Last week, I was instructed by my boss to deliver some documents in a sealed envelope to a third party. I was told not to open the envelope, just to deliver it to the intended party. I knew what kind of documents they were, but not what information was contained therein. The documents were of a very private and sensitive nature and I would have really liked to have seen them because the information could have been very useful to me (for purposes I won’t relate).
I wasn’t tempted at all - I’m very very used to following instructions exactly - the nature of the job. But I did wonder why my boss trusted me with this kind of information in a simple sealed envelope. I can’t say what was enclosed but let’s just say that he knows, that I know, that what was contained could possibly (but not certainly) change the nature of our association, in a negative way for him.
It may be that I’ve demonstrated my trustworthiness in many ways before, so he felt comfortable enough trusting me this time. I’m not sure.
So, the question is
if you were the boss, what measures could you have possibly taken to know whether or not I opened that envelope before delivering it? You can assume that he has constant telephone contact with the third party.
You also have to assume that the envelope could not have been delivered by anyone else but me alone and at my discretion.
Also, I know how to steam open an envelope and re-seal it. I also know how to roll a letter up with pincers and pull it out of the seam. I assume you people know how to do all these things too, or if not, you do now, so put yourself in the position of the boss and let me know what you would have done.
A tiny hair in the crease of the letter about which he has told the recipient. The recipient opens the letter over a white mat in a clean room. If the hair is not seen, then the letter was opened and read.
He might have sealed the envelope in a way so as to put a “bubble” at a specific spot. (Perhaps he did not moisten the envelope at that spot, for a discrete, measured distance. Again, the recipient knows to look for a spot on the envelope flap that is not sealed. When you seal the envelope after steaming it open, you wouldn’t know where to leave the bubble.
The question was “how would you ensure that this information was not leaked”. The last two posts seem to answer the question “how to find out that the information has been leaked”.
Yup. I’d go with a wax seal or two, with the nature of the imprint on the seal told to the recipient through other channels. Maybe add a second, blank page of nice thick-grade paper inside the envelope, around the letter, to block any attempts to use a bright light, or use a dark-colored envelope.
The former was the thread’s title, but the latter was in fact the question ultimately asked at the bottom of the OP.
As for ensuring non-leakage, how about 128-bit encryption? This is common practice for secure internet transactions, but the encrypted data need not be transmitted electronically:
type up document.
encrypt it.
print a hard copy.
courier delivers hard copy to receipient.
recipient types or OCR-scans the document back into an electronic copy, decrypts/reads it.
Of course if both ends of this chain are in electronic format, then the hard-copy steps are inefficient; far better just to hand off a thumb drive with an encrypted document on it, decryptable only by the intended recipient.
Is the boss limited to the type of envelope? Could he put it in a regular envelope tucked inside a FedEx or USPS letter envelope? Those have a completely different sealing mechanism, one which may thwart steaming. If boss has time he could try on his own first. Another option would be one of those flexible plastic-esque packs that some larger courier envelopes come in. Those are flexible and will show most tampering signs.
I’m assuming that non-hidden security devices like these and wax seals are enough to thwart you if you can’t circumvent them?
In my old world of academia, long ago we used to put letters of recommendation in envelopes and sign straddling the flap seal. Some envelopes came preprinted with a box/line for the signature. Then you could give the envelope to the student to include in his/her application.
While steaming open the letter is easy, putting it back so that the lines in the signature line up is non-trivial. The recipient doesn’t have to be told anything in advance.
OTOH, the envelope could be replaced and a fake sig (that the recipient might not know) could be added. This is why the preprinted envelopes were popular. The student would get 3 with a watermark/seal and a substitution would be noticable.
If the Big Boss had such a set of special envelopes and kept them secure, it would help some but not necessarily be foolproof.
If I was really paranoid that you’d open the envelope and then reseal in a duplicate envelope before delivery there are ways around that as well (starting with signing my name over the seal, I can give you some more esoteric ideas as well), since I can call the recipient and tell him what to expect.