ad info

 
CNN.com  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
 
 

 
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

U.S.

POLITICS

LAW

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*
 
CNN Websites
Networks image


Should you encode your e-mail?

Industry Standard

June 16, 2000
Web posted at: 8:57 a.m. EDT (1257 GMT)

(IDG) -- Determined to succeed where others have failed, Hush Communications President Jon Gilliam is announcing this week a free e-mail encryption system for consumers. The question is, do consumers care?

For the past two years, Hush has been creating encryption software so powerful that the firm was forced to shift development to an office on Anguilla, British West Indies, to avoid the U.S. government's restrictions on export of strong encryption. So far, 210,000 people have used the 1,024-bit encryption via Hush's Web site at www.hushmail.com. Now, the company is offering HushPOP (post office protocol), a Java-based downloadable version that will let people encrypt messages using their own e-mail program.

  MESSAGE BOARD
 
  ALSO
 

Personal encryption hasn't taken off, experts say, because consumers don't think it's worth the trouble. "The real need for privacy hasn't been demonstrated yet for consumer-to-consumer [e-mail]," says Jonathan Penn, a senior industry analyst at Giga Information Group.

Many free e-mail programs are targeting consumers, including 1on1mail, LokMail, PrivacyX.com and ZixMail. But the industry's longtime darling has been Pretty Good Privacy, which nearly landed creator Phil Zimmermann in jail for violating export regulations. PGP, which Zimmermann sold to Network Associates in 1997, now boasts about 7 million users. Most of them, however, are "die-hard Phil fans and encryption gurus," says Allison Taylor, PGP director of product marketing for Network Associates.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  The Standard.com
  TechInformer: The Thinking Internaut's Guide to the Tech Industry
  Your own secret code, Mac style
  Disappearing e-mail finally appears
  Reviews & in-depth info at IDG.net
  E-BusinessWorld
  Industry Standard email newsletters
  Questions about computers? Let IDG.net's editors help you
  Industry Standard daily Media Grok
  Search IDG.net in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

"Most people don't care about encrypting their e-mail," says Bruce Schneier, author of Applied Cryptography and CTO at Counterpane Internet Security. "You lock your front door now because you care. Your grandparents didn't."

Gilliam demurs, maintaining that if encryption were easier to use it would attract a critical mass of people. "Ever tried to use PGP?" he asks. "It's just too much for the average user."

Indeed, a 1998 study by Carnegie-Mellon found that two-thirds of study subjects failed when given 90 minutes to send a message with PGP. The study concluded that PGP 5.0 was "not efficiently usable to provide effective security for most users."

PGP users must exchange their public keys (used to encrypt messages) with each other via e-mail attachments, or use the software to look them up on a key server. To ensure they are sending to the desired recipients, users must verify each others' "fingerprint," or unique 16- to 24-digit number, over the phone or in person. With Hush, the public key is exchanged automatically by the company's servers.

Unlike PGP, which stores private keys (used to decrypt messages) on users' machines, Hush's private keys are stored on the company servers. When users want to access encrypted mail, they enter a password, and the private key is automatically downloaded.

Acknowledging that PGP's user interface could be simplified, Zimmermann says it's still a more private form of communication than HushPOP. "In PGP you get to choose who you trust to sign the keys," he says. "Hushmail signs the keys. That might make things easy, but it also means you have to trust Hushmail."

Is there a profitable business model in free encrypted e-mail? Network Associates maintains the free version of PGP but makes money off a corporate version with more features.

Gilliam expects to move in the same direction, and plans to offer a corporate version. "Corporations will love it," he says -- begging the question of whether we'll all one day be sending out encoded e-mail.




RELATED STORIES:
Concern over U.K. e-mail surveillance bill grows
June 13, 2000
Flaw found in PGP 5.0
May 29, 2000
Security experts say hackers have the edge
May 11, 2000
Ireland to lower encryption export restrictions
April 17, 2000
Survey finds encryption rules loosening worldwide
April 5, 2000

RELATED IDG.net STORIES:
Cryptography advances into the future
Javaworld
Your own secret code, Mac style
Macworld
Why the Feds fight encryption
PC World
Privacy advocates hail crypto ruling
Computerworld
Security flaw found in PGP 5.0
Computerworld
Disappearing e-mail finally appears
PC World
Know your company's monitoring policy
Network World Fusion
Concern over U.K. e-mail surveillance bill grows
IDG.net

RELATED SITES:
Hushmail home page
Counterpane Internet Security
"Applied Cryptography" at Amazon.com
Network Associates home page

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.