Anthrax, Digital Signatures & Our Mail:
How we will do business in the future
November 1, 2001
Infected paper cuts used to be the most dangerous occupational hazard you could expect to face while working in the mail room. Unfortunately the events of the past few weeks have made the mail room a potentially much more dangerous place to work. Right now it seems that primarily high profile US government organizations, and media outlets have been the targets of Anthrax letters. However US postal workers and others have also been exposed to the anthrax bacteria through the handling of the mail as it went through their work place. At this point we have no idea how broad this threat will be. Will it be just the US that will be targeted? Will smaller companies and organizations be targeted? At this point, we just don’t know.
It is not difficult to see why some US organizations have begun to encourage more and more people to use on-line or other electronic means to contact people and do business rather than use the postal service. The sheer volume of mail that has to be processed in some organizations is enormous. There are bills, cheques, letters, promotional materials, and the ubiquitous junk mail, that some poor mail room worker has to sort through and deliver. Finally the clerks, secretaries, and other workers that open the letters and deal with them in one way or another (the circular filing cabinet is a good friend of mine come mail time).
In order to more easily manage the risk of contaminated mail, the volume of conventional mail needs to be reduced. This can be done in a number of ways. For starters I’m sure that many organizations are rethinking the effectiveness of mass mailings for promotional purposes (i.e. junk mail). I know if I was working in a mail room the first thing I’d do with junk mail would be to take it in my latex gloved hand and deposit it in the garbage. The second thing would be to cut down on mail from the people I do business with. I would encourage my customers to direct deposit cheques into my bank account rather than send cheques. I would also encourage my suppliers to send my bills to me in electronic format. Finally I would encourage my customers to either avail themselves of my 1-800 number, send me e-mail, or chat on-line with one of my customer service representatives – anything but send a letter.
I’m sure all the lawyers and accountants out there are just starting so say, “but it isn’t quite that easy.” And they are right. Moving from paper to digital documents does present a different set of challenges for a business. For example, if a customer sends me an order, how do I know that it did in fact come from my trusted customer? It could have come from some hacker who is going to play a practical joke by ordering a million widgets in stead of the 100 that are really needed? Can you see the problem? I believe that the e-mail with the order for a million widgets attached to it came from email@example.com, however it is very easy to forge an email. I am sure that Bill Gates would not be happy to see a million widgets sitting at his loading dock waiting to be unloaded.
In this case you have two possible solutions. One: you can have a secure web form that all your customers have to order through, or Two: you require your customers to send purchase orders to you via digitally signed e-mail. Both the secure web order page, and the digitally signed e-mail offer adequate security for your transaction. There are a number of companies that offer both personal and web server digital signatures to help make your transactions secure (see www.cacert.org orwww.thawte.com for more information about digital signatures).
Another issue that our lawyer and account friends will bring up is the enforceability of contracts with electronic signatures. Care must be taken that when completing a transaction, or making a contract with a digital signature, the laws in the jurisdictions where the transaction is taking place will enforce the contract. Your local lawyer should be able to fill you in on what to watch of for.
Besides Digital Signatures, there is another technology that is making it’s way into more an more software, that will make it much easier to automatically process all the digitally signed documents. It is call XML (or eXtensible Markup Language). What XML really is, is a standard for importing and exporting data into different programs. For example, I am using my accounting program to make up a purchase order to send to you. When I am ready to send it to you, the accounting package will convert the order into a standard XML format and then will digitally sign it and e-mail it to you. Your accounting system will import the order and start to process it, all without anyone having to re type the order (thus eliminating errors that can creep into the process).
By moving our processes from manual to secure electronic transfers over the internet, we can leave ourselves more susceptible to hackers if we do not take appropriate steps to protect ourselves. Firewalls and sensible corporate policies regarding the use of networking equipment will be more important than ever. Keeping our private digital signatures will be as important as making sure we don’t loose our wallet or purse at the mall.
As you can see, our mail room friend now has less and less to mail to open. That is good, because now he can concentrate on new ways to open the reduced volume of mail without being exposed to anything nasty.
UVic Faculty of Law