How do I prevent from being a victim of the “e-mail wire tapping” sche

How do I prevent from being a victim of the “e-mail wire tapping” scheme that was recently in the news?
- Richard

This question was answered on February 12, 2001. Much of the information contained herein may have changed since posting.

E-mail wire-tapping or “web bugs” have been around for a while We first warned of these critters in our <a href="http://www.computerproblems.com/quikreg.cfm" target="_blank"><font color="#003399">free weekly newsletter</font></a> last year, but a new use for them has been found.

Web bugs are scripts that will gather information and send it back to a specific person or website The new “generation” web bugs are allowing sophisticated users the ability to receive anything that is written when the original message is forwarded! For instance, a New York Times article described how a man was sending web-bugged resumes to companies to discover whether his emails were being opened and to potentially get any comments that would be forwarded with the resume.

The implications on privacy and security are obviously pretty scary, but fortunately there are a few simple steps that you can take to protect yourself

First of all, the “victims” must be using an HTML/JavaScript-enabled email reader such as Outlook, Outlook Express, or Netscape 6 Messages that are forwarded in e-mail programs such as AOL, CompuServe, Eudora and Hotmail are apparently safe, because they do not have the necessary components to be exploited.

HTML based e-mail programs allow you to format your messages with large text, pretty backgrounds or even make them look like web pages This capability is also what allows these rogue computer users to exploit others I have preached for years that you should always send e-mail in plain text mode since e-mail is about the message, not how pretty you can make it By converting your mail program to send plain text only, you can strip the harmful code out of the message before you send it on.

Most of the news stories profess the fix for e-mail programs that are at risk is to disable the Java Scripting and/or update the program, which will generally fill the security “hole” Unfortunately, even if you protect yourself against this exploit but forward a message that has the code embedded in it, the next person that has Java Scripting enabled will resume the “wire tap” and any comments that have been added to the original message will be sent back to the perpetrator I have posted specific step-by-step instructions for sending your messages in simple text, disabling JAVA Scripting and update information for Outlook 2000, Outlook Express 5 and Netscape Messenger 6 at <a href="http://www.datadr.com/webbugs" target="_blank"><font color="#003399">www.datadr.com/webbugs</font></a>.

Anyone considering the e-mail wiretap as a snooping tool should think twice: the potential civil and criminal penalties are severe According to Philip Gordon of the Privacy Foundation, the Federal Wiretap Act, 18 U.S.C §2510-20, outlaws the interception of email content without the consent of at least one party to the communication The Act also prohibits the use or disclosure of the fruits of an interception by anyone who knows that the interception itself was done without the consent of either party to the communication Violators of these prohibitions are at risk of liability for minimum damages in a civil suit of $10,000 and criminal penalties ranging as high as five years in prison and a $250,000 fine for individuals and $500,000 for corporations.