Confidentiality notices

Confidentiality notices

[Ian Lance Taylor]

I've noticed several e-mails recently with confidentiality notices
which we are violating when we archive the message on the web site.

Any thoughts on whether we should check for these notices on incoming
mail, and bounce them back to the sender?

Ian

Re: Confidentiality notices

[Christopher Faylor]

On Wed, Jan 28, 2004 at 10:04:22AM -0500, Ian Lance Taylor wrote:
>I've noticed several e-mails recently with confidentiality notices
>which we are violating when we archive the message on the web site.
>
>Any thoughts on whether we should check for these notices on incoming
>mail, and bounce them back to the sender?

I've suggested that in the past.  This is one of the reasons that I
modified the sources.redhat.com mailing list web page to mention the
fact that the lists are archived.  I don't know of gcc.gnu.org has any
wording to this effect, though.

With recent changes to the spam checking software, I can do filtering on
email.  For instance, on the cygwin mailing list, I added the capability
to subscribe to a cygwin-replyto mailing list.  Once you are a member of
that list, all email to the cygwin list has a reply-to added
automatically.  I also add a "X-IsSubscribed: yes" header when senders
are subscribed to the list so that you can make a decision on whether to
cc or not.

I was contemplating honoring some kind of tag in the body like:
END-OF-MESSAGE so that people could avoid sending the confidentiality
stuff.  That would put the onus on the sender to make the decision about
what shows up in email and in the archives.  Once we do that, I could
easily start bouncing messages which contain confidentiality trailers.
FWIW, I really hate them.

cgf

Re: Confidentiality notices

[fche]

ian wrote:

> I've noticed several e-mails recently with confidentiality notices
> which we are violating when we archive the message on the web site.
> [...]

Are you sure that "we are violating" something?  The typical verbal
diarrhea warns not to send stuff beyond the intended recipients.
Has someone put forward a plausible interpretation that applies
even when the intended recipient is a public mailing list?  (My
impression is that we should expend no effort on issue, and let
the notices speak for themselves about the originator's silliness.)

- FChE

Re: Confidentiality notices

[Gerald Pfeifer]

On Wed, 28 Jan 2004, Christopher Faylor wrote:
> On Wed, Jan 28, 2004 at 10:04:22AM -0500, Ian Lance Taylor wrote:
>> I've noticed several e-mails recently with confidentiality notices
>> which we are violating when we archive the message on the web site.
>>
>> Any thoughts on whether we should check for these notices on incoming
>> mail, and bounce them back to the sender?

Yes, please!  Less for legal reasons, than to make a statement.

> I've suggested that in the past.  This is one of the reasons that I
> modified the sources.redhat.com mailing list web page to mention the
> fact that the lists are archived.  I don't know of gcc.gnu.org has any
> wording to this effect, though.

http://gcc.gnu.org/lists.html has

  Please do not include or reference confidentiality notices, like:

    The referring document contains privileged and confidential
    information. If you are not the intended recipient you must not
    disseminate, copy or take any action in reliance on it, and we request
    that you notify companyname immediately.

  Such disclaimers are inappropriate for mail sent to public lists. If
  your  company automatically adds something like this to outgoing mail,
  and you can't convince them to stop, you might consider using a free
  web-based e-mail account.

> Once we do that, I could easily start bouncing messages which contain
> confidentiality trailers. FWIW, I really hate them.

Feel free to start doing so for the GCC lists right away, at least as
far as I'm concerned. ;-)  Unconditionally.

Gerald
-- 
Gerald Pfeifer (Jerry)   gerald@pfeifer.com   http://www.pfeifer.com/gerald/

Re: Confidentiality notices

[Ian Lance Taylor]

fche@redhat.com writes:

> > I've noticed several e-mails recently with confidentiality notices
> > which we are violating when we archive the message on the web site.
> > [...]
> 
> Are you sure that "we are violating" something?  The typical verbal
> diarrhea warns not to send stuff beyond the intended recipients.
> Has someone put forward a plausible interpretation that applies
> even when the intended recipient is a public mailing list?  (My
> impression is that we should expend no effort on issue, and let
> the notices speak for themselves about the originator's silliness.)

No, I'm not sure.

