Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy

E-Mail, Privacy and the Law 176

Not From Me writes, "sendmail.net has an eye-opening article about how 'private' e-mail is in the eyes of lawyers and courts, called E-Mail, Privacy and the Law. Scary stuff, and important to know."
This discussion has been archived. No new comments can be posted.

E-Mail, Privacy and the Law

Comments Filter:
  • But then counting email as the same as a letter makes sense. Far easier to delete an email than to destroy a letter though....

    S-J
  • Why is there a sudden concern about the privacy of e-mail? E-mail has never been 100% private nor will it ever be. Even with encryption there is always a way to decode. The solution is simple: don't send sensitive messages over e-mail. -
  • by MartinG ( 52587 ) on Thursday March 02, 2000 @04:57AM (#1231147) Homepage Journal
    "... it can be demanded as potential evidence during litigation."

    Isn't this one of the things that has got Microsoft into so much trouble throughout the court case? I wonder how much of what they now stand accused of would not even have seen the light of day without forcing them to disclose their emails?
  • Scary stuff, just goes to show that anything we put out over email is public. As a PHB and being pretty close to the Netscape suit that was referenced. Little stuff can haunt you as well, All the jokes, flames etc that an employee might send can also screw you. We had to put out to Friend and associates to please DO NOT send me anything remotely inapropriate over mail, this included Hotmail and the like. It just isn't worth it.
  • In this case refering to the key that was used to encrypt the information. Realistically you can't be expected to deliver information that you don't have.

    Perhaps the best idea that I have is to simply have a convincing fake on hand to lure would be lawyers into thinking something else when it's really not the case.
  • what can you do with an email, legally?
    It's just a sequence of bytes anybode could have made, unless you signed it with a known key.
  • by MerkuryZ ( 140661 ) on Thursday March 02, 2000 @05:00AM (#1231152)
    Perhaps a email protocol which allows for self destruction and prevention of forwarding of emails needs to be created (not patented). I send an email to a co worker about how I think this and that about another employee, set to destruct in 1 day. Then, when a court case comes up, this email is long gone.
  • by viking099 ( 70446 ) on Thursday March 02, 2000 @05:01AM (#1231153)
    Actually, it's easier to destroy a letter. All you have to do is stick a lighter under it, and you're done. With email, you have to actually destroy the binary data of the section of the hard drive it's on.
    That would be ALL hard drives. Which means:
    1) The sender's hard drive
    2) The sender's ISP's mail hard drive
    3) Your ISP's mail hard drive
    4) Your hard drive.
    and for every cc:, the number jumps up.

    and don't even bother trying, if there was a bcc:
  • Huh?...

    To destroy a letter you need a lighter. Depending on the OS you use, the mail service, the email-client, the email servers your email has passed through - you might just need an H-bomb to be sure all traces of the email are gone...

  • by Proteus ( 1926 ) on Thursday March 02, 2000 @05:02AM (#1231156) Homepage Journal
    This will probably get lost in the hundreds of posts that I expect to come flooding in on such a hot topic, but here's my $0.02 anyhow:

    Despite the article's premise that it doesn't matter how many layers of encryption, etc are used to protect e-mail, it is all discoverable. Now, I'm not a lawyer, but my understanding of current US law is that the TEXT of any e-mail is discoverable: if the sender encrypted it, there is no current law on the books that would force surrender of the key. This changes a bit if only the servers encrypt the data -- which is a strong argument for public use of encryption.

    On a side note, however, it is important to realize that if the authorities wish to take the time to track down the senders and recievers of e-mail messages, the plaintexts of even encrypted messages can be subpoenaed (sp?), so caution in what is said is still important.

    This brings up one last issue, too: with the revision of Yahoo!'s ToS to state that they own all IP expressed over thier services, even instant messaging logs could be subject to this kind of discovery. Write your congressperson, as per usual...

    In the meanwhile, encrypt, encrypt, encrypt! At least we'll make them work for the data. :)


    --
    Never underestimate the power of very stupid people in large groups

  • I would think it harder to destroy an email than a tree-based letter, given the path an email has to travel. Emails received and sent are extensively logged by the servers they pass through, no?

    (Or maybe I'm being too paranoid after that Law & Order episode last night...)
    --

  • Oh no, all those sexy, love letters my girlfriend sends me through e-mail. :)

    Yeah, right. If they read my e-mail in a court, they'd probably let me off just because they felt sympathetic for me.

    kwsNI

  • I find it odd that they would expect a company or institution to be required to pull unused sectors of their disk drives in the odd chance that there would be unlinked emails in the data.

    If subpoenaed, how would one actually read and store unused sectors from disks on large multiuser systems like that? (Create a file, lseek out far enough to fill the entire disk, then scan it?)
  • That's a simple and bad solution. It's the same as saying "Do not ever tell anyone anything sensitive". Too bad it seems to be the only solution right now.
    Personally I feel that letters, email and phonecalls should all be rated equal with ordinary conversation. No-one should ever be forced to reveal contents of their personal documents or private conversations. But also I don't feel that planning a murder should be punished, only executing the plan.
  • by zpengo ( 99887 ) on Thursday March 02, 2000 @05:05AM (#1231162) Homepage

    We all know that e-mail should be private, the but the question is, "Why isn't it?"

    E-mail can't be used to "prove" anything. It's disturbingly easy to forge. A printout of an e-mail could easily have simply been typed. There are no signatures, no postmarks, just bytes of data that can be forged by anyone who has half a clue what they're doing.

    ICQ: 49636524
    snowphoton@mindspring.com

  • Forgetting the private key brings the wrath of court upon you? Eh, so what? There is no way to tell (yet:) if you have forgotten it for real or not. Sounds like the author has been watching too much tv lately.
  • This is yet another case, examples of which show up every day on slashdot, of the ways in which the law is unable to compensate for technology. You've got two conflicting tendencies here. On one hand, jurisprudence, which is by definition conservative, based on precedent, tradition, and common sense. It literally presumes to exist as the very basis of legal discussion of how reality works. On the other, you have the ever-increasing pace of technological innovation, which is as even my grandma knows, is changing the nature of communication, property, and privacy (the reality that the law supposedly defines) faster than ever before.

    Just look at the library filter flap, UCITA, Microsoft being brought up on antitrust laws (a relic from the days of railroad), internet pr0n, and internet taxation. These are all crucial areas of law that the internet has changed the rules on.

