lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1053865800-1192062896-cardhu_decombobulator_blackberry.rim.net-315657676-@bxe014.bisx.prod.on.blackberry>
Date: Thu, 11 Oct 2007 00:34:38 +0000
From: gjgowey@....blackberry.net
To: nick@...us-l.demon.co.uk, full-disclosure@...ts.grok.org.uk
Subject: Re: Email Disclaimers...Legally Liable ifbreached?

Someone's getting smarter now.  Still doesn't hold weight though.  If you're not able to make some sort of system that prevents accidental disclosure of the information then you're still relying on coercion to force a legal state to exist.

Geoff


Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: Nick FitzGerald <nick@...us-l.demon.co.uk>

Date: Thu, 11 Oct 2007 12:54:22 
To:full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Email Disclaimers...Legally Liable if
	breached?


gjgowey@....blackberry.net to Kelly Robinson:

> They don't carry any legal weight at all because they're after the
> content of the message and forcibly trying to order a 3rd party into
> some sort of legally binding agreement after the fact (reading the
> contents of the message) would never hold up in a court.  An EULA
> would have a far better chance of holding up that the waste of
> badwidth that these words pose.  They're just someones feel good
> precaution.

In general I agree, but the reason I didn't mention that in my own
recent response to Kelly's question is that, this morning, among the
usual bounces/OOO/etc junk I got from last night's mailing list posts
was the following...

========================================================================

This email is to be read subject to the disclaimer below.

I will be out of the office starting  05/10/2007 and will not return
until 06/11/2007.

I will respond to your message when I return from annual leave.

--------------------

NOTICE - This communication contains information which is confidential
and the copyright of Ernst & Young or a third party.

If you are not the intended recipient of this communication please
delete and destroy all copies and telephone Ernst & Young on 1800 655
717 immediately. If you are the intended recipient of this
communication you should not copy, disclose  or distribute this
communication without the authority of Ernst & Young.

Any views expressed in this Communication are those of the individual
sender, except where the sender specifically states them to be the
views of Ernst & Young.

Except as required at law, Ernst & Young does not represent, warrant
and/or guarantee that the integrity of this communication has been
maintained nor that the communication is free of errors, virus,
interception or interference.

Liability limited by a scheme approved under Professional Standards
Legislation.
--------------------


If this communication is a "commercial electronic message" (as defined
in the Spam Act 2003) and you do not wish to receive communications
such as this, please forward this communication to
unsubscribe@...ey.com

========================================================================

Most of the stuff after "NOTICE" is the kind of stuff I've previously
suggested seems likely to be deemed legalistic nonsense if ever tested
in court, but the interesting and new (to me) twist here is that they
clearly state _up front_ that they consider that there are, possibly
special, conditions on your reading/acting on the message.

IA(still)NAL but I think that in general this twist does not greatly
help.  If they only put such disclaimers on "especially sensitive"
messages to help protect themselves in the case of truly accidental
disclosure (an employee accidentally mis-addressing the Email maybe???)
they could claim to be practising a duty-of-care, but slapping such a
notice on an auto-generated out-of-office message (and one that should
not have been sent in response to a bulk mailing-list message anyway!)
shows the limits of that duty-of-care, even suggesting that they are
really applying a blanket "cover your arse" procedure rather than
practising a real duty-of-care...


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