PGP software products

[chasen at world.std.com (chasen at world.std.com)]

>My company seems to have become the default ISP for a lot of law firms
>wanting low-cost email.  Mostly they've pretty much ignored the legal
>implications of email itself, but I'm now getting beat up by one of the
>larger firms which wants us to help them ensure email confidentiality
>through our internal site management policy.
>
>I've assured them that email is *not* confidential and that their clients
>should be told to submit routine confidential correspondence by other
>means.
>
>I'd like to tell them to use PGP.  But I'm not aware of any convenient
>(for the average butter-fingered attorney or clerk), low-cost
>PGP-enabled email packages for desktop environments (read: Windows
>boxes hooked up to a Novell cc:Mail network, in 99% of cases).  Any
>suggestions?  I could conceivably run some encryption software and a
>public key server at our site on a Linux box, which would provide a
>modicum of improved confidentiality vs. having to install new client
>software everywhere.  Wondering if there's anyone here who has
>actually been able to make real use of PGP, especially in the context
>of helping novice users put it to work.
>
>-rich
>
>

Rich-

As an attorney, I am not sure that the law firm is actually asking
for encoded mail.  If they are communicating with their clients as
well as their own attorneys then the clients would need the software
as well.  It sounds to me like they are simply asking what procedures
are in place at your company to prevent people from reading other
user's mail.  A *very* simple description of how unix security works
with particular regard to mail files may be sufficient.  In addition
an explanation of how only your sysops can be root users and your
company's written restrictions on their reading mail files may be
sufficient.

Talk to the law firm and see what they really want.

-Frank Chasen