    What's the solution? I dunno. Legislators have to give some serious time to the the implications of their actions before they totally fxxk up the First Amendment, property law, search-and-seizure, and all the rest of it. Maryland is currently reviewing UCITA in this way (Thank GOD), and hopefully other states (those outdated geography-based domain names) will follow suit.

    --

  • >There's nothing private about it, no matter how
    >many layers of cryptography you've wrapped around
    >it or how well you've squirreled it away.
    Bullshit. With enough crypto layered around an email --- or any other piece of data for that matter --- no one besides the recipient and the sender are ever gonna see it.

    If they demand the keys, you can always develop a case of the forgets. "Oops, I forget my password." "Oops. I forget where I stored my email." "Oops. I forget what encryption scheme I used to encrypt it."

    Is it illegal to "forget" information like that in a civil trial? I know that a judge wouldn't take to kindly to that in a criminal trial, for sure...
  • Wow - I totally disagree with this. If you take an "average" corporate email, let's take MY work email as an example, when I highlight an email and hit "delete", it is simply moved to a folder titled "deleted mail", when I exit, it purges that folder. Here's where it gets sticky - are the email admins logging? Did I leave my email client on overnight? If I did, there's a very readable version of that mail on a DLT somewhere. Let's say I DID manage to purge the thing completely, did the originator/recipient do the same. Getting rid of a letter, unless it was copied, is as simple as burning it. Emails have this nasty tendency to get copied to places you don't relaize....
  • Actually, that makes it all the more scary. I could fake email that you sent, or received and you could not, based on current legal precedent, deny it.

    What would a defense of this look like? Maybe one could prove that the fileserver has been hacked, and thus, one cannot trus the authenticity of the messages stored on it?

    Whatever it is, it all looks like a can of worms.

  • > We had to put out to Friend and associates
    > to please DO NOT send me anything remotely
    > inapropriate over mail, this included
    > Hotmail and the like. It just isn't worth it.

    I completely understand what you're saying here because I've been involved in similar situations, but the part that I don't understand about this is that people don't really seem to understand that you don't have any control over the email that people send you.

    I know that people think that you do, but why can't companies understand that you are going to get spam occationally and you're going to get junk mail. The only thing that you can really control is the mail that you are sending out and if that isn't apropriate then they should have words with you, but not because you are being sent some dirty jokes.

    arghh, just another one of my peaves against PHBs!

  • But emails have been used in the trial against M$... I guess they've checked the printed mails and headers with the mail server logs...

  • That's a good idea for the great number of /.'ers, but what about Dilbert-style managers and all those nongeeks?
    These people often don't check their mail every day, and if it's a weekend, forget it.
    There's too great a potential for your data never getting seen, not to mention abuse...
    What if some punk on their parent's DSL/Cable line decides to cc:all@aol.com (or something similar) a 15 meg email, set to destruct in 6 hours?
    All of a sudden, every server from his line on up can get nuked, and AOL is SOL (no complaints here).
  • i'm having flashbacks to the days when bbs operators used to leave posted notices that your email was not private and was subject to being read by the sysop at any time.

    creepy, huh?
  • It isn't a solution at all. It is a statement about the security of the internet/www. For every encryption program created, there are 10 hackers able to break the code and post the results on the web. Until something is done about the way information is transferred, there will be little to no privacy on the net.
  • by MosesJones ( 55544 ) on Thursday March 02, 2000 @05:10AM (#1231175) Homepage

    What is it over there in the land of the free that creates such draconian laws ? Giving Lawyers as much power as the likes of the FBI and other elements of the goverment is way beyond bizarre.

    Time to have another revolution guys.
  • by retep ( 108840 ) on Thursday March 02, 2000 @05:12AM (#1231176)

    The problem with encrypting everything is that you can have your key subpoenaed too. If you don't turn over that you get hefty fines (for the defendant) or you case gets forfetured. (for the prosecuter) Encryption just doesn't do a single thing for you, except allow you to swallow those hefty fines if it's worth it. (company secrets might be worth keeping even if you have to pay millions in fines of course)

    Destroying email will help you out quite a lot. Make sure that no email gets saved. And make sure that all deleted email is securely overwritten. Don't make backups and if you really need to save something hide it.

  • >Like any document - physical or electronic - email is "discoverable," meaning that it can be demanded as potential evidence during litigation.

    What about ICQ?

    Legal: Is it discoverable? Or is it like a telephone mentioned in the article.

    Technical: Suppose the sender and the reciever erases their logs on their local machines. Is it stored somewhere else? Could that be "discovered"?
  • It says... "You are a loser"
  • It just can't happen. It's way beyond the protocol level... You could probably make a closed source client/server solution that simply won't cut, copy, or forward emails and encrypts all data in transit, but that doesn't prevent a screen capture or simply retyping it.
  • That would depend.

    Those that live in the UK probably would NOT want to lose the key, IIRC. Over here in the US, failure to produce the key might be contempt of court, destruction of evidence, or obstruction of justice (but hey, IANAL) -- in much the same way that destroying any other form of evidence is itself a criminal act.

    As for a fake key -- theoretically you could claim an XOR-based OTP, and simply have a fake key to turn incriminating text into vaguely suspicious, plausible but non-incriminating text (as I sincerely doubt a jury would believe that you OTP'd a cookbook recipe... especially, say, if it's to a staffer at a foreign embassy or whatever). This would might be perjury or worse if caught, however.

  • Its much easier to get a hold of tape backups.

  • Realistically you can't be expected to deliver information that you don't have.

    Who said the authorities would behave "realistically" ?

    See this [slashdot.org] previous slashdot story:

    Richard Stallman talks about some upcoming laws that could be disasterous for British citizens." Guilty until you prove you're innocent, no right to remain silent, no right to a jury trial, produce your encryption keys or go to jail..
  • I finally understand why Americans fear their government!

    Here in Holland, you have privacy laws on snail-mail, and these days even on E-mail. Reading someone else's E-mail simply is a crime.

    I don't know how politics work in the USA, but perhaps there should be new privacy laws overthere, dealing with stuff like this. This means making your Congressman (this is the usual way?) aware of the problem. Perhaps other methods apply.

    This E-mail privacy is necesarry, because they can now ask/force you to open up your mail, next they won't ask anymore, where does it stop?

