Monday, September 26

A Trade-off to Counter Email Impersonation Attack on the Rise

Follow StartuptoEnterprise.com on Google News

Email Identity Theft & Misrepresentation

It begins with me trying to create an Outlook email with my name, but someone else is already using it with a different phone number that I never used. The situation is anybody can misrepresent me, miscommunicate me using my credentials. As a digital marketer, writer, and journalist, there must be some verification process in place that ensures I am not misrepresented. This is not a vanity ask, but as we grow up to a seven billion+ population on the Internet, this is elementary.

Email impersonation attack is not only a concern for people in media or public figures; it is, even more, a challenge for a non-public person. It can damage a person completely, destroy relationships, destroy market reputation, impact businesses and employment. This is something where a person need not hack into one’s email if I have to believe big email providers have notched up their email service security with impenetrable passwords. Think of a Gmail that reads your friend’s name asking you to write a recommendation with a link that busts your system security. Terrible, right?

Authenticate Old Email Accounts & Approve New Accounts with Government Ids

Yahoo, Hotmail, Outlook, Gmail, and other service providers already require people to add their phone numbers for 2-Factor Authentication and Account Security. This implies the existence of an infrastructure that can now require the submission of government IDs to verify email addresses. It is on the providers to decide how many accounts they can allow users to organize their email communication categories. 

The new Government Id authentication for old users and new account creators ensures accountability and deters a miscreant from creating an email account that misrepresents someone else. Current phone verification is more toward helping user recover their email ids, whereas using government verified documents help recover social reputation if challenged by someone for inappropriate usage of an email id. Of course, there can be fake Government Ids too, but those will be exceptions.

Regulatory Innovation in Electronic Communication

The European Union’s General Data Protection Rights (GDPR) has come a long way in protecting users from vicious email marketing by B2B, B2C, and other scam companies. It has successfully controlled the spam and misuse of data collected by websites of users browsing the Internet or making online transactions. But, of course, GDPR has been a nightmare to indiscreet email marketers from around the world. They are liable for their companies challenged for non-compliance with the GDPR mandate, which charges penalties in billions subjected to the company’s size. 

A consideration for Yahoo, Hotmail, Outlook, Gmail, etc., to require Government Id Authentication for old users and new account creators could be a significant advancement to check general email identity theft on the rise. It helps in our collective effort to stall terrorism, demands of ransomware, and general misuse for revenge. On average, Microsoft, Google, Yahoo, and other email service providers spare an average of 15GB of disk space for free. Considering a hypothesis of 7 billion users, the companies collectively bear the cost of 105000000000 GB space for free. Then again, imagine the number of email accounts possessed by each user and the percentage of them responsible for any email impersonation attack. Are green tech activists taking note?

 

On average, Microsoft, Google, Yahoo, and other email service providers spare an average of 15GB of disk space for free. Considering a hypothesis of 7 billion users, the companies collectively bear the cost of 105000000000 GB space for free. Then again, imagine the number of email accounts possessed by each user and the percentage of them responsible for any email impersonation attack. Are green tech activists taking note?


The Trade-off: Big Tech Surveillance vs. Government Surveillance 

Talking about Activism, how can I overlook surveillance? Both Big Tech and the government surveil us. While the Big Tech seems to seek pseudo consent, the government has taken us for granted from the time of our birth. At this time of proposing Yahoo, Hotmail, Outlook, Gmail, etc. the feature about government id authentication for existing email ids and new email account creation, do you think your data is not already available on the dark web or in the data centers controlled by the Big Tech or the Government? Everything that identifies you is already on the Internet, no matter how clever or concerned you are. 

Yahoo, Hotmail, Outlook, Gmail, etc., seeking government id authentication for existing email ids and new email account creation is only more transparent. By way of authenticating your email accounts with government-issued documents, you are helping them avert situations when someone either tries to hack your account or create an account with your name. For example, if you are johnsmith @ gmail.com, then an impersonator should not be able to fool you from john.smith @ gmail.com because of the account retention or creation process of john.smith @ gmail.com required government id verification.

The difference between big tech surveilling you and government surveillance is—one tracks you and sells your data for marketing products and services while the other tracks you for silencing your dissent. Do you have a better choice? Being on the Internet has no respite from the big tech, and being on earth has no respite from a government agency. That’s how China vanishes people, India puts people behind the bars, America orders licensed murders, etc. But I would say that both big tech surveillance and government surveillance are better than a miscreant surveilling you for financial and reputational extortion. Also, if “influencers” are okay to share government ids for the “blue tick,” they should see Government id authentication for email accounts as a problem.

Collective Good or Permissible Damage

There is an urgent need for email service providers to control any opportunity of email impersonation attack by mandating sign-up and validating through Government ids for the collective good. It saves-

  1. business the unnecessary cost of server space and associated workforce
  2. small and large businesses from business email compromise (BEC) and ransomware demands by budding hackers by helping security track source of communication
  3. marketers from false and redundant email marketing database
  4. public and non-public people from email identity theft and impersonation attack
  5. saves the environment from energy misuse from creating and maintaining servers and electronically transmitting an enormous amount of data

As a journalist, I can’t overlook the security needed for whistleblowers to communicate anything electronically. But, the fact is, state or corporate whistleblowers don’t rely on email services no matter promises of top-notch encryption by the provider. Instead, whistleblowers resort to the same decentralized communication that world-class terrorists and cybersecurity hackers leverage. 

A New Business Opportunity

Any entrepreneur interested in building a new tech startup can consider the idea of creating a vault that requires the user to sign up with government verified documents and disclose email ids they use. Of course, this is just a declaration so that the user can gain a shield against potential misrepresentation. But, of course, the startup has to assume the privacy responsibility of user data at all times. 

So, tomorrow, if a user is falsely charged for any email impersonation attack, they can ignore it until they are requested by law to prove their ownership. A declaration from this email protection startup can help. What if the user is a terrorist? They can misuse this self-declaration opportunity and not reveal the emails they use to run illegal activities. 

It is on the user to admit to law the ownership of an email id alleged for criminal activity. Choosing to stay silent will be a license to the email provider (Google, Yahoo, Microsoft) to break into the email account for investigation. If the investigation confirms the user as the perpetrator, it will follow the usual legal actions applicable in the country or as per the email provider. Thus, the email protection startup is only a proactive declaration to the IP governing law of the country.



Dear Reader, 

First, thank you for your precious time reading the stories (without paywalls) I publish on Startups to Enterprises covering the EUChinathe US, and India. Second, I request you to contribute financially (any amount) to help me sustain this as an independent digital business news media. 

If I receive a request for a sponsored post, I ensure I see merit that is meaningful for erudite and informed readers like you. In the bargain, I lose out on sponsorships wherein I need funds to sustain this effort. Your contribution helps me stay afloat.

Please note that your contribution is treated as revenue generated and not a donation; hence, there are no 80G or other donation certificates. In fact, as I am eligible to pay for the revenue generated, I will pay taxes on the same.

You deserve to know that I abide by journalistic ethics and practices to ensure I tell the stories as is, unbiased. You can follow us on FacebookLinkedin, and Twitter, bookmark us on Google News, and finallyPayPal us here.

Founding Editor

Linda Ashok  
Skip to content