Re: Confidentiality notices on email messages

[Harald Alvestrand]

On 07/20/11 09:22, Nathaniel Borenstein wrote:

Except that the other Content-disposition values express the sender's intent, 
whereas this one expresses the receiver's [likely] perception.
In this case, we have to invent a cute backronym for it that expresses 
the sender's intent what about Not Optional {Ignorable,Irritating} 
Suit-avoiding Exposition?



   It might as well be "Content-disposition: discard" -- no sender would ever 
generate it.  In contrast one could make at least a semi-serious case that by defining a 
media type for legal disclaimers, you could have UA's that by default hid it but didn't 
throw it away, so that you could see it later if for some inconceivable reason you wanted 
to.  (And the issue of including different media types could be addressed by making it 
multipart/noise.)

On the other hand, if Ned and I disagree that's itself an indication that this 
is not a very serious discussion.  :-)  -- Nathaniel
We can always find a point of agreement - in this case on the 
seriousness of the discussion!


On Jul 19, 2011, at 4:16 PM, ned+i...@mauve.mrochek.com wrote:


Content-disposition: noise.

Harald, I was about to say the same thing but you beat me to it. Unless we're
prepared to talk about defining a general format for such notices (and I'm
pretty sure we're not interested in doing that), this doesn't fit as a media
type - I can easily envision using various different types depending on the
sort of notice I want to send.

But a content-disposition value has the right semantics and makes all sorts
of sense.

Ned
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf



___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Nathaniel Borenstein]

Except that the other Content-disposition values express the sender's intent, 
whereas this one expresses the receiver's [likely] perception.  It might as 
well be "Content-disposition: discard" -- no sender would ever generate it.  In 
contrast one could make at least a semi-serious case that by defining a media 
type for legal disclaimers, you could have UA's that by default hid it but 
didn't throw it away, so that you could see it later if for some inconceivable 
reason you wanted to.  (And the issue of including different media types could 
be addressed by making it multipart/noise.)

On the other hand, if Ned and I disagree that's itself an indication that this 
is not a very serious discussion.  :-)  -- Nathaniel


On Jul 19, 2011, at 4:16 PM, ned+i...@mauve.mrochek.com wrote:

>> Content-disposition: noise.
> 
> Harald, I was about to say the same thing but you beat me to it. Unless we're
> prepared to talk about defining a general format for such notices (and I'm
> pretty sure we're not interested in doing that), this doesn't fit as a media
> type - I can easily envision using various different types depending on the
> sort of notice I want to send.
> 
> But a content-disposition value has the right semantics and makes all sorts
> of sense.
> 
>   Ned
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[ned+ietf]

Content-disposition: noise.


Harald, I was about to say the same thing but you beat me to it. Unless we're
prepared to talk about defining a general format for such notices (and I'm
pretty sure we're not interested in doing that), this doesn't fit as a media
type - I can easily envision using various different types depending on the
sort of notice I want to send.

But a content-disposition value has the right semantics and makes all sorts
of sense.

Ned
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Richard Kulawiec]

On Thu, Jul 14, 2011 at 01:45:44AM -, John Levine wrote:
> It's clueless cargo cult lawyering.  

+1, and see also:

http://www.river.com/users/share/etiquette/#legalistic

which reads in part:

"First, such boilerplate contains useless adhesions, meaning
the explicit and implied threats they make are particularly
annoying. If you send something via email, the recipients (are
you sure you aren't sending to a mailing list?) and anyone else
who sees your clear text postcard in transit can undetectably and
with full deniability do whatever they want with the information
written on it in plain view. Even casual users of email know
email is not a secure communications medium. Thus the threats in
typical bogus legalistic boilerplate are naught but an attempt
at highly improper intimidation. Demands made in this manner
will be regarded as evidence of a hostile attitude on your
part by a significant portion of recipients. The threats will
negatively affect how your recipients perceive the other ideas
in your message.

Second, in the case of mailing lists (are you sure the address
to which you sent isn't one?) or USENET posts, falsely claiming
a message is "confidential and privileged" is simply too stupid
for words."


---rsk
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Wes Hardaker]

> On Mon, 18 Jul 2011 14:41:35 +0200, Harald Alvestrand 
>  said:

HA> Content-disposition: noise.

Or: Content-disposition: delete
-- 
Wes Hardaker
SPARTA, Inc.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Harald Alvestrand]

Content-disposition: noise.

On 07/16/11 09:15, Nathaniel Borenstein wrote:

"Notice Of Intentions in Sending Email"?

On Jul 16, 2011, at 1:09 AM, Murray S. Kucherawy wrote:


-Original Message-
From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of John C 
Klensin
Sent: Thursday, July 14, 2011 11:39 AM
To: Randall Gellens; Marc Petit-Huguenin
Cc: IETF discussion list
Subject: Re: Confidentiality notices on email messages

If one starts down that path, there is a real possibility for a
semantically-rich environment.  For example, consider a noise
type for flaming, repetitive, responses to a topic on the IETF
list.  One could also very efficiently reflect what I assume was
the intent of a recent observation on the list with
noise-type="hitler" :-(

The trick though, alas, is to get people using such disclaimers to begin using 
such a media type.