  • This is just an extension of the law from the real (non-virtual) world. Why is it scary? Perhaps people have got into trouble in the past because email is so much easier and convenient to send out than paper memos/letters/etc - perhaps people don't use so much self-discipline and self-control. But that is just part of learning to use a new medium (IMHO).

    What I find more disturbing is the ability to produce incomplete or altered email, out of context (copy and paste?). PGP signing of emails can help here.
  • More likely a judge will hit you with a sanction (meaning $$$) if you 'forget' a key. And it won't help you out in later case-related disputes either. The law needs to be a bit more consistent here, especially when you consider that in many states taping a telephone conversation without the other party knowing it is illegal (see Linda Tripp). Is only oral speech protected this way ? Apparently so. What's the difference between speech and e-mail (or even private letters) ? Is private e-mail (used by sending via your ISP) versus company e-mail different as far as privacy is concerned ?
  • Surely without a digital signature, or BOTH "original" messages (senders and receivers), they can't prove much - it's trivial to forge an email in your own mailbox - I could simply (manually) create a message on my server, and tell my email program to retrieve messages from that rather than my ISP's server. Result, a message that has all the right headers for whoever I want to set up. Likewise I could do the same to make it appear I had sent a message to someone.

    It's about time lawyers and the law was dragged into the 20th century, just as we're about to leave it...

  • The same can be done with snailmail. I type a letter, mail it from somewhere close to where you live. same thing. What I am wondering is how the situation in europe and other parts of the world is. Anyone care to enlighten me?

    //rdj
  • this might fall under the hearsay rule.

    even police reports can fall under hearsay if
    one party denies what is said within it.
  • Odd chance? Do you keep all your e-mail? Think I delete a good 95% of it immediately after reading (simply 'coz many are CFPs that I really don't care about...). Execs who handle potentially incriminating mail might read/remember/delete as a force of habit.

    A simple but inadequate approach might simply be to scan through a raw disk device -- remember the /dev entries, and dd? If only an unlink was used, and not much writing since then, it might have a chance.

    A data recovery specialist would probably be able to describe how to recover material that's been deliberately overwritten (say, just a couple of passes). Recall that some standards call for several differing passes of overwriting in order to prevent recovery of sensitive information...
  • Maybe MS forged all of their E-mails, then no-one knows what's happening, internal communications are very bad, and you get inconsistent products in the end ;-)

  • Sending unencrypted email is about as private as sending a postcard through the snail mail. Sending unencrypted email at work to a mailing list... you might as well be shouting from the rooftops.

    It's one thing when the mundane media express shock at this concept, but one would think that /. editors would have a higher clue level.

    The law has a concept of "expectation of privacy". If you tell your lawyer "I'm guilty" in the middle of the courtroom, loud enough for the prosecution to hear, all the claims of attourney-client privalege in the world aren't going to help you, because you had no excpectation of privacy.

    Sending private information in the clear over the internet is like walking naked in front of a picture window -- you can be sure that sooner or later, both are going to draw people's attention.

  • Slashdot is another means on asynchronous communication. Many come here to rant and rave about various topics, and most of us have e-mail addresses attached to our comments.

    Can Slashdot forum contents be subpoenaed? We often discuss on "controversial" topics such as hacking, computer security, virus, etc. We often express our displeasure with people (Bill Gates), entities (Microsoft) and even countries (Australia). What if Bill Gates was murdered by some Linux zealot cult. Will every Linux mailing list and Slashdot contents be subpoenaed?

    If such a thing every did happen, will we start to refrain ourselvers from posting notes that may be used in some court of law? Very scary stuff indeed. And these days we are seeing bigger hard drivers, and better backup software/hardware. This will make Document Retention times higher.

    Let me finish by saying my employer sucks! We need some release parties! We want free sode like at Microsoft! Higher pay! :)

    Cheers.

    --Ivan, weenie NT4 user: bite me!

  • Not true. If you typed the letter, yeah. But if you are like me, you write them. You would have fake my handwriting. And then you would have to figure that I have sweaty palms, and put traces of my dna, sweat and fingerprints on it. It's much harder, believe me!
  • by TheTomcat ( 53158 ) on Thursday March 02, 2000 @05:25AM (#1231196) Homepage
    Perhaps the best idea that I have is to simply have a convincing fake on hand to lure would be lawyers into thinking something else when it's really not the case.

    Woah. I think you might be on to something here.

    I'm not a crypto guru. I barely understand public key encryption as it is, but here goes:
    What if an encryption scheme were devised where the plaintext is encrypted with two or more pivate keys (belonging to one person), plus the other key. The encrypted would decrypt to two or more different texts, depending which key is used.

    So, I could encrypt "Meet me at midnight." and "Happy birthday, Ed." With two keys, into one block of encrypted text. Then, if I use my private key A, it returns "Meet me at midnight." and if I use my private key B, it returns "Happy birthday, Ed."

    If we could somehow make the number of original plaintexts undetectable, could supply keys to those who demand them, where they would decrypt our code to get "Happy birthday, Ed." when the REAL secret was "Meet me at midnight."

    I know I could've worded that better, but is this a possibility? Is it already being done? I know it's a little along the lines of Steganography [tripod.com], where the encrypted text is inserted into a piece of digital media, making it look less like an encrypted message.

    Summary:
    If we could encode, say, 4 strings into one crypto block, and have it return different unencrypted text for 4 different keys, while keeping the number of original strings undeterminable, the party decyphering the string would never know if they have ALL of they keys, thus they would never know if they have the data that the sending party doesn't want them to see.

  • IIRC (IANAL of course), anything that passes over a phone line is protected like a phone call -- that's why you can listen in on any part of the radio spectrum except for the phone part: Since the phone part could be going on phone lines, listening to it constitutes wiretapping.

    Given this, might it be possible to safeguard your email by making sure it all goes over a phone line?

    Just a thought...
    --G
  • Richard Stallman talks about some upcoming laws that could be disasterous for British citizens." Guilty until you prove you're innocent, no right to remain silent, no right to a jury trial, produce your encryption keys or go to jail..

    So what do they do just beat you until you talk? Dosn't the military work like this?
  • This article gives me the impression that you can expect that everything you write could be publicly available for anyone to know.

    Then I wonder how anyone can find out without violating my privacy (non-email) ? Supose someone sue's our firm and I just wrote an email (whether internal or external) to a collegue in which I describe the person being a jerk.

