Vulnerabilites Online - RonaldMah

Ronald Mah, M.A., Ph.D.
Licensed Marriage & Family Therapist,
Consultant/Trainer/Author
Go to content

Main menu:

Therapy-Counseling
Vulnerabilities and Limitations of Online Communication and Encrypted E-mail

Current online communication is not confidential. Normal e-mail and other online communication is vulnerable to hackers. Normal e-mail parsed by Information Technology (IT) corporations and government for collection and sales of personal and business information. Confidential online information/records and communication vulnerable to unsanctioned access by internal personnel of IT corporations. Encrypted e-mail is cumbersome to set up and limited in utility.


Vulnerabilities for Users of Online Communication
Current use of ANY e-mail online for communication between users, including professional and client is NOT confidential communication. This includes those hosted by popular free services such as gmail.com (Google), Yahoo, and so forth.

Video conferencing including services such as Skype or FaceTime used by professionals for online consultation, counseling, or therapy is NOT confidential communication.

Fax communication has transitioned largely to the digital data network. Thus, fax communication is no longer secure as when faxes were connected using copper-to-copper wires. Using fax, unless both ends are encrypted fax machines, is NOT confidential communication.

Systematic Parsing of Information by IT Companies
Common e-mail messages are sent in open from through the data network comprising of many business entities. The messages are parsed into multiple parts and transmitted separately to as-available servers all over the Internet. This happens repeatedly until the pieces of information are gathered again in the e-mail endpoint servers that finally delivers the message to the recipient's inbox. Every step of transmission and re-transmission is vulnerable to being accessed by a multitude of entities, not to mention individual hackers. Although, these entities may include well-known information technology corporations, none of these business entities are part of the legal “business associates” ecosystem, for example required by HIPAA to sign a contract stipulating confidential practices for handling information. Each corporation run their own business practices and security/backup procedures.

Through such open methods described, information technology businesses now systematically analyze and collect personal and business information from e-mail and other online communication such as social media for sale to interested companies for marketing and other purposes. Domestic and foreign governmental programs may also analyze and collect information for various purposes. Hypothetically, frequent or periodic e-mail communication (even limited to scheduling) between a client and professional such as a psychotherapist known to specialize in sexual addiction therapy may be collected and analyzed for inferences about the client and/or the psychotherapist.
Internal Vulnerabilities Within IT Companies
Information technology businesses also may have internal vulnerabilities within their infrastructure that business personnel may use to access and collect confidential information. In other words, while information technology business may be arguably secure from outside hacking, information can be pirated by company employees. "The ASIS (American Society for Industrial Security) survey confirmed what information security experts have been saying for years: The single greatest threat to corporate intellectual property is trusted insiders--current and former employees, temps, onsite contractors, consultants, partners and suppliers. (Denning, D. E., Who's Stealing Your Information? ). "…in a …survey of 2,000 employees, 23 percent admitted to having accessed or taken confidential data from their workplace, with one in ten stating that they do it regularly," (Employees admit to accessing or stealing private company information, Help Net Security, . Such information breaches may be then used for private use or possibly for illicit activity.

Besides more technologically sophisticated techniques, documents can be downloaded onto external hard drives and thumb drives or using e-mail by a staff person such as an engineer with access to company information.

53 percent of respondents downloaded information onto a CD or DVD,

42 percent onto a USB drive and 38 percent sent attachments to a personal e-mail account.

79 percent of respondents took data without an employer’s permission.

82 percent of respondents said their employers did not perform an audit or review of paper or electronic documents before the respondent left his/her job.

24 percent of respondents had access to their employer’s computer system or network after their departure from the company. (More Than Half of Ex-Employees Admit to Stealing Company Data According to New Study).
Limitations of Encrypted E-mail
The available technology (aside from PrivateTree's innovative encryption-secured technology) most often recommended- encrypted e-mail is technologically challenging, burdensome or impractical. It is also expensive for many or most individuals including individual practitioners and small agencies, and also significantly limited for utility in comparison to the technology offered by PrivateTree.

Encrypted e-mail using asymmetric encryption requires an individual to install a security program (software) on his or her computer to establish a "public key." When another person with whom confidential communication is desired, then can send a message using what is called a "public key" from his or her computer. This creates the specific identifying information and passwords. Upon reception, the first individual uses a "private key" to access the message. This is only one-way confidential communication to the originator of the public key. Symmetric encryption or "single-key" or "private key encryption" shares a single key between sender and receiver based on an agreed shared password. This process of collaboration and coordination creates only a one-to-one confidential connection. The process has to be repeated for each additional person the original person wishes to connect confidentially with. This creates significant pragmatic time-consuming coordination burdens. For information about encrypted e-mail visit the following sites:
ADDRESS:
433 Estudillo Ave., #305
San Leandro, CA 94577-4915
Ronald Mah, M.A., Ph.D.
Licensed Marriage & Family Therapist, MFT32136
CONTACT INFORMATION:
phone: (510) 614-5641
fax: (510) 889-6553
Back to content | Back to main menu