Maybe we need an attractive acronym for NOISE as a decoy.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf



___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Nathaniel Borenstein]

"Notice Of Intentions in Sending Email"?

On Jul 16, 2011, at 1:09 AM, Murray S. Kucherawy wrote:

>> -Original Message-
>> From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of John 
>> C Klensin
>> Sent: Thursday, July 14, 2011 11:39 AM
>> To: Randall Gellens; Marc Petit-Huguenin
>> Cc: IETF discussion list
>> Subject: Re: Confidentiality notices on email messages
>> 
>> If one starts down that path, there is a real possibility for a
>> semantically-rich environment.  For example, consider a noise
>> type for flaming, repetitive, responses to a topic on the IETF
>> list.  One could also very efficiently reflect what I assume was
>> the intent of a recent observation on the list with
>> noise-type="hitler" :-(
> 
> The trick though, alas, is to get people using such disclaimers to begin 
> using such a media type.
> 
> Maybe we need an attractive acronym for NOISE as a decoy.
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

RE: Confidentiality notices on email messages

[Murray S. Kucherawy]

> -Original Message-
> From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of John 
> C Klensin
> Sent: Thursday, July 14, 2011 11:39 AM
> To: Randall Gellens; Marc Petit-Huguenin
> Cc: IETF discussion list
> Subject: Re: Confidentiality notices on email messages
> 
> If one starts down that path, there is a real possibility for a
> semantically-rich environment.  For example, consider a noise
> type for flaming, repetitive, responses to a topic on the IETF
> list.  One could also very efficiently reflect what I assume was
> the intent of a recent observation on the list with
> noise-type="hitler" :-(

The trick though, alas, is to get people using such disclaimers to begin using 
such a media type.

Maybe we need an attractive acronym for NOISE as a decoy.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[John Levine]

>See http://www.out-law.com/page-5536

It says "There is no legal authority on the effectiveness of these
notices in email messages;" and "There is no legal authority on the
value of these notices in email communications. When the notice is
added automatically to every external communication, there is a risk
that a court would consider that the venom in your warning has been
diluted," then goes on with a couple of pages of advice about how to
write a useless confidentiality threat, advising people to put it at
the top of the message to force them to read it.  Guess I know who I
won't be consulting if I ever need legal advice in the UK.

R's,
John


___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Donald Eastlake]

On Fri, Jul 15, 2011 at 12:14 PM,   wrote:
>> > Obviously we need to take a typical step back first and determine the
>> > scope of the problem.  We need to commission a "requirements for noise"
>> > ID first.
>
>> Can we schedule a BOF? Perhaps a symbolic burning of notices?
>
> Wouldn't that be a BON rather than BOF?

Don't you mean BON-fire...

Donald

>                                Ned
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[ned+ietf]

> > Obviously we need to take a typical step back first and determine the
> > scope of the problem.  We need to commission a "requirements for noise"
> > ID first.

> Can we schedule a BOF? Perhaps a symbolic burning of notices?

Wouldn't that be a BON rather than BOF?

Ned
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[David Morris]

On Fri, 15 Jul 2011, Wes Hardaker wrote:

> > On Thu, 14 Jul 2011 14:39:17 -0400, John C Klensin  
> > said:
> 
> >> Ooh, I like this proposal.  We can also have noise-types for
> >> exhortations to not print the email.
> 
> JCK> If one starts down that path, there is a real possibility for a
> JCK> semantically-rich environment.  For example, consider a noise
> JCK> type for flaming, repetitive, responses to a topic on the IETF
> JCK> list.  One could also very efficiently reflect what I assume was
> JCK> the intent of a recent observation on the list with
> JCK> noise-type="hitler" :-(
> 
> Obviously we need to take a typical step back first and determine the
> scope of the problem.  We need to commission a "requirements for noise"
> ID first.

Can we schedule a BOF? Perhaps a symbolic burning of notices?

Dave Morris
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Wes Hardaker]

> On Thu, 14 Jul 2011 14:39:17 -0400, John C Klensin  
> said:

>> Ooh, I like this proposal.  We can also have noise-types for
>> exhortations to not print the email.

JCK> If one starts down that path, there is a real possibility for a
JCK> semantically-rich environment.  For example, consider a noise
JCK> type for flaming, repetitive, responses to a topic on the IETF
JCK> list.  One could also very efficiently reflect what I assume was
JCK> the intent of a recent observation on the list with
JCK> noise-type="hitler" :-(

Obviously we need to take a typical step back first and determine the
scope of the problem.  We need to commission a "requirements for noise"
ID first.
-- 
Wes Hardaker
SPARTA, Inc.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Alessandro Vesely]

On 14/Jul/11 18:37, Will McAfee wrote:
> On Jul 14, 2011, at 11:28 AM, Alessandro Vesely  wrote:
>> One can sign the "Sensitivity" header field defined by RFC 2156.  It
>> can have the values "Personal" / "Private" / "Company-Confidential".
>> 
>> However, I received some messages bearing a confidentiality notice but
>> missing this field entirely.  Even the TC system above could hardly
>> cope with such inconsistent settings.  Do notices still retain any
>> legal value in such cases?
>
> They don't have legal value, period.