    So? How the heck could this be a major problem for me? If the person doesn't know about the email I really wonder how he could convince the judge that this email contains evidince which is really vital for his cause and that in order to get it he should be allowed to access my computer. Yeah right.

    The only way this could be a problem IMHO is in a situation where this person gets some inside information. Its the only way he can know about the existence of this valuable information.

    OR I am missing a major factor; the difference between European and US laws. However, difference or not, I can't imagine that a judge will give another person access to my PC just because he thinks (hopes) to find evidence.

  • by jd ( 1658 ) <imipakNO@SPAMyahoo.com> on Thursday March 02, 2000 @05:31AM (#1231200) Homepage Journal
    And what's to stop someone from telnetting to port 25 of the mail server and forging whatever FROM address the like?

    For that matter, if you've subpoenaed the server logs, you've a copy you can edit to your heart's delight.

    At one point, in England, computer-based evidence was ruled inadmissable for this exact reason. There is absolutely nothing external to prove that any computer printout is genuine. Any or all of it could be forged, and there would be no way of telling. (Several Poll Tax cases were booted out over this.) However, since then, the Government has decreed that it's admissable, anyway, whether it can be proved plausable or not.

  • The USA the land of the free? sure... and Germany is the land of the Welsh..

    //rdj
  • by stab ( 26928 ) on Thursday March 02, 2000 @05:32AM (#1231202) Homepage
    I followed the incredibly interesting link from this article regarding the "Really Bad Attitude" newsgroups that Netscape had setup, and that Microsoft subpeonaed (at http://www.jwz.org/gruntle/rbarip.html [jwz.org]).

    I noticed this quote :

    In hindsight, complying with the company's Document Retention Policy (which at Netscape was basically, ``shred anything within 90 days unless you can't get your job done without it'') might have been a good idea.

    How many major companies actually have a policy ilke this for electronic information? Most backups are tape/DLTs which last eternity, and is the only purpose of this policy to prevent liability with stuff lying around?

    This sounds like it worked with paper-based archiving systems, where space simply doesn't exist to archive forever, and non-essential documents are destroyed, but none of the people I've done work for have had a similar policy at all.

    So the question is ... how many companies out there do this to avoid liability, or is there a different reason for it?
  • I don't think that it would be like a telephone call. Even though the transaction of the messages in ICQ is closer to a phone converstion than email is, ICQ doesn't really fall under the same strict monitoring laws that the phones do (all sorts of sticky can I record this conversation or not, etc).

    ICQ even gives you a chance to save all of the messages and chat that you have with other members. Unfortunately (although I don't like it) I think that ICQ is just glorified email.
  • At work I have two different systems. One is running Win2K (I have to support it, so I need to know it.) the other running RH 6.1. The RH 6.1 system is almost always connected to my home router/server/firewall through ssh2. I email my wife pretty much throughout the day and converse with her secure in the knowledge that when I send an email it hits the Roadrunner server, and is picked up about 2 minutes later by my wife's computer. You can't beat that. Her emails to me hit the Roadrunner server, and go directly to mine. So I guess if you had a packet sniffer on the POP3 server you could see everything I'm doing. I'm thinking of setting up a pop3 server on my server that only she and I will use, but that's kind of a longer term task.
  • What's needed is an encryption method that will allow multiple "fake" keys and will legitimatly decrypt something else when used (perhaps you can give it n documents and n passwords, and it just encrypts them in the same file. When asked to produce a key, give them a fake key.

    Stegonography could also be useful. Encrypt your email and hide the bits in a jpeg of a weather map and email that.

    The problem with just deleting emails is the fact that they may still exist on a backup tape. When I came into the office this morning, I had unread email that was delivered after COB yesterday but before the backups were run. No matter what I do now, a copy of that email (encrypted or not) exists and can be discovered.
  • I'd think you could refuse to disclose your encryption keys on the grounds that there could be something encrypted by them that could incriminate you. Maybe there is, maybe there isn't, but there could be.
  • Gawd I'd love to immigrate to Amsterdam :))
    "New Amsterdam" is the pits.
  • I'm not American, so, if I'm way out of line on this, Blame Canada [slashdot.org].

    Doesn't the Fifth Amendment of your constitution make provisions to allow a defendant to refuse to incriminate themselves? Does this only apply to testimony? Would a key be considered evidence, or testimony? Would location of that key be considered testimony?

  • Perhaps the best idea that I have is to simply have a convincing fake on hand to lure would be lawyers into thinking something else when it's really not the case

    IANAL, but this could definately be obstruction of justice if discovered. Which brings an interesting point -- could someone who encrypts data and refuses to surrender the key be charged with obstruction of justice??


    --
    Never underestimate the power of very stupid people in large groups

  • * On voice, witnesses to the conversation can be
    subpoenaed and compelled to testify (as long as
    they aren't forced to incriminate themselves in
    the process...). It might take an offer of
    immunity in certain cases, but it can be done.
    Well, 'k. There's the husband-wife exception
    and bits about national security and whatnot.

    But if you speak to a coworker and diss the
    boss and talk 'bout how you're going to "get
    back" at a company if you're laid off while
    el PHB gets bonuses, and the coworker gets
    subpoenaed... same thing as if you'd sent him
    angry e-mail raging against the company.

    * With e-mail, you KNOW that the other person now
    has a copy of what you sent; the other person
    KNOWS that you may have kept a copy; and both
    should be aware that mail servers and every
    machine along the path already has copies. With
    voice, OTOH, in most cases there is no certainty
    that everything's being recorded.

    Both speech and mail, then, are allowed as evidence. Failure to produce such when explicitly subpoenaed and called upon to testify is not appreciated... but with e-mail, there can be verbatim copies substantiated by being in multiple places (and having left a trail in server logs), which could make a plaintiff or prosecutor even happier.
  • But if the court orders that you must hand over your keys, then there is no extra work for them. I would hope that you never have to do this. I wonder if this would fall under the 5th.


    Molog

    So Linus, what are we doing tonight?

  • Mayby you can be subpoena to deliver your encryption key.

    But if you encryption key is protected by a passphrase and that passphrase is only in your hear. They will not be able to get that passphrase. So you are protected. They cannot discover what's in your head.

    And you can hide behind the constitution in the case that they ask you your passphrase in court.

