Unix security: Proprietary email

By Carole Fennelly, Unix Insider |  Business Add a new comment

The net is rife with examples of email messages gone astray, such as the infamous sexy note a British woman sent her boyfriend that spread around the world. While no proprietary information was leaked, it certainly was embarrassing for her and her employer. The lengthy corporate statement that was appended to the mail made it even more humourous.

From the Stupid Management department, we learn that careless emails can be costly as well. Neal Patterson, CEO of Cerner Corp., discovered that Foot-in-Mouth disease spreads rapidly across the Internet after firing off a blistering email cracking the whip on his managers. Apparently, Mr. Patterson felt that the volume of cars in the company parking lot was an indication of productivity. Wall Street disagreed, and Cerner's stock tumbled 22% when the mail was posted on Yahoo!. Oops.

To counter these situations, some companies have started adding trailer statements to all corporate emails, ranging from simple statements of fact to threats of legal action if the mail is forwarded. Here is an example of one trailer I have received (name of company and contact info deleted):

"The information contained in this email is XXX confidential and is
intended only for the use of the named addressee. If the reader of
this message is not the named addressee, you are hereby notified
that any use of this email or its contents, including dissemination
or copying, is strictly prohibited. If you have received this email
in error, please notify the IT manager by telephone on xxxx xxx
xxxx or via email to helpdesk@xxxx, including a copy of this
message. Please then delete this email and destroy any copies."

Aside from looking stupid at the end of a forwarded joke, it's also very embarrassing for the company claiming an offensive joke as their "property".

Furthermore, the "confidentiality" notion is technologically ludicrous. The mail lands on a system's mail spool that does not belong to the addressee and is not the property of the addressee. Mail doesn't travel from Point A to Point B without going through points X and Y, and then landing at Point Z to retrieved by Point B. Thus, the entire notion that only the intended recipient can "legally" receive the mail runs counter to SMTP technology.

How legally binding are these statements to the mail's receipient? Not very, according to Federal Defense Attorney Philip Weinstein. He says, "It simply acts as a notice. It does no more legally, except among lawyers who have rules concerning work -- product and privilege. If there is a civil action, say a trade secret, [then] it simply tells the receipient that the sender considers it a secret. They still have to prove a cause of action." A distinction should be made between the sender and the receiver's culpability. The statement applys to the receiver's liability, not the person who sent it. An employer, however, can hold an employee responsible for violating company rules by sending inappropriate mail. Depending on the circumstances, the consequences can include internal discipline, job loss, and legal liability.

I often receive email from friends and colleagues that express their opinions or insights on a technical subject. Nothing legally prevents me from forwarding the mail without first asking permission, but I usually ask anyway. Aside from the ethical issues, I value the relationships and want to continue getting uncensored input. All too often, a careless statement made to a friend can be taken out of context or misunderstood.

One of the more intelligent decisions I made when I was in my early 20s (and thought I knew everything) was to never post to Usenet group. "Flame wars" could get very emotional and often reflected badly on the employer of the offending poster. Some added a short disclaimer to their mail stating that the opinions expressed were their own, not necessarily their employer. Statements like this are sensible and indisputable. Ponderous psuedo-legal trailers are unenforceable and could backfire, making the company look bad -- especially if the mail is very personal.

Here's my trailer:

    Add a comment

    Post a comment using one of these accounts
    Or join now
    At least 6 characters

    Note: Comment will appear soon after you have activated your account.
    Obscene/spam comments will be removed and accounts suspended.
    The information you submit is subject to our Privacy Policy and Terms of Service.

    ITworld LIVE

    BusinessWhite Papers & Webcasts

    White Paper

    Insiders Can Ruin Your Company. Take Action.

    Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in organizations worldwide. This white paper from NetIQ, discusses key technology solutions that help to prevent and detect insider threats.

    White Paper

    Ten Steps to an Enterprise Mobility Strategy

    Enterprise employees are more mobile, relishing the ability to work productively anywhere, at any time. They may use any means to get connected, often creating financial and security risks for your company. Discover how to get control of your enterprise mobility strategy and ensure mobile worker productivity with these ten steps.

    White Paper

    What You Need to Know About the Costs of Mobility

    Mobile workers want to get connected anywhere, at any time, often at any cost. Enterprise mobility is often a hidden "black" budget in your company. Ensure that your traveling employees are productive everywhere, even while you control cost and security, through an enterprise mobility strategy.

    White Paper

    The 2011 iPass Mobile Enterprise Report

    This industry survey covers trends, recommendations and a policy guide on managing Enterprise Mobility for IT management and CIOs. Get data on employee device liability, as well as smartphone/tablet penetration, budget control and provisioning. Find out how your organization compares, how to ensure mobile worker productivity, and control costs.

    White Paper

    Smarter Commerce is redefining value chain visibility

    Smarter Commerce is redefining the value chain in the age of the customer. It starts with putting the customer at the center of your operations - which of itself is not a new idea - however, truly operationalizing this strategy is not easy.

    See more White Papers | Webcasts

    Ask a question

    Ask a Question