> Whilst I don't intend to get into a shouting match on an issue which is
> probably only of borderline interest to the readership of this list, I think
> this is somewhat misleading. No ISP which has a direct connection to all
> other ISPs worldwide.
I would certainly wish to avoid a shouting match, but if anything is
misleading it is the implication that thousands of people are likely
to read email.
At the risk of straying from data protection issues further it should
be pointed out that the vast majority of ISPs do have actual internet
access and can send email direct to most other ISPs. Furthermore,
given hop count limits and the number of internal servers in large
organisations the number of diferent organisations' relays that email
passes through tends to be fairly limited.
> There will thus be a number of relaying servers, as I
> suggested in my original posting. Each of these will have a number (which
> may be large) of administrative staff who can access email passing through.
In most cases this will be relatively few people in practice.
> Whilst I acknowledge that in the general course of events email is only
> resident on these servers for a short while, there is absolutely nothing to
> stop it being intercepted, copied to be read at leisure, edited, forwarded
> to other person(s) etc. etc.
The sheer volume of traffic combined with the transitory existence of
the data is the main barrier. Furthermore implementation of
security procedures and the type of access given to most who access the system
tends to make this unlikely.
The main risk of interception is if organisations put specific filters
in place to intercept traffic, which is more likely at source or
destination than in transit. However, if such organisations were to
act unscrupulously with regard to privacy of communications, this
weakness does not only apply to email but all forms of communication.
> Many of these activities will be completely
> undetectable by the original sender or recipient. There are also other
> weaknesses in the delivery mechanism of email which are beyond the scope of
> this list.
Theer are even more shortcomings with regular mail.
> The age-old analogy of a postcard is still relevant. A postcard will go from
> the initial post-box or out-tray, through a number of sorting offices,
> eventually (hopefully) to be delivered to its final recipient. The
> possibility exists of someone at any stage of delivery (a) stealing it, (b)
> photocopying it, (c) altering it, etc.
The insecurity of information on postcards is certainly not in dispute and
letters can suffer the same set of problems as very few are sent with
tamper proof seals.
The relevance to this list is that of relative security of various
methods of communication. Dumping one method for a less or equally
insecure, albeit older, method makes no sense at all.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|