Confidentiality of email

TheMSsForum.com: The Microsoft Software Forum

We are a social service agency which does work for various funders. One of
our funders now wants us to transmit our client data to them via email. I'm
worried about the confidentiality issues...how real are my concerns? I
always understood that email is NOT secure. We have a firewall,
virus/spyware aps, etc., and the funder who wants this info is a county
agency, but I'm still not convinced. We don't have an internal email
system...we have a number of email address through our ISP (DSL). Should I
refuse to send the data that way, or document their request and put the
responsibility on them? We still feel an obligation to our clients to keep
their information secure. Any advice would be appreciated!
Top

Re: Confidentiality of email by Malke

Malke
Thu Jun 23 08:26:06 CDT 2005

Susan wrote:

> We are a social service agency which does work for various funders.
> One of
> our funders now wants us to transmit our client data to them via
> email. I'm
> worried about the confidentiality issues...how real are my concerns?
> I
> always understood that email is NOT secure. We have a firewall,
> virus/spyware aps, etc., and the funder who wants this info is a
> county
> agency, but I'm still not convinced. We don't have an internal email
> system...we have a number of email address through our ISP (DSL).
> Should I refuse to send the data that way, or document their request
> and put the responsibility on them? We still feel an obligation to our
> clients to keep
> their information secure. Any advice would be appreciated!

You should absolutely refuse to send anything in email that you wouldn't
want total strangers to see. Now, most certainly you can set up
encryption with which to send email, but I'm not talking about PGP
signing or anything that would "come with" your operating system. If a
corporation has a need for secure communication between (for ex.) their
employees while out of the office and the home office, there are
companies that specialize in this. See Checkpoint, for instance.
However, I don't think this is really applicable in your case.

Your gut instincts are excellent and you should go with them. Anything
you send out in regular email is like putting it on a postcard through
Snail Mail.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Top

Re: Confidentiality of email by Roger

Roger
Thu Jun 23 08:34:00 CDT 2005

I am not a legal professional, nor have more than a passing awareness
of just which regulations apply to the involved information, but from
my understanding as it is I would say you are right, and that there is
no way that you should be lured into exchanging information in that
manner. The only way that would make some sense is if they have
provided you with method and a key of theirs with which you would
first encrypt the information and then send this as an attachment which
(in theory) only they could obtain unencrypted.

Question: If they are that unaware of the risks of their requested
exchange methods, what confidence do you have in their handling
or guarding of the client data once they have received it?

--
Roger Abell
Microsoft MVP (Windows Security)

"Susan" <Susan@discussions.microsoft.com> wrote in message
news:914CA619-DE30-449A-A32A-4E807D707ED2@microsoft.com...
> We are a social service agency which does work for various funders. One
of
> our funders now wants us to transmit our client data to them via email.
I'm
> worried about the confidentiality issues...how real are my concerns? I
> always understood that email is NOT secure. We have a firewall,
> virus/spyware aps, etc., and the funder who wants this info is a county
> agency, but I'm still not convinced. We don't have an internal email
> system...we have a number of email address through our ISP (DSL). Should
I
> refuse to send the data that way, or document their request and put the
> responsibility on them? We still feel an obligation to our clients to keep
> their information secure. Any advice would be appreciated!


Top

RE: Confidentiality of email by Susan

Susan
Thu Jun 23 09:02:04 CDT 2005

Thanks you both for your..as usual...excellent advice. I'll pass your
information on to our CEO and let HIM take it up with the county!

"Susan" wrote:

> We are a social service agency which does work for various funders. One of
> our funders now wants us to transmit our client data to them via email. I'm
> worried about the confidentiality issues...how real are my concerns? I
> always understood that email is NOT secure. We have a firewall,
> virus/spyware aps, etc., and the funder who wants this info is a county
> agency, but I'm still not convinced. We don't have an internal email
> system...we have a number of email address through our ISP (DSL). Should I
> refuse to send the data that way, or document their request and put the
> responsibility on them? We still feel an obligation to our clients to keep
> their information secure. Any advice would be appreciated!
Top

Re: Confidentiality of email by Ron

Ron
Thu Jun 23 21:19:23 CDT 2005

Hi Susan,

What part of HIPPA (http://www.hhs.gov/ocr/hipaa/ ) doesn't the county
understand?

