Subject: Re: FOR APPROVAL: OZPLB Licence
From: Chuck Swiger <chuck@codefab.com>
Date: Mon, 27 Dec 2004 23:03:10 -0500

Lawrence Rosen wrote:
> ian.oi@bdw.com writes:
>>> PS If there is a confidentiality notice at the bottom of this email
>>> from me, please ignore it - our firm's email system automatically
>>> adds a footer on emails that might contain such wording.
>>> Unfortunately, I can't turn it off.
>
> Russell Nelson responded: 
>> Exactly and precisely the reason why automatic disclaimers are wrong.
>> Any law or legal precedent that says that email is "claimable"
>> reflects a grave misunderstanding of the nature of email.

I once printed out 7000+ pages worth of email (every message between us and a 
client who didn't want to pay their bills) to serve as evidence in the case, 
and neither the judge nor the other side contested the validity of that email.

However, I agree with you that the automated disclaimers are meaningless and 
annoying.  They are inappropriate for most communications, and any validity 
they might have if they were written by the human sending the message, 
specificly for that message, is wholly undermined when the disclaimer is found 
in messages sent to public forums such as Usenet or public mailing lists like 
this one.

> Many people also use email for exchanging confidential information. 

Agreed, just as many people use the telephone when exchanging confidential 
information.  Email is adequately private for most purposes, although it is 
subject to discovery, and can be monitored or tapped by an ISP (or your 
friendly governmental Carnivore machine) just as a phone line can be tapped by 
the local telephone company.

People who need more privacy than that can use encryption and signing 
technology with email, such as OpenPGP.  For that matter, one could also 
simply zip the email attachments using a password.  (Please note that ZIP's 
encryption is pretty trivial to break, but it's good enough to deter 
disclosure via casual inspection.)

> [ ... ] Ultimately the more technically savvy
> among us convinced the others (by reference to court cases that supported
> our opinions) that it was sufficient to (1) identify our email as
> confidential and (2) take reasonable steps, in light of readily available
> email technology, to notify any unintended recipient of the confidential
> nature of the communication.

So far, this makes sense to me.  Normal email communication between people-- 
members of a company, or between the company and it's clients-- are subject to 
disclosure, but some communication between a lawyer and their client is 
privileged and not subject to disclosure.

I have worked with more than one lawyer here in NYC, and what they used (and 
had me use), was a message at the top of the email saying:

"ATTORNEY WORK PRODUCT -- PRIVILEGED & CONFIDENTIAL"

Nothing more, nothing less.

> Rather than educate each lawyer about what to mark and what not, law firms
> often require attorneys to append a confidentiality notice to every email.
> In some cases their system administrators implement software to append such
> notices automatically. That's the low tech solution to a legal problem.

Your legal colleagues [1] believe that the value they gain from doing this 
with every message outweighs the risk of misusing the privilege sometimes [2] 
and misidentifying public messages as being confidental...?

Using a tool which appends a multiline disclaimer to *every* message is 
ill-informed and a misuse of technology, just as much as using a hammer to 
drive screws into the wall is a misuse of technology.  Even if the hammer 
works well enough to be useful, it is still not the right tool for the job.

------
[1]: I couldn't resist using the phrase, sorry.  :-)
[2]: There is no attourney-client relationship between "BLAKE DAWSON WALDRON" 
and everybody reading the <license-discuss@opensource.org> mailing list.

> I've often wished for technology to catch up with what attorneys need. There's a
> button I can click in my email program when I send an email to mark it as
> "high priority" or to request a "read receipt." But there's no simple button
> to press to identify the email as confidential or to automate PGP
> encryption.

Mozilla + Enigmail has a one-button solution for using PGP signing & 
encryption with email:

http://www.mozilla.org/
http://enigmail.mozdev.org/
http://enigmail.mozdev.org/screenshots.html

It might even improve security compared with using IE+Outlook, too.  :-)
Anyway, Merry Xmas, all.

-- 
-Chuck