On May 20, 2013, at 1:18 PM, Nico Williams <n...@cryptonector.com> wrote:
> On Mon, May 20, 2013 at 12:08 PM, Mark Seiden <m...@seiden.com> wrote: >> any mechanism to do this (that i could think of, anyway) presents a possible >> risk to >> those communicants who want no attributable state saved about their >> communication. >> either these are privacy freaks (not intended pejoratively: for whatever >> reason, they're >> entitled to be…) … or criminals. > > Corporations are privacy freaks. I've worked or consulted for a > number of corporations that were/are extremely concerned about data > exfiltration. > this is completely dependent on context -- the kind of company, the communicants involved, the regulatory environment, the material being conveyed. the variability is about as high as for natural persons, i reckon. particularly in financial services, firms try to record and retain all of the communication with their customers in any channel. if they can't record it, they don't want to hear it (e.g. trading instructions sent via IM…) > I'd not advise such corporations to use Skype without an agreement > with Skype as to what can/does happen to the their data, or else to be > very careful about what is exchanged over Skype. And it does happen > that sometimes a corporation's employees need to communicate with > people over Skype or similar *external* systems. > you can advise whatever you fancy, but skype, google, microsoft are unlikely to agree to any such thing unless your client is a Really Big company who pays them a lot of money. and why should they even bother their lawyers? pretty much, their service Is What it Is, take it or leave it. of course, your clients are free to use some other service that provides what they're looking for or… do it themselves, which gives them total control and the high costs that go with that. > Beyond corporations, individuals absolutely have a right to private > communications with their lawyers, etc... And there need not be any > criminal or civil liability for an individual to hide. For example, > if I were trying to patent something, I'd want my communications with > my lawyer kept secret. > oh, have you looked into how your lawyer receives your email? probably they host with the likes of google or some other outsourcer, because they're in the business of law, not IT. do you use "how they receive their email" as a criterion for how you choose your patent lawyer? last time i looked, the ABA does not require anything "unusual", such as encryption, for privileged communcation. let's take the 10 largest law firms by revenue, from http://en.wikipedia.org/wiki/List_of_100_largest_law_firms_by_revenue bakermckenzie.com mail exchanger = 10 mx0b-00121601.pphosted.com. skadden.com mail exchanger = 30 mailhost1.skadden.com. cliffordchance.com mail exchanger = 10 mail.global.frontbridge.com. linklaters.com mail exchanger = 400 linklaters.com.s200b2.psmtp.com. lw.com mail exchanger = 5 mx3.lw.com. freshfields.com mail exchanger = 8 cluster3.eu.messagelabs.com. allenovery.com mail exchanger = 10 service93.mimecast.com. jonesday.com mail exchanger = 10 n1ms20ci.jonesday.com. kirkland.com mail exchanger = 10 mxb-00143601.gslb.pphosted.com. sidley.com mail exchanger = 30 sidley.com.s7b2.psmtp.com. so, only three host their own email (skadden, lw, jonesday). how about the 10 largest patent law firms, according to http://www.iptoday.com/issues/2012/03/top-patent-firms.asp knobbe.com mail exchanger = 20 mail2.knobbe.com. cantorcolburn.com mail exchanger = 30 mail2.cantorcolburn.com. mwe.com mail exchanger = 10 entmail04.mwe.com. oliff.com mail exchanger = 20 mail3.oliff.com. bskb.com mail exchanger = 10 nightstalker.bskb.com. sughrue.com mail exchanger = 10 service30-us.mimecast.com. oblon.com mail exchanger = 10 oblon.com.s8a1.psmtp.com. fr.com mail exchanger = 10 service4-us.mimecast.com. foley.com mail exchanger = 5 foleylaw.com.s5a1.psmtp.com. kilpatricktownsend.com mail exchanger = 10 mail.messaging.microsoft.com. half get their own email. (and i dare say that the smaller firms tend more to outsourcing. why hire expensive people to run mail gateway with cranky spam filtering?) (you can look at the numbers if your intuitions are otherwise.) btw: the DOJ has a protocol when they do a search for email which happens to include privileged communication. i was recently involved in such a case: a defendant was recently tried on a 10 year old fraud case, and a recent search of his email involving a more recent accusation included his atty-client communcation regarding the old case. the protocol involves setting up a chinese wall within the DOJ so the privileged material wouldn't be seen by the lawyers working on the involved matter. > Nico > -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography