23 June 2007
Email security. But it is more secure than the phone
"We are unable to discuss account matters via email, please call our contact centre".
Which is of course another way of saying "we live under the mistaken impression that email is less secure than the phone, so please contact our contact centre, press loads of irritating buttons, pay a premium rate, listen to annoying hold music and adverts and generally waste your time". Especially when I can send email for free then read the response at my leisure but taking up 15 minutes of my time listening to hold music on my mobile is certainly not free.
I wrote about this in 2003 and the arguments are just as valid today.
Since getting email in 1983 and sending on average 30 emails a day (would have been less in 1983, considerably more since 1987 when I've used it on a daily basis for my job) I figure I must have sent around 260,000 mails. In that time, I can't think of a single instance where one has been maliciously intercepted en route.
Consider those odds of 260,000:1 versus the odds of calling from an open plan office or in the street and everyone hearing the login details that you have to speak down the phone or indeed hearing the gist of why you are actually phoning and then using that to commit fraud.
I accept email isn't 100% secure. However, I believe the phone to be less secure than email. So why can't we move on and accept email as a valid communication channel for secure conversations and then build the appropriate support and encryption channels around this rather than sticking our heads in the sand and resorting to plain text expensive 19th century communications technology?