Ron Chamberlin
MS-MVP

"Susan" <Susan@discussions.microsoft.com> wrote in message
news:914CA619-DE30-449A-A32A-4E807D707ED2@microsoft.com...
> We are a social service agency which does work for various funders. One
> of
> our funders now wants us to transmit our client data to them via email.
> I'm
> worried about the confidentiality issues...how real are my concerns? I
> always understood that email is NOT secure. We have a firewall,
> virus/spyware aps, etc., and the funder who wants this info is a county
> agency, but I'm still not convinced. We don't have an internal email
> system...we have a number of email address through our ISP (DSL). Should
> I
> refuse to send the data that way, or document their request and put the
> responsibility on them? We still feel an obligation to our clients to keep
> their information secure. Any advice would be appreciated!


Top

RE: Confidentiality of email by Susan

Susan
Fri Jun 24 07:28:03 CDT 2005

Just to set everyone's mind at ease (especially mine), it turns out that the
person who told me the county wanted us to email the client data was
misinformed. The county has a secure website in which the data is to be
input. I have to admit that I was stunned when first told about the email.
I did some sleuthing and found out the truth. And yes, Ron, HIPAA was the
first thing that came to mind..fortunately, it appears we won't have to get
into a battle with the county!

Thanks for everyone's input...you just reinforced my insistence (as
documented in our IT policy manual), that NO confidential/client information
is to be sent anywhere via email!

"Susan" wrote:

> We are a social service agency which does work for various funders. One of
> our funders now wants us to transmit our client data to them via email. I'm
> worried about the confidentiality issues...how real are my concerns? I
> always understood that email is NOT secure. We have a firewall,
> virus/spyware aps, etc., and the funder who wants this info is a county
> agency, but I'm still not convinced. We don't have an internal email
> system...we have a number of email address through our ISP (DSL). Should I
> refuse to send the data that way, or document their request and put the
> responsibility on them? We still feel an obligation to our clients to keep
> their information secure. Any advice would be appreciated!
Top

Re: Confidentiality of email by jeff

jeff
Sat Jun 25 14:13:44 CDT 2005

On Thu, 23 Jun 2005 22:19:23 -0400, "Ron Chamberlin"
<ronchamberlin@msnmsn.com> wrote:

>What part of HIPPA (http://www.hhs.gov/ocr/hipaa/ ) doesn't the county
>understand?

HIPPA doesn't preclude sending information via email. Aside from the
fact that the original poster doesn't detail what kinds of client data
would be exchnaged so there's no way it could be assumed to be covered
by HIPPA, data that is covered by HIPPA gets sent via email every day.

Jeff


>"Susan" <Susan@discussions.microsoft.com> wrote in message
>news:914CA619-DE30-449A-A32A-4E807D707ED2@microsoft.com...
>> We are a social service agency which does work for various funders. One
>> of
>> our funders now wants us to transmit our client data to them via email.
>> I'm
>> worried about the confidentiality issues...how real are my concerns? I
>> always understood that email is NOT secure. We have a firewall,
>> virus/spyware aps, etc., and the funder who wants this info is a county
>> agency, but I'm still not convinced. We don't have an internal email
>> system...we have a number of email address through our ISP (DSL). Should
>> I
>> refuse to send the data that way, or document their request and put the
>> responsibility on them? We still feel an obligation to our clients to keep
>> their information secure. Any advice would be appreciated!
>

Top

Re: Confidentiality of email by Imhotep

Imhotep
Sun Jun 26 21:51:55 CDT 2005

Jeff Cochran wrote:

