Re: Let's talk cybersecurity

I read Amy O’Kruk’s article with great interest as Western’s Central Information Security Officer and a proponent of protecting information. I enjoyed her perspective and article.  It is heart-warming to see folks grapple with cyber-security.  I sincerely believe it’s the next step developing in the pursuit of cyber-literacy in the digital age.

That said, I wanted to point out a false presupposition many folks make when it comes to use of email.  Email is an inherently insecure protocol as it sends information in plain text.  It is no more secure than sending a postcard.  Whereas, because a person ‘licks an envelope’ they have taken steps to communicate in private.

Both in Canada and the U.S. email has been seen (by law courts) to have no expectation of privacy because those communicating have taken no steps to safeguard their privacy.   This is concerning because email has replaced ‘snail mail’.  Privacy has been eroded and few seemed concerned.  Yet people’s expectations are their emails are private, but seem blissfully unaware that they are no more than 'postcards'.

People wanting their communications in email to be private should be taking steps to obfuscate the content of their emails by using such products as GPG (GNU’s Privacy Guard - free), or demanding their service providers provide access to cryptography such as Microsoft’s AD Public Key Infrastructure (PKI).

Expectations need to be in accordance with actions; and we shouldn’t wonder why people read our postcards.

- Jeffrey Gardiner, Central Information Security Officer