lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <3E9D23E5.12539.62464D@localhost>
From: cta at hcsin.net (Bernie, CTA)
Subject: Re: [issa-international] Re: Confidentiality statement on email

On 15 Apr 2003, at 20:41, Ken Burns wrote:

> What is the point in using these confidentiality statements?
> 
> My issues with them are that they are regularly posted to mail
> lists like this one, and are often posted on the emails that
> advise you pass this on to at least X# aditional people or you
> will have interminable bad luck.  The point bieing that they are
> regularly disseminated on emails that are intended for public
> distribution.
> 
> They are also regularly found on other joke & junk emails that
> have nothing to do with any corporate business.
> 
> Additionally, they are placed at the bottom of the message, where
> they are least likely to get read.  Honestly folks, when was the
> last time you read one of these on an e-mail you received?
> 
> Has anybody  ever seen one of these confidentiality statements
> make one iota of difference (other than to jusify a lawyers
> existence [and billability] for the day he/she composed it)?
> 
> I would seriously like to know if they have any redeeming value.
> 
 
bhh>>>
I can tell you first hand that a privacy statement on the bottom 
of an email has significance from a legal evidence standpoint.  
My former company and I were involved in a US civil lawsuit 
where the opposing side attempted to introduce an email as 
evidence.  This email had our standard privacy/confidentially 
disclosure at the end and was sent from me to another party 
who was not connected with the lawsuit. Our attorney objected 
to the use of the email arguing that it was a private and possibly 
privileged communication, and that release of its contents could 
violate the privacy rights of the receiving party. 

By the way, there was also a discussion as to the authenticity 
and validity of the privacy / confidentiality statement. The court 
wanted to know if our company had mandated the use of such 
statements in its policies for private communications, if it was 
recommended and reviewed by our attorneys, and if we used 
the Privacy Statement on all email. The answer was yes to the 
first two questions, and no to the last, as we only used the 
Privacy Statement on email that we believed to be private and 
confidential. Apparently, these questions were directed to 
establish the bases for good faith effort by our company to 
establish, implement and maintain a privacy policy and 
mechanism that we believed protected the content of any email 
sent with such a privacy statement.

The opposing side rebutted claiming that the email was sent via 
the Internet (a public network), and therefore it and its contents 
were not private. The court disagreed stating that while the 
communications medium was public the contents of the email 
were not, as the sender intended it to be released only to the 
named recipient.

Since the recipient was not a party to the lawsuit and did not 
release/wave its privacy rights the Judge ruled that the email's 
contents including its subject were intended to be private, to a 
disinterested party and therefore inadmissible.

My sage advice is: 

a) Establish a written Privacy Policy identifying the use of email 
privacy statements, 

b) Prepare an Email Privacy Statement and have an attorney 
review and provide a letter of recommendation for its use.

c) Implement the Privacy Statement and practices to include it 
on all email that you consider private and or confidential 
between you and the recipient(s).

bhh<<<
-



-
****************************************************
Bernie 
Chief Technology Architect
Chief Security Officer
cta@...in.net
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go 
//    to avoid the pure labor of honest thinking."   
//     Honest thought, the real business capital.    
//      Observe> Think> Plan> Think> Do> Think>      
*******************************************************


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