    So encrypt sensitive information and keep the key in your head!

  • What about putting the e-mail archive in a different country, nominally outside your control (you have to go through a person in that country to access the e-mail)? Then it would take a court order <B>in that country</B> to get the e-mail revealed. If that country has privacy laws, like the Neatherlands, it should be safe.
  • Ok, I'll probably get flamed for this, but here are my overall sentiments on the subject. No where in the constitution does it say that we have a right to privacy. For example, the police can get a warrant and search your house if they have probable cause. I think that email should be the same way, I certainly don't think that any law enforcement agencies should be allowed to look through your stuff without cause, but I do think that if they suspect you of a crime, they should be able to obtain a warrant and examine your personal information, whether or not you have encryted your emails. I don't believe that we should let criminals get away with telling people things just because they did it on the internet. I know geeks don't like the idea that authorities can see what they've been doing (probably because what they've been doing is disgusting), but the only justification they have is this mythical "right to privacy" that doesn't even really exist. Anyway, that's all I have to say about that.
  • What if you don't write your key (passphrase) down? (You shouldn't anyway.) Can your mind be subpoenaed?

    Suppose I have a very long passphrase, and considerable mental effort is required to reproduce it. Say you make few spelling errors in it and on purpose do not remember exactly what these errors are, so you have to try several times each time you type it. Can you be required to make this effort?

    What if you encrypt your key with a passphrase, and then mail this encrypted key to your friend abroad? Then each time you want to use your key, you request it from your friend. Arrange it so you never see the key, or store it on your computer (even encrypted). When you are subpoenaed, tell your friend so. He will promptly destroy the key.
    --

  • email is too easy to forge. files on computers are too easy to change. timestamps can be altered.

    while its true that a photograph can be faked altered etc (yes, you can output to negative and then process as normal) usually clues can give it away, such as the "noise" being too regular in one part of said picture etc. its a game of cat and mouse.

    this is not so easy with files. files are a closed set and thus alot easier to doctor for the courts without leaving any holes.

    i personally dont think any electronic communication should be concidered admissible evidence in any court of law.

    so whatever happend to the fifth ammedment?

  • by PigleT ( 28894 ) on Thursday March 02, 2000 @05:43AM (#1231217) Homepage
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hmmm. You're very right on the self-control things.

    Me, I don't /want/ my personal mail coming through to work at all; that's why I ssh out to read it and don't let anything remotely sensitive go through, just "in case" someone happens to be listening. If it's really private then it gets GPG-encrypted, or if I think there's a clueless twerp on the other end (see "easyspace" under the domain registration article!) then it gets GPG-signed so they can't doctor it.

    It would be interesting to have a "slashdot" public key floating around... :)
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.1 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iEYEARECAAYFAji+jB0ACgkQh3MeQyZWueSbuACeMEsZyyfF 0AJAr6gzT0L528wx
    oF0AoIqi5q6xpU0p588mBPz9Yk+gvrmT
    =n/x7
    -----END PGP SIGNATURE-----

  • The problem with encrypting everything is that you can have your key subpoenaed too. If you don't turn over that you get hefty fines (for the defendant) or you case gets forfetured. (for the prosecuter)

    The only case that I am aware of in which a court attempted to compel key discovery is the Mitnick case, which is a criminal case. Is there any precedent for a court compelling key discovery in a civil case? In other words, is there any factual basis for the above-quoted claim?

  • 1) Use a mixmaster or some other type of anonymous e-mail server with PGP.

    That way, the mail cannot be as easily traced back to you. (especially if the servers log the mail transactions)

    2) Use steganography.

    Encrypt the information and hide it in a JPEG file or some other document that looks acceptable.
    (I wonder if you can hide something in a .PDF file)

    3) The multiple decrypt keys with two different messages was a good idea. Maybe we should start working on something like that!

    I think #2 works the best. I mean, who is going to suspect a picture of The Weather Channel's latest radar to be a secret message to set off a small globalthermonuclear device at 1 Microsoft Way, Redmond, WA.? :)

    Fialar
  • There are a number of companies already looking to make some money by designing protocols that protect personal or corporate e-mail. (By "protect," I mean, "destroy after a certain period.") One such company, calling itself "Disappearing Inc. [disappearinginc.com]" is offering a self-destructing e-mail protocol, so your message is intact from birth till it deletes itself - and can never be saved or backed up.

    We've got links to several related stories on our Personal Security page: http://www.tecsoc.org/persec/persec.htm [tecsoc.org]

    A. Keiper
    The Center for the Study of Technology and Society [tecsoc.org]

  • by Get Behind the Mule ( 61986 ) on Thursday March 02, 2000 @05:59AM (#1231221)
    The article explained that an email is "discoverable" because it fits all the legal definitions of a "document", and documents are discoverable. That much I can follow.

    Then it went on to say that encryption won't help, because your key can be subpoenaed; but no legal grounds for this were given. If I've committed my key to memory, it certainly doesn't seem to fit any definition of "document" (unless legal definitions are even crazier than I thought possible). So what are the legal grounds for forcing me to reveal something that exists only in my head?

    Could someone with some legal expertise comment on this?

    As I remember the Co$-vs-the-Net war, $cientology subpoenaed computer files from Grady Ward (who most certainly was not Scamizdat). So he turned over a bunch of files, including PGP-encrypted files, and that was that. He was never even asked for a key, IIRC. The Co$ went on to hire a Special Master who attempted to decrpyt the files, much to the continuing amusement of all observers.

    The Co$ notoriously uses every legal means available to get what it wants. So if they didn't even ask for a key, I'd very surprised if there is any legal grounds for doing so at all.
  • >Suppose I have a very long passphrase, and
    >considerable mental effort is required to
    >reproduce it. Say you make few spelling errors in
    >it and on purpose do not remember exactly what
    >these errors are, so you have to try several
    >times each time you type it. Can you be required
    >to make this effort?

    This reminds me of the ACC and Gentry Lee's book "Rama II". In it, three military officers on a spacecraft have 50 digit numeric codes to arm the ship's nuclear bombs. The entry of any two of the officers' sequences activates the bombs, so the system is defended against the actions of either a single rogue officer or a stubborn one. The scheme is called Trinity.

    During the spaceflight, one of the officers dies in surgery. Near the end of the book, the two remaining officers are ordered by Earth to activate the bombs for a time-delay, set them down inside a giant spacecraft that's about to crash into Earth, and leave in their own exploration ship.