It is still an argument that one can bring before a court, e.g. when
claiming damage for unauthorized disclosure of confidential data.  We
all know that misaddressing can (and does) happen.  Stating that a
message is confidential might be worth in certain circumstances.
See http://www.out-law.com/page-5536

The point is that the semantic status of a message should be set by
the sender, properly.  It does not scale to leave it up to the
recipients to determine whether any possible notice is harmless,
inapplicable, or out of context.  Laws may allow it, protocols less so.

-- 
*NOTICE*
Access to this text is restricted to people having the right to do so.
-rwxrwxrwx

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Olaf Kolkman]

On Jul 14, 2011, at 3:24 PM, Dave CROCKER wrote:

> It's excellent that the issue was covered in the RFC.
> 
> My question is how the contents of that RFC can be binding on random IETF 
> participants?

At the risk of answering a rhetorical question: It's being referred to in the 
NOTE WELL.

All of the work we do in the IETF is based on the premisses that somebody who 
participates in the IETF is exposed to the NOTE WELL. Personally, I think 
people are exposed ad nauseoum, whether a court would agree, I do not know.

--Olaf


 

Olaf M. KolkmanNLnet Labs
http://www.nlnetlabs.nl/











 

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

RE: Confidentiality notices on email messages

[Worley, Dale R (Dale)]

> From: John C Klensin [john-i...@jck.com]
> 
> Randall Gellens  wrote:
> 
> > At 6:19 PM -0400 7/13/11, John C Klensin wrote:
> >
> >>Content-type: text/noise;
> >>noise-type="bogus-legal-disclaimer", charset=...
> >
> > Ooh, I like this proposal.  We can also have noise-types for
> > exhortations to not print the email.
> 
> If one starts down that path, there is a real possibility for a
> semantically-rich environment.  For example, consider a noise
> type for flaming, repetitive, responses to a topic on the IETF
> list.  One could also very efficiently reflect what I assume was
> the intent of a recent observation on the list with
> noise-type="hitler" :-(

I, personally, am looking forward to the extended discussion regarding
the proper procedures for deciding upon and registering new values of
the "noise-type" parameter.  I believe that there are a number of
subtle conceptual and syntactic distinctions that need to be clearly
delineated, with due consideration for global cultural differences.

Dale
--
cephalopod9 wrote:
Only on Xkcd can you start a topic involving Hitler and people spend
the better part of half a dozen pages arguing about the quality of
Operating Systems.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Barry Leiba]

>>>    Content-type: text/noise;
>>>    noise-type="bogus-legal-disclaimer", charset=...
>>
>> Ooh, I like this proposal.  We can also have noise-types for
>> exhortations to not print the email.
>
> If one starts down that path, there is a real possibility for a
> semantically-rich environment.  For example, consider a noise
> type for flaming, repetitive, responses to a topic on the IETF
> list.  One could also very efficiently reflect what I assume was
> the intent of a recent observation on the list with
> noise-type="hitler" :-(

I think you guys could develop a nice, crisp spec for this over the
coming 8.5 months.

Barry
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[John C Klensin]

--On Thursday, July 14, 2011 11:00 -0700 Randall Gellens
 wrote:

> At 6:19 PM -0400 7/13/11, John C Klensin wrote:
> 
>>Content-type: text/noise;
>>noise-type="bogus-legal-disclaimer", charset=...
> 
> Ooh, I like this proposal.  We can also have noise-types for
> exhortations to not print the email.

If one starts down that path, there is a real possibility for a
semantically-rich environment.  For example, consider a noise
type for flaming, repetitive, responses to a topic on the IETF
list.  One could also very efficiently reflect what I assume was
the intent of a recent observation on the list with
noise-type="hitler" :-(

   john



___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Randall Gellens]

At 6:19 PM -0400 7/13/11, John C Klensin wrote:


   Content-type: text/noise; noise-type="bogus-legal-disclaimer",
 charset=...


Ooh, I like this proposal.  We can also have noise-types for 
exhortations to not print the email.


--
Randall Gellens
Opinions are personal;facts are suspect;I speak for myself only
-- Randomly selected tag: ---
Note that although IBM 'invented' virtual memory in 1972 it had
been available in a multi-processor multi-tasking environment on
the Burroughs B5000 line since 1963 and the B6000 line since 1968.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Marc Petit-Huguenin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/14/2011 08:28 AM, Alessandro Vesely wrote:
> On 14/Jul/11 03:48, John Levine wrote:
>>> Yes, and perhaps disclaimers/confidentiality notices should be
>>> standardized with their own MIME type to make automatic processing
>>> easier so receivers of this kind of notice (mailing-list or other)
>>> can respect the wishes of the sender.
>>
>> That respect would of course be demonstrated by rejecting or
>> discarding the mail unread, to avoid any possibility that it could
>> fall into the wrong hands.
> 
> Yes, with the possible exception of recipients deploying a Treacherous
> Computing environment that includes checks against forwarding or
> replying with non fair use quotations of confidential messages.
> 
>> PS: Perhaps I should propose a revised RFC 5617 adding dkim=confidential.
> 
> One can sign the "Sensitivity" header field defined by RFC 2156.  It
> can have the values "Personal" / "Private" / "Company-Confidential".
> 
> However, I received some messages bearing a confidentiality notice but
> missing this field entirely.  Even the TC system above could hardly
> cope with such inconsistent settings.

