Security, E-Mail and Blogs
“The question isn’t ‘Am I paranoid?’, but ‘Am I paranoid enough?'”
Ever heard that before? If you’ve dealt with computer security, it should be your damn mantra. But, too, if you just use the internet to send e-mail or blog, you should think about it. Why? Well, are you sure that all your e-mail is safe? And, do you know who reads your blog? If you wouldn’t want to say something in front of your mother or child, you might not want to put it up for the entire world to see. Also, did you know you can get fired for blogging? Yep, not only is there the famous Heather at dooce.com, but also the Delta Airlines incident and there’s this story on Register.com about two, unrelated incidents of people being fired for blogging. It’s even gone so far that Blogger has guidelines on “how not to get fired because of your blog“.
But, back to e-mail. I can remember on many occasions rebuilding e-mail files so that we could find out who sent what to whom and when they sent it. At least one time, I had to rebuild an entire e-mail server and system to replicate data that was taken by a U.S. Government agent. (No, not the IRS, thankfully, just the FBI and EPA. The IRS agents are really tough, from what I hear, when it comes to data collection.) Oh, but don’t think that simply deleting the mail is enough. No, siree, there are plenty of ways to get that back. For one thing, many internet enabled systems have a cache that can be poked and prodded back into a mail database. Or, perhaps someone forgot to delete their sent mail. Sometimes that’s even better because it will capture not only the outgoing mail, but part of the e-mail to which the “target” is replying. That’s two birds with one stone, there! Oh, and don’t think that a wireless device will protect you either. According to this story on Slashdot, even the messages sent Blackberry-to-Blackberry can be retrieved by your employer.
Of course, this works in reverse, as well. I often send copies of my work e-mail to my home account so that I have “backup” in case something goes tragically wrong with the work e-mail, I still have a copy to print out and present to a nice judge. Never know when that’s going to come in handy. Believe me, I’ve seen strange stuff when it comes to lawyers and e-mail. Don’t forget, I’ve worked through at least two sales and one bankruptcy. Trust me on this one, it’s nice to know you have proof of what you promised people!
And, if you want something to “vanish” you’d best get to know all about any purge functions you have available to you or look into getting a PGP-based “eraser”. Better yet, if you plan on defrauding the Federal Government, don’t talk about it in an e-mail to anyone. Hell, just don’t talk about it at all. Better yet, just be honest and pay your taxes like the rest of us.
Remember, in the end, the best thing is to just not do anything that you’d get fined for or do time for later. Barring that, don’t make a damn record of it where some vengeful prick might get their hands on it. And, above all, be careful who you cross. (Yeah, this is the sort of thing I think about on airplanes and sitting in hotels after working on new servers all day long. It is my entire life these days.)
Advice from your Uncle Jim:
"People may doubt what you say, but they believe what you do."
Wow dude. I’m glad your my FRIEND. I’d hate to have you on the opposite side of the courtroom from me. Does that mean you save all my posts? Good thing I never mentioned that night in Rio …oops!
Can you delete..er, purge that??
Comment by POL — 1/26/2005 @ 9:01 am
Hey, Dad is from the South Side of Chicago, where their motto is “CYA”. Also, I refer you back to the “Cream Puff” post for further insight into my upbringing. I’m a cream puff, but I do my best to be the toughest bastard in the Valley. Of course, that often means being willing to risk, and lose, everything. Sort of samurai-esque, isn’t it? BANZAI!
Comment by Network Geek — 1/26/2005 @ 11:18 am