> On Thu, 23 Jun 2005 22:19:23 -0400, "Ron Chamberlin"
> <ronchamberlin@msnmsn.com> wrote:
>
>>What part of HIPPA (http://www.hhs.gov/ocr/hipaa/ ) doesn't the county
>>understand?
>
> HIPPA doesn't preclude sending information via email. Aside from the
> fact that the original poster doesn't detail what kinds of client data
> would be exchnaged so there's no way it could be assumed to be covered
> by HIPPA, data that is covered by HIPPA gets sent via email every day.
>
> Jeff
>
>
>>"Susan" <Susan@discussions.microsoft.com> wrote in message
>>news:914CA619-DE30-449A-A32A-4E807D707ED2@microsoft.com...
>>> We are a social service agency which does work for various funders. One
>>> of
>>> our funders now wants us to transmit our client data to them via email.
>>> I'm
>>> worried about the confidentiality issues...how real are my concerns? I
>>> always understood that email is NOT secure. We have a firewall,
>>> virus/spyware aps, etc., and the funder who wants this info is a county
>>> agency, but I'm still not convinced. We don't have an internal email
>>> system...we have a number of email address through our ISP (DSL).
>>> Should I
>>> refuse to send the data that way, or document their request and put the
>>> responsibility on them? We still feel an obligation to our clients to
>>> keep
>>> their information secure. Any advice would be appreciated!
>>

By the way it is HIPAA NOT HIPPA...

I believe HIPAA specifies that sensitive information should not be sent
unencrypted when leaving your company's resources (your company's domain).
To the OP I would suggest looking at PGP or SMIME if you need to send
sensitive information through email. If you have a Email gateway (using
sendmail or a derivative) you could go with an email gateway to email
gateway encryption. It is pretty easy to configure too...

-Im
Top

Re: Confidentiality of email by Roger

Roger
Mon Jun 27 09:19:21 CDT 2005

"To the OP I would suggest looking at PGP or SMIME if you
need to send sensitive information through email."

Correct me if I am mistaken, but PGP can be used to guarantee
origin of an email, but as it uses signing with the private key an
decrypting with the public, it certainly could not be used in this
case to guarantee information privacy !!

--
Roger Abell
Microsoft MVP (Windows Security)

"Imhotep" <NoSpam@NoThanks.com> wrote in message
news:fRJve.9736$go.443@fed1read05...
> Jeff Cochran wrote:
>
> > On Thu, 23 Jun 2005 22:19:23 -0400, "Ron Chamberlin"
> > <ronchamberlin@msnmsn.com> wrote:
> >
> >>What part of HIPPA (http://www.hhs.gov/ocr/hipaa/ ) doesn't the county
> >>understand?
> >
> > HIPPA doesn't preclude sending information via email. Aside from the
> > fact that the original poster doesn't detail what kinds of client data
> > would be exchnaged so there's no way it could be assumed to be covered
> > by HIPPA, data that is covered by HIPPA gets sent via email every day.
> >
> > Jeff
> >
> >
> >>"Susan" <Susan@discussions.microsoft.com> wrote in message
> >>news:914CA619-DE30-449A-A32A-4E807D707ED2@microsoft.com...
> >>> We are a social service agency which does work for various funders.
One
> >>> of
> >>> our funders now wants us to transmit our client data to them via
email.
> >>> I'm
> >>> worried about the confidentiality issues...how real are my concerns?
I
> >>> always understood that email is NOT secure. We have a firewall,
> >>> virus/spyware aps, etc., and the funder who wants this info is a
county
> >>> agency, but I'm still not convinced. We don't have an internal email
> >>> system...we have a number of email address through our ISP (DSL).
> >>> Should I
> >>> refuse to send the data that way, or document their request and put
the
> >>> responsibility on them? We still feel an obligation to our clients to
> >>> keep
> >>> their information secure. Any advice would be appreciated!
> >>
>
> By the way it is HIPAA NOT HIPPA...
>
> I believe HIPAA specifies that sensitive information should not be sent
> unencrypted when leaving your company's resources (your company's domain).
> To the OP I would suggest looking at PGP or SMIME if you need to send
> sensitive information through email. If you have a Email gateway (using
> sendmail or a derivative) you could go with an email gateway to email
> gateway encryption. It is pretty easy to configure too...
>
> -Im


Top

Re: Confidentiality of email by Imhotep

Imhotep
Mon Jun 27 14:48:24 CDT 2005

Roger Abell wrote:

> "To the OP I would suggest looking at PGP or SMIME if you
> need to send sensitive information through email."
>
> Correct me if I am mistaken, but PGP can be used to guarantee
> origin of an email, but as it uses signing with the private key an
> decrypting with the public, it certainly could not be used in this
> case to guarantee information privacy !!
>

...And why do you make this assumption? Let us review the facts.

