How Secure is Internet Faxing?
A reader asks: 'I have been using online faxing for about a year, but until now I never really thought about the potential for my fax transmission falling into the wrong hands. Should I be concerned about the security of Internet faxing?'
Online Fax Security
The security of fax transmissions is especially important to healthcare, legal, and financial entities. Even occasional users may wonder if Internet faxing, despite its many advantages, is secure enough to protect their privacy when sending confidential information. The answer is, it depends...
First, let's compare Internet fax security to the security of normal fax transmissions over phone lines. Both are susceptible to eavesdropping and diversion of transmissions, unless special precautions are taken. In the case of Internet faxes, encrypting a digital transmission or uploading it to a fax server over an encrypted Web connection provide sufficient protection against interception of your document. You should make sure that these security features are supported in any Internet fax service you consider.
Faxes travel across the public telephone network, and are subject to potential interception by motivated hackers. That's not a weakness in Faxzero, it's just the way traditional faxing works. See my related article Top Online Fax Services for a list of options to help you send or receive faxes over the Internet.
Email-to-fax services can be spoofed, meaning someone can fake your email address in a message header and send faxes in your name. If you pay for Internet fax service that means you may be stuck with someone else's fax bill. A good Internet fax service sends a confirmation email back to the sender's email address with every fax it sends, providing an alert that an unauthorized fax was sent using your account.
Digital Delivery Offers Enhanced Fax Security
Normal faxes end up printed and deposited in a fax machine's receiving tray, where they lie until someone comes to retrieve them. These paper copies are exposed to everyone who has access to the fax machine, and may be accidentally (or purposely) read by people searching for their own faxes in the stack. Email-based Internet fax delivers faxes directly to the addressee's inbox (instead of a fax machine), where it's less likely to be seen by others.
However, if you receive your incoming faxes as unencrypted PDF documents attached to e-mail messages, those attachments are no more secure than the e-mail messages to which they are attached. It's not likely that anyone is intercepting your emails, but it is technically possible. Using a webmail service like GMail or Hotmail that provides the option to turn on encryption via HTTPS solves this problem.
Another security scheme stores received faxes on an online server. An email notice sent to the addressee contains a web link which points to the digital fax document. When clicked, the link opens a Secure Sockets Layer (SSL) connection to retrieve the document and display it in a browser, from which the recipient can save or print a copy. So the faxed document is never exposed on an unsecured Internet connection.
It's hard to control the security implemented by business partners. If you send an Internet fax to a partner's fax machine number, the printout is subject to the security vulnerabilities noted above. If possible, you should get your partners to use a more secure all-digital Internet fax solution such as fax-to-email or the SSL method described above. Hopefully, they're just as concerned with security as you are.
Bottom line, my take is that internet faxing is more secure than using good old-fashioned office fax machines, because encryption is typically NOT used when sending from one machine to another, across the public telephone network. But because encryption is used by online fax services (in at least part of the journey), and faxes can be delivered directly to the recipient's inbox, online faxing is a more secure option.
Do you have something to say about the security of online faxing? Post your comment or question below...
This article was posted by Bob Rankin on 11 Oct 2012
|For Fun: Buy Bob a Snickers.|
Free Online Video Converters
The Top Twenty
Is a Paperless Office Really Possible?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- How Secure is Internet Faxing? (Posted: 11 Oct 2012)
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "How Secure is Internet Faxing?"
11 Oct 2012
The phrase 'unless court order compels them to do so' says it all. If the government wants to look over your shoulder the is nothing that a company can do about stopping them, short of deleting the information and risk going to jail for a long time!
11 Oct 2012
thanks for this! I was wondering when there would be online faxing! I hate fax machines, never know if they went through. Now there's an alternative!
11 Oct 2012
One important point you left out is that even though the fax service may be using SSL, if the data isn't encrypted on the server, then it's very possible that the server could be compromised and all of the faxes exposed. Also, once the fax is sent, if the fax service does not wipe (not just delete) the fax, then the data faces additional exposure if the server is compromised or the server is sold in surplus or the hard drive removed/replaced.
13 Nov 2012
Would there be a security risk faxing across VOIP where it is available? My system, Ooma, does not offer it yet.
27 Mar 2013
EDITOR'S NOTE: Nonetheless, if you view the HTML source code, you can see that the HTTPS protocol is used when submitting the fax form. That means your data is encrypted before going to the Faxzero server. But as I mentioned, the public telephone network which delivers the faxes is NOT encrypted. (Which is really quite analogous to the way email is delivered.)
14 Jun 2014
Your analysis assumes that online FAX services are not mining every word in every FAX and are not using that information for purposes we would not approve of. That is a big assumption.
The danger is not from an outside snooper, but from those who provide the "free" service.
It is much less likely that a real FAX -- FAX machine to FAX machine over hard wire -- will be read by anyone other than someone who has access to the receiving FAX machine.
The requirements by law or by businesses that a FAX be used to protect privacy is clearly based on an assumption that real FAX machines will be used for sending and receiving.
As the world is moving online, privacy is moving out the window. The NSA is nothing compared to what "free" services on the Internet can see and do with our information.
The day is coming when every word, spoken or written by any of us, will be saved in perpetuity and indexed, if they go anywhere near the Internet.
For example, once phone companies are put out of business by free Internet phone services like Google Voice, we will have no option but to use such Internet phone services to communicate by voice at a distance, and the service's voice recognition allows instant transcription, storage in perpetuity, and indexing of every word spoken.
Online FAX services are "the same thing but different" if they result in the demise of real FAX machines (at least at reasonable mass market cost).
10 Oct 2014
Great article Bob. And... excellent, thought-provoking points made by MC. Glad I read this before FAX'ing a confidential document. I don't own a FAX machine. Guess I better head into town for a real FAX machine and not be so lazy!
MC - your comments are very similar to the premise for a TV series I began watching this year: Check out "Person of Interest." Great show.
10 Dec 2015
the FAQ says it is encryped, the terms of service say that it may not be ( http://faxzero.com/terms_of_use.php ).
You understand that fax information may be transmitted without encryption over the Internet, telephone network, and other telecommunications networks; and stored on our servers, and is not guaranteed to be private. Can they be trusted to secure your info?
EDITOR'S NOTE: The FaxZero owner says: "FaxZero faxes are always encrypted while being transferred over the Internet (from the user to our server, and from our server to the backend provider that transmits faxes.) But the information needs to be unencrypted on our server and at the backend server. We can see fax content as a matter of maintenance and support. Also, fax transmission over the telecommunications network (e.g. from the backend provider to the destination fax machine) is by its nature not encrypted."
03 Apr 2017
Thank you very much for sharing such helpful information! Ü/