/
Email Encryption Service (EES)

Email Encryption Service (EES)

Owned by David Harvey
Last updated: Jul 18, 2023
4 min read

In an effort to provide an end to end encryption option for emails sent to recipients external to the WisDOT, the DOT Postmaster has now activated Email Encryption Service (EES) for all DSP staff.

 

How to Flag Emails for Encryption

 

While internal WisDOT emails are already encrypted by default, the EES functionality now allows DSP staff to encrypt individual emails to external entities by following the WisDOT directions shown below.

 

The above information and more about the Email Encryption Service (EES) functionality is provided by the WisDOT on the following MyDOT Site: Email Encryption Service (sharepoint.com)

 

To obtain additional technical support, please contact the DOT IT Service Desk at (608) 266-9434 or (800) 362-3050, or use the IT Service Portal to submit a request for service.

 

Requirement to Flag Certain Email Content for Encryption

 

The need for this additional functionality and the requirement for its use was highlighted in the April 20, 2023 email from Captain Clarke to all DSP staff (see below).  

 

From: Clarke, Nate - DOT
Sent: Thursday, April 20, 2023 1:36 PM
To: DOT DL DSP All Staff <DOTDLDSPAllStaff@dot.wi.gov>
Subject: CJIS Security Reminder

 

All WSP Personnel -

The Wisconsin State Patrol is currently being audited by the WI DOJ in relation to the use of and our access to CIB and other electronic shared databases. This is a routine matter and occurs on a biennial basis in at least one of our Communication Centers. While the audit is progressing well, thanks to the hard work of our professional staff, there are always areas of improvement that are identified that we all should be aware of. As a result of the audit process, I want to remind everyone of the need to be diligent in protecting the confidential information that each of us has access to during the course of our work here at the Wisconsin State Patrol.

One item of note is a reminder that we are not allowed to send driving records or returns via email.  Driver returns and records hold PII (Personally Identifiable Information) within them, and it is illegal for us to transmit that data without it being encrypted (CJIS Security Policy 5.10.1.2.1) or redacted.  TAM FRM 103 is clear that Wisconsin State Statute requires information that meets the ‘PII’ criteria, is to be protected.  Currently State Patrol emails are not encrypted, so this type of data is not allowed to be sent without encryption or password protection on it.  If you need to send PII data to someone within the State Patrol agency, please do so via MACH, which meets the FIPS encryption requirements.  If you aren’t certain if something contains PII, please check with your supervisor prior to sending the information in an email.

FRM 103 - The Open Records Law specifies that the legal custodian of information must suppress or redact protected/confidential information prior to the release of a record. This includes personally identifiable information (PII) which is defined in secs. 19.32(1r) and 19.62(5), Wis. Stats., where the record subject or their authorized representative requests the record and where one of the relatively limited circumstances set out in s. 19.35(1)(am), Wis. Stats. are present.

 

CJIS Security Policy 5.10.1.2.1 - Encryption for CJI in Transit When CJI is transmitted outside the boundary of the physically secure location, the data shall be immediately protected via encryption. When encryption is employed, the cryptographic module used shall be FIPS 140-2 certified and use a symmetric cipher key strength of at least 128 bit strength to protect CJI. (Page 54)

 

 

Thanks for your attention to this matter – Nate.

 

 

Captain Nathan D. Clarke

Wisconsin State Patrol

Bureau of Field Operations – Specialized Services

Special Operations Section

433 West St. Paul Avenue

Milwaukee, WI 53203

 

Additional Information/Considerations

 

  • Encryption required even within state government entities - While a handful of other state government entities are on the same email system as the WisDOT, the DOT Postmaster confirmed that other notable state partners are on separate email systems that require the use of the EES [Send Secure] to encrypt outgoing email transmissions. Other state government partners on separate email systems include the Wisconsin Department of Justice (DOJ), the Wisconsin Department of Agriculture, Trade and Consumer Protection (DATCP), and the Wisconsin District Attorney’s Offices to name a few.  When in doubt regarding internal vs. external email systems, DSP staff would be advised to use ESS.

  • Adding EES functionality for shared email mailboxes – Those with the option to use EES are all emails that are included in the DOT DL DSP All Staff email distribution list.  If your duties are such that you will be using a shared email mailbox to send encrypted emails, you must have that shared email mailbox added to the DOT DL DSP All Staff email distribution list.  This can be accomplished by a request made through DSPIT.DOT@dot.wi.gov*Note – Having a mailbox added to the DOT DL DSP All Staff distribution list will also result in the mailbox receiving copies of emails directed at DOT DL DSP All Staff.

 

 

According to the DOT Postmaster, most modern email systems already have TLS encryption in place.  The SEND SECURE functionality is supposed to provide encryption for any non-TLS email services.  It is then that they must log in to access the email.    

 

 How to check if Gmail is using TLS encryption (paubox.com) 

As a reminder, the new ESS functionality is maintained by WisDOT with technical support available through the DOT IT Service Desk at (608) 266-9434 or (800) 362-3050. You may also use the IT Service Portal to submit a request for service.

Related content