Articles

    Senseless security

    How often have you seen a standard confidentiality disclaimer at the end of an email? An email I recently received ended with this:

    This email together with any attachment(s) is proprietary and confidential, intended for only the recipient(s) named above and contains information that is privileged. You are hereby notified that the dissemination, distribution or copying of this email or its contents including attachments is strictly prohibited. If you have received this email in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and doing so constitutes a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Although precautions have been taken to make sure no viruses are present in this email, [company name] cannot accept responsibility for any loss or damage that may arise from the use of this email or attachment(s).

    Even a simpler version, which appeared in an email I received while writing this, is a problem.

    The information contained in this message is privileged and intended only for the recipients named. If the reader is not a representative of the intended recipient, any review, dissemination or copying of this message of the information it contains is prohibited. If you have received this message in error, please immediately notify the sender, and delete the original message and attachments.

    I'm sure some legal department came up with these disclaimers and insisted they be included in every email, even though compliance with them interferes with marketing and use of their products. In both of the above examples, the email had information the senders expected me to pass on to the other specifiers as well as to our interior design group.

    That's often the case; the senders don't say it, but they will be pleased if the information is passed on to others. Yet the disclaimer specifically prohibits that; in fact, it essentially says I can't even talk about it. Not only that, but it states that by doing anything other than deleting the email, I am breaking a law.

    This is bad enough when the email does contain product information (though if it's on the company website, what's the point of the disclaimer?), but it becomes ludicrous when it follows casual email.

    Joe: What are you doing for lunch today? Do you think Bob will want to join us?

    This message and its contents are confidential and are intended only for the recipient. Do not copy or send it to others.

    Or a joke. Occasionally, a friend sends collections of funny photos and videos (safe for work variety), clever sayings, and other amusing things found online. All are followed by his agency's standard disclaimer.

    I can't help but wonder what the legal impact is of a disclaimer that is appended to every email regardless of content. I found several opinions online, most of which agree that in most cases, the disclaimer is meaningless, the exceptions being for an email from attorneys or others whose messages are legally considered privileged communication.

    Email Confidentiality Disclaimers: Annoying but Are The Legally Binding? "Dropping a standard confidentiality disclaimer at the bottom of every company email doesn’t unilaterally force on a recipient any duty of confidentiality. In other words, this disclaimer is of no legal effect."

    Spare us the e-mail yada-yada "Lawyers and experts on internet policy say no court case has ever turned on the presence or absence of such an automatic e-mail footer in America, the most litigious of rich countries." 

    Blind copying

    On a related matter, many manufacturers' representatives send email using blind copy lists. Such information would be useful to the other specifiers, and to various other staff as well. Again, I know the senders would like me to pass their email on, but without knowing whom they sent it to, I am reluctant to forward it, as I know I will send to people who already have the email.

    I understand the value of blind copying, and I encourage its use. If a manufacturer's representative wants to send something to a hundred specifiers, none of them will want to see the lengthy "to" list. It would be better for those on the receiving end if the rep were to send to people in a single company with the recipients visible.

    The ultimate disclaimer

    Scanning through my own email, I found several disclaimers that exceeded 100 words, and one of 238 words. Which led me to wonder, "What is the longest disclaimer?" I've seen fake disclaimers of several hundred words, and many years ago, inspired by a particularly verbose disclaimer, I assembled one that is about 1,400 words. 

    But for real email disclaimers written by companies, there are some doozies, including one that ran to more than 1,000 words. (www.theregister.co.uk/2001/05/18/the_2001_daftas_longest_email/) What's the longest one you've seen?

    Links

    Email Confidentiality Disclaimers: Annoying but Are The Legally Binding? www.businessattorneyinaustin.com/2014/12/annoying-email-confidentiality-disclaimers/

    Spare us the e-mail yada-yada www.economist.com/node/18529895

    The information contained in this article is intended only for anyone who happens to read it. If received in error, failure to forward it to everyone on your contact list is prohibited. After reading, please delete all files, reformat all drives, and immediately take your computer to the nearest LEED-certified incineration plant for disposal according to local ordinances. Upon completion, go directly to the local office of MiB (Men in Black) for neuralyzer treatment.

    © 2017, Sheldon Wolfe, RA, FCSI, CCS, CCCA, CSC

    Agree? Disagree? Leave your comments at https://swspecificthoughts.blogspot.com/2017/10/just-another-day-senseless-security.html