Forgot your password?
typodupeerror
Privacy

Confidentiality on Virus Sent Docs? 465

Posted by CmdrTaco
from the something-to-think-about dept.
Sulka writes: "The latest Sircam outbreak has sent me a lot of documents from total strangers I've never heard of before. This led me to wonder what would happen if a trade secret doc from company X was leaked like this to me -- I guess the secret wouldn't be a secret anymore. But what's the legal standing of this? Is a virus sending a document the same as someone sending email accidentally to a wrong address? Could I send a M$ Halloween memo that popped to my address to the press?" I have now recieved 1.1 gigabytes of sircam virus email attachments. I'm just glad I don't pay for my bandwidth per k.
This discussion has been archived. No new comments can be posted.

Confidentiality on Virus Sent Docs?

Comments Filter:
  • by Anonymous Coward
    grammer Cute! :-)
  • There is a FAQ on Trade Secret Basics at nolo.com. In particular, look at the question titled "What rights does the owner of a trade secret have?" [nolo.com] I am not a lawyer, but I think it would be reasonable to assume that the SirCam virus would be covered by the line that talks about "people who learn about a trade secret by accident or mistake" (these people are not allowed to divulge the trade secret). So, I am playing it safe with files sent to me as the result of SirCam and just deleting them.
  • Actualy I disagree with that. Of course you have to teach ethics. And ethics is a much more complex subject that most people think. Ethics should be tought and thought about much more than they are are in the most of the USA.

    If you don't write down and teach your rules for ethics how can you expect people to learn them and follow them. Ofcourse there are many ethical rules that are or should be rather obvious, like don't take bribes. But there are many others that are less so.
    For example there was a case during the Shoah (Holocost) where a man could have bribed the germans to let his son off of a train to the camps, but if he did this somone else's son would have been put on to make the count. Would it be ethical for him to do this? Well Jewish Law states that infact it would not be ethical to do that. After all why should your son live at the expense of someone else. And this is not some theoretical argument of Rabbis debating the Talmud, this is a true story.

    Now I will hope that none of us ever faces a choice like that (B''H), but that does not mean that ethical choices do not come up every day in our lives, we should think about them and talk about them and when we have children talk about them with our children so that our children grow up with values and I hope make a better world for their children.

  • Under Jewish law (Its in the Talmud) You must return a lost object if it has a distinguishing mark, it has not been abandoned by its owner, and it has value. So for example if you found a $50 bill on the street you can keep it, as you have no way of knowing who it belongs to. Or for example you find a copy of a newspaper on a train, you don't have to return it as the owner probably left it there after reading it, so it counts as abandoned. Or for example if a bag of rice falls and breaks and scatters all over the place then it really does not have value. (After all its all over the floor).

    On the other hand if you find a wallet with some ID in it, then you should probably return it, as you can know who owns it. Unless you can be reasonable sure that the owner has no hope of finding it again, for example it just washed up on the sea shore. There are a few more rules. I don't remember which tractate of the Talmud this is all in but my Rabbi gave a class on it a while back.

    So in that case, if you can figure out who owns the Jewelry some how (Say its in a box with a name) you should return it to them. On the other hand if its box with no name and some gold and dimonds you can reasonably keep it.

    If this comes up in real life consult a Rabbi over my post, my memory may be wrong on a detail here.
  • The difference is that in the Shoah case that someone would die was not in question. Only who it was going to be. The SUV issue is much less clear cut. If I drive a SUV (I don't) and I hit you, then its not that you will die and I won't its that you have worse odds than I do. Somewhat different issue.

    There are other issues I have with SUV's but they are not relivant here.
  • HOTMAIL IS FREE!

    No it isn't. You have to provide personal information in order to sign up, that's a cost, because people pay money for this kind of valuable information. You have to endure ads in order to read your email, that's a cost because it pollutes your brain.

    --

  • PubCam [hartnup.net] is a small Perl script which extracts any SirCam attachments, removes the virus, and produces an index.html listing the files, the sender, and the date header from the mail in question. This makes it very quick and easy to put up a web page of your SirCam spoils.

    Beware, though, hosting services such as Tripod don't like it very much!
    --
  • My guess is that if you get an email containing sensitive information from somewhere in the United States then it is legal for you to publish it. Of course, I don't know where you live, or have any idea of the laws in your country, but that doesn't stop me from making things up...

    In case you hadn't noticed, this particular Ask Slashdot dealt with a legal question. As such the answer depends on your jurisdiction. The answers to legal questions like this quite often vary from state to state, and even from county to county. They certainly vary from country to country. This sort of discussion might not be helpful if you live in Communist China, where you probably have little influence on local laws, but it's at least somewhat germane to anyone who lives in any sort of republic or representative democracy, because the comparison of foreign and domestic law often reveals loopholes that one might wish to avoid in their own jurisdiction.

    I imagine that you also have a say in the creation of your local laws (scary as that may seem), and so the quote mentioned above also applies to you. That makes you an official amateur lawmaker, so you might want to become informed a bit. Barring that, you might want to push the back button on your browser and perhaps read a different article if you don't want to discuss an issue that is primarily going to reflect /.'s US audience.

    On the other hand, it is possible that you live in some forward-thinking country where they don't have anything as backwards as law. In that case, flame away.

  • score order has nothing to do with the validity of the opinions.

  • Fall into two general categories..
    1) Indoctrination so you'll be nice to corporate
    interests
    2) Review of different ethical systems and their
    foundations
    I suspect by your phrasing that you mean the
    first. A code of ethics isn't something objective
    that one can learn.. I recall, when I took a
    course on ethics when I was an undergrad, we did
    debates, and I managed to sway about a third of
    the class to the position that intellectual
    property is philosophically invalid. Fun.
  • Why do people keep posing technical legal questions to a bunch of geeks, most of whom haven't even graduated from college yet?
    'Cause they're not all clueless idiots, there are a few sharp tacks in the bunch. Plus, one or two of 'em have graduated from college and actually have something to say worth reading. Sort by score order, idiot.
    Judging from the uninformed comments above, evidently not, but there are a *ton* of clueless idiots who are more than happy to spout off their opinions on a subject they know nothing about.
    Well, duh. What else is new about any online community? Why should /. be any different?

    John.

  • For those people using Solaris (or any other *nix with a "dd"), here's how to strip the "virus"
    part of the attachment away from the "document"
    part, so you can safely view the documents:

    dd bs=512 skip=268 if=infected.filename.ext of=disinfected.filename
  • Fair enough -- but if procmail is working as advertised and you route the data to the bit bucket, I don't see how you'd know how much you get in spam/forwarded viruses.

