Sniffer and spoofer hardware and software can be used to improperly intercept electronic mail.

Sniffers. Freely-available, intuitive, and inexpensive sniffer software will capture all network traffic passing by, including most electronic mail account passwords. "Sniffers" search through information contained in the headers of the data packets passing through a router. This information indicates that the packet originated at, or is addressed to, a host that is of interest to a hacker, the sniffer records it unbeknownst to the sender or the recipient and makes the content available to the hacker.

Sniffer software can be programmed to intercept and select data coming from, or intended for, a specific machine or machines. Once this data is received, the software can be configured so that the message data is stored on a file on the sniffer's hard drive. Long messages may occupy many data packets, but the technique is the same regardless of message length. If necessary, the data from the packets stored on the sniffer's computer can be reassembled into a single contiguous block of data. Miraculously, the stolen message reappears in its original form. It is somewhat similar to placing a cellular phone into a certain mode of operation and listening to phone calls intended for anyone talking on the phone at that time. Sniffers are frequently used by network technicians to pinpoint the source of network failures.

But is sniffing a violation of law? Yes, it may violate federal statues and state codes. But so does burglary and arson, from which an attorney has a duty to protect his clients' secrets, confidences, and documents. However, sniffing may be a legitimate and even necessary function of a network administrator who is monitoring the traffic load on certain parts of the network to ensure proper functionality. The really subtle thing about a sniffer is that he does not even have to know your password to steal your client's secrets, your litigation strategy, your analysis of potential jurors, your credit card number, or the Christmas shopping list you just sent to your relatives across the country.

Spoofers. Not only can people try to pretend to be someone they are not, so can computers. This is called spoofing. The spoofer uses the recipient address in the header and configures his machine to emulate the recipient's machine. When data comes along the network that is intended for the actual recipient, the spoofer receives it instead and automatically sends a packet to the sender, which makes the sender believe that the message was properly received. In fact, the spoofer can read the e-mail, concoct a reply, and send it back to the unsuspecting person who is unaware that he is communicating with an impostor. More subtly, the spoofer can alter the original e-mail and then relay it on to the intended recipient.

Of course, it is also possible for someone to gain access to another's password and use that person's computer to send out authentic messages. This is a common but low-tech method of spoofing as well. Perhaps this points out that effective confidentiality and privacy is no stronger than the weakest link in a chain. If co-counsel, support staff, consultants, or others have physical access to the practitioner's computer or password, encryption alone may be of no use.