1. If an email received contains a Sensivity header with Confidential, Private
or Personal, the email is rejected.

2. Else, with techniques similar to spam filtering, a process can then test if
the email may contain a legal notice (perhaps Spamassassin can be configured to
do this - I am not a specialist).  If such notice is detected, and there is no
Sensivity header the email is bounced back with a text similar to this:

"We automatically detected that your email may contain a legal notice, but we
have no way to be sure that this notice is compliant with our rules, but we
cannot take the legal risk to accept it against the wishes of your employer.
Please contact your IT department and ask them to add a Sensivity header to the
emails sent by your organization, which should be even easier than adding the
legal notice."

3. Else, if a notice is detected and there is a Sensivity=public header, then
the email is accepted.

4. Else, if no notice is detected, the email is accepted.


> Do notices still retain any
> legal value in such cases?

- -- 
Marc Petit-Huguenin
Personal email: m...@petit-huguenin.org
Professional email: petit...@acm.org
Blog: http://blog.marc.petit-huguenin.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4fHPUACgkQ9RoMZyVa61f1HwCcDCWWIade84CPrOGglYUOS5Jk
UPMAn0eETDcMfjPq6do1Jb92eWGud+ls
=dlvr
-END PGP SIGNATURE-
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Will McAfee]

They don't have legal value, period.

Sent from my iPhone

On Jul 14, 2011, at 11:28 AM, Alessandro Vesely  wrote:

> On 14/Jul/11 03:48, John Levine wrote:
>>> Yes, and perhaps disclaimers/confidentiality notices should be
>>> standardized with their own MIME type to make automatic processing
>>> easier so receivers of this kind of notice (mailing-list or other)
>>> can respect the wishes of the sender.
>> 
>> That respect would of course be demonstrated by rejecting or
>> discarding the mail unread, to avoid any possibility that it could
>> fall into the wrong hands.
> 
> Yes, with the possible exception of recipients deploying a Treacherous
> Computing environment that includes checks against forwarding or
> replying with non fair use quotations of confidential messages.
> 
>> PS: Perhaps I should propose a revised RFC 5617 adding dkim=confidential.
> 
> One can sign the "Sensitivity" header field defined by RFC 2156.  It
> can have the values "Personal" / "Private" / "Company-Confidential".
> 
> However, I received some messages bearing a confidentiality notice but
> missing this field entirely.  Even the TC system above could hardly
> cope with such inconsistent settings.  Do notices still retain any
> legal value in such cases?
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Alessandro Vesely]

On 14/Jul/11 03:48, John Levine wrote:
>>Yes, and perhaps disclaimers/confidentiality notices should be
>>standardized with their own MIME type to make automatic processing
>>easier so receivers of this kind of notice (mailing-list or other)
>>can respect the wishes of the sender.
> 
> That respect would of course be demonstrated by rejecting or
> discarding the mail unread, to avoid any possibility that it could
> fall into the wrong hands.

Yes, with the possible exception of recipients deploying a Treacherous
Computing environment that includes checks against forwarding or
replying with non fair use quotations of confidential messages.

> PS: Perhaps I should propose a revised RFC 5617 adding dkim=confidential.

One can sign the "Sensitivity" header field defined by RFC 2156.  It
can have the values "Personal" / "Private" / "Company-Confidential".

However, I received some messages bearing a confidentiality notice but
missing this field entirely.  Even the TC system above could hardly
cope with such inconsistent settings.  Do notices still retain any
legal value in such cases?
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Joel Jaeggli]

On Jul 14, 2011, at 6:24 AM, Dave CROCKER wrote:

> 
> 
> On 7/12/2011 2:36 PM, Jorge Contreras wrote:
>> You may want to refer to Section 5.2 of RFC 5378, which addresses this issue:
>> 
>> "Each Contributor agrees that any statement in a Contribution, whether 
>> generated
>> automatically or otherwise, that states or implies that the Contribution is
>> confidential or subject to any privilege, can be disregarded for all 
>> purposes,
>> and will be of no force or effect."
> 
> 
> Jorge,
> 
> It's excellent that the issue was covered in the RFC.
> 
> My question is how the contents of that RFC can be binding on random IETF 
> participants?

Everyone on this list has be asked to and has accepted the note well.

