[OT] Validity Of Email Disclaimers

Hello all,

Before I begin, I will apologise in advance to anyone who thinks this post
is off-topic. I did look at posting to alt.privacy but it looks like a
war-zone in there to me, and this group has always had many good
contributors, so here I am.

Whilst corresponding with my local council about some domestic matters, I
noticed their signature/disclaimer that basically said they couldn't
guarantee confidentiality of my mails to them due to the Freedom Of
Information Act 2000.

I began to wonder how effective a small disclaimer of my own would be, and
whether readers of this group use them on a daily basis in their email
correspondence or not. I mean specifically mails sent from a personal
email account, either one that you run yourself or are subscribed to
through a third party.

Something like this :

'The data contained in this email is for the intended recipient/s only.
You may not forward to third-parties or otherwise publicly disclose the
contents of this email without explicit permission from the sender.'

I don't expect anything like this would magically deter people from
forwarding on mails without permission, but do any of you think it's
better to state it anyway ?

I always treat mail to me (with the exception of spam) as private between
me and the sender. I do not personally need a disclaimer to remind me of
this, but would a signature like the aforementioned one only serve to
inflame a situation where it is clear that the sender (i.e. me) is not
some huge business with tons of money to protect it's ass ? In other
words, could it make things worse ?

Thanks for your time.

Regards,

Logotu.

Re: [OT] Validity Of Email Disclaimers

On comp.mail.misc, in
, "Logotu"
wrote:

> Hello all,
>
> Before I begin, I will apologise in advance to anyone who
> thinks this post is off-topic. I did look at posting to
> alt.privacy but it looks like a war-zone in there to me, and
> this group has always had many good contributors, so here I am.
>
> Whilst corresponding with my local council about some domestic
> matters, I noticed their signature/disclaimer that basically
> said they couldn't guarantee confidentiality of my mails to
> them due to the Freedom Of Information Act 2000.
>
> I began to wonder how effective a small disclaimer of my own
> would be, and whether readers of this group use them on a daily
> basis in their email correspondence or not. I mean specifically
> mails sent from a personal email account, either one that you
> run yourself or are subscribed to through a third party.
>
> Something like this :
>
> 'The data contained in this email is for the intended
> recipient/s only. You may not forward to third-parties or
> otherwise publicly disclose the contents of this email without
> explicit permission from the sender.'
>
> I don't expect anything like this would magically deter people
> from forwarding on mails without permission, but do any of you
> think it's better to state it anyway ?
>
> I always treat mail to me (with the exception of spam) as
> private between me and the sender. I do not personally need a
> disclaimer to remind me of this, but would a signature like the
> aforementioned one only serve to inflame a situation where it
> is clear that the sender (i.e. me) is not some huge business
> with tons of money to protect it's ass ? In other words, could
> it make things worse ?
>
> Thanks for your time.
>
> Regards,
>
> Logotu.
>
>
>

Hello Logotu.

If the information is valuable enough to merit that disclaimer, then
it is valuable enough to encrypt.

Considering the fact that the disclaimer is about as effective as
a flyswatter against a 25' Australian saltwater crocodile, encryption
becomes the only effective option.

It is reasonable to assume that any information you send out over
the internet that is not seriously encrypted is going to be read
by someone that you don't want to read it. Bribery of mailadmins
and janitors and customer service drones and hardware techs is as
big a worry as cracking and physical bugging.

The real problem is that the information, explicit and implicit, contained
in your mails, can be used against you without your having any that your
mails were the source of that information. Or that _any_ personal information
leak had occurred.

Someone can obtain the information from the mails, and then claim
they received it from an anonymous letter or phone call if they
are arrested. How could you prove otherwise? Even to yourself?

At the very least, use GPG/PGP assymetrical encryption. And for any truly
critical information, I'd only send those mails directly from your box
to the destination box via ssh (or the like). Not really mail, but direct
transfer of encrypted files.

That's what I do. Dumbfuck spammers walk all over the SMTP network. Electronic
mail is simply not secure.

