By KAREN L. MILLER
Joining the rush to market security tools for the Internet,
the United
States Postal Service is actively developing and testing a
digital
postmark for e-mail that it hopes will translate the integrity of
standard
first-class mail to the online world.
In the first phase of a limited
market trial of the "Electronic
Postmarking Service," under way
since August, the Postal Service is stamping e-mail with both the
date and
Greenwich Mean Time. The service also includes document archiving
so that
the message can be retrieved later by the sender.
"We're trying to build trust on the Internet, where people can
communicate
with e-mail and other electronic correspondence comfortably,
knowing their
documents can be mailed securely and that they're tamperproof,"
said Mark
Saunders, a spokesman for the Postal Service in Washington, D.C. "If
you're negotiating a contract you don't have to leave home to do
it."
Each e-mail document electronically submitted to the Postal
Service for
postmarking is time-and-date stamped, then "hashed," that is,
translated into
a very long single number as a "fingerprint" of the message, and
finally,
digitally signed with a Postal Service private "key" to
authenticate the
integrity of the message. Every document is assigned a unique
identifying
number related to the date and time it was received by the Postal
Service's
server.
"Essentially what the electronic postmark does is prove that a
document
existed at a specific point in time and that the document was not
tampered
with from the time it was received at the Postal Service server,"
Saunders
said.
In addition, said John Cook, a Postal Service program manager,
"Everything
that is postmarked is automatically archived so you can retrieve and
authenticate the document."
During the trial run, Cook said, the
archiving process is being performed
by a commercial electronic
document service, Aegis Star
Corporation of Palo Alto, Calif. Aegis Star has the Postal Service's
postmarking machine on site and stores postmarked e-mail on
optical disks.
One e-mail document can be sent postmarked to numerous addresses,
and
it can be simultaneously sent without a postmark to other
recipients. The
entire process -- from the arrival of an e-mail document at the
Postal Service
center until it is postmarked and received by the intended
recipient -- takes
five to eight minutes.
The recipient can authenticate the document via the USPS Mail
Reader, free
software downloadable from the Aegis Star Web site.
To authenticate the message, the recipient clicks on a "postal
eagle" icon on
the mail reader, said Gerry Baranano, Aegis Star's vice-president
of sales
and marketing. When that happens, he said, pop-up windows appear
on the
recipient's screen to either verify the content of the message
and the integrity
of the postmark or to issue a warning that the message has been
tampered
with along the way.
In addition to ensuring security and integrity, the Postal
Service's e-mail
postmark may well carry with it the legal clout of Federal postal
laws.
Joseph Wackerman, a lawyer for the Postal Service, said that the
agency
"has a strong legal regime that ensures the integrity of its
employees and
protects postal premises from people breaking in or hacking into the
organization."
Saunders, the Postal Service
spokesman, added: "If someone uses
the Postal Service while committing
wire fraud you also have the
additional enforcement of the USPS
Inspection Service behind you to help
prosecute that crime."
Cook said that during the trial
run, the
Postal Service would charge by file
size -- 22 cents for an electronic postmark on a file up to 50K.
Larger files
will probably mirror first-class mail's incremental pricing
structure, Cook
said.
Because the document is also archived, it can be retrieved by the
sender.
Baranano said that the sender currently must pay Aegis Star 40
cents per
kilobyte to retrieve the message.
Cook said that the Electronic Postmark pilot program is now
expected to
continue beyond its original 60-day schedule. It is currently
being tested with
a handful of companies in the legal, financial, government and
healthcare
markets. After this initial testing phase, the Postal Service may
have one or
two large firms test the system intensely and then move toward a
national
rollout, he said.
The Postal Service's Electronic Postmark is scheduled to be
demonstrated in
Boston at the E-mail World/Internet Expo in October. The Postal
Service is
also considering expanding its digital services to include
electronic versions
of return receipt, certified and registered e-mail and digital ID
certificates,
Cook said.
Whereas a postmark authenticates a transaction, a digital ID, like a
passport, authenticates the identity of an individual. Class 1
digital IDs, the
industry standard for e- mail security, can encrypt and digitally
sign e-mail
for a more secure level of electronic correspondence. It is
supported by the
Netscape Navigator and Microsoft Explorer browsers as well as by a
number of e-mail applications.
Gina Jorasch, director of product
marketing at VeriSign, Inc., a digital
ID service provider based in
Mountain View, Calif., said: "In the
e-mail world, your digital ID with
normal signing and encrypting will be
all you need. Postmarking is for
really time-critical communications.
We are also going to be providing
time-stamping services."
Saunders said that the Postal Service
was "not in any way trying to create a monopoly on electronic
mail like we
have with first-class mail," but rather "a product you might want
to use once
out of every hundred times,"
On the other hand, Cook said, "Only the Postal Service can bring
you the
postmark, while somebody else can call it a time-and-date stamp.
We intend
to offer a trusted level of service that is universal."
--Even though I was only in my mid-thirties when I became editor of Newsweek, I had already spent a number of years working for a lot of bosses. What had I learned? What I hope I learned was: the importance of kindness. The idiocy of arrogance. The virtues of boldness. The pettiness of cruelty. The need for self-assurance. And, above all, the uses of humor. Osborn Elliott ---------------------------------------------------------------------------- ------------------------ tbyars@earthlink.net