> I doubt many folk even know about the item, even if they know about the RFC 
> and I don't see how they have agreed to those terms.

http://www.ietf.org/about/note-well.html

> Has the force of this been tested?  That is, when there is a conflict between 
> the conditions imposed by one of these email attachments and the terms in RFC 
> 5378, is there equivalent legal precedent for the RFC to win?
> 
> Thanks.
> 
> d/
> 
> -- 
> 
>  Dave Crocker
>  Brandenburg InternetWorking
>  bbiw.net
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
> 

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Will McAfee]

While these notices have very little to no legal weight whatsoever, I firmly
believe that allowing their presence on our mailing list invites frivolous
lawsuits whose purpose is to cost the IETF money in the case that an
individual does not like what we are doing.  One does not need to look
particularly hard to find examples of ridiculous cases the plaintiff would
never win where the defendant chose to simply buy the privilege of making it
go away without taking on the costs and effort of actually fighting it in
court, no matter how certain the victory.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Michael Richardson]

> "Dave" == Dave CROCKER  writes:
>> You may want to refer to Section 5.2 of RFC 5378, which addresses
>> this issue:
>> 
>> "Each Contributor agrees that any statement in a Contribution,
>> whether generated automatically or otherwise, that states or
>> implies that the Contribution is confidential or subject to any
>> privilege, can be disregarded for all purposes, and will be of no
>> force or effect."

Dave> It's excellent that the issue was covered in the RFC.

Dave> My question is how the contents of that RFC can be binding on
Dave> random IETF participants?

It can't, except that they agree to the terms when they sign up at the
web server.   If the IETF deleted posts that were marked confidential
then the IETF would be simply enforcing this.

-- 
]   He who is tired of Weird Al is tired of life!   |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] m...@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video 
   then sign the petition. 
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Dave CROCKER]

On 7/12/2011 2:36 PM, Jorge Contreras wrote:

You may want to refer to Section 5.2 of RFC 5378, which addresses this issue:

"Each Contributor agrees that any statement in a Contribution, whether generated
automatically or otherwise, that states or implies that the Contribution is
confidential or subject to any privilege, can be disregarded for all purposes,
and will be of no force or effect."



Jorge,

It's excellent that the issue was covered in the RFC.

My question is how the contents of that RFC can be binding on random IETF 
participants?


I doubt many folk even know about the item, even if they know about the RFC and 
I don't see how they have agreed to those terms.


Has the force of this been tested?  That is, when there is a conflict between 
the conditions imposed by one of these email attachments and the terms in RFC 
5378, is there equivalent legal precedent for the RFC to win?


Thanks.

d/

--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Michael Richardson]

> "Marc" == Marc Petit-Huguenin  writes:
Marc> No, I was serious.  I think that the best response to this
Marc> kind of stuff is to do what they ask to the letter.  If we can
Marc> convince the senders that annotating their notice with an
Marc> header will permit us to obey their request, everybody wins.

+1

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

RE: Confidentiality notices on email messages

[Michel Py]

> John Levine wrote:
> It's clueless cargo cult lawyering. I blogged on it in January:
> http://jl.ly/Internet/confid.html

That tells me a lot about the competence of some lawyers. A law firm
asked me some time ago to implement a system on their MS Exchange server
to automatically add such disclaimers. Although it's easy to configure
when using Outlook (using a signature), there was no disclaimer sent
when using the HTTP interface or the phones. They're not smart^H^H^H^H^H
technical enough to figure how to edit the "Sent from my Iphone" string,
either.

So, I sold and installed a commercial product:
http://www.exclaimer.com/products/mail-disclaimers/Default.aspx

ROTFL. Thanks John, you made my day. Hey, someone has to make a living
out of this BS, might as well be me.

Michel.

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[John Levine]

>Yes, and perhaps disclaimers/confidentiality notices should be
>standardized with their own MIME type to make automatic processing
>easier so receivers of this kind of notice (mailing-list or other)
>can respect the wishes of the sender.

That respect would of course be demonstrated by rejecting or
discarding the mail unread, to avoid any possibility that it could
fall into the wrong hands.

R's,
John

PS: Perhaps I should propose a revised RFC 5617 adding dkim=confidential.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[John Levine]

>Ever since, I've wondered if these notices were set up by someone
>who is a lawyer and does understand the situation, or if they were
>set up by someone who saw others do it, or heard that this sort of
>thing was needed.

It's clueless cargo cult lawyering.  I blogged on it in January:

  http://jl.ly/Internet/confid.html

At least in the US, which is where the IETF has its formal existence,
these notices have no legal merit at all.  They're just stupid.

R's,
John

PS: Anyone who wants to argue they're not stupid should include citations
to case law.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Martin Rex]

Randall Gellens wrote:
> 
> I'm not a lawyer and I don't play one on TV or the net, so I likely 
> don't understand the situation.  As a point of possibly interesting 
> information, once upon a time, at a training session held by a lawyer 
> regarding how to protect confidential information, we were admonished 
> not to slap a "confidential" label on anything automatically or 
> without consideration, because, we were warned, doing so can cause 
> the label to lose meaning for everything.  In other words, if we 
> labelled everything "confidential," then we were really saying 
> nothing was confidential.

Congratulation for having met a lawyer with a clue in law.
This assessment is definitely valid for Germany.


> 
> Ever since, I've wondered if these notices were set up by someone who 
> is a lawyer and does understand the situation, or if they were set up 
> by someone who saw others do it, or heard that this sort of thing was 
> needed.

These notices are often suggested by real lawyers.

But it is hard to determine whether they are from the simple
clueless type, or whether they know that this notice is bogus, but
also know that there are many clueless folks, clueless other lawyers
and clueless judges out there that will fall for it, therefore
providing some small value in probabilistic terms. 