    Procmail logs, naturally. It logs message size even when bit-bucketing.
  • by Alan Shutko (5101) on Tuesday July 31, 2001 @09:47AM (#2178997) Homepage
    Of course, by the time it hits procmail, you've already paid for the bandwidth (unless you have mail delivered to a server with procmail outside the net you pay for bandwidth).
  • Nobody is "required" to do squat about email that comes with a destruct-request. If we truly were required then I could then bill the senders for time & services rendered.

    All those stupid notices do is communicate that whoever resposible for them has poor grasp of this area of the law and/or is trying to bs folks into playing along.

    The information contained in this document is proprietary and confidential and may not be transmitted to others in any form without the express written consent of me. Contravention of this shall result in substantial penalties. To avoid litigation empty your wallet of all high value bills & email them to me.

  • Anybody have any info on why this hidden article is hidden? Is this a frequent occurrence?
  • What censorship section? I went to preferences and the only choice is to *exclude* stories about censorship but I don't have that checked, I don't have anything checked for exclusion.
  • Since this is probably a one story per week kind of thing, why should I have to keep checking everytime I'm online? Why can't I have those stories show on my version of the main page? For that matter, why can't I have *all* stories show on the main page even if only as an entry in a slashbox? And shouldn't these censorship stories be in the Your Rights Online slashbox anyway?
  • by Magus311X (5823) on Tuesday July 31, 2001 @11:59AM (#2179002)
    Well your honor, he emailed the trade secrets to me and requested my advice!

    Really!
    -----
  • No, UCITA has provisions against unconscionability. If a term in the "contract" is unconscionable, then it's struck. Unless they were peculiar, no one would knowingly agree to have their computer ransacked by untrustworthy code.

    Trouble is, unconscionability is usually determined by a court (read: arduous and expensive).

    Schwab

  • by rho (6063) on Tuesday July 31, 2001 @09:40AM (#2179006) Homepage Journal
    I have now recieved 1.1 gigabytes of sircam virus email attachments. I'm just glad I don't pay for my bandwidth per k.

    You oughta be glad you don't get paid for your procmail skills.

  • by JanneM (7445) on Tuesday July 31, 2001 @09:42AM (#2179007) Homepage
    He isn't asking about the moral issues, he wants to know the legal aspects - these are not always congruent, you know.

    I vaguely seem to remember that where I live (sweden) you are not free to redistribute or publish stuff that's gotten into your hands by mistake if the stuff is clearly sent to you by mistake or is obviously confidential. We've had some incidents where hospitals or social services have faxed journals and other files to private citizens by mistake, and I think that was the result of those incidents. Note that you are not required to destroy the documents, or alert anybody that the information's got astray, you just aren't allowed to spread it around.

    /Janne
  • As far as I have been able to determine, if you have the information it is yours to do with as you like. There are several court cases where people have come into possession of otherwise private information and were free to publish it. The Supreme court has been somewhat consistant about that in recent years. It is a first amendment thing. If you come by information through an illegal act that you did not commit or encourage to commit, then you can do whatever you want with the information. Witness the poor union negotiator who had his cell conversation taped and later played on the air.

    Contract law, btw, requires that all parties sign, or otherwise agree to the contract. With this virus, there's no such agreement between the recipient and those who wish to keep the information private. It would be very hard to prosecute someone for disclosing this information, except maybe a copyright claim which would only protect the instance of the information, not the information itself.

    The infected sender might be extremely liable, or not at all. It all would hinge on wheather or not it was possible to take reasonable steps to ensure that such unauthorized disclosure would be prevented.

    Bottom line: You can tell people whatever you want to about this. Posting actual documents may expose you to a copyright action (since all documents are copyright at birth), but that would not preclude you from posting summaries.
  • 1) the consumer never signed any contracts

    Indeed he did! Every time he made a purchase he signed a contract, parties to which include the merchant, the bank, and the purchaser. You agree to pay when you make the purchase. If the merchant doesn't get this agreement, it's his fault and he should take the loss.

    This language has been part of the credit card receipt since at least the 1960's; it's not a recent development.

    Now, do you have a cite where we can research the
    "banks many years ago" who took losses from unsolicited credit cards?

  • >When you sign the piece of paper to buy
    >something you say

    "I agree to pay above total amount according to card issuer agreement."

    That "card issuer agreement" is an ironclad contract that I doubt anyone could squirm out
    of paying, at least not on simple questions of semantics.

    Now, this is NOT something that just came about
    in the last 2 decades! Even the debit card is
    not new, just far more common today. The merchant
    agreement and banking procedures have not changed
    in any substantial way since the 1950's. Certain
    trappings around the way we use card-based payments have changed; notably the incredibly high
    interest rates on consumer loans, and of course the instantaneous accounting of the transaction
    by modem. The ATM is new (since the late '70s, then common in the 80's, now *everywhere*), but
    the business model is not.

    Until a recent purge of old crap, I could have produced credit card receipts from the '60s to
    compare the language of the fine print. It would
    be interesting to compare the language on credit
    applications also, but I assure you they haven't changed much, except in superficial ways.

  • It's very simple. The owner is responsible for what his computer does.

    So, it's the company owning the infected computer that's responsible for sending it's secrets out.

    --

  • He didn't say ethics laws, he said ethics.

    Any society that doesn't teach it's ethics will only have them for a single generation.

    You need only look around your neighborhood (assuming you're in the US) to see that I'm right.

    -
  • Oh the irony... complaining about ethics, and then offering a link to OpenBSD ISO's in the .sig...

    No, irony is thinking it's OK to distribute images of commercial music CDs, but not OK to distribute privately-created CDs of Open Source software.

    In fact, if the former is OK, then it should be OK to put images of the official CD up on Napster.

    -
  • by dschuetz (10924) <(slash) (at) (david.dasnet.org)> on Tuesday July 31, 2001 @10:01AM (#2179018) Homepage
    The information contained in this document is proprietary and confidential and may not be transmitted to others in any form without the express written consent of $COMPANY. If you have received this document in error, please call $NAME at $PHONE and promptly destroy all copies.

    I hate that damned disclaimer. I regularly see it appened to email in mailing lists, and it's always a struggle for me not to respond to the guy that, no, I wasn't the original recipient, and he'd probably better check next time before he sends "proprietary and confidential" info to, say, the Pink Floyd mailing list.

    I know that many businesses have such disclaimers automatically tacked on by a server or gateway, but that doesn't make it right. If it's legally binding, then it's legally binding for EVERY email on which it appears, in which case, it shouldn't be on the public mail forums. If they can make a case that the disclaimer doesn't apply there, then, well, why can't I make a case that it never applies?

    Anyway, just a pet peeve. :)

  • by rnturn (11092) on Tuesday July 31, 2001 @11:09AM (#2179019)
    ``I have now recieved (sic) 1.1 gigabytes of sircam virus email attachments.''

    And that's probably just from a half dozen attached MSWord interoffice memoes that could have conveyed the same information in, oh, about 20KB of plain text per document, right?