The OP was asked to exchange information (HIPAA data) with a know recipient
(probably a person at a partner corportion). There are many public key
servers (I have been using MIT's public key server since my college days).
So please describe where you think the problem is with using PGP.

-Im
Top

Re: Confidentiality of email by Roger

Roger
Mon Jun 27 20:00:28 CDT 2005

"Imhotep" <NoSpam@NoThanks.com> wrote in message
news:dKYve.5127$8o.1822@fed1read03...
> Roger Abell wrote:
>
> > "To the OP I would suggest looking at PGP or SMIME if you
> > need to send sensitive information through email."
> >
> > Correct me if I am mistaken, but PGP can be used to guarantee
> > origin of an email, but as it uses signing with the private key an
> > decrypting with the public, it certainly could not be used in this
> > case to guarantee information privacy !!
> >
>
> ...And why do you make this assumption? Let us review the facts.
>

I made an assumption ??? Pray tell.

> The OP was asked to exchange information (HIPAA data) with a know
recipient

Actually, that is not what was asked. It was not "to exchange information"
but whether use of email in doing so would satisfy confidentiality concerns.

> (probably a person at a partner corportion). There are many public key
> servers (I have been using MIT's public key server since my college days).
> So please describe where you think the problem is with using PGP.
>
> -Im

Basically, if the info is to be kept private from unqualified eyes,
then any means of sending it that allows other than the intended
recipient to read it in the clear is not of use.
PGP in its normal use with public key will not satisfy the need.

--
Roger


Top

Re: Confidentiality of email by Imhotep

Imhotep
Mon Jun 27 20:31:22 CDT 2005

Roger Abell wrote:

> "Imhotep" <NoSpam@NoThanks.com> wrote in message
> news:dKYve.5127$8o.1822@fed1read03...
>> Roger Abell wrote:
>>
>> > "To the OP I would suggest looking at PGP or SMIME if you
>> > need to send sensitive information through email."
>> >
>> > Correct me if I am mistaken, but PGP can be used to guarantee
>> > origin of an email, but as it uses signing with the private key an
>> > decrypting with the public, it certainly could not be used in this
>> > case to guarantee information privacy !!
>> >
>>
>> ...And why do you make this assumption? Let us review the facts.
>>
>
> I made an assumption ??? Pray tell.

You seem to be suggesting that PGP can not be used for encryption...

>> The OP was asked to exchange information (HIPAA data) with a know
> recipient
>
> Actually, that is not what was asked. It was not "to exchange
> information" but whether use of email in doing so would satisfy
> confidentiality concerns.

True, and it was suggested that if email is the vehicle necessary to
facilitate this then there are safe ways to do it. Which brings us to this
conversation....

>> (probably a person at a partner corportion). There are many public key
>> servers (I have been using MIT's public key server since my college
>> days). So please describe where you think the problem is with using PGP.
>>
>> -Im
>
> Basically, if the info is to be kept private from unqualified eyes,
> then any means of sending it that allows other than the intended
> recipient to read it in the clear is not of use.
> PGP in its normal use with public key will not satisfy the need.
>

What makes you think that PGP does not support encryption?????

