Heh... So I get to work one mourning (not morning) and check my email. Well I find, yet another email intended for some organization in Atlanta. My employer nor my office are in Atlanta, but the server name for the organization in question is very close to ours. In fact, they are identical, but the 2 adjacent, transposed letters. I have been receiving a good number of emails intended for this organization, over the past few months. I had been, simply notifying both parties, the intended and the sender. This message, however, was different. It had one of those notices at the bottom. You know the type with "legalese" that says you must digitally fold, spindle, mutilate and otherwise erase the email, if you are not the intended recipient.
--Of course, I was not the intended recipient, in this case.
So, I thought about the situation. Here I am, a guy running a server for an organization. The server is receiving, through no fault of it's/my own, email after email intended for a different server altogether. I have been nicely notifying both parties as to the problem, in each instance. Out of the blue I get an email with, what would appear to be, confidential information attached and a note in the body telling any and all unintended recipients what they should, must, can, or cannot do.
Riiiiiiiiiiiiiight... I don't think so. I have seen these types email signatures before and chuckled each time. Lets look at a scenario. Shall we?
the case:
So, here's the deal... You call your accountant, and say -- "Accountant! I need those W2s!" The accountant says -- "We just finished them (cough) and we'll mail them out to you." "No good," you say. "I need them now. Email them."
the problem:
You, the customer, need information from the accountant. This information is both sensitive and confidential. The accountant has to email this information to you. Email is not secure and, without some sort of protection, is no way to transport such information.
reasons the information will go out the wrong way:
- The accountant won't spend the time to do it right. (lazy and stupid)
- The accountant won't spend the money to do it right. (tight and stupid)
- The IT guy says that it's not worthy of his time. (lazy, pompous, and stupid)
- The lawyer says, "Just put 'THIS' at the end of the email." (just plain stupid)
the problem with this type of notice in an email:
- Legal language of this nature at the end of a message does not actually protect the information.
- Legal language of this nature at the end of a message doesn't have "a snowball's chance in hell" of being enforceable.
- Legal language at the beginning of a message only has "a snowball's chance in hell" of being enforceable.
- Sensitive information is about to be placed on to the internet's equivalent of a FREAKIN' POSTCARD!
real solutions:
- Get compression software that has encryption capabilities and use it!
- Get Adobe Acrobat and use the password/encryption features.
- Double check your recipient email addresses before letting them fly.
Placing a notice in the email IS NOT A SOLUTION! If your lawyer gave you one and said it would be fine, fire him and get a new one! (stupid advice is dangerous)
And so, we come to my canned response to mis-addressed emails that contain warnings about what I can and cannot do with the information therein.
"Sending an unencrypted email is like sending a postcard through the USPS, it can be read at any point during the journey. You wouldn't put confidential information on a postcard with a note at the end stating that the information, that was just read, is only intended for the recipient and that any use or dissemination of the information is prohibited. So, don’t do it with an email. When you send confidential information, without password protection or encryption, you are telling the recipient that it wasn’t important enough to protect. If the information isn’t worth protecting with a password or encryption, then it’s certainly not worth the bother of unenforceable language, of any quantity or quality. If your IT people cannot help you secure your information for email transport, then fire them and find people that can. If your lawyers told you that a disclaimer at the bottom of the email was enough, fire them and hire new lawyers, preferably lawyers that won’t lie to you."
-- Copyright 2006 by Jamie Forbes, who reserves all rights to the quoted material.
Posts
No comments:
Post a Comment