    Anyway, the 50-digit string that one of the officers had was a mathematical sequence that he didn't actually remember, but he knew how to work out. I don't have the book handy, but it was some kind of obscure theorem that the authors described. It's an interesting way to generate a password for when you're shipping a HD across the country or something similiar.
  • by / ( 33804 ) on Thursday March 02, 2000 @06:09AM (#1231223)
    Yes we have a 5th amendment that is supposed to protect the accused from all self-incrimination in criminal trials. But we also have a Supreme Court that in recent years has been rather fond of undermining civil liberties like these. The 5th amendment won't protect you from having to submit a urine sample for chemical analysis, and that's the line of argument the government will likely use if the crypto-key issue gets tested. Something like "Revealing the key isn't the same as forcing you to incriminate yourself. It just lets us understand a document where you already committed the self incrimination." This stands in stark contrast to other systems of law (particularly Jewish Law) where all self-incriminations are disregarded, without regard for how or why they were made.

    Remember, the "land of the free and the home of the brave" is the same place where the highest court of the land looks poised to rule that anonymous tips are sufficient for giving probable cause to government agents to stop and frisk citizens on the streets. "Hey Bob, the person over there who looks like he's a member of a disfavored racial minority group looks like he could be carrying some drugs (or even a bomb!). Why don't you step into that phonebooth and call the station and leave an anonymous tip so we can go over there and get medieval on his civil rights! And remember, anonymity means zero accountability."

    We're also the country where, right after the Diallo verdict came back, police three blocks from Diallo's house went and shot another unarmed black man at point-blank [cnn.com]. But at least this time he had a sketchy criminal record and the whole thing was just a big mistake, so that makes it justified, right? Right? I hate this place.
  • Since encrypted emails practically guarantee authenticity of the sender and/or receiver, it becomes impossible to repudiate.
    However, sending everything in the clear using non-secure channel means you could possibly repudiate any email evidence: Just demonstrate how 1-anybody could have altered the contents 2-anybody could have used my PC to send that email 3- the plaintiff could have forged the message
    (obIANAL)
    ---
  • The police need more than probable cause: they need a warrant, which is issuable upon a showing of probable cause. Why go through all the hassle of going before a judge and asking for a warrant? To protect people's privacy.

    The third ammendment protects citizens from having troops quartered in their homes during times of peace. Why? Privacy. It's quite easy to understand the fifth amendment protection from self-incrimination in the same way. And then of course there's the ninth amendment which explicitly says that just because the right isn't specifically enumerated, that doesn't mean it doesn't exist.

    Have you read Griswold v. Connecticut? Katz v. US? Pierce v. Society of Sisters? Stanley v. Georgia? Eisenstadt v. Baird? Are you aware of federal and state legislation that proscribes the invasion of privacy, as well as state constitutional amendments specifically enumerating it? Do you actually have any experience in this matter, or are you just railing away at a pet peeve that's perhaps itched by Roe v. Wade? Do you even care?
  • # umount /dev/sda2
    # dd if=/dev/zero of=/dev/sda2
    # mkfs.ext2 /dev/sda2
    # mount /dev/sda2

    Would this hold up in court? Well your honour, unfortunately the drive which may have contained the pertenant information appears to have been zeroed.

    Oh crap, but they still got my tape backups. =)

    Seriously though, I strongly believe that encrypted means of communication, or filesystems, should not become open to the court system. That defeats part of the point of encryption right there (well duh, I don't want other people reading my data). The government will never pass a bill on this though, as they have to much pressure from the FBI, DOD, CIA, police, and courts to be able to access any information they want at their free whim.

    Does anyone want to write a feature into POP3/IMAP for desctructive emails ala 'You have 30 seconds to read this email before it self destructs' or 'sender requests that this email be destroyed'? I'm more than game.

    EraseMe
  • The same thing can be said of all witness evidence, audio- and video-taped evidence, etc.

    In all of these cases you look for messages (or items) that refer to other things that are 1) verifiable, and 2) not widely known. The email message could still be forged, but it's far less likely. Do that with hundreds or thousands of messages and the "reasonable persons" on the jury will decide that the messages must be legitimate.

    The defense can still assert that some messages were forged, of course, but if the prosecution/plantiff believes it's legitimate it will be presented to the jury as a "question of fact."
  • In particular, deleted but non-zeroed hard drive sectors. The latest version of PGP includes an extension which replaces "Empty Trash" with "Wipe Trash". Now, when I empty my trash, it takes a LOT longer, but PGP overwrites all the files three times, instead of just removing them from the filesystem. I back this up with a scripted weekly zeroing of ALL free space on my hard drive. No one'll be pilfering MY private email. And if they can reconstitute the data after that many overwrites, it's pretty hopeless anyway.

    As for crypto keys, I thought it was determined in the Mitnik case that you could not be compelled to hand them over if you think the data might incriminate you. Fifth amendment to the constitution as I recall. You can't be forced to contribute to your own prosecution. So among your encrypted, but not yet wiped, data, just include a little line about how you were driving at 70MPH in a 65MPH zone the other day. Bingo... incriminating data protected by your PGP key, making the key protected under the fifth.

    IANAL, but I'm almost SURE I can recall Mitnik's crypto keys being protected, but YMMV on the legal issues.

    I DO know tho that PGP does a damn good job zeroing your freespace. I've checked my free sectors with Norton both before AND after a PGP wipe before. And it worksquite nicely, thank you very much. IF you remember to wipe your data.

    And PGP is available for damn near every OS as well.

    john
  • Backups and document retention policies are very much at cross-purposes. If you back up changed files nightly, and have a decently long backup horizon, then it's quite possible that you will have an on-tape copy of something that was thought deleted (e-mail, file, whatever). You have to produce it if you have it, so then you're screwed. And, by the way, you have to produce it. If you don't, or you shred it after you've been asked for it, you could go to jail. Remember Iran-contra, and Oliver North's shredding stuff? In this context shredding == erasing your tape.

    I think to get around this, you'd need to design both your directory structure and your backup strategy around your retention policy. You'd have an area where the stuff subject to retention lives. Likely your e-mail system, whatever it is, would be here. By default, stuff gets deleted after a certain period of time (according to policy). Backups of this area are done on separate tapes, which would get recycled in the same time frame, and never archived. (And don't forget to destroy that backup tape you made before you moved those files to any new machines!)

