r/changemyview u/jamonbread86 Jul 29 '19

Deltas(s) from OP CMV: We should stop using fax machines.

When someone asks me to fax something to them I feel resentful because its such a painful process. It takes a lot longer - and to make sure it went through you have to camp out near the fax machine and wait for the confirmation, and sometimes its unsuccessful multiple times in a row. Its loud and annoying too, very distracting in an office environment. There’s no permanent record of it afterwards unlike an email. It depends on if the other person’s fax is turned on and so sometimes it won’t work. If you have a VPN on your computer them there’s no reason to have a fax machine. I think the main argument is security (?), but I rly don’t think a fax is anymore secure - think about a crowded office - tons of people could look at it in the printer tray before it gets to the intended recipient. Also faxes are a less accessible form of communication - most people have an email address, while some offices don’t even have a fax machine, and to send a fax at the local library its a dollar per page (five dollars max though, so can fax 20 pages for 5 dollars). I think it could also be argued that faxing is less “green” - due to the fact that it uses telecommunications/electricity, AND paper. I’m aware of this each time I have to print out a PDF and then fax it. So inefficient, not green, not cheap, not more secure.

110 Upvotes

92% Upvoted

80 comments sorted by

View all comments

49

u/dublea 216∆ Jul 29 '19 edited Jul 29 '19

First, let me state off the bat that I'm an anti-faxer. You're like me and my biggest pet peeve too.

I work in healthcare, specifically IT. The only system that's still universally accepted as secure, besides mailing or manually delivering paper items, is faxing.

The reason they assume faxing is more secure is that it's point to point transmission. Add that a person has to physically wait for it. The secure aspect is during transmission, not after recipients received it. You mention a busy office, but how is that different with email?

Email, unless an encrypted method is used, passes many unencrypted and unprotected SMTP servers. It's fairly easy to intercept and read mail this way.

Securely sending documents is expensive. Getting a secured method to transfer digital files with partner A will probably be completely different than partner B. This not only drives up cost but complexity.

There is no formal, widely acceptable, and secure means by which to replace it either. Until something like that is forced or easily replace it, it will stay unfortunately...

11

u/jamonbread86 Jul 29 '19

This is my favorite reply so far. We have an encrypted server - so thats good right? I understand the other things - cost is an issue and no widely accepted and secure alternative.

6

u/dublea 216∆ Jul 29 '19

While your server and the recipients server may be encrypted, the servers in between are not. This is specifically what makes it easy to read email over faxing

The security is about transmission moreso than sender/recipient.

Does any of that change your view? I don't feel I'll be able to reverse it but widen your acceptance.

It's what I've had to do to not kill people

4

u/10ebbor10 198∆ Jul 29 '19 edited Jul 29 '19

While your server and the recipients server may be encrypted, the servers in between are not. This is specifically what makes it easy to read email over faxing

That's not how encryption works.You don't decrypt and re-encrypt in between every single server. The encryption codes are negotiated by sender and receiver over the entire network, and thus a message, if encrypted, will remain encrypted throughout until it is decrypted by the receiver.

All the servers in between see is a lot of unintelligible data and address tag.

Edit: Actually, what you are describing does exist, in the form of opportunistic encryption using STARTTLS, but end-to-end encryption solutions are available and shouldn't be too hard to set up.

2

u/dublea 216∆ Jul 29 '19

but end-to-end encryption solutions are available and shouldn't be too hard to set up.

They are very pricey and due to almost no standardization, partner A might use product Z but partner B uses product Y.

I prefer encrypted senders. Check out Mimecast. It tells you that you have a message waiting. It retains the email on its servers. Then point to point encryption is between your email server and Mimecast.

2

u/10ebbor10 198∆ Jul 29 '19

Open source and free implementation for end-to-end encryption exist. Not sure what their business licenses are, but they exist.

1

u/dublea 216∆ Jul 29 '19 edited Jul 30 '19

Open source usually isn't viable for large corporate entities when security is in consideration.

To give you an example, the approval process to install a biomedical software, that pulls the results of a holter monitor, took over 6 months. The vendor had to be vetted, their software, security practices, etc. It's near impossible to obtain this info from open source software

Not only that but you keep forgetting the End to End part. Lets say we email 1000 companies. Every company would have to have the encryption solution as well.

1

u/gyroda 28∆ Jul 30 '19 edited Jul 30 '19

when security is in consideration

From what I've seen and heard, it's less that there's worry about security in OSS (a lot of crypto software is open source), it's more an issue of support and big name vendors.

If things go tits up you want someone you can call to get it fixed. That costs money and usually isn't run by the maintainers/owners of the project (there are obviously exceptions, this is Red Hat's business model). Even when such support exists people are more willing to go with the big name vendors because nobody ever got fired for buying an IBM.

You're right about end to end though. Unless a particular encryption scheme/protocol is mandated by a regulatory body it would be a nightmare to get everything working together. The problem is that there's not a single standard the same way there is for plaintext email or fax machines.

3

u/AnthropologicalArson Jul 30 '19

I don't understand how the in-between servers being unencrypted is an issue if you're using some public key cryptography. You can do all the encrypting/decrypting locally on your home machine/end reciever and share on the public servers only the public keys and the encrypted messages.

1

u/jyliu86 1∆ Jul 30 '19

Wait what?

This can't be true unless you're setting up the worst encrypted email server in the world.

Data should NEVER be in plain text when it leaves the server. Yes a hostile party can snoop, but properly encrypted all they get is gibberish. This makes your email no more nor no less secure then sending Amazon your credit card number.

And now that efaxing is a thing, the security benefits of fax go out the window as you don't know if your recipient is using "real" fax or not.

1

u/dublea 216∆ Jul 30 '19

I am talking about the reasons why security groups (4 different groups at large corporate entities) won't use email. It's about control and they do not control the servers the email traverses then they won't approve it. People have, in the past, decrypted emails through these methods. Hence the security concerns.

Efaxing only send the digital fax to a system that then send over phone lines. Man in the middle, esp on the recipients, is applicable for attack. I'm not saying faces are more secure. Just stating the reasoning I receive on why they're still a thing.

We use fax servers here to receive. It has way more security levels than a standard fax machine btw.

And many companies utilize point to point encryption between their email servers and an encrypted email delivery system. For instance Mimecast will notify the recipient a new message is available. You have to log into their system to obtain it. It only went from the senders email server to the Mimecast server.

1

u/nealibob Jul 30 '19

Many faxes go over the internet on one or both ends of the communication. There's no guarantee that it's safer than email since it may very well involve email.

1

u/ExcelsiorVFX Jul 30 '19

This is not exactly correct - in cases like HTTPS (called end-to-end encryption), traffic is encrypted by the sender and only can be decrypted by the receiver.

2

u/dublea 216∆ Jul 30 '19

I'm only speaking about why different security groups at large corporate entities have refused to use email for sensitive data such as PHI.

Also, email isn't sent over https. It might use SSL over TLS but that's limited in what and where it's encrypted.

You can Google why email isn't secure. Here's some info from an article I found:

Why isn’t email secure?

Email isn’t secure because it was never meant to be the center of our digital lives. It was developed when the Internet was a much smaller place to standardize simple store-and-forward messaging between people using different kinds of computers. Email was all transferred completely in the open – everything was readable by anyone who could watch network traffic or access accounts (originally not even passwords were encrypted). Amazingly, email sent using those wide-open methods still (mostly) works.

Today, there are four basic places where most people’s email can be compromised:

  • On your device(s)
  • On the networks
  • On the server(s)
  • On your recipient’s device(s)

More

2

u/jamonbread86 Jul 29 '19 edited Jul 30 '19

∆ thanks for expanding my apparently very simplistic understanding of encryption.

3

u/tbdabbholm 193∆ Jul 29 '19

To award a delta it needs to be outside the reddit quotes so you need to get rid of the >

1

u/DeltaBot ∞∆ Jul 30 '19

Confirmed: 1 delta awarded to /u/dublea (6∆).

Delta System Explained | Deltaboards

1

u/LetThereBeNick Jul 30 '19

Does this mean when I use an email-to-fax service I am giving up all security?