-Martin

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Marc Petit-Huguenin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/13/2011 03:19 PM, John C Klensin wrote:
> 
> 
> --On Wednesday, July 13, 2011 09:38 -0700 Marc Petit-Huguenin
>  wrote:
> 
>> ...
>> Yes, and perhaps disclaimers/confidentiality notices should be
>> standardized with their own MIME type to make automatic
>> processing easier so receivers of this kind of notice
>> (mailing-list or other) can respect the wishes of the sender.
>> ...
> 
> What did you have in mind?  Something like
> 
>   Content-type: text/legal-noise; charset=...
> 
> or perhaps
> 
>   Content-type: text/noise; noise-type="bogus-legal-disclaimer",
> charset=...
> 
> :-(
> 

No, I was serious.  I think that the best response to this kind of stuff is to
do what they ask to the letter.  If we can convince the senders that annotating
their notice with an header will permit us to obey their request, everybody 
wins.

- -- 
Marc Petit-Huguenin
Personal email: m...@petit-huguenin.org
Professional email: petit...@acm.org
Blog: http://blog.marc.petit-huguenin.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4eINwACgkQ9RoMZyVa61d2ugCfaPniSosAr3MXqnZQzzFG2PC/
j0MAoJqZ2gYeOHZNBRh0pf0VrJCsvZam
=6Z3z
-END PGP SIGNATURE-
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Dave Cridland]

On Wed Jul 13 23:19:00 2011, John C Klensin wrote:



--On Wednesday, July 13, 2011 09:38 -0700 Marc Petit-Huguenin
 wrote:

>...
> Yes, and perhaps disclaimers/confidentiality notices should be
> standardized with their own MIME type to make automatic
> processing easier so receivers of this kind of notice
> (mailing-list or other) can respect the wishes of the sender.
>...

What did you have in mind?  Something like

  Content-type: text/legal-noise; charset=...


text/legal-noise+xml, obviously.

Only XML is sufficiently verbose for lawyers.

Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.cridland.net
 - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
 - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[John C Klensin]

--On Wednesday, July 13, 2011 09:38 -0700 Marc Petit-Huguenin
 wrote:

>...
> Yes, and perhaps disclaimers/confidentiality notices should be
> standardized with their own MIME type to make automatic
> processing easier so receivers of this kind of notice
> (mailing-list or other) can respect the wishes of the sender.
>...

What did you have in mind?  Something like

  Content-type: text/legal-noise; charset=...

or perhaps

  Content-type: text/noise; noise-type="bogus-legal-disclaimer",
charset=...

:-(

john



___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Marc Petit-Huguenin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/13/2011 09:49 AM, Alessandro Vesely wrote:
> On 13/Jul/11 18:38, Marc Petit-Huguenin wrote:
>> On 07/13/2011 06:50 AM, Michael Richardson wrote:
>>>
>>> Barry, I think that we should put a filter on the ietf.org that bounces
>>> all messages with confidentiality notices.
>>
>> Yes, and perhaps disclaimers/confidentiality notices should be standardized 
>> with
>> their own MIME type to make automatic processing easier so receivers of this
>> kind of notice (mailing-list or other) can respect the wishes of the sender.
> 
> +1, I am quite concerned by those unneeded clots of legal wisdom
> infesting more and more places.  Couldn't they be concise, at least?
> A confidentiality notice shouldn't need to thoroughly explain the
> legal meaning of the term "confidential"...  Rather than formulate the
> law so as to leverage the Internet, legal systems at times seem to be
> hindering it with questionable obligations.

I do not think that size is really the issue.  It can even make things worse - I
saw some attempts (from Cisco people I think) to use a link instead of a
complete notice, but now I have to click on the link and read the web page,
which takes more time than reading an embedded text.

Using a specific MIME type for the notice text itself permits to not display it
if my mailer is configured this way.  If in addition we have an Header field
that describes the restrictions detailed in the disclaimer text, then we can 1)
configure IETF mailing-lists to bounce emails that clash with IETF's Note Well
and 2) configure our individual mailer to bounce emails with a confidentiality
notice but that are not sent specifically to us.

- -- 
Marc Petit-Huguenin
Personal email: m...@petit-huguenin.org
Professional email: petit...@acm.org
Blog: http://blog.marc.petit-huguenin.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iEUEARECAAYFAk4d0f4ACgkQ9RoMZyVa61eGkQCfXPhQ/yTDEDNiQRbff/eYE+y/
QScAmNGXVlGBQBm9QVx3IegUTo9QJrU=
=X41v
-END PGP SIGNATURE-
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Alessandro Vesely]

On 13/Jul/11 18:38, Marc Petit-Huguenin wrote:
> On 07/13/2011 06:50 AM, Michael Richardson wrote:
>> 
>> Barry, I think that we should put a filter on the ietf.org that bounces
>> all messages with confidentiality notices.
> 
> Yes, and perhaps disclaimers/confidentiality notices should be standardized 
> with
> their own MIME type to make automatic processing easier so receivers of this
> kind of notice (mailing-list or other) can respect the wishes of the sender.