    Can't anyone write a simple memo or office communication without using four different fonts and imbedded graphics any more? Some of the impact of things like SirCam are because of the feeling that many office workers have that their memoes won't be taken seriously unless they demonstrate their prowess in MSWord. Apparently they feel that, by not taking advantage of most of the available word processor options, their memo won't have the pizazz necessary to get their coworkers to stop leaving the empty coffee pot on the burner.

    Anyway... Does anyone know whether SirCam is pulling documents out of the default document location or is it scanning the entire hard disk for `*.doc'? If it's the former -- and without having read details on how SirCam works, I'm betting this is the case -- companies can limit their exposure by making sure that employees do not keep company confidential material in the default document directory. Or better yet, prohibit those documents from being stored anywhere but on a central file server and never on someone's unsecured desktop and definitely never on a laptop. Unless the company's management doesn't care if their strategic plans were on a stolen laptop, that is.



    --

  • Even if EVERYONE knows about it because ofa virus or a leak, anyone using it is doing so illegally and may be prosecuted for stealing trade secrets. If they delete it, no problem, if they keep it, big illegal problems.

    That's fine for people who sign your contract. But what if the info is sent to someone who didn't sign your contract?

    This appears to be the question being asked in this Ask /., getting info from "a lot of documents from total strangers I've never heard of before."

    Steve M

  • Either way you slice it, there aren't any really difficult questions.

    Perhaps not, but they miss the point.

    The point of the original question was, if I recieve confidential info from someone I do not know because it was sent to me (in this case specifically due to a virus), are there any legal ramifications to me using or publishing that info?

    I do not care what happens to the 'sender'. I don't care who was 'negligent'. I have not signed a contract dealing with this info. I do want to know what can happen to me.

    Well, there's only two ways the info can be sent to someone who didn't sign the contract: ...

    This is not true. Alice has signed the contract. Bob has not, nor is he the owner. Cindy has not, nor is she the owner. Alice sends it to Bob. Bob sends it to Cindy. Cindy, has received it from someone who is niether the owner nor signed the contract.

    There are of course other ways that someone who is neither a contract signee nor an owner of the document can receive it from some one who is not a signee nor owner. I'll leave determining them as an exercise for the reader. (Some hints: Dave is a burglar, Ed is a publisher, Fay is a dumpster diver, ...).

    Steve M

  • Hmmm... (standard IANAL disclaimer) ...

    Chapter 119 talks about intercepting electronic communications. But in this case I did not intercept it, it was sent to me. Thus it would appear that I am a party to this communication, albeit an unintended one.

    Chapter 2702 refers to service providers. I am not a service provider. So this would not seem to apply to me.

    Chapter 605 reads in part: Except as authorized by chapter 119, Title 18, no person receiving, assisting in receiving, transmitting, or assisting in transmitting, any interstate or foreign communication by wire or radio shall divulge or publish the existence, contents, substance, purport, effect, or meaning thereof, except through authorized channels of transmission or reception, ... (bold added)

    The information was sent to me through an authorized channel, email. So this doesn't seem to apply to me either.

    It seems these laws refer to either those involved in the transmission of electronic communications or those attempting to intercept such communications. It is not clear that they apply in the case whiere I am the addressee of an email.

    Perhaps some one who IAL could provide more insite.

    Steve M

  • by Col. Klink (retired) (11632) on Tuesday July 31, 2001 @10:15AM (#2179024)
    I assume from your answer that you imply that ethics would prohibit you from ever disclosing such information (regardless of the legality of said disclosure).

    Let's say it's 1942 and Adolf Eichman's transcript of the Wannsee Conference is accidentally faxed to you. Since you took an ethics course, I will assume that you would not be in favor of the Final Solution. Do your ethics continue to compel you into silence?
  • dd if=virus.doc.pif of=clean.doc bs=1 skip=137216

    True, but copying byte by byte is really slow. I'd increase the block size to something like 8 or 16K to make that operation a lot faster.
  • A swimming pool is what's known as an attractive nuisance. You, as a pool owner, are required to take reasonable precautions for the safety of children who might be attracted to it. This means a gate with a lock. It doesn't have to be very secure, just secure enough that people too young to know any better won't be able to easily get in.

    Should using Microsoft Outlook be considered an "attractive nuisance"?

  • "has sent me a lot of documents from total strangers I've never heard of before"

    This has nothing to do with hsi friends being stupid. It has to do with getting email from people he does not know, that has attachments.

    I got one the other day from someone I don't know. It was a word doc attachment. I'm just glad I use Linux and don't have word or anything loaded on my machine to read that crap.

    I don't want a lot, I just want it all!
    Flame away, I have a hose!

  • If a document is stored on a computer that is known ahead of time to be virus-friendly then I think it's pretty clear that the owner/use of that computer is not exercising due dilligence in protecting that document. It's not like it's a one-time accident. Everyone should know by now, Melissa and ILoveYou were a long time ago.

    People who select Microsoft products should be held accountable for the consequences of their choice. If you lose your secret due to someone else's gross carelessness, sue 'em back to the stone age. If you obtain someone else's secret due to someone's gross carelessness, well... you'll have to evaluate the situation.


    ---
  • by Sloppy (14984) on Tuesday July 31, 2001 @12:34PM (#2179036) Homepage Journal

    Which leads to the question of how do ethics get passed on if there is no education in them?

    The best ethics aren't passed on. They're derived from Game Theory.


    ---
  • And if the virus were written to reverse the characters in every occurence of "without" and to rot13 every occurence of "consent"? Would that still suffice? (Of course, I'm assuming that it's a text file. Otherwise it might be too difficult for a virus.)

    Or what if the virus encrypts the files that it sends, perhaps with zip or bzip? (That is certainly as secure as rot13.) Then whose rights are violated if you check on what has been sent to you?

    Our current set of laws is totally lunatic. The people who wrote them should be confined in Bedlam (and be chained to the walls, as was traditional).

    Caution: Now approaching the (technological) singularity.
  • by HiThere (15173)
    Just what we needed :-( , another idea for a virus. And one that will appeal to some. We can only hope that it isn't successful. There are much better ways to use the bandwidth.

    Caution: Now approaching the (technological) singularity.
  • On a Mac, the answer is always BBEdit! :)

    Even the free Lite version will open anything.

    I'm a smug Mac user, running Eudora 4 no less, and the only thing that's been sent to me was a Windows shortcut! "blahblah.ext.lnk" or something similar.

    .pif were Windows 3.1 files that ran DOS programs.

    Pope

    What? Bear is driving car? How can that be?!