Note: I do not even read the subjects of posts by "Sam" and his numerous
sockpuppets. (the subject line of his/their posts, and any responses to
them, are converted to XXXXXXX)


Hope this helps,

AC


--
Please visit my home page:
http://angel.1jh.com./nanae/kooks/alanconnor.html

FAQ: Canonical list of questions Beavis refuses to answer (V1.40) (was Re: [OT] Validity Of E

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.

--=_mimegpg-commodore.email-scan.com-14512-1120220810-0005
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
X-Mime-Autoconverted: from 8bit to quoted-printable by mimegpg

Usenet Beavis writes:

> Hello Logotu.

Hello, Beavis.

> If the information is valuable enough to merit that disclaimer, then
> it is valuable enough to encrypt.
>
> Considering the fact that the disclaimer is about as effective as
> a flyswatter against a 25' Australian saltwater crocodile, encryption
> becomes the only effective option.

Ok, Beavis. Now, tell us everything you know about encryption. I'm sure
it'll be a fascinating tale.

> It is reasonable to assume that any information you send out over
> the internet that is not seriously encrypted is going to be read
> by someone that you don't want to read it. Bribery of mailadmins
> and janitors and customer service drones and hardware techs is as
> big a worry as cracking and physical bugging.

For more information on Beavis, the security expert, see
http://tinyurl.com/ys6z4


> The real problem is that the information, explicit and implicit, contained
> in your mails, can be used against you without your having any that your
> mails were the source of that information. Or that _any_ personal informat=
ion
> leak had occurred.

There must be a coherent thought somewhere in that paragraph. Give me some
time to find it.

> Someone can obtain the information from the mails, and then claim
> they received it from an anonymous letter or phone call if they
> are arrested. How could you prove otherwise? Even to yourself?

Call Beavis to the rescue? He'll figure it out.

> At the very least, use GPG/PGP assymetrical encryption. And for any truly

Looks like that â€=9CWord-Of-The-Dayâ€=9D calendar is really helping=
you to improve
your vocabulary.

> critical information, I'd only send those mails directly from your box
> to the destination box via ssh (or the like). Not really mail, but direct
> transfer of encrypted files.

Ok, Beavis, stop it right there. Explain how you go about sending mail with=

'ssh'.

Inquiring minds want to know.

> That's what I do. Dumbfuck spammers walk all over the SMTP network. Electr=
onic
> mail is simply not secure.

As the say, Beavis: â€=9CA mind is a terrible thing to waste.â€=9D

> Note: I do not even read the subjects of posts by "Sam" and his numerous

Beavis FAQ, below, question #6.

> sockpuppets.

Beavis FAQ #5.

> (the subject line of his/their posts, and any responses to
> them, are converted to XXXXXXX)

#9. Where is this amazing patch to slrn, anyway?

> Hope this helps,

It is.


FAQ: Canonical list of questions Beavis refuses to answer (V1.40)

This is a canonical list of questions that Beavis never answers. This FAQ is=

posted on a semi-regular schedule, as circumstances warrant.

For more information on Beavis, see:

http://angel.1jh.com/nanae/kooks/alanconnor.shtml

Although Beavis has been posting for a long time, he always remains silent
on the subjects enumerated below. His response, if any, usually consists of=

replying to the parent post with a loud proclamation that his Usenet-reading=

software runs a magical filter that automatically identifies anyone who's
making fun of him, and hides those offensive posts. For more information
see question #9 below.

==================== =======
==================== =======
==================== ====

1) If spammers avoid forging real E-mail addresses on spam, then where do
all these bounces everyone reports getting (for spam with their return
address was forged onto) come from?

2) If your Challenge-Response filter is so great, why do you still munge
when posting to Usenet?

3) Do you still believe that rsh is the best solution for remote access?
(http://tinyurl.com/5qqb6)

4) What is your evidence that everyone who disagrees with you, and thinks
that you're a moron, is a spammer?

5) How many different individuals do you believe really post to
comp.mail.misc? What is the evidence for your paranoid belief that everyone,=

except you, who posts here is some unknown arch-nemesis of yours?

