Email Insecurity Analogy
I have struggled in the past to explain to non-technical people the importance of not sending anything of a sensitive nature over email. In this post I will endeavor to provide a poignant analogy that all of the non-technical people I know can relate to.
The Set Up
Imagine if you will, that instead of a centrally controlled, government operated, postal system, we had a postal system that companies owned.
Some companies would specialize in home delivery of postal mail; other companies would specialize in providing postal mail for other companies. Some companies would specialize in sending postal mail from city to city.
Each company would be responsible for paying for their own costs of setting up and maintaining their postal system.
If a company wanted to become part of this postal system they would only need to connect to another company and they could send and receive postal mail.
The Technology
In order to speed up delivery of postal mail, the companies would put in a pneumatic tube system so that they could send messages quickly to other companies.
Because different companies may have unreliable postal systems each company must make a copy of each postal mail piece that comes through the system just in case they need to re-send the postal mail. To facilitate this all postal mail is on postcards.
Each company has several pneumatic tubes connected to different companies. That way if a particular company is getting too much postal mail, it can be routed to a company that has less traffic.
Engineers came up with a way to help speed up the process even further, they created machines that can automatically copy and send the original out another pneumatic tube that will put the message closer to its destination. These machines automatically send the copies to an archive room in case they are needed to resend the postal mail.
The Security Problem
Because each company is responsible for the cost of setting up and maintenance of their own postal mail system, the security they can provide varies greatly.
One company may have armed guards and iris scans to validate the people who enter both the archive room and the postal mail system room. Other companies may only have enough money to pay for a tent to hold their archive and postal mail system rooms.
One company might shred all postal mail copies every day, others might wait months to shred.
Some criminals may opt to break into the archive rooms of companies and steal all of the copies of the postcards.
Because there is no verification of companies, criminals can set up their own postal mail systems and connect them to other businesses. As long as they do not abuse the postal mail system by sending out lots of junk mail, they can go undetected by other companies. They can then copy postal mail at will and use what they see for their own gain.
Some engineering types of criminals would also seek out legitimate companies that have small budgets for security, they would go into the copier room under false pretenses and modify the copiers to not only copy the mail and send it to the archive room, but make a second copy and send it to them.
Other criminals (or government officials) would know where the pneumatic tubes are located as they go through the cities and would drill small holes in the pneumatic tubes and set up cameras to automatically take pictures (make copies) of messages as they went past.
Because each company has its own postal mail system, and each system is connected to several other companies’ systems, it is impossible for you to tell which company’s postal mail system your postcard will go through. So you cannot tell if your postcard will be copied by criminals or by government agencies.
Conclusion
While this is not an exact analogy to the way email works, it is a close approximation. You cannot tell if your email will get copied and put in the hands of criminals, even up to two years after it is sent. Sensitive information like passwords, credit card information, etc. should never be sent over unencrypted email.