  • (obvious, he wouldn't write "this is a virus")
    Why not? You don't think people who open up these attachments actually read click-through licenses, do you? I think the author could describe the program's true function in detail without slowing its spread.
  • Taco's got 1.1 Gigs of attachments from his friends? I must be lucky then, all my friends are smart enough not to click on files attached to emails that look dodgy!
    Sircam also gets e-mail addresses from the web browser cache, so Taco's getting it from everyone who's visited slashdot in the last 20 days (or whatever their chache's limit is)
  • Can someone explain to me how this spreads? I too have got lots of emails from strangers. (Although the first one I received was from someone many Slashdotters will have heard of, which confused me for a while.) I thought the normal thing with mail worms was that they would spread to people in your address book -- but I don't suppose I'm in many of these people's address books.
  • Well, the legal "experts" on www.askme.com haven't even graduated from high school. I'd say this is a step up.
  • I'm the tech director at a small private school. Several of the faculty decided to open unexpected attachments (despite my advice to the contrary), finding that they "couldn't open the files properly." However, the virus still infected the host system and had to be cleaned. Basically, in my experience, the documents have been modified (they're .pif file extensions with the name of a local private document) and are not the actual document itself.
  • You guys must have some serious problems. I havn't received *ONE* nore *SEEN* one of these messages..

    1 gigabytes of files? Sounds like you need some new friends if they don't know they're sending all that crap to you!

    The only virus/virii i have seen is the snow white and the seven dwarves that hit all the oracle consultants on a weekly basis.. other then that, nothing.. nada..

  • still, wouldn't joe shmoe average user realize they are sending out tons of email?? Slashdot tends to have more of a tech savy crowd then elsewhere.

    I think it is kind of funny..

  • Too bad SirCam isn't an Outlook virus. It's an executable, smarty-pants.
  • IANAL, but the general rule is that precautions must be taken to perserve secrecy. There are two types of precautions: security and confidentiality. In one court case, the judge did not remove the trade secret status of documents even though the plant they were in had no guards, security systems, or locked storage. I would doubt that a judge would say that the lack of an effective virus scanner is lax security. The confidentiality precaution can be met if the document is marked confidential or secret.

    In another case,however , a company sold an old computer with confidential data encrypted on it. They forgot to erase the harddrive. The person who bought the computer found out the password from a previous employee, and got to the information. The judge ruled that they forfeited protection by not erasing it.
  • There was also a competition on The Register [theregister.co.uk] a while back to find the stupidest email disclaimers used by their readers. My favorite, and the winner for the longest email disclaimer [theregister.co.uk], is this one:

    This report has been prepared by the division, group, subsidiary or affiliate of UBS AG ("UBS") identified herein. In certain countries UBS AG is referred to as UBS SA, which is a translation of UBS AG, its registered legal name. UBS Warburg is a business group of UBS AG. This report is for distribution only under such circumstances as may be permitted by applicable law, including the following: This report has no regard to the specific investment objectives, financial situation or particular needs of any specific recipient. The report is published solely for informational purposes and is not to be construed as a solicitation or an offer to buy or sell any securities or related financial instruments. The securities described herein may not be eligible for sale in all jurisdictions or to certain categories of investors. The report is based on information obtained from sources believed to be reliable but is not guaranteed as being accurate, nor is it a complete statement or summary of the securities, marketsor developments referred to in the report. The report should not be regarded by recipients as a substitute for the exercise of their own judgement. Any opinions expressed in this report are subject to change without notice and UBS is not under any obligation to update or keep current the information contained herein. UBS and/or its directors, officers and employees may have or have had interests or long or short positions in, and may at any time make purchases and/or sales as principal or agent, or UBS may act or have acted as market-maker in the relevant securities or related financial instruments discussed in this report. Furthermore, UBS may have or have had a relationship with or may provide or has provided corporate finance, capital markets and/or other financial services to the relevant companies. Employees of UBS may serve or have served as officers or directors of the relevant companies. UBS may rely on information barriers, such as "Chinese Walls," to control the flow of information contained in one or more areas within UBS, into other areas, units, divisions, groups, or affiliates of UBS.

    Options, derivative products and futures are not suitable for all investors, and trading in these instruments is considered risky. Past performance is not necessarily indicative of future results. Foreign currency rates of exchange may adversely affect the value, price or income of any security or related instrument mentioned in this report. Clients wishing to effect transactions should contact their local sales representative. UBS accepts no liability whatsoever for any loss or damage of any kind arising out of the use of all or any part of this report. Additional information will be made available upon request.

    EEA: This report has been issued by UBS Warburg Ltd., regulated in the UK by the Securities and Futures Authority. In the UK this report is for distribution to persons who are not UK private customers. Customers should approach the analyst(s) named on the cover regarding the contents of this report. For investment advice, trade execution or any other queries, customers should contact their London representative. Switzerland: This report is being distributed in Switzerland by UBS AG. Italy: Should persons receiving this research in Italy require additional information or wish to effect transactions in the relevant securities, they should contact either Giubergia UBS Warburg SIM SpA, an associate of UBS SA, in Milan or UBS Warburg (Italia) SIM SpA, a subsidiary of UBS SA, in Milan or its London or Lugano Branch. South Africa: UBS Warburg Securities (South Africa) (Pty) Ltd. (incorporating J.D. Anderson & Co.) is a member of the JSE Securities Exchange SA. United States: This report is being distributed to US persons by either UBS Warburg LLC or by UBS PaineWebber Inc., subsidiaries of UBS AG; or (ii) by a division, group, subsidiary or affiliate of UBS AG, that is not registered as a US broker-dealer (a "non-US affiliate"), to major US institutional investors only. UBS Warburg LLC or UBS PaineWebber Inc. accepts responsibility for the content of a report prepared by another non-US affiliate when distributed to US persons by UBS Warburg LLC or UBS PaineWebber Inc. All transactions by a US person in the securities mentioned in this report must be effected through UBS Warburg LLC or UBS PaineWebber Inc., and not through a non-US affiliate. Canada: This report is being distributed by UBS Bunting Warburg Inc., a subsidiary of UBS AG and a member of the principal Canadian stock exchanges & CIPF. A statement of its financial condition and a list of its directors and senior officers will be provided upon request. Singapore: This report is being distributed in Singapore by UBS Warburg Pte. Ltd. Hong Kong: This report is being distributed in Hong Kong to investors who fall within section 3(1) of the Securities Ordinance (Cap 333) by UBS Warburg Asia Limited. Japan: This report is being distributed in Japan by UBS Warburg (Japan) Limited to institutional investors only. Australia: This report is being distributed in Australia by UBS Warburg Australia Limited in relation to fixed income securities, and UBS Warburg Australia Equities Limited in relation to equity securities. New Zealand: This report is being distributed in New Zealand by UBS Warburg New Zealand Ltd in relation to fixed income securities and UBS Warburg New Zealand Equities Ltd in relation to equity securities.

