Putting E-Mail Under Lock and Key

ByABC News
November 22, 2004, 11:27 AM

Nov. 23, 2004 — -- Who's reading your e-mail besides the intended recipient? It could be anyone on the Internet.

Like most other digital data, e-mail can pass through any number of computer servers as it travels the global Internet en route to its final destination. And with a clear majority of e-mail being just plain text, many security and privacy experts say messages can be intercepted, read, copied and stored at any point along the way -- all without anyone else's knowledge.

Some tech-savvy Net surfers are using so-called public key encryption software such as PGP to scramble any sensitive e-mail from prying eyes. But two companies have joined forces to make such encryption setups even easier to use.

Stealth Ideas, a maker of computer security peripherals in Sherman Oaks, Calif., has introduced a new device and Web service geared toward protecting online privacy.

Its StealthSurfer is a "USB drive," or a small solid-state memory device that acts like a hard drive when plugged into a computer's USB port. The drive contains a modified version of the Netscape Navigator Web browser that stores every bit of online information -- history of Web sites visited, login passwords, copies of Web pages, images -- using the device's built-in memory. Since it bypasses the hard drive in a computer, all traces of online activity go with the drive once it's removed.

The latest version of StealthSurfer, however, adds a free Web-based e-mail service powered by a public key encryption technology developed by Hush Communications in Vancouver, British Columbia.

When a StealthSurfer user signs up for an e-mail account, a small encryption program is downloaded from the company's e-mail servers. The program follows so-called OpenPGP encryption standards to create a unique pair -- one public, one private -- of software "keys."

Both keys are uploaded to StealthSurfer's e-mail servers. The user's public key is made available in a publicly accessible database while the private key is further encrypted by a pass phrase created by the user.