+1, I am quite concerned by those unneeded clots of legal wisdom
infesting more and more places.  Couldn't they be concise, at least?
A confidentiality notice shouldn't need to thoroughly explain the
legal meaning of the term "confidential"...  Rather than formulate the
law so as to leverage the Internet, legal systems at times seem to be
hindering it with questionable obligations.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Marc Petit-Huguenin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/13/2011 06:50 AM, Michael Richardson wrote:
> 
> Barry, I think that we should put a filter on the ietf.org that bounces
> all messages with confidentiality notices.

Yes, and perhaps disclaimers/confidentiality notices should be standardized with
their own MIME type to make automatic processing easier so receivers of this
kind of notice (mailing-list or other) can respect the wishes of the sender.

> 
> I also think that we should enforce 77 columns max for text/plain when
> there is no "format=flowed" option in the Content-Type.
> 


- -- 
Marc Petit-Huguenin
Personal email: m...@petit-huguenin.org
Professional email: petit...@acm.org
Blog: http://blog.marc.petit-huguenin.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4dyhAACgkQ9RoMZyVa61eBugCfZCSPrGvFRzKQnJsfplGxZexp
MCwAoIrKHYpNxpTA85BJL1Oll3JHOF+P
=k4yT
-END PGP SIGNATURE-
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Andrew Sullivan]

On Tue, Jul 12, 2011 at 05:39:49PM -0400, Barry Leiba wrote:

> > "Each Contributor agrees that any statement in a Contribution, whether
> > generated automatically or otherwise, that states or implies that the
> > Contribution is confidential or subject to any privilege, can be disregarded
> > for all purposes, and will be of no force or effect."
> 
> Yes, I'm aware of that.  My point was exactly that: that the
> confidentiality statement is pointless.

Actually, given the policy, it's _not_ pointless.  It makes the
message "of no force or effect" and causes the participation by that
individual to be disregarded.  Surely nobody wants their contribution
to be disregarded because of a misguided rule on the part of someone
in their firm who doesn't understand the meaning of the words "public
mailing list".

A

-- 
Andrew Sullivan
a...@anvilwalrusden.com

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Michael Richardson]

Barry, I think that we should put a filter on the ietf.org that bounces
all messages with confidentiality notices.

I also think that we should enforce 77 columns max for text/plain when
there is no "format=flowed" option in the Content-Type.

-- 
]   He who is tired of Weird Al is tired of life!   |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] m...@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video 
   then sign the petition. 
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Huub van Helvoort]

Hello Barry,

You wrote:


Hi, Jorge.


You may want to refer to Section 5.2 of RFC 5378, which addresses this
issue:

"Each Contributor agrees that any statement in a Contribution, whether
generated automatically or otherwise, that states or implies that the
Contribution is confidential or subject to any privilege, can be disregarded
for all purposes, and will be of no force or effect."


Yes, I'm aware of that.  My point was exactly that: that the
confidentiality statement is pointless.  I'm asking people to try to
get rid of them entirely.


It will also save energy, so it is good for the environment too.

BR, Huub.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Hector Santos]

Randall Gellens wrote:

Barry,

I'm not a lawyer and I don't play one on TV or the net, so I likely 
don't understand the situation.  As a point of possibly interesting 
information, once upon a time, at a training session held by a lawyer 
regarding how to protect confidential information, we were admonished 
not to slap a "confidential" label on anything automatically or without 
consideration, because, we were warned, doing so can cause the label to 
lose meaning for everything.  In other words, if we labelled everything 
"confidential," then we were really saying nothing was confidential.


Ever since, I've wondered if these notices were set up by someone who is 
a lawyer and does understand the situation, or if they were set up by 
someone who saw others do it, or heard that this sort of thing was needed.


Depending on the organization, it may be a legally required especially 
if it is public stock company.  It is also legally required to make an 
explicit statement in order to have stronger enforcement when push 
comes to shove, i.e. ignorance can not be claimed.   There is also a 
difference in PUBLIC vs PRIVATE communications and while it is more 
important to have disclaimers when public, unless an explicit 
statement is also made in private, it can not be assumed.  A good 
example is a private message send to someone and he/she makes it 
public. In tort cases, the receiver has to right to make it public if 
and only if the author did not make an explicit statement that it 
remains private and the guideline is to make it the very first 
statement:  THIS IS A PRIVATE MESSAGE AND THE INTENTION IS THAT IT 
REMAINS PRIVATE. MAKING THIS MESSAGE PUBLIC WILL VIOLATE US EPCA "User 
Privacy Expectation" PROVISIONS.


IMV, the IETF will be opening up a can of worms if they begin to cite 
legal conflicts with the NOTE WELL statement and if its suggested that 
participants use external addresses in order to participate without 
conflict, well, even if people took the advice, it may put the person 
in some legal conflict with his corporate employer. e.g.  just because 
a person moonlights in some other activity, does not necessary mean 
they are free from company employment contracts and if there is any 
kind of relationship of his external activities with his normal work, 
they might want him to use a corporate identity or not. I guess it all 
depends how much of a hard ass is his boss, employer or their chief 
counsel.  You might find if the IETF is making a fuss, they may ask 
the employee to just not participate - lurk, but don't post.