    Then your only problem is when you have to explain to the president of the organization (who of course doesn't understand these things) why it is absolutely not possible for him to get back that e-mail from Fred that he left in his in-box one day too long.

  • Here is another solution : don't commit illegal acts !

    If you are an employee (I know...I know.... US employees would commit murder for a couple of extra bonus bucks ;-) ) do not engage in illegal activities. The judge and the lawyers could then read all your mail and not find anything incriminating. If, like M$, you engage in potentially illegal activites, I am quite happy to see the lawyers go after you and find that incriminating evidence.


    That will protect you from a jail sentence or monetary settlement for your activities. But it doesn't protect you from other damage that can be done by exposing your private data. Court transcripts are usually public information unless they are sealed. The purpose of that is to protect us from abuses of and by the courts by opening them to public scrutiny.

    I can think of a significant number of things that I don't want made part of the public record. My financial records are a good place to start. That is simply going to invite more telemarketters who are going to have rather specific information about me. How about my medical history. Many doctors have e-mail accounts. While ordinarily medical information is considered private, by the time my hard disk has been unerased, that won't prevent the information from being leaked.

    Robbing people of their privacy has a chilling effect on legal expressions of non-mainstream viewpoints, whether they are political, ethnic, religious, scientific or otherwise. If you can't discuss those views with people of like minds in harmless ways without having every word exposed to your neighbors and coworkers, won't you think twice about talking at all?
  • Neal Stephenson fans may remember this very issue arising as a plot point in Cryptonomicon.


    (I don't think this is a spoiler, but if you haven't read the book, proceed at your own risk.)


    At one point the bad guys want a particular piece of information that they are pretty sure resides on our hero's mail server. So, in order to get it they jimmy up a lawsuit and subpoena the mail server.


    Returning to the real world, I don't think that this is a particularly stunning revelation; people have been aware of these issues surrounding paper documents for a long time. The only difference is that we are accustomed to thinking of email as a more informal medium than paper. Apparently the courts don't agree. Just follow the same policy with confidential email that you follow for confidential paper documents, and you should be all right.


    -rpl

  • There are a few companies offering various solutions; a handful escrow the private key for decryption centrally and rent it out for people wishing to read it, and then (claim to) hard-delete it after x amount of time.

    I'd presume the keys are backed up, however...

    Then there's a few that offer one-shot sends (can't reply to these) that delete all traces of the message from their servers.... just not from the recipient's machine...

    The best solution is to take the advice of the article. Use harshly separated accounts, do what you can to (hard)delete files regularly, etc.

    I'd recommend setting up an alternate personality or three that you access only via anonymous proxy(s) that offer encryption (hushmail, ynnmail, the various anonymous remailers). Use the PGP plugin's secureviewer if you're truley paranoid to defend against Tempest attacks... and for chrissakes, clear out your cookies, temporary internet files, and temp dirs regularly and do a 11-time rewrite of the emptied space.
  • Did you read the article? Did you read the bit where it said that third party emails can be subpoenaed? In other words, if I get sued, the emails of people I sent emails to can be subpoenaed.
  • No where in the constitution does it say that we have a right to privacy.

    Which of the following words is unclear?

    The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
    -- Amendment IX, United States Constitution

    /.
  • Such encryption schemes do exist where you have one set of encrypted data and multiple decryption schemes which produce different documents, the problem with them however is that the overall size of the encrypted document is significantly larger than say a standard encrypted text file. The court can subpoena the means you used to encrypt the text, and even if you give them a phony scheme, they can call upon crypto techs (ie "expert witnesses") to determine whether or not you gave them what you said. So if you use such a multi-threaded encryption program to code data, when the court asks you for the algorithm/program that encrypted the data, you better give them something that produces massive chuncks of garbage along with your actual encrypted message or a really inefficient (size wise) encryption scheme.
  • We essentially already have this. Unfortunately, it only applies to government. I believe that what we need is to apply governmental restrictions on privacy to corporations. The next revolution will be directed at the megacorps.
  • Well, it also has the benefit of using less disk space :). You're certainly right that there's a cost involved; whether it makes economic sense is a judgement call for the people concerned. If you think your liklihood of being sued is non-neglible, and lots of damage would be done if you had to release everything, then some sort of retention policy (or, more accurately, planned destruction policy!) makes sense.

    It'll cost you a packet if you do get subpoena'd, BTW, in any case; my understanding is that you have to pay the upfront costs of providing the documents. I don't know if you get them back if the other guy loses at the end of the day, but still, if you have to pick through years worth of backup tapes extracting e-mails from (say) a proprietary, database-type system, it will cost you lots.

    And yes, for my sins I did use to work for people who had real reason to worry about this stuff ;)

  • A lot of posts suggest that you encrypt your messages, some even suggest using steganography to encode your messages. That's great and all, especially for messages that you consider "sensitive" (which makes me wonder why you'd use email for highly sensitive information, but whatever trips your trigger). But, what many of you forget is that it's not the stuff we know is going to come back and haunt us, it's the little things. Off hand remarks, rush jobs, and even messages that are completely innocent can be turned against you. Even if they are not directly incriminating, they can be used to paint a negative profile of you in court. The point is, lawyers can and will exploit the smallest things and turn them against you.
    I'm in no way saying "Encryption is for the birds, why bother". I'm saying that in many cases it's not feasible to encrypt every single piece of mail (esp. to those who'd have no clue as to decrypt it), and chances are, those "little" things are the ones that's going to come back to you.
  • by benenglish ( 107150 ) on Thursday March 02, 2000 @09:09AM (#1231272)
    What I find interesting is the way a subpoena for email might be worded and what actions it might require of the person holding data.

    I work for a large government agency where all email is saved forever because everyone is accountable for everything they do for all time. That's fine. We're public sector law enforcement; we should have such rules. Recently, though, an employee sued the agency and requested all email files. Our lawyers argued that such a subpoena would be overbroad and would reveal a great many private things shouldn't be made public. The judge agreed and a compromise was worked out. Several years worth of Microsoft Exchange backup tapes were sequentially reloaded on a system set up for the purpose. Each time a tape was restored, all files were searched for a text string matching the name of the woman who brought the suit. Then, all emails that contained her name were *printed out* and delivered to her lawyers. Not surprisingly, lots of folks had been jabbering about this woman in email, so there were boxes and boxes of printouts. It took the poor admin assigned the task literally weeks to complete, but at least there was no way for all sorts of extraneous data to go public.

