Hotmail glitch reopens encryption debate

Sure, it's a little insecure. But users are unlikely to stop using Web-based email, experts say.
Written by Jane Wakefield, Contributor

Confidence in Web-based email took a severe knock Tuesday, with one industry commentator predicting the death of Web-based email services like Hotmail. But even with high profile cracks of this type, experts disagree on the future of Web-based email.

Leo Scheiner, CEO of e-commerce firm GlobalMarket, reckons the fall-out from Monday's Hotmail breach will force people to use encrypted email in the near future. "In two years from now no-one will have email that isn't encrypted," predicts Scheiner. "Web-based email will never be as secure as client-based and will always be a magnet to hackers." The "fatal flaw" of Hotmail and other Web-based email services means problems like that exposed Monday will happen again, says Scheiner.

Graham Cluley, senior technology consultant at software company Sophos agrees confidence in Web email has been "severely" dented by the Hotmail incident. "Microsoft's reputation has been damaged, and people will be wary of using Web-based email in the future," he says. But the convenience of mail on the Net will, in the long term, outweigh security fears, thinks Cluley. "I don't think its [Web-based email] days are numbered because in the fight between function and security, security always loses," he says.

Privacy expert Caspar Bowden of the Foundation for Information Policy Research thinks the issue will alert people to the need for encryption but agrees with Cluley that most will continue to use Web-based email because of its accessibility. "The joy of it is that you can read it anywhere. Clearly people will continue to use email without encryption but this underlines the advisability of using encrypted email," he says.

While experts disagree on the future of Web-based email services, a glut of Web-based encrypted services have sprung up in the last few months. Hushmail launched in June and was followed last month by London-based Global Market's self-destructing email.

With 2,048-but encryption the firm challenged hackers to crack it. Web Incognito, a service which allows users to surf and send email anonymously was also launched last month by US startup Privada.

Editorial standards