--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com



___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[J.D. Falk]

On Jul 12, 2011, at 4:12 PM, Randall Gellens wrote:

> Ever since, I've wondered if these notices were set up by someone who is a 
> lawyer and does understand the situation, or if they were set up by someone 
> who saw others do it, or heard that this sort of thing was needed.

The latter seems likely to me as well, but the IETF community is unlikely to 
convince such people to change their minds.  It's certain to be far easier, in 
this case, to gently encourage participants to use a different email address 
for their IETF participation.

(I do that already -- not because of inappropriate footers, but because 
Exchange and Outlook are mind-bogglingly poor tools for discussion lists.)

--
J.D. Falk
the leading purveyor of industry counter-rhetoric solutions

___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Randall Gellens]

Barry,

I'm not a lawyer and I don't play one on TV or the net, so I likely 
don't understand the situation.  As a point of possibly interesting 
information, once upon a time, at a training session held by a lawyer 
regarding how to protect confidential information, we were admonished 
not to slap a "confidential" label on anything automatically or 
without consideration, because, we were warned, doing so can cause 
the label to lose meaning for everything.  In other words, if we 
labelled everything "confidential," then we were really saying 
nothing was confidential.


Ever since, I've wondered if these notices were set up by someone who 
is a lawyer and does understand the situation, or if they were set up 
by someone who saw others do it, or heard that this sort of thing was 
needed.


--
Randall Gellens
Opinions are personal;facts are suspect;I speak for myself only
-- Randomly selected tag: ---
I always avoid prophesying beforehand, because it is a much better
policy to prophesy after the event has already taken place.
   --Winston Churchill
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Barry Leiba]

Hi, Jorge.

> You may want to refer to Section 5.2 of RFC 5378, which addresses this
> issue:
>
> "Each Contributor agrees that any statement in a Contribution, whether
> generated automatically or otherwise, that states or implies that the
> Contribution is confidential or subject to any privilege, can be disregarded
> for all purposes, and will be of no force or effect."

Yes, I'm aware of that.  My point was exactly that: that the
confidentiality statement is pointless.  I'm asking people to try to
get rid of them entirely.

Barry
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: Confidentiality notices on email messages

[Jorge Contreras]

Barry,

You may want to refer to Section 5.2 of RFC 5378, which addresses this
issue:

"Each Contributor agrees that any statement in a Contribution, whether
generated automatically or otherwise, that states or implies that the
Contribution is confidential or subject to any privilege, can be disregarded
for all purposes, and will be of no force or effect."

Best regards,
Jorge

On Tue, Jul 12, 2011 at 4:28 PM, Barry Leiba wrote:

> I am increasingly seeing IETF participants posting messages to IETF
> mailing lists, sending messages to chairs and ADs, and so on, where
> their messages include confidentiality/security/legal notices at the
> bottom.  You know the ones; here are excerpts from two recent
> examples:
> 
> > Information Security Notice: The information contained in this
> > mail is solely the property of the sender's organization. This
> > mail communication is confidential. Recipients named above are
> > obligated to maintain secrecy and are not permitted to disclose
> > the contents of this communication with others.
> 
> > CONFIDENTIALITY NOTICE
> > The information contained in this e-mail and any attachments is
> > CONFIDENTIAL and is intended only for the use of the addressee.
> > Any unauthorized use, disclosure, distribution, dissemination,
> > or copying is strictly prohibited and may be unlawful. If you are
> > not the intended recipient, you are prohibited from any further
> > viewing of the e-mail or any attachments or from making any use
> > of the e-mail or attachments.
> 
>
> Those are just the beginnings of them -- they go on, and continue for
> another paragraph each.  I've seen them in Spanish, French, and
> German, as well as English.
>
> Now, apart from being long and annoying, they're in conflict with the
> IETF's Note Well, which applies to anything posted to IETF mailing
> lists or sent to anyone in IETF leadership about IETF business:
> http://www.ietf.org/about/note-well.html
>
> I'd also argue that those posting such messages are running afoul of
> their own organizations' rules by posting "confidential" messages
> publicly.  Of course, that's nonsense, but, hey, folks, it wouldn't be
> the first time a company might behave irrationally and discipline
> someone base on the letter, rather than the intent, of a rule.
>
> Of course, I know that these messages are put there automatically,
> according to your companies' policies.  No one is actually including
> them on purpose, and most probably aren't even aware, any more, that
> they're there.  But they are.
>
> I don't think this merits any official statement by the IESG, though
> the IESG might want to consider for itself whether it does.  But how
> about if we try to deal with this as a community?  It rather makes you
> look silly to have those notices there.  And you don't want to look
> silly, right?  So have a look at your posts, everyone, and if yours
> have any such junk at the bottoms of them, please do one of two
> things, tout de suite:
>
> 1. Arrange not to have them put there.  If there's some way you can
> get an exception to your company's rule for things sent to the IETF,
> do it.
>
> 2. Get a non-company address, and use that for your IETF
> participation.  You can get free addresses easily.  This option also
> has the advantage that if you should change employers, your
> IETF-related email address doesn't need to change.
>
> Barry
> ___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf