Ensuring secure communication

Government communications are at the forefront of the news agenda again – but not for a positive reason. Recent scandals – such as the apparent loss of sensitive data concerning millions of citizens – have served to reinforce the widespread concern many people feel when it comes to how government agencies handle data and communications. In terms of both internal and external communications channels, the public needs reassurance.
    
This concern represents a barrier to the adoption of existing technologies that could, in fact, make maintaining an open dialogue with the community simple, secure and cost-effective. Currently, the vast majority of government communications – both local and central – is undertaken by traditional methods. Despite huge investment in ICT systems – such as the monumentally expensive and complex NHS National Programme for IT – there seems to have been little progress made when it comes to the everyday business of communicating with citizens.
    
For most people, the post and call centres remain the most common way of maintaining a dialogue with relevant public sector bodies. Although many websites exist, they primarily serve as content portals rather than a means to submit or receive specific, targeted information. When we book a doctor’s appointment, we get confirmation by letter; when we receive a council tax bill, it comes via the post; when we renew a driver’s licence, we fill in form and physically send it.

Breaking tradition
Given the majority of the UK populace has at least one personal e-mail address, wouldn’t it make more sense to conduct these transactions electronically? The shortcomings of ‘snail-mail’ are numerous. Adding to this, it costs money – communicating with millions of citizens via post means printing, material and delivery costs running into millions of pounds. And it is slow; we’re now used to instant, convenient communication with everyone from our banks to our colleagues to our relatives abroad – why not government bodies too?
    
According to a report published by Deloitte last year, the UK is severely lagging in adopting electronic communication channels, even though it outspends almost every other EU country on IT investment. So government enthusiasm is clearly not an obstacle but getting people to embrace it might be. As we’ve established, there exists a natural suspicion of trusting the government to handle sensitive information so submitting – or receiving – information via e-mail feels insecure in a way that, ironically, traditional mail does not.

Secure e-mails
Historically, secure e-mail surfaced in the mid-nineties in the form of public key infrastructure (PKI) technology. This is a complex arrangement that binds public and private keys with respective user identities by means of a certificate authority. The problem with PKI is that sender and receiver must both have keys, which means a significant level of technical skill is required at both ends. This obviously makes it unsuitable for communicating with the average citizen.
    
The question therefore is how can we make e-mail both simple and secure and thus make people comfortable about using it as a means to communicate with their local authority for example. There are numerous technologies that offer completely secure encryption for e-mail transactions – transparently and without the need to configure keys or install software.
    
What is crucial is that public bodies educate their stakeholders and promote this as the best means of communication. They can even incentivise the use of e-mail services in a variety of ways. Utility companies frequently offer minor discounts for paperless billing relationships; perhaps local councils could follow a similar path.
    
Voter registration is a prime example of how e-mail can make vital civic duties much simpler to perform. With an increasingly itinerant population, ensuring everyone is registered to vote can be a chore for both council and citizen. A secure e-mail solution is a fast, reliable and effective method of allowing citizens to get on the list.

Deciding factors
Clearly, deploying an e-mail system to enable government communications makes sense but there are a number of features that should be considered to maximise security, ease of use and convenience.
    
Look for a solution that provides secure, policy-based e-mail encryption that is simple for both senders and receivers, and accessible from any e-mail platform. It should meet compliance requirements and protect confidential information without the cost and complexity of PKI.
    
Given the wide variety of e-mail clients in use, it is essential to support all platforms and ensure that messages sent can be opened by any user — on AOL, Yahoo!, Gmail and Hotmail, as well as traditional enterprise e-mail clients such as Outlook, Lotus Notes and Groupwise.
    
A secure response feature will allow recipients to respond securely without installing any software, enabling a real dialogue between the two parties. Guaranteed read-receipts allow the sender to know precisely when a message sent was delivered and viewed by each recipient – think of it as like sending registered mail via post. These are a few aspects to bear in mind but they demonstrate how advanced – and simple to use – encrypted e-mail has become.
    
Obviously, there are notable sections of the populace that do not use e-mail or prefer to conduct their affairs by post but anecdotal evidence suggests that many more would welcome the convenience and simplicity of e-mail. An opt-in system would allow everybody to choose the method of communication that suits them best – and isn’t providing choice a key mantra of the current administration?
    
Matt Peachey is director Northern Europe, IronPort Systems, a Cisco Business unit.

Please register to comment on this article