    Contrast that situation with the situation of the airline employees who found their computers seized. Were they entirely without recourse? Were they not given a chance to produce the documents without having to turn over their hardware? I don't know, but I do know that if such a thing happened to me, I'd be less than happy. I have lots conventionally encrypted files that are relatively safe since the only copy of the password is in my head. But would I be willing to sit out a contempt citation to protect that data? Talk about feeling conflicted!!

    Short side note: There are a zillion different circumstances when testimony *can* be compelled. I'm surprised by the number of posters who don't understand that 5th amendment protections are often non-existent, especially in civil actions. They can even be circumvented in criminal actions rather easily, assuming you aren't the primary target of the prosecution. I guess high school civics classes aren't what they used to be. :-)

    IANAL, of course.
  • Not really. The fifth amendment protects someone charged with a crime from being forced to testify against himself. He must still give up any evidence that might implicate him. If you are a murder suspect, and you own a gun, you cannot refuse to turn in the gun because it might incriminate you.

    On another note, this wouldn't matter anyway in this case. The 5th amendment only applies to criminal cases. A lawsuit is a civil case, so the protection of the 5th doesn't apply.

  • I am currently re-reading Cryptonomicon, and I recently came across the bit (about a third of the way through) where Randy and Eb discuss something like this, and I've been thinking about it some more. How does this sound:

    In addition to encrypting your real messages, you have your systems set up to send fake messages consisting of random garbage to each other at random intervals. Hence, no monitoring of server logs, or even physical sniffing of transmissions, can prove that a message was ever sent.

    That was Eb's idea, but they didn't go further into it. Here's my addition: The problem is that they can still require you to surrender your keys, and when you do, they can see which messages decrypt to meaningful text and which are garbage. However, suppose each person actually has two keys, called, say, the major key and minor key. The minor key is the one that you use publicly, and everything about the major key, including its very existence, is kept secret.

    You send messages back and forth using the minor keys when the content is not particularly important (important enough to encrypt normally, but not damaging should it come out in discovery), and use the major key for the things that you really don't want to have discovered. When sub-poenaed to surrender your messages, you surrender your minor key, and explain that, to protect against information leakage, you have been chaffing your communications with garbage and that decrypting all the messages with this key will reveal which ones were real and which were chaff.

    What they don't know, and couldn't prove even if they suspected it, is that the set of messages that decrypt to gibberish are further subdivided into the actual garbage and the important messages that were encrypted with the major key. The main point is that you have a plausible explanation for the existence of observed transmissions that cannot be decrypted, so they have no real choice but to believe you when you deny the existence of any other messages.


    David Gould
  • A judge can hold you in jail as long as they reasonable belive that you could be compelled by that to do what you were orderdd to do. I belive the record is over four years. After they no longer belive that you might be compelled they have to release you. They can then charge you with obstruction of justice, give you a trial and put you in prision for several years on a felony charge.
  • Believe it or not, someone actually has created (and is trying to market) such an animal [wired.com].
  • 'No right to remain silent' just means that your decision not to talk can be used against you.

    dave "what if you can't speak? you're screwed."
  • by guran ( 98325 ) on Thursday March 02, 2000 @11:11PM (#1231310)
    My private e-mail should be private. (Or as private as I choose to make it. If I dont care to encrypt it it is *my* choice)

    Business e-mail is a completely different thing. A court order to view *corpotate* mail is definitely OK. Wether or not they can "prove" anything.

    People will just have to learn to separate their personal and professonal e-mails. Perhaps companies should insist on digital signatures on business mail, informing employees that business mail is company property.

    STOP Hold the flame thrower! Of course, they ought to provide a semi-private mail account too, for company (or personal) mattter "off the record".

    Hey, it works for snail mail. If I write to:

    TheCompany Ltd
    att: Anonymous Coward
    Someville

    It is understood that my letter is meant primalily for the company, and simply adressed to AC. If AC is not there, I expect someone else to take care of it.
    OTOH If I write:

    Anonymous Coward
    TheCompany Ltd
    Someville

    It is understood that the content meant for AC and not to be opened by someone else.

    Why should not the same thing work for e-mail? (if laws are applied wisely, that is)

  • Doesn't the Fifth Amendment of your constitution make provisions to allow a defendant to refuse to incriminate themselves?

    Yes, but that's for criminal cases, and it covers only the defendant. You cannot use that for a civil case, nor can use "plead the fifth" if you are a witness. In the cited case, Netscape vs Microsoft, the fifth amendment didn't play a role.

    -- Abigail

  • E-mail can't be used to "prove" anything. It's disturbingly easy to forge.

    Take a look at the example case, Netscape vs Microsoft. Should Netscape argue in front of the judge that the copies of the emails found on the disks of *Netscape* employees were forged by Microsoft? Of course, Microsoft also had to forge the logs in all the servers where the email passed through. And boy, they started early with this forgery, as the backup tapes have those emails as well!

    -- Abigail

  • Here in Holland, you have privacy laws on snail-mail, and these days even on E-mail. Reading someone else's E-mail simply is a crime.

    Yes, but that's not the point. Reading someones mail or email without their consent can be a crime, but that doesn't mean it's a crime after a court order. And that's what's being discussed here. Court orders.

    -- Abigail

  • Doctors are bound to confidentiality with their patients, not by local laws, but by their professional code of honour.

    Doctors are subject to the law. And the law even says doctors *have to* protect the privacy of the patients. However, that doesn't mean they can keep quiet when there's a court order. Only priests can refuse to talk without being penalized.

    Many of us sysadmins feel this way, I think we have to be serious about it.

    In that case, it's easy for you. Next time you get a court order to open your logfiles, refuse. If you think your code of honour superceedes the law, you shouldn't have a problem dealing with the consequences.

    -- Abigail

  • Encrypt your mailbox with a long random password that you keep on a seperate floppy. If forced to reveal contents.. throw the floppy in the furnace.

    So, you end up in jail and/or heavily fined, and your harddisks seized. What exactly did you gain?

    -- Abigail

  • ofcourse I would type the letter. Just like spoofing email, you actually do have to do a little more than just writing one as yourself..

    //rdj

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...