E-mail privacy

The Internet is an expansive network of computers, much of which is unprotected against malicious attacks. From the time it's composed to the time it's read, e-mail travels along this unprotected Internet, perpetually exposed to electronic dangers.

Many users believe that e-mail privacy is inherent and guaranteed, psychologically equating it with postal mail. While e-mail is indeed conventionally secured by a password system, the one layer of protection is not secure, and generally insufficient to guarantee appreciable security.

Businesses are increasingly relying on electronic mail to correspond with clients and colleagues. As more sensitive information is transferred online, the need for e-mail privacy becomes more pressing.

Need for E-mail privacy
The Internet is an expansive network of computers, much of which is unprotected against malicious attacks. From the time it's composed to the time it's read, e-mail travels along this unprotected Internet, perpetually exposed to electronic dangers.

Many users believe that e-mail privacy is inherent and guaranteed, psychologically equating it with postal mail. While e-mail is indeed conventionally secured by a password system, the one layer of protection is not secure, and generally insufficient to guarantee appreciable security.

Businesses are increasingly relying on electronic mail to correspond with clients and colleagues. As more sensitive information is transferred online, the need for e-mail privacy becomes more pressing.

Risks to user
Because e-mail connects through many routers and mail servers on its way to the recipient, it is inherently vulnerable to both physical and virtual eavesdropping. Current industry standards do not place emphasis on security; information is transferred in plain text, and mail servers regularly conduct unprotected backups of e-mail that passes through. In effect, every e-mail leaves a digital papertrail in its wake that can be easily inspected months or years later.

The e-mail can be read by any cracker who gains access to an inadequately protected router. Some security professionals argue that e-mail traffic is protected from such "casual" attack by security through obscurity - arguing that the vast numbers of e-mails make it difficult for an individual cracker to find, much less to exploit, any particular e-mail. Others argue that with the increasing power of personal computers and the increasing sophistication and availability of data-mining software, such protections are at best temporary.

Intelligence agencies, using intelligent software, can screen the contents of e-mail with relative ease. Although these methods have been decried by civil rights activists as an invasion of privacy, agencies such as the U.S. Federal Bureau of Investigation conduct screening operations regularly within the bounds of the law.

ISPs and mail service providers may also compromise e-mail privacy because of commercial pressure. Many online e-mail providers, such as Yahoo! Mail or Google's Gmail, display context-sensitive advertisements depending on what the user is reading. While the system is automated and typically protected from outside intrusion, industry leaders have expressed concern over such data mining.

The receivers of e-mail can compromise e-mail privacy by indiscrimate forwarding of e-mail. This can reveal contact information (like e-mail addresses, full names, and phone numbers), internal use only information (like building locations, corporate structure, and extension numbers), and confidential information (trade secrets and planning).

In the United States and some other countries lacking secrecy of correspondence laws, e-mail exchanges sent over company computers are considered company property and are thus accessible by management. Employees in such jurisdictions are often explicitly advised that they may have no expectation of a right to privacy for messages sent or received over company equipment. This can become a privacy issue if employee and management expectations are mismatched.

http://en.wikipedia.org/wiki/E-mail_privacy