This document discusses practical ways to ensure maximum privacy when using the Internet. It covers four major areas: email security , email list security , Web security and password security .

Four Points on Email Security

1. Don't assume that email is secure.

Prudence and a healthy adherence to the precautionary principle demand that you not assume that ANYTHING you send via email is secure. Information sent over the Internet is generally not encrypted, and email messages are stored for a indefinite period of time on your service provider's machines. For these reasons, and because the health care reform movement has enemies with vast resources and few scruples, information sent over the Internet cannot be considered truly safe from a highly motivated and skilled electronic eavesdropper. Also, remember that email is easily forwarded, misrouted, posted to newsgroups, or broadcast to email lists. Once you release your words into cyberspace, they are beyond your control and can take on a life of their own. Choose them with care, and don't say anything in your email that could come back to bite you later on.

2. That said, the risks are remote.

Although email is not especially secure, and the health care reform movement does have powerful enemies, there are simply better (and more cost-effective) ways to spy on us than to read our email. It is much easier for someone to get into your office or home and read or take the files you have on your desk. If you keep sensitive information on your computer, it is easily accessible to intruders, especially if you use a laptop, which is easy to steal . Watch what you throw into the garbage or recycling bin, and don't recycle sensitive papers without shredding them first. Paying attention to basic physical security is a lot more important than agonizing over online security.

3. You can't steal what isn't there.

Common sense is the best online security precaution of all. Don't send sensitive information by email. Use the phone or send a fax: these cannot be tapped without a court order, and in any case, it is much more physically difficult to tap a phone than to electronically snoop into someone's email.

4. Encryption, while it exists, is not yet logistically feasible for the health care reform movement. (It should, however, be a medium-term goal as the movement grows increasingly sophisticated.)

PGP (Pretty Good Privacy), developed by Phil Zimmerman, is a free program that provides unbreakable encryption for data sent over the Internet. Would it be a good idea for everyone in the health care reform movement to use PGP encryption on their email? Yes. Is it logistically feasible? Probably not-at least not yet. Encryption is a hot issue in the online world right now, and within the next few months, most common email packages will probably have built-in PGP interfaces. USHCR is recommending a "wait-and-see" attitude towards encryption right now, although we fundamentally believe that it is a desirable thing.

For more information on PGP and on security and privacy issues in general, visit the Electronic Frontiers Foundation at http://www.eff.org.

Email List Security

Among the most powerful applications of electronic mail are email lists. These collaborative discussion forums are referred to by a variety of names: listservs, conferences, majordomo, exploders, salons, listprocs-to name a few. Email lists allow individuals to participate in group discussion by using only one email address to send and receive messages. What makes these lists so useful is that none of the participants need to keep track of the member's email addresses; distribution, as well as (un)subscriptions are all handled automatically by the list software. Email lists are often formed around a particular topic, like watershed restoration, and allow list subscribers to share valuable information with people that may live halfway around the planet (or, next-door).

If an email conversation is thought of as a chat in a coffee shop, then an email list discussion is more akin to a board meeting with blindfolds. When communicating electronically, you can't be completely sure that your remarks are in confidence, just as it's possible for someone to purposefully overhear your coffee chat. The 'board meeting' metaphor illustrates that many people are gathered together to discuss common issues, but there's no telling who is at the table. Email lists invite many people into the same forum, so it's difficult to determine who is reading your musings, and who might decide to re-send your thoughts to unintended parties. Although instances of snooping are extremely rare, it's important to remember that it can happen. Some email lists are more secure than others - some lists are very particular about who can subscribe (thus, contribute and read). Some lists are 'open,' allowing anyone to anonymously read messages on the list without any detection. Normally, open lists are of little threat, as their subject matter is less provocative. If you intend to discuss confidential issues with others via an email list, keep the following in mind:

• Do not mention scenarios - real or imagined - that imply illegal activity
  
• Use a more secure medium (telephone/fax/in-person) to plan critical strategies that would be of use to 'unfriendlies'
  
• Avoid any subject matter that reflects poorly on you, your organization, or the organizations assembled for the conversation
  
• Never use email - personal or lists - to communicate passwords, account names, login sequences, or other vital data
  
• When submitting a message to the list, refrain from 'copying' (adding another address) in addition to the mailing list address: this can result in other list members 'replying' to the message and inadvertently including a non-secure name
  
• Use discretion when using email to forward discussion from the list to persons not in the list distribution
  
• As much as possible, keep message content in the context it was intended
  
• Maintain sovereignty over your list interactions - don't let others use your email account to access the list
  
• Contact the list "owner" and raise any questions of privacy before they become an issue

Of possible concern is the life-span of communications on the Internet. Almost everything that is said via email is systematically archived by someone - perhaps the list owner or their Internet Service Provider. Archiving these discussions often happens inadvertently when the computers that enable the email lists are "backed-up" every night. While it's extremely unlikely for system administrator to prowl through archival data, it is possible for digital discussions to be subpoenaed by the government. Unlike a telephone conversation, electronic messages can live indefinitely on a compact disc in the basement of your local service provider.

In the near future, email communication including email lists, will integrate 'encryption' - a method of coding and encoding messages so that unintended recipients cannot read your messages (without the "decoder" the messages appear as garbled text). This method of secure communication, called PGP (Pretty Good Privacy), will be built into email software as well as email lists so that participants can rely on an added degree of privacy. USHCR will notify the health care reform community when email encryption becomes a practical option.

