Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Why Do People Think a Phone is More Secure than Email?

Question: Why do people think it's more secure to relay data over the phone vs online, even though it's not?

I think there are two reasons.

First, people generally fear what they don’t understand. Talking on a phone is easy to comprehend; email (and other digital communication technologies), not so much.

Second, most digital communication leaves a record. Phone conversations are generally ephemeral.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:
  • Telephones are conceptually simple.
  • The internet is not.
  • We tend to fear, or at least mistrust, what we don't understand.
  • Digital technology over the internet can be more secure, not less.
  • Many professionals have a different reason for preferring the telephone.

Telephone games

Telephone CorgiTelephones are conceptually simple. You speak into one end and the person at the other end hears what you say, and vice versa.

Tampering with a telephone line is hard, right? I mean, you need physical access to something at the telephone company, or, in the case of a landline, you’d need to attach something to the wires leading into the building.

Right or wrong, most people have this simple concept of what happens when they use a telephone.

Internet magic

People generally don’t understand how the internet works, and they know that they don’t know.

The internet confuses us -- it’s like magic. For instance, email. You type something onto a screen on your computer, and somehow something you can’t see or hear happens in a place you don’t know involving people you’ve never met, and those words appear on a screen somewhere else.

On top of that, we hear about computer hacks and breaches and malware all the time, so it must be happening all around us, right? Clearly it must be easy, since we hear about it so much.

When something goes wrong on our computers, the very first things we consider are malware or hacking.

Fearing what we don't understand

In both cases, we’re completely wrong. Telephones now generally use the same magical technology as the internet (if not actually the internet itself, as in VOIP). And hacking and related activities aren't nearly as prevalent as sensational headlines would lead you to believe.

And all that is completely beside the point.

Like I said, we tend not to trust what we don’t understand, and most people don’t understand how computers and the internet work. Even though we don’t really understand how a telephone works in detail, we have a basic understanding -- which means we understand it better than the internet -- which means it’s a less scary choice.

Digital is often safer

Modern telephone systems are largely implemented using the internet, or at least using equivalent digital traffic, and that surprises many people. Today, that phone call is just as complex an operation as sending email or other forms of digital communication.

It's most definitely not two wires connected between two telephones anymore.

I say digital can be safer because encryption is not only possible, it's common. Many, if not most, paths taken by digital communications -- be they telephone, instant message, video, or email conversations -- can easily be encrypted, if they're not already.

That single advancement is kind of like having an old spy movie scrambler on your landline. Sure, it's technically possible (albeit difficult) for someone to intercept your communications, but even if they succeed, they won't be able to understand what they're able to capture.

Why some professionals prefer telephones

Lawyers, doctors, and other professionals often prefer telephones for one reason: most digital equivalents -- specifically email and instant messaging -- leave trails. By default, voice calls are not recorded or kept, and this is generally protected by law. (Usual caveat: I'm no lawyer, this isn't legal advice, and laws may be different in your area.)

That’s why your lawyer or doctor prefers to share confidential information over a phone rather than commit it to email, where it could be discovered in the future.

It’s not that one is inherently more or less secure; it’s the difference in default behavior that makes all the difference.

What this means to you

The next time you wonder, "Should I call, text, or email?", you might consider not only which medium is best for your recipient, but also which is best for the degree of security you're looking for. Although we might be most comfortable with the phone, if it's security you're after, using the internet might be the better choice.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio

Play

19 comments on “Why Do People Think a Phone is More Secure than Email?”

  1. In Germany, they recently passed a law making it illegal for a doctor to email you the results of lab tests. Now I have to phone my doctor to get the results. I figured that was to protect against hacking the results.

    Reply
      • That is rapidly becoming the norm in New Zealand too. I want to communicate with my doctor I send a message via their portal which is specially designed for medical type businesses through using their messaging app.

        One of the beauties of New Zealand is that due to its population size it is a good country to test new systems. For example we were used as a testing bed for EFT POS terminals. That was back in the ‘8o’s. USA by contrast is in many ways 15/20 years behind with this technology. Don’t ask me why, I have no idea. But relatives in the US, who used to live in NZ get so frustrated over the way things are done, or not done, in the States.

        Reply
        • I think you nailed it: it’s the size of the country — specifically the population. Changing all the POS terminals to a new standard is a massive and exceptionally expensive undertaking here. I, too, get frustrated at the slow progress sometimes.