-Im
Top

Re: Confidentiality of email by Roger

Roger
Wed Jun 29 00:49:18 CDT 2005


"Imhotep" <NoSpam@NoThanks.com> wrote in message
news:KL1we.5162$8o.4191@fed1read03...
> Roger Abell wrote:
>
> > "Imhotep" <NoSpam@NoThanks.com> wrote in message
> > news:dKYve.5127$8o.1822@fed1read03...
> >> Roger Abell wrote:
> >>
> >> > "To the OP I would suggest looking at PGP or SMIME if you
> >> > need to send sensitive information through email."
> >> >
> >> > Correct me if I am mistaken, but PGP can be used to guarantee
> >> > origin of an email, but as it uses signing with the private key an
> >> > decrypting with the public, it certainly could not be used in this
> >> > case to guarantee information privacy !!
> >> >
> >>
> >> ...And why do you make this assumption? Let us review the facts.
> >>
> >
> > I made an assumption ??? Pray tell.
>
> You seem to be suggesting that PGP can not be used for encryption...
>

Why would I have mentioned keys ?

I swear, you seem to have difficulty reading.

You stated without qualification that the OP should just use PGP.
I saw need to qualify as in one common form of use this would
only provide for message integrity, not privacy.

In this public space it is IMO necessary that one attempt to not
be ambiguous. Even if the OP could see past the unstated need
for private exchange of the public key with the (county) intended
recipient, it is unsafe to assume that the next googler will.

--
Roger Abell
Microsoft MVP (Windows Security)


Top

Re: Confidentiality of email by Imhotep

Imhotep
Wed Jun 29 03:26:57 CDT 2005

Roger Abell wrote:

>
> "Imhotep" <NoSpam@NoThanks.com> wrote in message
> news:KL1we.5162$8o.4191@fed1read03...
>> Roger Abell wrote:
>>
>> > "Imhotep" <NoSpam@NoThanks.com> wrote in message
>> > news:dKYve.5127$8o.1822@fed1read03...
>> >> Roger Abell wrote:
>> >>
>> >> > "To the OP I would suggest looking at PGP or SMIME if you
>> >> > need to send sensitive information through email."
>> >> >
>> >> > Correct me if I am mistaken, but PGP can be used to guarantee
>> >> > origin of an email, but as it uses signing with the private key an
>> >> > decrypting with the public, it certainly could not be used in this
>> >> > case to guarantee information privacy !!
>> >> >
>> >>
>> >> ...And why do you make this assumption? Let us review the facts.
>> >>
>> >
>> > I made an assumption ??? Pray tell.
>>
>> You seem to be suggesting that PGP can not be used for encryption...
>>
>
> Why would I have mentioned keys ?
>
> I swear, you seem to have difficulty reading.
>
> You stated without qualification that the OP should just use PGP.

I qoute myself form the original quote I sent to the OP:

"To the OP I would suggest looking at PGP or SMIME if you need to send
sensitive information through email. If you have a Email gateway (using
sendmail or a derivative) you could go with an email gateway to email
gateway encryption. It is pretty easy to configure too..."

I did not say he "should just use PGP". In fact I listed 3 possible
solutions:
1) PGP
2) SMIME
3) SMTP Gateway to SMTP Gateway encryption (The solution I use. It is the
best as users do not even have to know that their emails are being
encrypted in transit. And it is free to boot!)

So who really has problems reading here? Evidently you should slow the
pointing of that hypocritical finger of yours...and read first.

> I saw need to qualify as in one common form of use this would
> only provide for message integrity, not privacy.

In fact PGP can do both. Do you disagree?

> In this public space it is IMO necessary that one attempt to not
> be ambiguous. Even if the OP could see past the unstated need
> for private exchange of the public key with the (county) intended
> recipient, it is unsafe to assume that the next googler will.
>

I would assume that some googler would review the technology before
implementation. How to exchange keys. Should a public key server be used.
Etc, Etc...

After all we are not here to hold hands but help suggest possible solutions.
Which I did. If someone needed more detailed info they can just post the
question...

