Secure Mailing Web Application

The purpose of this algorithm is to help ensure that information sent by e-mail is properly secured. The algorithm contributes to this by alerting e-mail senders to sensitive information and encouraging them to send it securely. If they choose to do so, the e-mail is secured with encryption, two-factor authentication for the recipient, revocation option and logging. This ensures that sensitive information is secured, while insensitive information can be accessed without additional friction for the recipient. The algorithm only impacts the process of sending e-mails and does not affect the substantive legal status of citizens or businesses.

The use of this algorithm helps ensure that e-mails are sent with the right level of security. Classification of e-mails by algorithm is more effective than classification based on a glossary compiled by human input or classification by the sender, while at the same time the algorithm does not affect the content of an e-mail.

In principle, the user makes the choice whether or not to send an e-mail securely based on the recommendation by the algorithm. It is also possible to automate the choice of whether or not to send an e-mail securely based on the algorithm. In that case, a user can always choose to send an e-mail explicitly secure or insecure by himself.

The overall performance of the algorithm is monitored by the vendor. If the algorithm is found to be making more frequent misclassifications, this is picked up by the monitoring so that adjustments to the algorithm can be made.

From the BIO guidelines for the Government, secure mail is considered an advised measure when personal data or other sensitive information is sent via mail with some regularity.

The application works by automatically recognising text elements that may refer to sensitive information that should be sent securely. It also allows a user to specify whether an e-mail should be sent securely or not.

When composing a new e-mail, the terms in the message and attachments are used to see how similar it is to previously (securely or normally) sent e-mails. If the e-mail is sufficiently similar to messages normally sent securely, the e-mail is flagged as potentially sensitive. Based on the terminology in the e-mail, it is determined whether it relates to a specific category of sensitive information, such as medical or legal. The moment the e-mail is classified as sensitive and is about a topic that the organisation has set to be sent securely, the user is given a recommendation to send the e-mail securely.