http://www.smh.com.au/news/0002/03/bizcom/bizcom07.html [also on NYT with cypherpunks29753/writecode I guess. Several systems reviewed in cryptogram a little while ago get mainstream attention.] Hush is now hot in the mail game E-COMMERCE by BOB TEDESCHI Microsoft would not be proud to admit it but the software behemoth has done more to spur the growth of the e-mail security industry in the past two years than perhaps any other company. Businessmen blanched at the notion that Bill Gates, of all people, could be forced to answer questions in court about e-mail messages that he had sent years before, supposedly in confidence. Meanwhile, consumers took note last summer when hackers broke into Microsoft's Hotmail site and made public some highly embarrassing personal correspondence of its users. Of course, Microsoft was not the first to encounter e-mail security issues but its experiences pointed out the extreme vulnerability of this type of communication. The common analogy among industry executives and analysts is that e-mail is as secure as a postcard but even that may be giving e-mail too much credit. When a message is sent, it can make a dozen or more stops along the Internet as it travels to the recipient's desktop. At each of those stops it is typically copied, with the duplicate message stored on a server, the technological engine that runs any Internet operation. Once a duplicate e-mail message is stored, it is subject to security breaches or mishandling by the employees of the company or organisation that operates the server. Furthermore, the courts can force Internet service providers to retrieve messages if they are deemed relevant to a case. More menacing than the courts, many employees have found, are the system administrators hired by corporations to screen offensive or sensitive e-mail in the workplace. The creativity of hackers and corporate sleuths in their e-mail surveillance, however, has been matched in recent months by services meant to make e-mail as private as a confessional booth. "This is becoming a very big category," said Steven Robins, an analyst with the Yankee Group, a technology consulting firm. "As more and more business goes on to the Internet, people want the same safeguards as they get in any other medium." According to Forrester Research, the number of e-mail messages sent per day in the United States will grow to 1.5 billion by 2002. Among the first to see opportunity in this category was Tumbleweed Communications, which was founded in 1993 and went public last year. Tumbleweed's technology allows a user to send e-mail and inform recipients that they have received a document or a message that has been encrypted and stored on the sender's server computer. When a recipient clicks on a link inside the e-mail message, they are sent to that server site, where the encrypted document can be viewed or retrieved from a secure Web page to which the recipient alone has access. Tumbleweed "is the leader right now", says Alan Weintraub, research director of GartnerGroup, a consulting firm. "But they won't be alone for long. There's a lot of activity in this space." Some of that activity focuses on other ways to secure and control e-mail. For instance, the e-mail security company QVtech has developed Interosa, a service whose technology enables a user to send an e-mail message and control several aspects of how it is used, including to whom it can be forwarded and whether or not it can be printed, edited or copied. Notably, the message can be erased from the Interosa server after a certain date, the digital equivalent of paper shredding. After a user types the e-mail message, they can set the rules for how it can be used. The message is then encrypted before it is sent. When the recipient clicks on the e-mail message to open it, a message travels from the user's desktop to a Web site using Interosa's technology, which then verifies the recipient's identity and decrypts the message. According to a company spokesman, QVtech is trying to sell Interosa to companies such as Mail.com and MessageMedia, which handle e-mail direct marketing on behalf of Yahoo and Etrade, among others, companies that want to be able to track whether and how their mailings are handled by the intended recipients. QVtech had not completed agreements with such companies, the spokesman said, but the it intended to charge about a penny for each e-mail message sent using its technology. Authentica, which sells document security software, said it would release an e-mail security product in April that would compete with Interosa and others. Lance Urbas, Authentica's chief executive, said the service could be particularly valuable for companies that wanted to send valuable or sensitive documents via e-mail without worrying that customers might forward them to colleagues. "We have a consulting firm that issued a report on a Friday and by midday Monday the author of the report had gotten a dozen calls about statements in the report from people who hadn't purchased it," Urbas said. "Reports like that cost a lot. That's the kind of thing we'll prevent." Businesses are not the only target of so-called secure e-mail companies, of course. According to Jon Gilliam, president of Hush Communications USA, consumers have already begun to migrate toward secure e-mail services, with nearly 150,000 users having signed up for Hushmail since May. As is the case with Hotmail, Hushmail requires the user to visit the site to read and send mail. The difference, Gilliam says, is that even Hushmail employees cannot open the e-mail messages stored on its server - not only because they are encrypted on the server but because the key that unscrambles the messages is tied to a pass phrase that only the user knows. "We don't even know the pass phrase. If someone forgets their pass phrase, we can't help them," Gilliam said. Likewise, he said, "if we get a subpoena like we did today for e-mail records, we have to give the courts an encrypted message. There's nothing we can do about it." The New York Times ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