-Im
Top

Re: Confidentiality of email by Roger

Roger
Wed Jun 29 22:52:44 CDT 2005


"Imhotep" <NoSpam@NoThanks.com> wrote in message
news:kXswe.7235$8o.1046@fed1read03...
> Roger Abell wrote:
>
> >
> > "Imhotep" <NoSpam@NoThanks.com> wrote in message
> > news:KL1we.5162$8o.4191@fed1read03...
> >> Roger Abell wrote:
> >>
> >> > "Imhotep" <NoSpam@NoThanks.com> wrote in message
> >> > news:dKYve.5127$8o.1822@fed1read03...
> >> >> Roger Abell wrote:
> >> >>
> >> >> > "To the OP I would suggest looking at PGP or SMIME if you
> >> >> > need to send sensitive information through email."
> >> >> >
> >> >> > Correct me if I am mistaken, but PGP can be used to guarantee
> >> >> > origin of an email, but as it uses signing with the private key an
> >> >> > decrypting with the public, it certainly could not be used in this
> >> >> > case to guarantee information privacy !!
> >> >> >
> >> >>
> >> >> ...And why do you make this assumption? Let us review the facts.
> >> >>
> >> >
> >> > I made an assumption ??? Pray tell.
> >>
> >> You seem to be suggesting that PGP can not be used for encryption...
> >>
> >
> > Why would I have mentioned keys ?
> >
> > I swear, you seem to have difficulty reading.
> >
> > You stated without qualification that the OP should just use PGP.
>
> I qoute myself form the original quote I sent to the OP:
>
> "To the OP I would suggest looking at PGP or SMIME if you need to send
> sensitive information through email. If you have a Email gateway (using
> sendmail or a derivative) you could go with an email gateway to email
> gateway encryption. It is pretty easy to configure too..."
>
> I did not say he "should just use PGP". In fact I listed 3 possible
> solutions:
> 1) PGP
> 2) SMIME
> 3) SMTP Gateway to SMTP Gateway encryption (The solution I use. It is the
> best as users do not even have to know that their emails are being
> encrypted in transit. And it is free to boot!)
>

I believe at this point we have fallen to the point of contending over
just what the meaning and importance of the word "just" is.
> > You stated without qualification that the OP should just use PGP.
. . . and you did. You did not say use PGP with a private,
not-interceptible
exchange of the key information beforehand, and with that privately shared
key known to no other parties but yourself and the "county".
Instead you just say to use PGP.
I never stated that you said one could only use PGP.


> So who really has problems reading here? Evidently you should slow the
> pointing of that hypocritical finger of yours...and read first.
>
> > I saw need to qualify as in one common form of use this would
> > only provide for message integrity, not privacy.
>
> In fact PGP can do both. Do you disagree?
>

of course not, but as only specific application of PGP technology
(which BTM I like and respect for its early entry into the pubic
space as a solution to a then little appreciated problem)
has any relevance to the issues of the poster one does need to
indicate that fact


> > In this public space it is IMO necessary that one attempt to not
> > be ambiguous. Even if the OP could see past the unstated need
> > for private exchange of the public key with the (county) intended
> > recipient, it is unsafe to assume that the next googler will.
> >
>
> I would assume that some googler would review the technology before
> implementation. How to exchange keys. Should a public key server be used.
> Etc, Etc...
>
> After all we are not here to hold hands but help suggest possible
solutions.
> Which I did. If someone needed more detailed info they can just post the
> question...

Yes, they could ask. Does that mean they would ask?
I am not so sure your assumption here is fully valid.
In any case, it is only a few more words to state a precise suggestion
of a feasible solution, rather than a roadsign that gives the general
direction on the map.

>
> -Im


Top

Re: Confidentiality of email by Imhotep

Imhotep
Mon Jul 04 17:24:36 CDT 2005

Roger Abell wrote:

