lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: yossarian at planet.nl (yossarian)
Subject: Re: [issa-international] Re: Confidentiality
 statement on email

It depends on the country you are operating in, so you can't rely on it too
much. Dutch jurisprudence says an e-mail has the same status as a postcard -
you cannot blame the postman if he reads it. Especially since there are
plenty of technical means available to secure it.

Anyway, why didn't you sue the other party for illegal possession of your
e-mail? How did they get it? If you have a policystatement, include that
forwarding is not allowed, then there is money in it. Somewhere.

yossarian

----- Original Message -----
From: "Bernie, CTA" <cta@...in.net>
To: "Ken Burns" <KCB@...urns.com>; <issa-international@...oogroups.com>
Cc: <full-disclosure@...ts.netsys.com>
Sent: Wednesday, April 16, 2003 3:35 PM
Subject: [Full-Disclosure] Re: [issa-international] Re: Confidentiality
statement on email


> On 15 Apr 2003, at 20:41, Ken Burns wrote:
>
> > What is the point in using these confidentiality statements?
> >
> > My issues with them are that they are regularly posted to mail
> > lists like this one, and are often posted on the emails that
> > advise you pass this on to at least X# aditional people or you
> > will have interminable bad luck.  The point bieing that they are
> > regularly disseminated on emails that are intended for public
> > distribution.
> >
> > They are also regularly found on other joke & junk emails that
> > have nothing to do with any corporate business.
> >
> > Additionally, they are placed at the bottom of the message, where
> > they are least likely to get read.  Honestly folks, when was the
> > last time you read one of these on an e-mail you received?
> >
> > Has anybody  ever seen one of these confidentiality statements
> > make one iota of difference (other than to jusify a lawyers
> > existence [and billability] for the day he/she composed it)?
> >
> > I would seriously like to know if they have any redeeming value.
> >
>
> bhh>>>
> I can tell you first hand that a privacy statement on the bottom
> of an email has significance from a legal evidence standpoint.
> My former company and I were involved in a US civil lawsuit
> where the opposing side attempted to introduce an email as
> evidence.  This email had our standard privacy/confidentially
> disclosure at the end and was sent from me to another party
> who was not connected with the lawsuit. Our attorney objected
> to the use of the email arguing that it was a private and possibly
> privileged communication, and that release of its contents could
> violate the privacy rights of the receiving party.
>
> By the way, there was also a discussion as to the authenticity
> and validity of the privacy / confidentiality statement. The court
> wanted to know if our company had mandated the use of such
> statements in its policies for private communications, if it was
> recommended and reviewed by our attorneys, and if we used
> the Privacy Statement on all email. The answer was yes to the
> first two questions, and no to the last, as we only used the
> Privacy Statement on email that we believed to be private and
> confidential. Apparently, these questions were directed to
> establish the bases for good faith effort by our company to
> establish, implement and maintain a privacy policy and
> mechanism that we believed protected the content of any email
> sent with such a privacy statement.
>
> The opposing side rebutted claiming that the email was sent via
> the Internet (a public network), and therefore it and its contents
> were not private. The court disagreed stating that while the
> communications medium was public the contents of the email
> were not, as the sender intended it to be released only to the
> named recipient.
>
> Since the recipient was not a party to the lawsuit and did not
> release/wave its privacy rights the Judge ruled that the email's
> contents including its subject were intended to be private, to a
> disinterested party and therefore inadmissible.
>
> My sage advice is:
>
> a) Establish a written Privacy Policy identifying the use of email
> privacy statements,
>
> b) Prepare an Email Privacy Statement and have an attorney
> review and provide a letter of recommendation for its use.
>
> c) Implement the Privacy Statement and practices to include it
> on all email that you consider private and or confidential
> between you and the recipient(s).
>
> bhh<<<
> -
>
>
>
> -
> ****************************************************
> Bernie
> Chief Technology Architect
> Chief Security Officer
> cta@...in.net
> Euclidean Systems, Inc.
> *******************************************************
> // "There is no expedient to which a man will not go
> //    to avoid the pure labor of honest thinking."
> //     Honest thought, the real business capital.
> //      Observe> Think> Plan> Think> Do> Think>
> *******************************************************
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