6) How many times, or how often, do you believe is necessary to announce
that you do not read someone's posts? What is your reason for making these
regularly-scheduled proclamations? Who do you believe is so interested in
keeping track of your Usenet-reading habits?

7) When was the last time you saw Bigfoot (http://tinyurl.com/23r3f)?

8) If your C-R system employs a spam filter so that it won't challenge spam,=

then why does any of the mail that passes the filter, and is thusly presumed=

not to be spam, need to be challenged?

9) You claim that the software you use to read Usenet magically identifies
any post that makes fun of you. In http://tinyurl.com/3swes you explain
that "What I get in my newsreader is a mock post with fake headers and no
body, except for the first parts of the Subject and From headers."

Since your headers indicate that you use slrn and, as far as anyone knows,
the stock slrn doesn't work that way, is this interesting patch to slrn
available for download anywhere?

10) You regularly post alleged logs of your procmail recipe autodeleting a
bunch of irrelevant mail that you've received. Why, and who exactly do you
believe is interested in your mail logs?

11) How exactly do you "enforce" an "order" to stay out of your mailbox,
supposedly (http://tinyurl.com/cs8jt)? Since you issue this "order" about
every week, or so, apparently nobody wants to follow it. What are you going
to do about it?

12) What's with your fascination with shit? (also http://tinyurl.com/cs8jt)?

13) You complain about some arch-nemesis of yours always posting forged
messages in your name. Can you come up with even a single URL, as an exampl=
e
of what you're talking about?

14) You always complain about some mythical spammers that pretend to be
spamfighters (http://tinyurl.com/br4td). Who exactly are those people, and
can you post a copy of a spam that you supposedly received from them, that
proves that they're really spammers, and not spamfighters?


--=_mimegpg-commodore.email-scan.com-14512-1120220810-0005
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBCxTaKx9p3GYHlUOIRAmqOAJ9lKXliZGtEpgMyo+DkrhMJ26ZR+gCe IMZf
DN7kzPFsiyRVGTpiDV3lSGc=
=o7Gn
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-14512-1120220810-0005--

Re: Validity Of Email Disclaimers

Logotu wrote:
> Hello all,
>
> ...
>
> Whilst corresponding with my local council about some domestic matters, I
> noticed their signature/disclaimer that basically said they couldn't
> guarantee confidentiality of my mails to them due to the Freedom Of
> Information Act 2000.
>
> I began to wonder how effective a small disclaimer of my own would be, and
> whether readers of this group use them on a daily basis in their email
> correspondence or not. I mean specifically mails sent from a personal
> email account, either one that you run yourself or are subscribed to
> through a third party.
>
> Something like this :
>
> 'The data contained in this email is for the intended recipient/s only.
> You may not forward to third-parties or otherwise publicly disclose the
> contents of this email without explicit permission from the sender.'
>
> I don't expect anything like this would magically deter people from
> forwarding on mails without permission, but do any of you think it's
> better to state it anyway ?
>
>...

The classic and authoritative page on email disclaimers is at

http://www.goldmark.org/jeff/stupid-disclaimers/

You ask if it could hurt. I can certainly see how it could. If you
write to the council asking that they do something, and they don't, and
it ends up in a dispute, the recipient of the message will certainly
point to your disclaimer and claim that it prevented him/her from
passing on the request for action. It doesn't matter that it is a laim
excuse, if the ombudsman/boss/court/jury is unsympathetic to you and
looking for a way out, it will be sufficient.

Encryption of course has nothing to do with your problem, since you are
worried about what the intended recipient will do with the message.


> Regards,
>
> Logotu.

Daniel Feenberg
feenberg isat nber dotte org

Re: [OT] Validity Of Email Disclaimers

On Fri, 1 Jul 2005, Logotu wrote:
> I began to wonder how effective a small disclaimer of my own would be
> Something like this :
> 'The data contained in this email is for the intended recipient/s only.
> You may not forward to third-parties or otherwise publicly disclose the
> contents of this email without explicit permission from the sender.'