    + 2001. All rights reserved. No part of this report may be reproduced or distributed in any manner without the written permission of UBS. UBS specifically prohibits the re-distribution of this report, via the Internet or otherwise, and accepts no liability whatsoever for the actions of third parties in this respect.

    Visit our website at http://www.ubswarburg.com

    This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

    E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.

  • Too bad the virus seems to have been patched up. I'm not getting sent random files anymore :( But it was rather fun reading through the crap that people store on their harddisks. I just wish I got something more interesting. All I got was a bunch of word files containing poetry and a newsletter for some club. I can see some REAL potential fun with this though if more interesting files were sent.

    Since we're currently discussing the legality of this, someone who's brave enough should set up a repository for files we've received and who we received them from, with cross reference links, etc. If someone was infected, theres a good chance that a large quantity of the data stored on his harddisk is available to the internet at large. If all this information was displayed publicly (LEGALLY even), what a nice incentive to switch to a less virus prone operating system.

    -Restil
  • I think that real-world analogies are a good way to determine the proper way to treat a cybercrime, but unfortunately some of the real world laws are rather loopy.

    For example, if the neighbors kid trespasses onto your property and drowns in your pool, then YOU are to blame (in NY/CT).
  • If I've invited someone to my home, then IMO it's only reasonable if I'm liable for any accident they have have if it's a result of gross negligence on my behalf or failure to warn them of some non-obvious danger. However, if someone slips on ice on my property, then I can't see how you can reasonably claim that to be my fault - if the weather is icy then YOU take care (similarly if coffee is hot at McDonalds YOU should take care).

    American law seems to assume by default that you can sue someone if you have an accident on their property, or using their product, regardless of whether this was a result of negligence on your behalf or whether it was simply bad luck or stupidity on their part. Only in America does a metal ladder need a warning against resting it against power lines - in the rest of the world people know better, and accept the consequnces if they fuck up - their reaction would be "I can't believe I was so stupid!", not "Who can I sue for this?...".

  • by Snowfox (34467) <{ten.xofwons} {ta} {xofwons}> on Tuesday July 31, 2001 @09:52AM (#2179074) Homepage
    I'm interested in seeing what all these idiots are sending me (call me nosy; I also look at car wrecks when I drive by). What's the safest way to open these attachments on a Windows 98 machine that is not running Outlook?

    Save the file on your harddisk, then remove the first 137216 bytes. You need a hex editor to do that.

    Only in the World of Windows would adding 137kilo-bloat to a word processor document be considered "stealthy."

  • Ethics don't last as long as a single generation anyway. They're always changing, always evolving.

  • Bzzt. Carl is limited in what he can do, because he doesn't own the copyright to the document. So no, he can't publish it without violating that copyright. But copyright won't prevent him from showing it to other people, or publishing a fair use subset of the document.
  • The word he's looking for is NOT 'consideration' or 'quid pro quo'. That's something very different - the idea that all contracts must offer something of value to all parties. It may only be "$1 and other considerations," but there has to be *something*.

    As a counterexample, the Microsoft tax arguably violates that since I'm forced to pay for a software license of absolutely zero value to me, a software license that I can't even transfer to another party due to their "OEM license vs. retail license" provisions. I'm out hard cash, and have nothing of value (to me) for it. But it's a large corporation that's able to *ahem* make its own law.

    What the original poster was refering to is closer to "informed consent," but even that isn't quite right.
  • Many years ago, banks actually sent out unsolicited credit cards.

    Not pre-approved credit card offers, actual working credit cards.

    Some people used them, charging to the max. Then refused to make any payment, daring the bank to collect. The banks tried, but failed since 1) the consumer never signed any contracts and 2) the bank had no reasonable expectation that every credit card would be properly delivered and not stolen from an unlocked mailbox.

    Ironically, it was the people who refused to make any payments who got away with this. Make any payment, even a dollar, and you clearly indicated agreement to repay the charges.
  • Just why do you think every receipt now includes that legalese?!

    BIG HINT: It was because the banks had to take a big hit once because they approved charges even though the customer had signed nothing promising repayment. Because they got unsolicited credit cards and the credit card slips at that time didn't include that contract.

    As for the cite, try checking damn near any undergraduate business law book. Audacity magazine also covered it. It all went down when Mastercharge (which later became Mastercard) (iirc) tried to take the relatively limit-use general credit card introduced by Diner's Card in the 50s to the mass market. All of this happened in the late 1960s.

    It was a major case because it actually covered *anything* you received without solicitation. Charities used to send you token gifts (e.g. ties), then try to guilt you into donations. No more. Sleazy companies would "accidently" send you stuff, stuff it was cheaper to pay for than ship back. No more - they can demand it back, but they have to pay for shipping.

    (BTW, a general cluestick: most of the "new" problems faced by the internet today are little different than those encountered repeatedly during the past 100 years. The only difference is that companies are trying - and often succeeding - to rewrite the rules because so many people have forgotten the hard-earned lessons in the past.)
  • You cannot forward a document to a stranger and then legally bind that stranger to behave according to the content of that document. Not in the USA.

    At least not without a click button...
  • Yes, there are secret lawyers on Slashdot. Really.

    I do agree that posing these questions to Slashdot in general is rather silly. I've attempted once to volunteer to provide a "not a legal opinion" opinion on legal questions (specifically intellectual property, since that's my area of expertise)... but I never got a response. I think in general Slashdot prefers inane rants to reasoned opinions.

    Thalia

    Oh, in case you were wondering, you should delete the files that SirCam sent to you. You can be held liable for disclosing a trade secret. Odds are, however, that no jury would convict you. Still, it's an expensive/painful process, so unless the information is valuable enough that you're willing to risk jail time, just delete it all.
  • by JimDabell (42870) on Tuesday July 31, 2001 @01:23PM (#2179088) Homepage
    AFAIK, viruses are still legal. It's only the use of them which is illegal.
  • IIRC, pif files are text, emacs should handle it. Com files are executables, you'll need a disassembler AND emacs to view them.
  • by nakaduct (43954) on Tuesday July 31, 2001 @12:52PM (#2179095)
    I have now recieved 1.1
    gigabytes of sircam virus email attachments.
    It's the twenty-first century; you no longer need to italicize the word "gigabytes". In related news, you also needn't follow its use with a parenthetical "one thousand megabytes!"
  • In contracts I am writing up at the moment, there are standard confidentiality clauses. This means, that for anyone to be released from a confidentiality clause, then teh information has to be legally published. Even if EVERYONE knows about it because ofa virus or a leak, anyone using it is doing so illegally and may be prosecuted for stealing trade secrets.

    And I am writing contracts which say 'all your base are belong to us'.

    You can write 'em how you like. Just don't expect a court to enforce 'em.

