From owner-nanog@merit.edu Thu Aug 19 12:58:57 2004
Cc: Patrick W Gilmore <patrick@ianai.net>
From: Patrick W Gilmore <patrick@ianai.net>
Subject: "scanning" e-mail [WAS: 3 Free Gmail invites]
Date: Thu, 19 Aug 2004 13:55:46 -0400
To: nanog@nanog.org
>>
>> Joshua Brady wrote:
>>
>>> I've got 2 Gmail invites up for grabs for the first 2 to email me
>>> offlist.
>>>
>>
>> You know, I'm having trouble finding people that *don't* have
>> gmail.com
>> accounts already.
>
> Because G-mail scans INCOMING mail without the sender's consent, we
> will NEVER
> have a G-mail account and have considered blocking them. We actively
> discourage
> our clients from using this service. If you want to let a service scan
> YOUR mail,
> it is your perogative, but you cannot give them permission to scan MY
> mail to you.
I believe your last statement is factually incorrect. I absolutely
_can_ do anything I please with "your" e-mail you send to me. Not only
that, I also believe I _may_ do it. You send me e-mail, the e-mail is
now mine.
Well, legally, "yes, and no".
I can post it publicly,
You _cannot_ legally do that. copyright infringement.
put it into a search engine, or
deleted it, and you have no say in the matter. Might not be polite,
but it certainly it not illegal. Don't like it, don't send me e-mail.
(Please.
You own the 'artifact' that is the message, the 'intellectual property
rights' (i.e. "copyright") remain with the author/sender.
Doing thing with the message that require consent of the copyright holder
are things you cannot do _without_ that consent.
'Private use' copying is _not_ one of those things, however.
Google is simply indexing mail for their users as a service - an
unobtrusive, completely benign service just like virus checking or
procmail scripts which have been used for years. And it certainly does
not require the consent of the sender. How I manage my mailbox is MY
business. You have exactly zero say over whether I let Google do it or
Mail.app.
This is not at all clear to me, and has been argued differently by different people - including more than one JD.
I also know several companies / people who post e-mail publicly. Hell, NANOG has public, searchable archives. Does that mean Merit is violating the law?
Either way, the argument stands just fine if you remove the "post it publicly" part.
Are you saying that those ridiculous boilerplate disclaimers similar to
the following that annoyingly appear tagged to email (including that sent
to public mailing lists) really mean something?
NOTICE: This communication may contain confidential and/or privileged
information. If you are not the intended recipient, or believe that you
have received this communication in error, you are obligated to kill
yourself and anyone else who may have read it. So there. My disclaimer
is scarier than yours. Nyaah. You started this silly nonsense. Knock
it off and I will too, ok? Nobody reads it anyway. You're not actually
reading this, are you? I didn't think so.
I got complete agreement from every JD about the disclaimers at the bottom - they cannot tell you after you have received the e-mail that you cannot keep the e-mail. Someone sends you something, it is yours. Period. (Of course, every single one then back-peddled and talked about how nothing is certain if it goes to court and typical CYA Lawyer BS.)
So at least the part about "if you are not the intended recipient, I get your first born 'cause you already read the e-mail before seeing this disclosure" is complete and utter BS.
i got told otherwise, but again this hasnt been tested in a court by me. i
forget the exact detail in the conversation but it was comparing the disclaimer
to what you get in regular mail.. so things like confidentiality, opening an
attachment meaning you agree to things are allegedly okay.
as you say tho this cannot be extended to some things such as by reading this
you owe me $1m etc but the reasonable and logical bits are allegedly enforceable
to some degree
i got told otherwise, but again this hasnt been tested in a court by me. i
forget the exact detail in the conversation but it was comparing the disclaimer
to what you get in regular mail.. so things like confidentiality, opening an
attachment meaning you agree to things are allegedly okay.
Maybe the UK is different than the US. But if I get something addressed to me in the mail (dunno about it if it was addressed to someone else and accidentally delivered), it is MINE. Period. If I did not order it, too damned bad, I get to keep it, it's a gift.
Bringing this back on topic, IFF that can be extended to e-mail (and my understanding is that it can), the disclaimer is worthless - at least the part about having to delete it. There is some question about whether I can post it publicly (as you saw earlier), and I don't have the motivation to test it in court, but I certainly feel perfectly comfortable reading the contents of the e-mail and any attachments, and doing whatever I like with the information, baring limitations set by any previous agreements (e.g. NDAs).
Would anyone care to correct me on this? IANAL, and don't even play one on TV.
as you say tho this cannot be extended to some things such as by reading this
you owe me $1m etc but the reasonable and logical bits are allegedly enforceable
to some degree
Unclear on why telling me I have to delete something you sent me is logical. Just the opposite, in fact.
I often send the miscreants a pointer to Peter Guttmann's work on securely
erasing magnetic media, and ask if they're willing to pay for the downtime of
tracking down which blocks on the multiple terabytes of RAID-5 on our main mail
hub need to be wiped out (remember - the block could have been allocated and
then freed, so it gets interesting). Oh.. and would they care to pay for new
backup tapes, because we'll have to restore them to a scratch area, erase the
offending files, then make new tapes and destroy the old ones and wipe the temp
disks.. Oh.. and second-order costs for people idled while we do the work...
I mean, if they're so worried that their screw-up will earn them an Ollie North:
(And yes - I am *fully* aware that we don't take a second of downtime if we
lose a disk on a hot-swap RAID-5, as it auto-hot-swaps and rebuilds onto a
spare and then asks for help.. recovering from one failing drive in a raidset
is *not* symmetric with intentionally trying to nuke possibly-moving data off
all the volumes concerned..
