An electronic mail system could be used to leak information. First, explain how the leakage could occur. Then, identify controls that could be applied to detect or prevent the leakage.

What will be an ideal response?

---

The electronic mail system could leak information in the number of messages sent, the kinds of messages, the sizes, the destination addresses, the number of characters in a message, the number of odd-­?length or even-­?length messages, the contents of various header fields, and so forth.

The control most frequently used is human review of the content of the message, followed by manual paraphrasing and rekeying of the message (so that header modifications, message length, message parity, and the like would be distorted). This is obviously a slow and expensive solution.

Another approach is the use of variousguards, which are programs that look for specific patterns in the message. One pattern is the“dirty word search” that scans a message for any of a finite list of unacceptable, sensitive words (for example,bomb, uranium, plutonium, fission). The major limitations of this approach are that the dirty word list is seldom complete (so the sender could get away by substituting “explosive device” for “bomb”), and the sender can always encode the dirty word (for example, representing “bomb” by four consecutive innocuous words, beginning with the letters B-­?O-­?M-­?B).