>
> "Imhotep" <NoSpam@NoThanks.com> wrote in message
> news:kXswe.7235$8o.1046@fed1read03...
>> Roger Abell wrote:
>>
>> >
>> > "Imhotep" <NoSpam@NoThanks.com> wrote in message
>> > news:KL1we.5162$8o.4191@fed1read03...
>> >> Roger Abell wrote:
>> >>
>> >> > "Imhotep" <NoSpam@NoThanks.com> wrote in message
>> >> > news:dKYve.5127$8o.1822@fed1read03...
>> >> >> Roger Abell wrote:
>> >> >>
>> >> >> > "To the OP I would suggest looking at PGP or SMIME if you
>> >> >> > need to send sensitive information through email."
>> >> >> >
>> >> >> > Correct me if I am mistaken, but PGP can be used to guarantee
>> >> >> > origin of an email, but as it uses signing with the private key
>> >> >> > an decrypting with the public, it certainly could not be used in
>> >> >> > this case to guarantee information privacy !!
>> >> >> >
>> >> >>
>> >> >> ...And why do you make this assumption? Let us review the facts.
>> >> >>
>> >> >
>> >> > I made an assumption ??? Pray tell.
>> >>
>> >> You seem to be suggesting that PGP can not be used for encryption...
>> >>
>> >
>> > Why would I have mentioned keys ?
>> >
>> > I swear, you seem to have difficulty reading.
>> >
>> > You stated without qualification that the OP should just use PGP.
>>
>> I qoute myself form the original quote I sent to the OP:
>>
>> "To the OP I would suggest looking at PGP or SMIME if you need to send
>> sensitive information through email. If you have a Email gateway (using
>> sendmail or a derivative) you could go with an email gateway to email
>> gateway encryption. It is pretty easy to configure too..."
>>
>> I did not say he "should just use PGP". In fact I listed 3 possible
>> solutions:
>> 1) PGP
>> 2) SMIME
>> 3) SMTP Gateway to SMTP Gateway encryption (The solution I use. It is the
>> best as users do not even have to know that their emails are being
>> encrypted in transit. And it is free to boot!)
>>
>
> I believe at this point we have fallen to the point of contending over
> just what the meaning and importance of the word "just" is.
>> > You stated without qualification that the OP should just use PGP.
> . . . and you did. You did not say use PGP with a private,
> not-interceptible
> exchange of the key information beforehand, and with that privately shared
> key known to no other parties but yourself and the "county".
> Instead you just say to use PGP.
> I never stated that you said one could only use PGP.

No. I provided some technologies that might assist him in his quest. Three
possible technologies. You disagreed with PGP and made assumptions that is
could no be used for encryption and I corrected you. Let's stop doing the
"two step" shall we...

>> So who really has problems reading here? Evidently you should slow the
>> pointing of that hypocritical finger of yours...and read first.
>>
>> > I saw need to qualify as in one common form of use this would
>> > only provide for message integrity, not privacy.
>>
>> In fact PGP can do both. Do you disagree?
>>
>
> of course not, but as only specific application of PGP technology
> (which BTM I like and respect for its early entry into the pubic
> space as a solution to a then little appreciated problem)
> has any relevance to the issues of the poster one does need to
> indicate that fact

No, as a technology professional he should at least know basics about PGP.
It has been around long enough and as such there are plenty of online
information. I included two other technologies (SMIME and smtp gateway to
smtp gate encryption) I also did not describe how to use those either.
Again, I assume that the OP has basic technologies skills and leave it up
to him to do his own research.

>> > In this public space it is IMO necessary that one attempt to not
>> > be ambiguous. Even if the OP could see past the unstated need
>> > for private exchange of the public key with the (county) intended
>> > recipient, it is unsafe to assume that the next googler will.
>> >
>>
>> I would assume that some googler would review the technology before
>> implementation. How to exchange keys. Should a public key server be used.
>> Etc, Etc...
>>
>> After all we are not here to hold hands but help suggest possible
> solutions.
>> Which I did. If someone needed more detailed info they can just post the
>> question...
>
> Yes, they could ask. Does that mean they would ask?
> I am not so sure your assumption here is fully valid.
> In any case, it is only a few more words to state a precise suggestion
> of a feasible solution, rather than a roadsign that gives the general
> direction on the map.

Again, PGP has been around for a very, very long time. If the OP as never
heard of it I would be surprised. And just like any technology that is
being planned for role-out a technology review should be part of the plan.

Im
>
>>
>> -Im

Top