ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Flaw in the NOTEWell System makes NOTEWELL NOTWELL

2006-07-25 18:53:02
from [todd glassey] [Permanent Link] 
Brian - t
hanks for bring up the issue of those silly confidentiality notices. its
really funny to see them on the postings of the Bar Association's list too.
But point taken - still - there are generally EULA's that the users sign to
work in the entity and in most all instances those have some conveyance
statement, or ownership proclamation and expectation of privacy dismissal
statement, whether they are enforceable depends on which Jurisdiction one is
standing in. Unfortunately the IETF MUST work in the US, EU, Canada, South
America, Asia and EMEA and Japan/Australia - and all at once.

So how does one do that?

Todd

----- Original Message ----- 
From: "Brian Rosen" <br(_at_)brianrosen(_dot_)net>
To: "'todd glassey'" <tglassey(_at_)earthlink(_dot_)net>; 
<ietf(_at_)ietf(_dot_)org>
Sent: Tuesday, July 25, 2006 5:33 PM
Subject: RE: Flaw in the NOTEWell System makes NOTEWELL NOTWELL



I've actually been successful at arguing something like the opposite of
this.

Many corporations now assert this silly little hunk of text at the end of
every message claiming the email is private and such.  A typical one is:

  This message and any attachments to it may contain PROPRIETARY AND
  CONFIDENTIAL INFORMATION exclusively for intended recipients. Please DO
  NOT FORWARD OR DISTRIBUTE to anyone else. If you are not the
  intended recipient, please contact the sender and delete all copies
  of this e-mail from your system.

This is in direct violation of Note Well, which requires all documents,
including email to not contain proprietary or confidential information.
Further, since the email is sent to the IETF, which has a well established
policy of publicly posting all email sent to it, I have argued that unless
this warning is removed, it renders the admonition ineffective for the

cases

it is wanted, since the sender obviously knows that what he is sending is
not confidential, is instantly forwarded, is immediately made public and

to

claim otherwise means the sender is not actually serious about defending
truly private IP.  Several lawyers have agreed, and forced the corporation
to allow removal of the postscript when sending to public lists, much to

the

consternation of the IT folks who thought implementation of the IP notice
was simple.

Since complying with IETF IP policy is a condition of participation, and

no

one is forced to participate, corporations can claim ownership, but cannot
claim confidentiality.

I also chuckle at the "delete all copies of this email" part.  Most
corporations routinely backup inboxes, making this impossible for the
non-intended recipient to comply.  I always compare this to the Hollywood
stars who will not answer a call without incoming CallerId, and always

block

outgoing CallerId.

Do note that even post SOX, the notice on the email typically does not

claim

ownership.  Every company I know claims ownership of everything on their
systems, which would include, presumably, all incoming mail.  So you

always

have the dueling claims to fight over.

Brian


-----Original Message-----
From: todd glassey [mailto:tglassey(_at_)earthlink(_dot_)net]
Sent: Tuesday, July 25, 2006 6:44 PM
To: ietf(_at_)ietf(_dot_)org
Subject: Flaw in the NOTEWell System makes NOTEWELL NOTWELL

Hi there Audit Fans - Lets look at NoteWell and figure out how it
interacts
with Corporate Governance and Compliance Policies...

let me make a couple of observations:

NOTEWELL http://www.ietf.org/NOTEWELL.html has some hidden requirements
that
make it broken. Let me illustrate...

    1) All the major players who sponsor people in the IETF have an
iron-clad email policy which EVERYONE is aware of that says that they

OWN

the IP emanating from their Email System. This is generally not

negotiable

here in the US either. This means that they WILL NOT allow any releases
against IP sent from their Email Systems or Domain. The cannot - lest

they

lose the control they have over the internal use of the servers which
might
seem fun to this group - but its something that NO EXECUTIVE is going to
allow.

    2) The IETF however claims that any Email sent to it in any form
constitutes NOTEWELL and becomes its property. The problem is that it

has

no
agreements with the other email provider to make that true.

    3) The IETF also tries to protect itself by requiring the Individual
to
represent that they have formal authorization to participate in the IETF
through the Entity's resources, except that there is the issue of #1

which

NO entity in its right mind would consider relaxing...

So who actually owns the IP?

Better yet - can ANY SOX constrained company with public controls in

place

on its internal services allow an Employee or Guest to use their
infrastructure to participate in a process that directly violates their
corporate operating guidelines?

???

Todd


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf





_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Flaw in the NOTEWell System makes NOTEWELL NOTWELL, Brian Rosen
Next by Date:  Re: Flaw in the NOTEWell System makes NOTEWELL NOTWELL, todd glassey
Previous by Thread:  RE: Flaw in the NOTEWell System makes NOTEWELL NOTWELL, Brian Rosen
Next by Thread:  OT - Post-SOX Thinking in US Public Companies (was Re: Flaw in the NOTEWell System makes NOTEWELL NOTWELL), Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]