  • Now that [MS] documents can distribute themselves automatically, can we finally truely say that "information wants to be free" ?
  • But I am an FCC engineer. FCC engineers are required to know the relevant laws. From time to time, these questions pop up for international companies wanting to do business in the states and europe. The CISSP also requires knowledge of the legal aspects of sysadmin or security personel who may receive electronic communications not intended for them.

    The relevant parts of US Federal Law are contained under the Code of Federal Regulations, also known as the U.S. Code, part 47 covers telecoms and the FCC and part 18 is criminal laws and punishments

    18 USC 119 [cornell.edu] bars the disclosure of any electronic communications to which you are not a party

    18 USC 2702 [cornell.edu] defines the criminal act of disclosing intercepted communications

    47 USC 605 [cybercrime.gov] (the Communications Act of 1934) also bans the disclosure or use of third-party communications.

    There are similar laws here in Europe, but I can't find any of those bookmarks. If anyone is interested, google yourself.

    the AC

  • The GCC development lists get this kind of thing a lot. Occasionally someone will suggest blocking emails originating from these kinds of auto-appended, shit-fer-brains mail servers. The idea seems to be gaining more and more support, especially considering that everything sent to the lists is archived forever.

    The trick of course is to filter (and bounce with a helpful note) such messages /before/ distributing them.

    Hmmmm... on a related note, many of the *-bug@gnu.org mailing lists have all kinds of crap stored in their archive, because RMS forbids the gnu.org admins to do any kind of spam filtering on the lists. (Go check out, say, the archives for gdb-bug.) The main lists at @gcc.gnu.org are filtered, but the ones at @gnu.org are not. If some proprietary information is sent to one of those @gnu.org lists, they could be in trouble.

  • I'm gonna ask again. Has someone setup a website of received documents(non-confidential or what not) via the virus? There's gotta be some juicy stuff from a Senator or something.
  • those are both flawed.

    When the jewelery is sent/stolen from the store, then there is no longer jewelery at the store.

    Maybe if the thief made COPIES of the jewelery and sent the copies.... ?
  • > Frankly, I don't see the difference between leaving an unencrypted document on a computer, and leaving an unshredded document in a trash can, or sending an unencoded message over radio. It up to the author and the intended recipient to keep things secure if they don't want their secrets to get out.

    I think you're right, except I strongly dispute your use of the words "Public Domain" in the Subject: headers

    If the document contains "company confidential" information, such as a trade secret like the formula for Coke, you may argue that you obtained it legally, because the sender, umm, sent it to you, even if not knowingly, and you may be free to republish that trade secret. (Interesting aside -- the Berne convention may well protect, by default, all such documents. You may be free to transcribe the trade secret in your own words, but republishing coke_formula.doc would be in violation of Coke, Inc's copyright over the "work" of its employee, even if the "work" was just a company internal memo.)

    If it's material nonpublic information ("insider information") on a company, the instant you read it, you become an insider under SEC regulations. Any gains you make while trading based on this information are illegal, and the SEC can (and should) come down on you like a ton of bricks.

    If it's classified information (i.e. in the .gov sense of the word, not the corporate sense of the word), you have a legal obligation not to disseminate it, you probably have a legal obligation to stop reading when you discover that it's classified, and you may even have a legal obligation to delete it (and to delete it as securely as you can), once you've stopped reading it.

    Which leaves open an interesting question for you .mil and .spooky types out there -- while recipients are clearly "better off" (in the sense of "less risk to themselves from pissing off three-letter agencies by exposing their pointy-haired-bosses as clueless") by just deleting it (albeit securely), do recipients have any obligation to report the leak, and if so, to whom should it be reported? (The Catch-22 is that if you don't have clearance for the information, you probably don't have clearance to know to whom you can report it without further compromising security! Do you just put on your Groucho Marx glasses, run to the nearest U.S. embassy, and frisbee the disc over the wall? :-)

    All three SirCam risks ("company confidential", "insider information", and "classified") extend to more than just today's virus/worm, BTW. Just about anyone buying a used computer or laptop runs the risk that the machine was improperly wiped, and that they may come into posession of information they wouldn't (and shouldn't) ordinarily have access to.

  • > What if I want to send internal documents to a competitor, or some other outside source. Could I claim immunity if I could "fake" the virus? Or rather, could I get the virus then purposely send an outsider a document and claim it was due to the virus? Or better yet, ensure that you get the virus, and that the only thing it can find to send is a series of very specific documents you WANT leaked?

    In a previous Slashdot post, I was in a very paranoid mood, and I speculated that this is precisely what the author of SirCam intended.

    I'm reserving judgement on whether I was "being too paranoid" or "not being paranoid enough" until we find the author.

  • by Tackhead (54550) on Tuesday July 31, 2001 @11:17AM (#2179108)
    > Taking a course in ethics only requires you to know about them (and not even that if you don't care to get particularly good marks.) It does not require you to actually believe them, much less act according to them.

    Obvious T-shirt fodder:

    "My Ethics prof was so convinced he was doing a good job, that he didn't monitor the final exam, which made it real easy for me to get an 'A' in the course by cheating!"

  • yes.
    arguably, bob has been negligent in letting his computer be infected. A very clear analogy is Bob keeping the confidential documents in a physically insecure place, where a casual visitor can easily read them.

    It is then up to the courts to decide to which extent Bob has been negligent. Has he been negligent in running an OS which is known to have many security holes? Is he responisble for keeping it secure?

    Guru Bruce Schneier predicts that computer security will only become a concern for people like bob when their insurance premiums and legal risk of prosecution hurt them where it counts.

    This is a commonly recurring theme on comp.risks (well recommended for friday afternoon reading).
  • I'd love to hear what the lawyers say to this one.
  • by Myself (57572) on Tuesday July 31, 2001 @09:36AM (#2179113) Journal
    It searches your drive for files with "metallica" and "mp3" in the name, then emails them everywhere :)

    Can you imagine a beow*LART* okay, I guess not.
  • by dilute (74234) on Tuesday July 31, 2001 @10:33AM (#2179132)
    The Uniform Trade Secrets Act (adopted in the majority of states), says that if you acquire information by accident or mistake, and have reason to know it is a trade secret (e.g., because of a confidentiality legend, or even just because the information *looks* like the type of information that is usually confidential), then a legal duty of confidentiality may attach. This principle can apply to misdirected emails, faxes, things falling off of trucks, whatever. The same principle also applies as a matter of "common law" in most of those states that have not adopted the UTSA.

    So, no, virus-spread documents cannot be considered liberated from trade secret restrictions, simply because they are zipping around uncontrolled on the Net as a result of the virus. But you would have to know the actual circumstances and contents in order to decide in any given situation if at the end of the day trade secrecy really applied.

  • Try searching on gnutella for "resume.doc" or "letter" or ".xls". Apparently many people use gnutella at work and set it to share C:\.

