Comment foobar... (Score 1) 542
Generally public key encryption should be sufficient. Just send the data as an encrypted attachment using a private key (which you can tell him over the phone), and send the e-mail (with the attachment) using some kind of public key encryption like pgp.
OPTIONALLY: If you're extremely paranoid, you'll need a trusted 3rd party. So here's what ya' do: Send the data as an e-mail attachment using any kind of truly secure encryption. You can use any number of programs for this: trucrypt for windows, or gnupg for *nix for example. Encrypt the data with a good private key (don't use public key encryption), then get your trusted 3rd party on a conference call along with the consultant. You want a 3rd party who can verify the voice of whoever you're delivering the data to so that you can be sure that it's not some random dude claiming to be from company X and claiming to be person Y. Then you literally tell the person the password over the phone. That way you're both communicating in real-time using 2 different forms of transmission. If the potential interceptor of the data has both your phone lines and your network lines tapped, then you have bigger problems than this little transmission of data. If you wanna be truly paranoid, then you could insist that the receiver use his/her cell phone instead of a potentially IP-based company phone.
Your 3rd option is to physically deliver the data with body guards, a handcuffed briefcase, and CIA assassins present.
OPTIONALLY: If you're extremely paranoid, you'll need a trusted 3rd party. So here's what ya' do: Send the data as an e-mail attachment using any kind of truly secure encryption. You can use any number of programs for this: trucrypt for windows, or gnupg for *nix for example. Encrypt the data with a good private key (don't use public key encryption), then get your trusted 3rd party on a conference call along with the consultant. You want a 3rd party who can verify the voice of whoever you're delivering the data to so that you can be sure that it's not some random dude claiming to be from company X and claiming to be person Y. Then you literally tell the person the password over the phone. That way you're both communicating in real-time using 2 different forms of transmission. If the potential interceptor of the data has both your phone lines and your network lines tapped, then you have bigger problems than this little transmission of data. If you wanna be truly paranoid, then you could insist that the receiver use his/her cell phone instead of a potentially IP-based company phone.
Your 3rd option is to physically deliver the data with body guards, a handcuffed briefcase, and CIA assassins present.
