Suppose you want to send a letter to your brother. And let’s suppose it’s got some, oh, maybe potentially embarrassing financial information – he owes you some money and you’re having trouble paying the bills.

Obviously, that’s not the sort of thing you want to put on a postcard; you’d put that in an envelope. (Your brother is notorious about checking his email).

You want him to know that the letter is actually from you, so you sign it – you have a distinct signature that is very hard to forge. And, on top of that, you want him to know that nobody else read the letter, so you also sign across the fold of the envelope, so it can’t just be put in a new envelope.

So, you’ve done the basic security – it’s authenticated (with your signature), it’s not readable by third parties (because of the envelope) and it’s tamper-evident (because you signed the envelope, too). It’s not the most secure communication possible, but you’ve clearly done due diligence.

So what if I told you people were doing that almost 4000 years ago?

Sealing letters in clay envelopes was standard practice. Sometimes it was used for security; other times, in the case of contracts, the contract was written on the inner tablet and the envelope, and both marked with the personal seals of the signatories, making the text of the contract accessible while still having an unalterable copy in case it came into question.

People have known for millennia that secure communication is crucial to business. We’ve known a need for privacy, authentication, and tamper evidence. These aren’t new ideas at all.
However, we seem to have a hard time applying them to modern technology, sadly. That’s the only reason I can figure out to explain why yesterday I had someone asking me to email a scanned image of a check without any encryption.

Post to Twitter Post to Facebook

This entry was posted on Thursday, April 5th, 2012 at 5:05 pm by Benjamin Hartley and is filed under privacy.