    For about a weekend or so it was a sport with me. I downloaded a ton of stuff I am sure was not meant for the public -- there was a breakup letter where the writer stoped midsentence and types "aw fuckit i'll stay with her" (but then for some reason saved the letter ? don't ask me). I also found some business oriented xls files and ppt files. Most interesting was the fact that you could find what I think were people's outlook and eudora mailfiles, those inbox.dbx things. I have no idea how to view those.

    Anyway, I got bored and moved on to other shit. The best thing I found was a file called either "private.txt" or "secrete.txt" which looked like the following:

    SSN: #########
    PIN(ATM): ####
    PIN(VISA): ####
    WellsFargo: user/passwd
    yahoo: user/passwd
    (a university student network domain): user/passwd

    So I guess this guy decided to consolidate all of his sensitive info into one place, decided to put it on a computer, and then accidently shared it with the whole fucking internet.

    I wanted to try the yahoo user/passwd just to see if it was real, but at that point I stopped and thought and decided that actually using the information people were inadvertendly sharing to snoop information they _weren't_ inadvertently sharing was probably where the legal/ethical boundary would be crossed. I never sent email to the yahoo address or the university one because I was afraid of being accused of being a hacker. The sad thing is that my gnutella client automatically moves completed downloads to the shared directory, so it is possible I further shared that file with others before I deleted it.

    If there were some way you could filter your gnutella search results on IPs belonging to cable/DSL users in the DC area, or by those belonging to employees of a particular company, etc, then you could really do some damage.

    I talked about this with other people and some of them apparently search for the names of .DLL files in various versions of windows, to find a gnutella host sharing everything, and then do the "list all files on this host" thing to look at the user's personal files.

    So I guess the moral is, make sure your friends know how to configure their gnutella clients correctly.
  • by Zaphod B (94313) on Tuesday July 31, 2001 @09:43AM (#2179153) Journal

    ...but I *do* get to deal with this on a more-or-less daily basis these days.

    According to the lawyer types I work with, it's more or less the same as if a fax went through to the wrong number. They are prohibited from disclosing the information if there is a legal blurb on the bottom of the page or wherever that says so.

    I never thought I'd see the day when I'd welcome more legalese on documents... but any sensitive documents should really have that blurb, quoted (well, mostly) here:

    The information contained in this document is proprietary and confidential and may not be transmitted to others in any form without the express written consent of $COMPANY. If you have received this document in error, please call $NAME at $PHONE and promptly destroy all copies.

    In the case of financial documents, which is what I concern myself with, the use of them for gain is tantamount to insider trading and is a Bad Thing for He Who Gets Caught.


    Zaphod B
  • by cworley (96911) on Tuesday July 31, 2001 @09:42AM (#2179164)
    I was out of town for a week... didn't check my hotmail account.

    During that time, my hotmail Inbox filled up with these sorts of messages (large attachements with the text: "I send you this file in order to have your advice").

    Once it reached the maximum size for hotmail diskspace, hotmail started automatically deleteing older messages: all the messages in all of my folders had been deleted by the time I checked my hotmail account.

    All that was left was spam in my Inbox.

    Thanks, Microsoft!

  • by SIGFPE (97527) on Tuesday July 31, 2001 @10:26AM (#2179165) Homepage
    ...secrets. If you leak them they're not secret any more and you no longer have protection.

    If you have some intellectual property you have 4 ways to protect it:

    • Trade Mark
    • Copyright
    • Patent
    • Trade Secret
    The first three rely on government protection. The last one relies on your own ability to keep it secret. If you're unable to keep it secret then you should use one of the first three methods to protect yourself. If you fail to keep it secret and don't use one of the other methods then you are unprotected and there's nothing you can do - that's why the other methods exist.

    IANAL But I recently had one explain all this to me.

    --
  • by zpengo (99887) on Tuesday July 31, 2001 @09:38AM (#2179168) Homepage
    total strangers I've never heard of before

    Those are the worst kind of strangers!

  • by egomaniac (105476) on Tuesday July 31, 2001 @10:17AM (#2179172) Homepage
    Why do people keep posing technical legal questions to a bunch of geeks, most of whom haven't even graduated from college yet? Is there some secret stash of lawyers on Slashdot that I'm not aware of yet?

    Judging from the uninformed comments above, evidently not, but there are a *ton* of clueless idiots who are more than happy to spout off their opinions on a subject they know nothing about. But hey, that's what most Slashdot discussions are anyway.

    Trade secrets are covered by a myriad of laws, and you can get in serious trouble for divulging them even if you learned of them by accident. Call a lawyer to find out more details. Slashdot can't provide much help on legal questions, as we've proved over and over and over again...

    --- egomaniac
  • by Fencepost (107992) on Tuesday July 31, 2001 @11:48AM (#2179180) Journal
    Oh my...

    Consider a virus writer being caught, then going after the major antivirus software vendors for breaking the encryption on his virus...

    -- fencepost

  • by mikeage (119105) <slashdot&mikeage,net> on Tuesday July 31, 2001 @09:37AM (#2179182) Homepage
    ...What if some clever virus/worm writer put a click through license. Would that be legal? If so, how much "honesty" (obvious, he wouldn't write "this is a virus") is required to ensure that a victim actually agrees?

    On another note... are you saying I can't post those so-called confidential emails between Slashdot and goatse.cx paying for click-throughs?

    --

  • by regen (124808) on Tuesday July 31, 2001 @10:09AM (#2179195) Homepage Journal
    This means, that for anyone to be released from a confidentiality clause, then teh information has to be legally published.

    Let us say that Alice and Bob enter into a contract, with a confidentiality clause. Bob's computer is infected with SirCam and it mails the contract to Carl. Carl then publishes the contract in a news paper. Alice may have grounds to sue Bob for breach of contract (Bob's copy was leaked) but doesn't have grounds to sue Carl for a breach since Carl was never a party to the contract.

    Now for Bob or Alice to release any information may still be a breach, but Carl can do whatever he wants.

  • by austinij (139193) on Tuesday July 31, 2001 @12:06PM (#2179214) Homepage
    I have now recieved 1.1 gigabytes of sircam virus email attachments. I'm just glad I don't pay for my bandwidth per k.

    Wow, talk about a lot of stupid friends. I've only gotten a few of the SirCam virus emails, so I have to assume either a) people don't like me enough to put me in their address book, b) my friends are smarter than CmdrTaco's, c) my friends don't use outlook

  • by michaelsimms (141209) on Tuesday July 31, 2001 @09:39AM (#2179215) Homepage
    In contracts I am writing up at the moment, there are standard confidentiality clauses. This means, that for anyone to be released from a confidentiality clause, then teh information has to be legally published. Even if EVERYONE knows about it because ofa virus or a leak, anyone using it is doing so illegally and may be prosecuted for stealing trade secrets.
    If they delete it, no problem, if they keep it, big illegal problems.
    IANAL, but I hired one and thats what they said.
  • by www.sorehands.com (142825) on Tuesday July 31, 2001 @09:42AM (#2179217) Homepage
    It got to you, via a virus. That means that:
    • You did not do anything illegal to get it
    • They did not take sufficent precautions to prevent the leak.
    I would guess you would be safe in releasing it. But, if it got to you, it probably got to many others so the leak would not be traceable.

