Anthrax, Digital Signatures & Our Mail:
How we will do business in the future
November 1, 2001
Infected paper cuts used to be the most dangerous occupational hazard you could expect to face while working in the mail room. Unfortunately the events of the past few weeks have made the mail room a potentially much more dangerous place to work. Right now it seems that primarily high profile US government organizations, and media outlets have been the targets of Anthrax letters. However US postal workers and others have also been exposed to the anthrax bacteria through the handling of the mail as it went through their work place. At this point we have no idea how broad this threat will be. Will it be just the US that will be targeted? Will smaller companies and organizations be targeted? At this point, we just don’t know.
It is not difficult to see why some US organizations have begun to encourage more and more people to use on-line or other electronic means to contact people and do business rather than use the postal service. The sheer volume of mail that has to be processed in some organizations is enormous. There are bills, cheques, letters, promotional materials, and the ubiquitous junk mail, that some poor mail room worker has to sort through and deliver. Finally the clerks, secretaries, and other workers that open the letters and deal with them in one way or another (the circular filing cabinet is a good friend of mine come mail time).
In order to more easily manage the risk of contaminated mail, the volume of conventional mail needs to be reduced. This can be done in a number of ways. For starters I’m sure that many organizations are rethinking the effectiveness of mass mailings for promotional purposes (i.e. junk mail). I know if I was working in a mail room the first thing I’d do with junk mail would be to take it in my latex gloved hand and deposit it in the garbage. The second thing would be to cut down on mail from the people I do business with. I would encourage my customers to direct deposit cheques into my bank account rather than send cheques. I would also encourage my suppliers to send my bills to me in electronic format. Finally I would encourage my customers to either avail themselves of my 1-800 number, send me e-mail, or chat on-line with one of my customer service representatives – anything but send a letter.
I’m sure all the lawyers and accountants out there are just starting so say, “but it isn’t quite that easy.” And they are right. Moving from paper to digital documents does present a different set of challenges for a business. For example, if a customer sends me an order, how do I know that it did in fact come from my trusted customer? It could have come from some hacker who is going to play a practical joke by ordering a million widgets in stead of the 100 that are really needed? Can you see the problem? I believe that the e-mail with the order for a million widgets attached to it came from bill_gates@microsoft.com, however it is very easy to forge an email. I am sure that Bill Gates would not be happy to see a million widgets sitting at his loading dock waiting to be unloaded.
In this case you have two possible solutions. One: you can have a secure web form that all your customers have to order through, or Two: you require your customers to send purchase orders to you via digitally signed e-mail. Both the secure web order page, and the digitally signed e-mail offer adequate security for your transaction. There are a number of companies that offer both personal and web server digital signatures to help make your transactions secure (see www.cacert.org orwww.thawte.com for more information about digital signatures).
Another issue that our lawyer and account friends will bring up is the enforceability of contracts with electronic signatures. Care must be taken that when completing a transaction, or making a contract with a digital signature, the laws in the jurisdictions where the transaction is taking place will enforce the contract. Your local lawyer should be able to fill you in on what to watch of for.
Besides Digital Signatures, there is another technology that is making it’s way into more an more software, that will make it much easier to automatically process all the digitally signed documents. It is call XML (or eXtensible Markup Language). What XML really is, is a standard for importing and exporting data into different programs. For example, I am using my accounting program to make up a purchase order to send to you. When I am ready to send it to you, the accounting package will convert the order into a standard XML format and then will digitally sign it and e-mail it to you. Your accounting system will import the order and start to process it, all without anyone having to re type the order (thus eliminating errors that can creep into the process).
By moving our processes from manual to secure electronic transfers over the internet, we can leave ourselves more susceptible to hackers if we do not take appropriate steps to protect ourselves. Firewalls and sensible corporate policies regarding the use of networking equipment will be more important than ever. Keeping our private digital signatures will be as important as making sure we don’t loose our wallet or purse at the mall.
As you can see, our mail room friend now has less and less to mail to open. That is good, because now he can concentrate on new ways to open the reduced volume of mail without being exposed to anything nasty.
Rich McCue
System Administrator
UVic Faculty of Law
rmccue@uvic.ca
Interesting Links:
http://canada.justice.gc.ca/en/cons/jeh/adamache.html
http://www.for.gov.bc.ca/ISB/Planning/ecom/index.htm
48.483174
-123.319451
Reading List for Mobile Computing and the iPad Discussion:
Today I conducted my last site visit at the Belgrade Municipal Court, and had the opportunity to visit with Biljana Kosanovic, the head of the IT department (or department of scientific information) at the Serbian National Library. The Municipal court visit went well, but was uneventful. The visit to the National Library was extremely interesting. Biljana comes across as an extremely capable individual who has managed to accomplish many things at the library in the face of severe staff and monetary shortages. Among other things, she manages Kobson, which is a consortia of academic libraries, and government organizations, organized to purchase scientific journals and academic databases. It was formed in 2001 and currently has 151 members. They created their own federated search at the title level, and are 
evaluating DBwiz for in depth federated search (it is a small world after all). One obstacle for their adoption of DBwiz at their library is a current lack of linux or unix expertise in their IT department. They also include Serbian published journals in their index, and are in the process of harvesting 500 Serbian journals.
journals and databases, so that anyone coming from a Serbian government IP address can used the journals and databases (anyone at a university or government office). If using the service from home, students can use the
ir Library assigned user name and password to access resources through a proxy server (Easy Proxy). They are also looking at citation manager for possible use.
One innovative way the National Library has found to combat staff shortages, has been for the head Librarian to request from the government young men who do not want to do their two years of national service in the military, to do that service in the library. They have requested technically minded (i.e. Computer literate) young men to work at the library, and it has been successful. The quality of work that the young men do is uneven, but overall it is very helpful. They do their best to hire the individuals that work out well, but are unfortunately not always successful.
