Privacy is a fundamental human right, and one that has deep roots in early American history. Colonials were so firm about it, in fact, that it became one of the main pressure points which provoked the Revolutionary War. Once the war was over, the Founding Fathers made sure to protect the people’s right to privacy in the 4th amendment, which states:
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized” – Constitution of The United States of America, Amendment 4
The Founders were interested in protecting their property and papers. And we can only imagine that, had they lived in the 21st century, they would be even more interested in protecting their electronic communications as well. An attempt to protect electronic communications was legislated in 1986 in the United States: the Electronic Communications Privacy Act (ECPA), which has been amended and expanded over the past two decades. It is drastically more modern than the Fourth Amendment, but due to the fact that it predates the internet, it is understandably lacking. When this bill was written, nobody knew the extent to which the use of email would grow, or that it would become a primary form of business communication.
Here are some areas where the ECPA is lacking:
- Government is allowed to investigate emails that are considered “outdated”
- Any email older than 6 months is considered outdated
- Any data stored in the cloud (not just email) is subject to federal investigation without a warrant, given that it also classifies as outdated
- Users aren’t notified when their information is subject to search
The ECPA and the risk that it poses to our privacy must have Paul Revere, John Quincy Adams, and the rest of the Revolutionaries turning in their graves.
The Email Privacy Act (EPA)
A solution to fix the shortcoming in the Electronic Communications Privacy Act is in the works. It is called the Email Privacy Act. The bill is attempting to establish the Supreme Court’s ruling in U.S. v. Warshak as codified law, which upheld that a warrant is required for government to access emails that are stored by cloud service providers such as Google, Microsoft, Dropbox, etc.
The Email Privacy Act recently flew through the House of Representatives in February of 2017, receiving unanimous approval. This isn’t the first time the bill has been proposed, however. It has already failed on two previous occasions, the first time failing to pass the House and the second time unanimously passing the House but failing to pass the senate. It failed in its second run solely because senators tried to change the bill at the last minute in a way which would have been harmful to our privacy. It is hoped that this time around, the bill can become law. This would be a needed step for the United States in greater privacy for email and cloud storage.
Other threats to our privacy exist, in addition to the holes in the ECPA. Identity thieves, hackers, and other criminals exploit weaknesses in passwords or email mailbox security for profit. It is important that we understand this, and that there are significantly higher consequences than we may think with information theft. Here are some threats that an unsecure mailbox could pose:
Identification Information: Your inbox might contain very sensitive information such as your social security number (we highly recommend never sending this information via email) and other information such as your date of birth, height, physical appearance, family members, etc. Piecing all of this information together makes it very easy for an identity thief to pretend to be you.
Financial Information: Bank emails, emails from credit card providers, bank card information, etc., all pose a significant financial threat. If there are enough unprotected financial emails and information in your bank account, there is a significant threat that somebody could make an unauthorized withdrawal from your savings account, or that your credit card could fund their next shopping spree.
Passwords: How many websites require your email for verification when signing up? Once you input it, they send you a verification email that often contains your email and password, for your records. If you use one password for multiple different services, (a practice that we also highly advise against) a hacker could access multiple accounts by obtaining just one password.
To a cyber criminal, finding an unsecured mailbox could mean hitting the motherload.
Besides loopholes in the ECPA (which will hopefully be closed shortly), the privacy of your mailbox is completely up to you. If you take the right measures and install the right protection software, your mailbox will be protected from hackers and criminals. We outlined some preventative measures that you can take in a related blog post here:
Secure Your Business Email
As for enterprise email protection, Micro Focus can help. GWAVA Secure Web Gateway is our antivirus/antispam solution that prevents malware from ever reaching your inbox, or spreading throughout your server. Cyber criminals become more and more crafty each year. They are experts in creating innocent looking emails, with viruses hidden in executable files. These executable files can be hidden in attachments or disguised as links, such as an unsubscribe button. Even the most cautious of users are at risk. This is why it is so important to prevent these messages, before they even enter your mailbox or system!
With GWAVA, you can enable high performance email scanning by threading scan processes asynchronously across all available resources on the server, which prevents dangerous programs from ever infecting your environment and obtaining your sensitive information. The solution also monitors internet traffic to prevent illicit images, as well as defending against DOS/DDOS attacks. All of this is managed from an easy to use, scalable web interface.