    See a lawyer.

  • by kchayer (161217) <keith.chayer@net> on Tuesday July 31, 2001 @12:11PM (#2179236)
    If a document is top secret, it shouldnt be stored on a networked computer. If it is stored on a networked computer, then it should be encrypted. problem solved. encrypting important documents should be as important as backing them up.

    You shouldn't set your email program to automatically execute attachments...

    You shouldn't open attachments from someone you don't know...

    Oh wait, you might get the virus from someone you DO know, but you shouldn't open attachments unless you know what they are and were expecting them...

    Always use BCC:

    Keep your virus definitions up to date...

    Keep your programs/operating system/server up to date with the latest patches...

    Always backup your data...

    You shouldn't be superuser-equivalent unless you need it briefly to change something...

    You should choose a password that is not easy to guess...

    You should change your password regularly...

    You shouldn't use the same password on different systems...

    Do not feed the bears...

    It could go on and on. Your idea is fine. It represents one of the many things that *should* be done. But who is going to do it? The fact of the matter remains, people won't follow good security practices because it's inconvenient, they don't want to, they don't know about them, or their Aunt Ruth has a beard.

    The point of the question above is that when someone receives something confidental, accidentally, the ethical thing to do is to delete it. Who's responsible? Well, the virus writer, if the file was spread as a result of a virus. Sure, the user should have kept his document secure, but he didn't. Are users guilty of violating any of the above policies? Sure. Are sysadmins? Yep. We do it too.

    Of course, we need to educate our users and enforce security policies. Saying "this will work; problem solved" isn't sufficient. Proactive education, policies, and enforcement are the answer. Now I've got to get back to work and do it!

    "I say consider this day seized!" -Hobbes

  • by Mike1024 (184871) on Tuesday July 31, 2001 @11:35AM (#2179266)
    Hey,

    Is there some secret stash of lawyers on Slashdot that I'm not aware of yet?

    Sure!

    CmdrTaco) Hmm... Got another law 'Ask Slashdot' here.
    Hemos) Another? What's it about?
    JonKatz) It's a case that has the ugliest implications not only for the press (online and off) but for open discussion of technology, and especially for the First Amendment.
    CmdrTaco) Some guy wants to know if he can post secret documents he gets e-mailed.
    Roblimo) Are you sure we want to post this? Don't you think slashdot is posting too many law-related stories, when there are no lawyers reading? We don't want the site to get boring...
    JonKatz) Slashdot is at times witty, imaginative and entertaining, no small accomplishment, especially this summer. It reminds us that when it comes to ominous design and atmosphere, nobody can top CmdrTaco. Where he seems to have trouble is with storytelling.
    Hemos) Well, we could just blindly post it... or we might have to break out the.... SECRET STASH OF LAWYERS!
    CmdrTaco) Great idea! Where did you leave the lawyers, Cliff?
    Cliff) They're in the fridge, behind the Jolt.

    I think that's about how it went.

    Michael
  • by TOTKChief (210168) on Tuesday July 31, 2001 @10:17AM (#2179289) Homepage
    Well, it would appear that Matthew Haughey of MetaFilter has considered building [wholelottanothing.org] SirCamExchange.com [according to betterwhois, it's still available...]. He compares it to FilePile [filepile.org], but I find the idea rather...inane. Oh well.
  • by KarmaBlackballed (222917) on Tuesday July 31, 2001 @09:45AM (#2179316) Homepage Journal
    The lawyers out there will know the Latin word (and there is one) but there has to be something received by both parties entering into a contract for that contract to be enforceable in the USA.

    You cannot forward a document to a stranger and then legally bind that stranger to behave according to the content of that document. Not in the USA.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~ the real world is much simpler ~~
  • What happens if someone steals your car and causes a fatal accident with it? Given my car, it's quite likely the theif was the one who died.

    What happens if a child finds the gun you left in your dresser and shoots himself?
    He'll be very very wet or hit by a paint ball.

    What happens if someone breaks into your house, trips over something and breaks a leg?
    Not only will they have a broken leg, they'll be covered in doggie drool. So with a broken leg and buckets of doggie drool, they'll be searching for the missing portable phone. And if all he broke was his leg, he's lucky. There's lots of stuff to trip over in my house.

  • by cavemanf16 (303184) on Tuesday July 31, 2001 @09:46AM (#2179360) Homepage Journal
    What you're saying is...

    I send this Ask Slashdot to you to get your advice.

  • by clark625 (308380) <clark625NO@SPAMyahoo.com> on Tuesday July 31, 2001 @10:18AM (#2179364) Homepage

    I'm sure the authors of all these recent viruses would just love to implement this. I can think of lots of fun things to do now:

    Outlook virus that sends not only itself to all persons in the address book, but also a random file from "My Documents" or somesuch. Especially good if the virus picks files that are .doc, .xls, etc.

    IIS exploit that fully allows "visitors" to read all cgi scripts, as well as perform "updates" to these scripts.

    Now, if you'll all excuse me, I've got some MS exploits to write....

  • by why-is-it (318134) on Tuesday July 31, 2001 @11:54AM (#2179377) Homepage Journal
    IANAL, but I did ask one in passing about this. It is difficult to get a short, concise answer from a lawyer about anything BTW...

    Based on that conversation, this is what I understand the situation to be here in Canada: if there is no pre-existing NDA in effect, a person who receives a document labelled "confidential" is not under any legal obligation to maintain that confidentiality.

    I was cautioned however, that there would be no guarantee that any information received in such a manner would be accurate or authentic...

    Caveat emptor.
  • by tlk nnr (449342) on Tuesday July 31, 2001 @09:44AM (#2179393) Homepage
    I'm interested in seeing what all these idiots are sending me (call me nosy; I also look at car wrecks when I drive by). What's the safest way to open these attachments on a Windows 98 machine that is not running Outlook?

    Save the file on your harddisk, then remove the first 137216 bytes. You need a hex editor to do that.

    Or with Cygwin it's

    $dd if=virus.doc.pif of=clean.doc bs=1 skip=137216

    Rename it to the actual file type and open it.
    Do not double click it, instead open it from the correct app (just in case you didn't remove the virus properly - Word doesn't open windows executables)

Economics is extremely useful as a form of employment for economists. -- John Kenneth Galbraith

Working...