When looking to design any type of secure electronic messaging system there are a number of factors that need to be look at before anything else is done. These include:
The national and international legal environment (as at today and the future trends). Dont forget the legal environment trends of your major trading partners.
The size and scalability of the user population (4 – 4.5 million NZ citizens)
The ability to eliminate/prevent the pandemic of internet symptoms (ID theft, spam, viruses etc) from annoying the user population.
Keep it simple for users, and system administrators (Get the right balance between usability and security).
Stay away from having to use digital certificates. There is no legislation in New Zealand that regulates Certification Authorities. They are permitted but there is neither official nor statutory recognition of them.
Trustworthy (will the public trust using a Govt secure email initiative?) One way to establish trust is to take the high ground and have a system that provides unconditional and irrevocable guarantees automatically and as standard.
Guarantees such as..
• Guarantee Confidentiality. Normal emails are not protected and are commonly ‘sniffed’ as they pass through the internet. Copies of the email can be left on the many servers they pass through, potentially indefinitely. Guarantee that no-one will be able to read your message except the person you intend to read it.
• Guarantee Integrity. Internet emails can be intercepted and their content changed maliciously. Guarantee that the message sent is exactly the same as the one that arrives.
• Guarantee Authenticity. With traditional email it is easy to pretend to be someone else on the Internet, which results in “phishing” (identity theft) and spam attacks. Ensures that the person you are messaging is exactly the person you intend. Registration of users ensures you know that the information has come from a genuine person.
• Guarantee Non-Repudiation. Audit trails and message integrity guarantees give both the sender and receiver repudiation protection. This means neither the sender nor the recipient can claim that the message was not sent or received.
• Guarantee Proof Of Delivery. Trace your message so you know exactly who read it and when, when attachments were downloaded and by whom. Advanced Digital Rights Management features let you manage the message even after it has been sent.
• Guarantee Compliance. Become compliant with National and International Tracking, Auditing, Security of Information, Electronic Transactions, and Privacy legislations. Here in NZ, these include the Electronic Transactions Act 2002 (including Encryption and Digital Signature legislation), The Evidence Bill, Privacy Act 1993, and the Telecommunications Act 2004 (also known as the Interception Capability Act).
Forgot your password?
New user?
SecMX -- a better way to send email
When looking to design any type of secure electronic messaging system there are a number of factors that need to be look at before anything else is done. These include:
Guarantees such as..
• Guarantee Confidentiality. Normal emails are not protected and are commonly ‘sniffed’ as they pass through the internet. Copies of the email can be left on the many servers they pass through, potentially indefinitely. Guarantee that no-one will be able to read your message except the person you intend to read it.
• Guarantee Integrity. Internet emails can be intercepted and their content changed maliciously. Guarantee that the message sent is exactly the same as the one that arrives.
• Guarantee Authenticity. With traditional email it is easy to pretend to be someone else on the Internet, which results in “phishing” (identity theft) and spam attacks. Ensures that the person you are messaging is exactly the person you intend. Registration of users ensures you know that the information has come from a genuine person.
• Guarantee Non-Repudiation. Audit trails and message integrity guarantees give both the sender and receiver repudiation protection. This means neither the sender nor the recipient can claim that the message was not sent or received.
• Guarantee Proof Of Delivery. Trace your message so you know exactly who read it and when, when attachments were downloaded and by whom. Advanced Digital Rights Management features let you manage the message even after it has been sent.
• Guarantee Compliance. Become compliant with National and International Tracking, Auditing, Security of Information, Electronic Transactions, and Privacy legislations. Here in NZ, these include the Electronic Transactions Act 2002 (including Encryption and Digital Signature legislation), The Evidence Bill, Privacy Act 1993, and the Telecommunications Act 2004 (also known as the Interception Capability Act).