Such disclaimers have no force in law, and in general have no force at
all.

There is a limited exception.

Suppose that you work for Blurdybloop Corporation, the message comes from
someone else at Blurdybloop, and this statement is a reiteration of
Blurdybloop policy. If you then forward/disclose the message without
permission, then you can be fired from your job.

Vendors, individuals, or other entities in a contractual relationship with
Blurdybloop may also be affected if the contact contains a non-disclosure
clause. Blurdybloop may take legal action in that case to enforce its
contractual rights.

However, if Blurdybloop sends a message to me (who has no contractual
relationship with Blurdybloop) I am free to do with it what I wish,
including passing it on to their competitor Sarasoop Corp.

> I don't expect anything like this would magically deter people from
> forwarding on mails without permission, but do any of you think it's
> better to state it anyway ?

I do not consider it to be a good idea. At best, I would consider you
(and/or your employer) to be a silly twit who utters toothless threats.

A toothless threat does not gain any teeth even if it is uttered in
legalese (or printed on a lawyer's letterhead and signed by a lawyer).

-- Mark --

http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.

Re: Validity Of Email Disclaimers

On Fri, 01 Jul 2005 06:14:25 -0700, feenberg wrote:

> Logotu wrote:
>> Hello all,
>>

(snip)

>>
>> I began to wonder how effective a small disclaimer of my own would be, and
>> whether readers of this group use them on a daily basis in their email
>> correspondence or not. I mean specifically mails sent from a personal
>> email account, either one that you run yourself or are subscribed to
>> through a third party.

(snip)

>>
>> I don't expect anything like this would magically deter people from
>> forwarding on mails without permission, but do any of you think it's
>> better to state it anyway ?
>
>
> The classic and authoritative page on email disclaimers is at
>
> http://www.goldmark.org/jeff/stupid-disclaimers/
>
> You ask if it could hurt. I can certainly see how it could. If you
> write to the council asking that they do something, and they don't, and
> it ends up in a dispute, the recipient of the message will certainly
> point to your disclaimer and claim that it prevented him/her from
> passing on the request for action. It doesn't matter that it is a lame
> excuse, if the ombudsman/boss/court/jury is unsympathetic to you and
> looking for a way out, it will be sufficient.

Thanks Daniel, very good point. This is exactly why I posted here as your
response would not have occurred to me. Thanks also for the link.

Most of my attempts at disclaimers end up sounding quite condescending and
if I was to top them off with some GPG/PGP stuff (which I am a fan of
BTW), then I'm sure to alienate a few people into the bargain as well.

Nothing stops a conversation like a public keyring reference. :)

Thanks again.

Logotu.

Re: [OT] Validity Of Email Disclaimers

On Fri, 01 Jul 2005 07:50:27 -0700, Mark Crispin wrote:

> On Fri, 1 Jul 2005, Logotu wrote:
>> I began to wonder how effective a small disclaimer of my own would be
>> Something like this :
>> 'The data contained in this email is for the intended recipient/s only.
>> You may not forward to third-parties or otherwise publicly disclose the
>> contents of this email without explicit permission from the sender.'
>
> Such disclaimers have no force in law, and in general have no force at
> all.

(snip)

> However, if Blurdybloop sends a message to me (who has no contractual
> relationship with Blurdybloop) I am free to do with it what I wish,
> including passing it on to their competitor Sarasoop Corp.

Hmm, not looking good for the 'ole disclaimer is it ? I'm really going off
the idea now. I wasn't 100% sure about it in the first place, hence my
post. Now I am sure I don't need it.

> I do not consider it to be a good idea. At best, I would consider you
> (and/or your employer) to be a silly twit who utters toothless threats.
>
> A toothless threat does not gain any teeth even if it is uttered in
> legalese (or printed on a lawyer's letterhead and signed by a lawyer).

Thanks Mark, that's very close to what I was thinking actually. I have no
desire to be thought of in that light. Thanks for confirming that.

Regards,

Logotu.