Protection of confidentiality in communications
Published 14.06.2013Under the Finnish legislation, everyone has the right to protect his or her own communication. Everyone using the internet should consider which communications services to use, and what kind of protection measures these services require. If necessary, messages can be encrypted.
According to the Constitution of Finland, the secrecy of correspondence, telephony and other confidential communications is inviolable. According to the Act on the Protection of Privacy in Electronic Communications, everyone can protect their messages and related identification data. Communications taking place abroad or in foreign communications networks or services may fall under the legislation of the country in question. Communicators should ensure the confidentiality in their communications by for example encrypting their messages and using encrypted telecommunications connections.
For example, when using online services, confidential information or information related to payment methods should only be transmitted via an encrypted internet connection. Prior to typing in any confidential information, you should always check that the website in question applies SSL protection. This conceals the contents of traffic between your computer and the website server, and helps to ensure the authenticity of the website. A site applies SSL protection if the lock icon indicating it is closed and the address starts with https://.
It is advisable to use an encrypted connection in your e-mail programme and follow the instructions given by the e-mail service provider. The encrypted connection, specified in the communication settings of the e-mail software, will protect the connection between the computer and e-mail server from eavesdropping.
Furthermore, e-mail messages containing confidential information should be encrypted whenever necessary. E-mail message contents can be encrypted by using a special encryption method in addition to the actual e-mail software. In this case, the encryption method used should be agreed on with the message recipient. In most cases, the recipient must use the same encryption software for decrypting the message, or the recipient must know the password used for encryption.
For encrypting message content you can use special sofware intended for e-mail protection, such as PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard), or you can send the contents of the confidential message requiring encryption in an attachment file protected with a password. You cannot conceal message recipient information, because it is used on the Web for the purpose of transmitting the message to the recipient.
Handling of classified data
It is recommended by the national security auditing criteria (KATAKRI) that telecommunications intended outside the physical environment in control of an organisation or telecommunications intended to the public network should be encrypted if the communications is worth encrypting. It is forbidden to store, handle or transfer classified information in systems that have not been encrypted or approved in an appropriate manner.
The National Communications Security Authority NCSA-FI operating within the Finnish Communications Regulatory Authority (FICORA) provides material on how to protect systems intended for electronic data transfer and handling against known information security threats.
National security auditing criteria (KATAKRI)
Go to CERT-FI's website for more information on the Internet self-defence course. (suomeksi)