Web Security

The good news is that browsing the Web is a relatively safe activity. Unlike email, the World Wide Web requires less personal input, so if even if you are compromised, you're not compromising very much. Every time that you move your mouse over a Web hyperlink and click, you send a message to a machine connected to the Internet. That message tells a Web site to display the page that you requested. Invisible in the transaction, a bunch of information is transferred to the requested Web site whenever you click. This data is hardly damning - it's mostly generic information about the type of Web browser that you're using, the local time, and incidental details of the specific page that you're retrieving. Your name, location, or organization are not made available in this transaction.

Security and privacy become more of an issue when you submit any information into an online "form." Web forms are useful tools that allow you to interact with a Web page, and are a common way to solicit a user's name and contact information for later follow-up. When you type your name into a form and hit a submit button, everything that you typed is sent - insecurely - across the Internet, to the Web site where the form exists. As with email, it is possible - albeit, highly unlikely - for this information to be intercepted in transit. It's an extremely bad idea to put consequential information into a form - credit card numbers being the worst.

Most reputable Web sites can now process "secure transactions" through enhanced Web server software which encrypts the information you're sending while it's in transit between your computer and the desination.  Less invasive, but perhaps more irritating, is the fact that contact information that you give to a form may be later used later be solicitors. Be careful where you leave your name on the Web, because this information has an indefinite lifespan.

Another potentially-insidious element that is built into some Web pages is called a "cookie." Cookies are an invisible method of remembering and cataloging every one of your actions when you visit a Web site. From the first page that you access on a site, your are tagged with a unique number. By gathering this data, the Web site can learn a great deal about you. On subsequent visits to a site that has "cookie"-ed you, the site has a thorough log of your previous visits, and can build pages based on what it perceives to be your interests. Of course this capability isn't inherently negative. There are ways of using cookies to make detailed profiles of your users that will benefit your online community. More likely, cookies will be used to pigeon-hole you to a set of demographics to market products. Be aware.

Password Security

The easiest way for someone to get access to your email is to obtain your password. If someone else knows or is able to guess your password, then the computer system has no way of telling them apart from you. They can gain access to computers under your identity; from there they can try and break into other computers around the world. They can delete all your files, copy or corrupt your project or cause mischief in your name. Here, then, are some guidelines for password security.

1. NEVER, EVER write your password down. Period. Especially do not write your password on a post-it note near your computer!
2. Never send your password via email!
3. Don't give your password to anyone, under any circumstances. Remember, people are the weakest link in any security chain.
4. Don't let ANYONE watch you type in your password. "Shoulder surfing" is one of the easiest ways to get someone's password (it's also how most phone- and bank-card PINs are stolen).
5. Change your password frequently. Bill Gates changes his passwords every day; once a month is probably adequate for you. Never reuse an old password.

Keeping your password secure isn't just a matter of keeping it secret. Hackers can run sophisticated programs to try to "crack" your password. Following these simple rules for choosing a password will greatly reduce the likelihood that anyone will be able to crack your password.

DON'T:

• Don't use your login name in any form (as-is, reversed, capitalized, doubled)
• Don't use your first or last name in any form.
• Don't use your spouse's, girl/boy friends name.
• Don't use other information easily obtained about you. This includes car registrations, telephone numbers, the name of the street you live on
• Don't use a password of all digits, or all the same letter
• Don't use a word contained in (English or foreign language) dictionaries, spelling lists, or other lists of words.
• Don't use a password shorter than six characters.

DO:

• Do use at least six characters, and preferably at least eight.
• Do use a password with mixed-case letters, and at least two nonalphabetic characters, e.g., digits or punctuation. Don't just capitalize the first letter-this is too easy to check.
• Do use a password that is easy to remember, so you don't have to write it down.
• Do use a password that you can type quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by watching over your shoulder.

So, how do I choose a secure password?

The above rules might seem to eliminate most passwords. There is no one right way to choose a secure yet easy-to-remember password. Here are a few hints:

Make up or misspell words.

Most password crackers search for dictionary (or other) words. You can deliberately misspell an easy to remember word to make it difficult to crack -for example misspelling the word password to pesswird. You can also make up words like "bortfameen" which is meaningless but can be pronounced (at least in your mind) and is easily remembered. A good technique for making up easily-remembered nonsense words is to alternate between two consonants and one or two vowels, up to eight characters. This provides nonsense words that are usually pronounceable, and thus easily remembered. Examples include "stinmar," "kreelfan," and so on.

Make these words harder to crack by combining case and punctuation, such as in "bi-Mblat" or "boS4prol." Avoid common nonsense like 100%mambo, as this could appear in a list of words or phrases (it's also a trademark).

Use Mnemonic Phrases.

One common technique is to use the first letter of each word in a phrase. For example the password "sbgrsotc" can be remembered from the phrase "several blue geese ran screaming over the cliff."

Join Words.

Another technique is to join shorter dictionary words of two, three, four, or five characters long. For example the password flagsdog is made up of the words flags and dog. These words are easier to remember if you can associate an unusual picture in your mind (dog in a racing car gets the checkered flag for winning his lap).

If you use this technique, make sure that the combination of the shorter words does not make a dictionary word. The number of combinations of three, four or five letter words is not highenough for this to be particularly safe, so be sure to mix case and add random digits or punctuation. For example, you can choose two short words and concatenate them together with a punctuation character between them: "DoG;rain," "BOOK+mug," "kid?Goat."

06/29/01

� U. S. Health Care Reform. All Rights Reserved.