft customer accessed the Web site, an MS IE Helper Object (BHO DLL) automatically got installed on his machine. Investigation revealed that the BHO was nothing but spyware. This is the consequence of lack of attention on the part of Microsoft customers who knew that Microsoft normally did not send information on security updates through e-mail.

A final word of caution to those who would still like to use e-mail for negative communication, just for the thrill of settling scores with an adversary. If you imagine you will go unidentified, you are mistaken. It is always possible to track you down through your office's Systems Administrator or the Internet Service Provider (ISP).

You may get away with it just once or twice in case you are operating from a cyber café that has a sizeable clientele and poor record-keeping. If you make it a pattern, the odds are against your being able to hide your identity.

If you are not influenced by cyber ethics, the risk of being hauled up by the authorities should at least deter you from sending an anonymous mail that is either indecent or offensive!

The author is a former Director of the Central Bureau of Investigation and is Adviser to TCS Ltd.

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
What's the good word?

Copyright © 2005, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line