Another reminder that your private email is not so private came Monday, with the revelation by a privacy group that it is relatively easy to put a "bug" on other people's emails and read their private conversations.
US privacy organisation the Privacy Foundation (www.privacyfoundation.org) said Monday it has uncovered a vulnerability in email software that displays HTML content in messages -- programs such as Microsoft Outlook, Outlook Express, Eudora and Netscape Messenger 6 -- that allows secret copies of outgoing messages to be sent to another user.
That idea is terrifying to Simon Davies, director of UK-based Privacy International. "It all comes down to the... idea of a transparent society, where everybody can watch everybody else," he says. "I find that an appalling idea. There are some very manipulative people who would like that, but those people tend to be the most secretive of all."
Davies notes that while users are becoming more educated about email privacy, there is still "an element of the population that believes they're of no interest to anybody", and leaves itself open to intrusion. "With the automation of surveillance, it becomes irrelevant whether they're of interest or not," he says.
Cluley points out several factors that could prevent email wiretapping from becoming common. For one, the secret outgoing emails would probably show up in a user's ou-box, which would both expose what was going on and identify who had implanted the mischievous code in the first place.
To wiretap an email without fear of being caught, one would have to have the messages sent to an anonymous email account -- and if someone is determined enough to set up such a system, there are better, easier ways to tap what's going on in someone else's computer network, Cluley says. "You could use the exploit that was used against Microsoft last year, sending a program to one employee that creates a backdoor into the organisation and allows you to control their systems," Cluley says. "That would be much more powerful than this exploit."
The Privacy Foundation is campaigning for software companies such as Microsoft to sell email programs with active content disabled by default.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.