          Reply
          • And so my credit card is way more secure in Canada because we use chip and pin technology, meanwhile I’ve been a scam victim when I used it in the U.S. because it gets swiped. In Canada, chip and pin (or tap) is the default method of using a payment card. In fact many terminals (if not most) are actually set up so that it won’t even read the magnetic stripe if your card has a chip. The magnetic stripe will only be allowed if the chip fails.

          • The US is so far behind the rest of the world in banking. For almost a quarter of a century, European and other countries have been using the IBAN (International Bank Account Number) system where anyone within those countries can transfer money to anyone else in any of those countries without international transfer charges simply knowing their account number. This has eliminated the need for checks and high transfer charges. To pay any bill, simply go online and make a transfer. You can even sent money to a friend or family with this method. Checks still exist, but most people don’t even know they do. In 18 years in Germany, I’ve only gotten 3 checks. One from an insurance company (they seem to be the only ones who use checks) and two product rebates (they probably do that because some checks don’t get cashed because people don’t know what to do with them).

            To pay my US bills on line, I have to set up each account with my bank or use a credit card although some entities allow you to send virtual checks.

  2. As an engineer, I understand the process of converting analog to digital for telephone usage. I do have a question, though: at what point does the conversion take place? Is it at the hand unit or further down the line? The de-conversion (at the listener’s end) would raise the same question.

    Reply
    • I don’t know how it works everywhere, but here in Germany telephones plug into the modem/router and are converted to digital and it’s all VoIP from there.

      Reply
    • Both? Most commonly the handsets are analog, for backwards compatibility, and the conversion takes place at the next device down the line. It could be the telco’s switching office, or in my case, my cable provider’s box in the basement since they also provide my telephone service. Many office telephone systems are completely digital with the conversion happening in the telephone itself.

      Reply
  3. I go through this at work and basically have come to the same conclusions as Leo. We’ll discuss your information with you by phone with no restrictions, but if the person wants us to fax it, we have to give them a spiel about it not being secure/private, but we can get their consent to fax the information. If they want the same information emailed, we have to deny their request telling them that it’s not secure. This is the same information that the businesses already email between their accountants and lawyers, but we won’t email them or let them email us, even if they agree to accepting all risks. Was getting so many people wanting to email us, we created a secure website to send secure emails back and forth. However, many still resist signing up for an online account to they can do so. It’s just plain frustrating.

    Reply
  4. My elderly father swears this is what happened to him. I’m still scratching my head. He answered a phone call, someone saying that he was being charged X amount but if he took certain actions, then that X amount would be removed from his bill. In the process of talking to them AND never revealing any personal information, his computer across the room suddenly “woke up” and his financial accounts pages were on the screen. Then a red banner showed up on the top of his screen that said, “You’ve been hacked!” His reaction was to immediately pull the plug from the wall to shut everything off. Have you heard of anyone being able to gain access to a computer via a phone call (and yes, the phone is provided by the internet service)?

    Reply
    • A computer could never be hacked by a phone call. All I can think of is that it sounds like the person who hacked the computer found out his phone number and called him as he initiated the hack or it might have been a rare coincidence. Once a computer has been compromised like that, you can assume it has malware installed. I’d run a few different malware scans. Unfortunately, the only 100% sure way to get rid of malware is to back up your computer, reinstall Windows and all of your programs from scratch.
      How do I Remove Malware

      Reply
      • I like this explanation. It makes a lot of sense. However, I don’t know much about VOIP or how it’s even connected. Doesn’t the VOIP handset essentially just plug into the router? Wouldn’t that make the handset essentially just another computer on your LAN? If the caller was using VOIP, would the phone call link the two LANs together?

        I guess I’m thinking about an older article Leo has that says that you have to be able to trust every computer on your network. If one is insecure, then every computer on your network has the potential to be compromised.

        Reply
  5. I think not understanding the technology may be part of it, but I believe a lot of the FUD (Fear, Uncertainty, and Doubt) stems from sensationalism. Everyone knows about the Capital One and Equifax hacks, the Atlanta and Baltimore ransomware attacks, and the ones before that, and the ones before that, etc. But when is the last time the nightly news started off with a 10 minute story saying over 300 million computers were not hacked in the US today? It’s just like with traffic deaths. We hear that 2 people were killed in an accident on the freeway and we give a little sympathetic sigh and go on our way. But over 100 people are killed in automobile accidents in this country every day. But if we hear that 200 people died in a plane crash, that’s major news, even if it’s the only plane crash this year. Our minds are most concerned with whatever news we are inundated with.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.