An electronic mail system could be used to leak information. First, explain how the leakage could occur. Then, identify controls that could be applied to detect or prevent the leakage

What will be an ideal response?

---

The
electronic
mail
system
could
leak
information
in
the
number
of
messages
sent,
the
kinds
of
messages,
the
sizes,
the
destination
addresses,
the
number
of
characters
in
a
message,
the
number
of
odd-­?length
or
even-­?length
messages,
the
contents
of
various
header
fields,
and
so
forth.
The
control
most
frequently
used
is
human
review
of
the
content
of
the
message,
followed
by
manual
paraphrasing
and
rekeying
of
the
message
(so
that
header
modifications,
message
length,
message
parity,
and
the
like
would
be
distorted).
This
is
obviously
a
slow
and
expensive
solution.
Another
approach
is
the
use
of
various
guards,
which
are
programs
that
look
for
specific
patterns
in
the
message.
One
pattern
is
the
"dirty
word
search"
that
scans
a
message
for
any
of
a
finite
list
of
unacceptable,
sensitive
words
(for
example,
bomb,
uranium,
plutonium,
fission).
The
major
limitations
of
this
approach
are
that
the
dirty
word
list
is
seldom
complete
(so
the
sender
could
get
away
by
substituting
"explosive
device"
for
"bomb"),
and
the
sender
can
always
encode
the
dirty
word
(for
example,
representing
"bomb"
by
four
consecutive
innocuous
words,
beginning
with
the
letters
B-­?O-­?M-­?B).