However, the most recent notice I saw said this:

    ****************************************
    Confidentiality Notice

    The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at mailadmin@isofttech.com immediately and destroy all copies of this message and any attachments.

    ****************************************

It was addressed to gcc@gcc.gnu.org.  It seems clear that anybody on
that mailing list is an addressee.  However, we have now put this
message on the web:
    http://gcc.gnu.org/ml/gcc/2004-01/msg02087.html

It seems clear that any random person on the web is not an addressee
of the message.  Those people are in principle required to notify
isofttech.com and destroy the message.

It's true that probably no lawsuit could succeed here.  But I'm not
comfortable with the situation.

Ian

Re: Confidentiality notices

[Christopher Faylor]

On Wed, Jan 28, 2004 at 05:39:26PM +0100, Gerald Pfeifer wrote:
>On Wed, 28 Jan 2004, Christopher Faylor wrote:
>> On Wed, Jan 28, 2004 at 10:04:22AM -0500, Ian Lance Taylor wrote:
>>> I've noticed several e-mails recently with confidentiality notices
>>> which we are violating when we archive the message on the web site.
>>>
>>> Any thoughts on whether we should check for these notices on incoming
>>> mail, and bounce them back to the sender?
>
>Yes, please!  Less for legal reasons, than to make a statement.
>
>> I've suggested that in the past.  This is one of the reasons that I
>> modified the sources.redhat.com mailing list web page to mention the
>> fact that the lists are archived.  I don't know of gcc.gnu.org has any
>> wording to this effect, though.
>
>http://gcc.gnu.org/lists.html has
>
>  Please do not include or reference confidentiality notices, like:
>
>    The referring document contains privileged and confidential
>    information. If you are not the intended recipient you must not
>    disseminate, copy or take any action in reliance on it, and we request
>    that you notify companyname immediately.
>
>  Such disclaimers are inappropriate for mail sent to public lists. If
>  your  company automatically adds something like this to outgoing mail,
>  and you can't convince them to stop, you might consider using a free
>  web-based e-mail account.

That's great wording.  I'm going to put it in the sources.redhat.com page,
too.  Hope that's ok.

(and apologies for not just taking 10 seconds and checking for this myself)

>> Once we do that, I could easily start bouncing messages which contain
>> confidentiality trailers. FWIW, I really hate them.
>
>Feel free to start doing so for the GCC lists right away, at least as
>far as I'm concerned. ;-)  Unconditionally.

Should we get a steering committee vote on this?

cgf

Re: Confidentiality notices

[Gerald Pfeifer]

On Wed, 28 Jan 2004, Christopher Faylor wrote:
>> http://gcc.gnu.org/lists.html has
>> [...]
> That's great wording.  I'm going to put it in the sources.redhat.com
> page, too.  Hope that's ok.

I believe the wording is due to Joe Buck, and it's definitely okay to
reuse it.

>>> Once we do that, I could easily start bouncing messages which contain
>>> confidentiality trailers. FWIW, I really hate them.
> Should we get a steering committee vote on this?

To be on the safe side, I just sent a message asking whether there are any
objections.  I'm curious how RMS is going to respond -- he might actually
love the idea!

Gerald

Re: Confidentiality notices

[Gerald Pfeifer]

On Wed, 28 Jan 2004, Gerald Pfeifer wrote:
>>>> Once we do that, I could easily start bouncing messages which contain
>>>> confidentiality trailers. FWIW, I really hate them.
>> Should we get a steering committee vote on this?
> To be on the safe side, I just sent a message asking whether there are any
> objections.  I'm curious how RMS is going to respond [...]

Okay, I think we have clearance to go ahead as you suggested (and start
bouncing messages with confidentiality trailers).

Here is the main remark from the SC dicsussions:

  (1) The bounce message will be very clear regarding the reason for
  the bounce and point to a page on the GCC (or FSF) website explaining
  why it is considered unacceptable.  Taken literally they have violated
  some privilege to even send to the list and forbidden their email's
  inclusion in an archive.  Following that argument, we are just doing
  what they asked. :) But educating here is a good thing.

I guess referring to http://gcc.gnu.org/lists.html#confidential should be
sufficient.

Gerald
-- 
Gerald Pfeifer (Jerry)   gerald@pfeifer.com   http://www.pfeifer.com/gerald/