Be Wary of Privacy When Using Modern Forms of Communication
The National Psychologist
Larry D. Rosen, Ph.D.
I received the following question the other day from a psychologist:
Q: I have been following your technology columns and want to know if you will comment on the issue of privacy in our business. I am interested in your assessment of the privacy of the various ways we have to communicate with clients outside our office. For example, are my telephone calls private? How about cellular phones? And, since some of my clients are now on e-mail, are those messages private?
A: In the last few years many new forms of communication technology have been developed: cellular phones, cordless phones, call waiting, call forwarding, caller ID, last call return among others. When you add the fax machine, electronic mail, voice mail, chat rooms and online discussion groups you are readily convinced that therapists have more ways to talk with their clients than ever before. But, it is important to recognize that each modality carries with it potential confidentiality and boundary problems.
Let's start with the telephone. A client calls, leaves a phone number and you are ready to return the call. If you call on a hard wired phone -- which plugs into a jack in the wall -- you can reasonably assume that any conversation is private. It is illegal to tap into the phone line without a court order showing due cause, and any illegally wiretapped conversation is not admissible in court. While wiretapping can occur, it is unlikely, particularly considering the sophisticated equipment required to intercept the call.
Cellular cordless phones are a different story. Wiretapping a cellular or cordless phone is still illegal, but it is much easier. You need only a simple device, available for under $30 at electronics stores which will dial the correct frequency to listen into this wireless communication. Just the other day I saw a list on the Internet of frequencies for cordless phones. You dial up the frequency and listen in. It is that easy -- and frightening.
Modem and electronic mail. Are they confidential? Well, the answer is "Yes" and "No." When you send an e-mail message to someone it travels through multiple computers between you and its destination. Luckily for confidentiality, messages sent via the Internet (any message with a form like email@example.com containing a username or number followed by the @ sign and then a designation of a computer is sent via the Internet) are first broken into many packets, sent often via a variety of routes, and then reassembled at their destination. Intercepting a message en route would most likely net the thief only a part of your message.
What happens when your message arrives at its destination? That's another problem. The recipient's computer takes your message and puts it in a file that waits for you to log on and give your password. Your account password is like a key that opens the mailbox. Without your password your mail is safe and confidential, right?
WRONG! Each computer system needs someone who has access to the whole computer to fix problems, find lost passwords, etc. This person has what is called "root" clearance which means that he/she can gain access to any information stored anywhere on the computer. And, as people like Kevin Mitnick have shown, even without root clearance, a clever person can read your mail. [If you want to have a chilling taste of reality, read Katie Hafner and John Markoff's 1991 book Cyberpunk which profiles three such people.]
The PGP Program
So, while you shouldn't consider e-mail confidential, you can protect your privacy. The most straightforward and successful strategy is to get a program called PGP (short for Pretty Good Privacy). PGP takes your e-mail and uses a complex mathematical algorithm to scramble the letters. PGP also sends along the key to unscramble the message, but the only person who can do so is the recipient. If both members of an e-mail correspondence have PGP, your privacy is secure. Once an encrypted (scrambled) message is unscrambled, it can be removed from the e-mail system and put on your own computer for your eyes only. More information about PGP can be found on the World Wide Web at http://www.cnet.com/Content/Features/Howto/Privacy/index.html.
Fax machines have the same safety as a hard-wired telephone. Since your message is sent via the telephone wires you are protected by the federal wiretap laws. There are two problems with faxes. First, did the sender dial correctly and/or have an accurate number? When you send your fax to an office, it is an invitation for any eye to read. There are some ways to send encrypted faxes which then require a special plastic overlay to read the message, but these are not widely used and are not guaranteed to be private. A cover sheet with a confidential statement is imperative for any confidential fax communication.
Voice mail suffers from different confidentiality problems. A voice mail message is left by speaking into a telephone. Many people believe that they are leaving a message that is being recorded on a device such as a cassette tape. Actually, your message is being coded into a series of 1's and 0's to reflect sounds at a particular frequency and then recorded in a computer. Anyone who can access that computer can decode the 1's and 0's back into your voice. Sure, you have a password to get your voice mail messages. But just like with a computer system, someone has to have root clearance to retrieve your messages when there are problems. And, since the messages are in a computer, they are fair game for hackers. With so many uncertainties, it is inappropriate to state on your voice mail recording stating that you are insuring the caller's confidentiality. Your secretary or on-call therapist may have access to your voice mailbox. Don't promise what you can't deliver!
Communication with clients by any modality other than a hardwired telephone is fraught with hazards. Don't assume that anything that you or your client says or writes is confidential.
Even the hard-wired phone is neither secure nor safe. Your conversation is likely to be private, but your identity may not be. In a future issue I will discuss how easy it is for clients, to reach you at home, find your unlisted telephone number, address and more.
Copyright, 1995, The National Psychologist. Reprinted with permission. The National Psychologist is a privately-owned bimonthly newspaper which may be purchased for $30 a year. Write or call: TNP, 6100 Channingway Blvd., Suite 303, Columbus, OH 43232; telephone: 614.861.1999 or fax with Visa or MC to 614.861.1996.