August 01, 1999
Meetings & Conventions: Planner's Portfolio August 1999 Current Issue
August 1999 Tech filesPLANNER'S PORTFOLIO:




Encryption is the key to prevent tampering with electronic contracts

The Internet affords all sorts of opportunities, and in the meeting world that soon will mean sending and receiving signed documents electronically. But can we trust the security and accuracy of e-mail as we send contracts, commitment notices and meeting changes out into the ether?

To be sure that e-mail and attached files are secure, ask yourself these questions.

  • Is the e-mail from the person or organization that claims to have sent it to me?
  • Can anyone read the message other than the intended receiver?
  • Is this e-mail really a virus or worm that can harm our computer system?
  • WHO IS IT?
    On the Internet, it is pretty easy to pretend to be someone you are not. Most client programs allow users to enter any return address, so I could pose as [email protected]

    There are two approaches to verifying the real source of an e-mail. First, you can view the data in the message header, including the actual route the message took, to discover the originating e-mail server. This can be hard to decipher unless you are a trained techno-guru.

    Ideally, when the subject matter is proprietary or sensitive, you want to receive a digitally notarized and registered e-mail to verify the message really is from the appropriate source and you are the only person able to view it. This is where encryption comes in. The sender and the receiver can decide to use a "key" or secret code to lock and unlock documents.

    For example, I am ready to sign two years' worth of hotel contracts for a conference we own. The salesperson will call me on the phone and give me a private encryption key. This might be a 10- to 12-digit code containing numerals and letters. Then she e-mails me the contracts, which I cannot open without the key. Anyone else who tries to read the document will see gobbledygook random letters and characters. With the key, the document looks normal. I can sign it, scan it and send it back, again using the encryption key.

    There are many encryption approaches and technologies to make this process work. Go to to view a robust explanation of the technical aspects of encryption systems. Another good site is the National Institutes of Health's security page (

    At the moment, the only way to send a signed contract electronically is by scanning it in and attaching it to an e-mail. Run this practice by your attorney or legal department to make sure they accept such contracts as valid before signing and sending.

    I predict that in a few years we will see an official notary process for e-mail, to verify the identity of the sender. This will prevent hyperactive 14-year-olds from blocking 500 rooms at a hotel.

    The third question, about virus or worm safety, is particularly timely. In the spring, many information systems departments had to deal with the Melissa virus and, in June, the world was hit with a second monster, a rapidly spreading worm. It disguised itself as a message from someone you knew and carried an attached file. If executed, the attachment wiped out all Microsoft Office files on your computer and sent itself to everyone listed in your e-mail address book.

    Although virus-checking routines trap some of these insidious illnesses, in our office we have implemented a rule that no one is allowed to open an attachment from an unknown sender. When the computer says, "You've got mail," the best rules of thumb are "know thy sender" and "verify, verify, verify!"

    ELLIOTT MASIE is president of the Saratoga Springs, N.Y.-based Masie Center (, an international think tank focused on learning and technology.

    Back to Current Issue index
    M&C Home Page
    Current Issue | Events Calendar | Newsline | Incentive News | Meetings Market Report
    Editorial Libraries | CVB Links | Reader Survey | Hot Dates | Contact M&C