By Chris Barylick
Special to The Washington Post
Sunday, August 20, 2006

You probably wouldn't think twice about ducking into a WiFi-equipped coffee shop, firing up the laptop and hammering out a few e-mails. But what if someone in that coffee shop were reading over your shoulder? Would you still feel comfortable logging into your e-mail account?

What if that person looking over your shoulder were a hacker sitting at another table, quietly tapping away to get inside your inbox? Feeling a bit uneasy now?

The thing about e-mail is that it contains all sorts of information. Sometimes, it's just co-workers confirming a meeting or friends sharing a joke or two. But e-mails also contain sensitive information: confidential files about business strategies; personal finance information; travel arrangements; or correspondence about a colleague, spouse, friend or family member.

And at some point, everything passes through a server in one form or another, often unprotected at certain points through its journey.

"Current e-mail technology does not provide any confidentiality," said Peter Hesse, president of Gemini Security Solutions, a Chantilly-based firm specializing in security audits and installations. "In fact, the e-mail standards include routing messages between mail servers . . . each transmission and each server offer opportunities to read messages."

To help ease concerns that someone else is reading, there's PGP (Pretty Good Privacy), a set of security and encryption algorithms developed by Phil Zimmermann, a former anti-nuclear activist who designed the protocol to ensure privacy within early online bulletin board systems as well as in sensitive files. PGP ( http://www.pgp.com/ ) has survived and evolved since its inception in 1991, becoming the encryption method of choice with a full corporation behind its development.

"When you log in to get your e-mail, generally your user name and password is sent in the clear. So, if you connect to a wireless hot spot at a coffee shop and check your e-mail, there's a good chance that someone sitting there can grab your user name and password," said Hesse. "That's why it's important to use the secure versions of these protocols, which encrypt the transmissions between your computer and the server."

With that in mind, PGP Desktop comes to the rescue.

The software works on the concept of "keys." Just as you'd give someone you trust a key to your home to feed the cat while you go on vacation, you give your e-mail encryption key to recipients of your sensitive e-mail. Once the keys have been exchanged, users can send encrypted messages to each other, locking (or encrypting) the mail on one end and unlocking it on the other end.

Without the keys to decrypt the message, the e-mail's contents and file attachments appear as nothing more than garbled code.

A free 30-day trial of the program, which normally sells for $99, is available as a download from http://beta.pgp.com/ . There are versions for both Windows and Mac.

After the download and installation, the program will go through a simple setup process, asking which e-mail program (Outlook, Thunderbird, Eudora or Mail, among others) you'd like to install encryption into.

When the e-mail program is re-launched, users are asked which e-mail account needs the encryption (assuming there's more than one account tied to that program).

Sure, it takes a few extra steps to install the program and perhaps an extra step in creating a new e-mail to send it along with encryption. But, in the end, you can rest easy knowing that, even if someone is trying to hack into your e-mail transmissions, he'll just find a screen full of gibberish.

And an extra layer of protection never hurt anyone.