Confidentiality on Virus Sent Docs? 465
Sulka writes: "The latest Sircam outbreak has sent me a lot of documents from total strangers I've never heard of before. This led me to wonder what would happen if a trade secret doc from company X was leaked like this to me -- I guess the secret wouldn't be a secret anymore. But what's the legal standing of this? Is a virus sending a document the same as someone sending email accidentally to a wrong address? Could I send a M$ Halloween memo that popped to my address to the press?" I have now recieved 1.1 gigabytes of sircam virus email attachments. I'm just glad I don't pay for my bandwidth per k.
Re:All your advice... (Score:2)
Check out the Trade Secret Basics FAQ (Score:5)
Re:Well.... (Score:2)
If you don't write down and teach your rules for ethics how can you expect people to learn them and follow them. Ofcourse there are many ethical rules that are or should be rather obvious, like don't take bribes. But there are many others that are less so.
For example there was a case during the Shoah (Holocost) where a man could have bribed the germans to let his son off of a train to the camps, but if he did this somone else's son would have been put on to make the count. Would it be ethical for him to do this? Well Jewish Law states that infact it would not be ethical to do that. After all why should your son live at the expense of someone else. And this is not some theoretical argument of Rabbis debating the Talmud, this is a true story.
Now I will hope that none of us ever faces a choice like that (B''H), but that does not mean that ethical choices do not come up every day in our lives, we should think about them and talk about them and when we have children talk about them with our children so that our children grow up with values and I hope make a better world for their children.
Re:An analogy... (Score:2)
On the other hand if you find a wallet with some ID in it, then you should probably return it, as you can know who owns it. Unless you can be reasonable sure that the owner has no hope of finding it again, for example it just washed up on the sea shore. There are a few more rules. I don't remember which tractate of the Talmud this is all in but my Rabbi gave a class on it a while back.
So in that case, if you can figure out who owns the Jewelry some how (Say its in a box with a name) you should return it to them. On the other hand if its box with no name and some gold and dimonds you can reasonably keep it.
If this comes up in real life consult a Rabbi over my post, my memory may be wrong on a detail here.
Re:Well.... (Score:2)
There are other issues I have with SUV's but they are not relivant here.
Re:Hotmail deleted all my mail because of this vir (Score:2)
No it isn't. You have to provide personal information in order to sign up, that's a cost, because people pay money for this kind of valuable information. You have to endure ads in order to read your email, that's a cost because it pollutes your brain.
--
If you fancy trying it out... (Score:2)
Beware, though, hosting services such as Tripod don't like it very much!
--
Re:this would include--you? (Score:2)
My guess is that if you get an email containing sensitive information from somewhere in the United States then it is legal for you to publish it. Of course, I don't know where you live, or have any idea of the laws in your country, but that doesn't stop me from making things up...
In case you hadn't noticed, this particular Ask Slashdot dealt with a legal question. As such the answer depends on your jurisdiction. The answers to legal questions like this quite often vary from state to state, and even from county to county. They certainly vary from country to country. This sort of discussion might not be helpful if you live in Communist China, where you probably have little influence on local laws, but it's at least somewhat germane to anyone who lives in any sort of republic or representative democracy, because the comparison of foreign and domestic law often reveals loopholes that one might wish to avoid in their own jurisdiction.
I imagine that you also have a say in the creation of your local laws (scary as that may seem), and so the quote mentioned above also applies to you. That makes you an official amateur lawmaker, so you might want to become informed a bit. Barring that, you might want to push the back button on your browser and perhaps read a different article if you don't want to discuss an issue that is primarily going to reflect /.'s US audience.
On the other hand, it is possible that you live in some forward-thinking country where they don't have anything as backwards as law. In that case, flame away.
Re:'cause they're not all idiots (Score:2)
Courses in ethics... (Score:2)
1) Indoctrination so you'll be nice to corporate
interests
2) Review of different ethical systems and their
foundations
I suspect by your phrasing that you mean the
first. A code of ethics isn't something objective
that one can learn.. I recall, when I took a
course on ethics when I was an undergrad, we did
debates, and I managed to sway about a third of
the class to the position that intellectual
property is philosophically invalid. Fun.
'cause they're not all idiots (Score:2)
John.
Here's how to read what you get (Score:2)
part of the attachment away from the "document"
part, so you can safely view the documents:
dd bs=512 skip=268 if=infected.filename.ext of=disinfected.filename
Re:1.1 gigabytes? (Score:2)
Procmail logs, naturally. It logs message size even when bit-bucketing.
Re:1.1 gigabytes? (Score:3)
Re:IANAL (Score:2)
All those stupid notices do is communicate that whoever resposible for them has poor grasp of this area of the law and/or is trying to bs folks into playing along.
Re:Well.... (Score:2)
Re:Well.... (Score:2)
Re:Well.... (Score:2)
Well... (Score:4)
Really!
-----
Re:A good way to fight UCITA? (Score:2)
No, UCITA has provisions against unconscionability. If a term in the "contract" is unconscionable, then it's struck. Unless they were peculiar, no one would knowingly agree to have their computer ransacked by untrustworthy code.
Trouble is, unconscionability is usually determined by a court (read: arduous and expensive).
Schwab
1.1 gigabytes? (Score:5)
You oughta be glad you don't get paid for your procmail skills.
Re:Well.... (Score:3)
I vaguely seem to remember that where I live (sweden) you are not free to redistribute or publish stuff that's gotten into your hands by mistake if the stuff is clearly sent to you by mistake or is obviously confidential. We've had some incidents where hospitals or social services have faxed journals and other files to private citizens by mistake, and I think that was the result of those incidents. Note that you are not required to destroy the documents, or alert anybody that the information's got astray, you just aren't allowed to spread it around.
/Janne
You have the info, there are no restrictions (Score:2)
Contract law, btw, requires that all parties sign, or otherwise agree to the contract. With this virus, there's no such agreement between the recipient and those who wish to keep the information private. It would be very hard to prosecute someone for disclosing this information, except maybe a copyright claim which would only protect the instance of the information, not the information itself.
The infected sender might be extremely liable, or not at all. It all would hinge on wheather or not it was possible to take reasonable steps to ensure that such unauthorized disclosure would be prevented.
Bottom line: You can tell people whatever you want to about this. Posting actual documents may expose you to a copyright action (since all documents are copyright at birth), but that would not preclude you from posting summaries.
Re:Credit cards (Score:2)
Indeed he did! Every time he made a purchase he signed a contract, parties to which include the merchant, the bank, and the purchaser. You agree to pay when you make the purchase. If the merchant doesn't get this agreement, it's his fault and he should take the loss.
This language has been part of the credit card receipt since at least the 1960's; it's not a recent development.
Now, do you have a cite where we can research the
"banks many years ago" who took losses from unsolicited credit cards?
Re:Credit cards (Score:2)
>something you say
"I agree to pay above total amount according to card issuer agreement."
That "card issuer agreement" is an ironclad contract that I doubt anyone could squirm out
of paying, at least not on simple questions of semantics.
Now, this is NOT something that just came about
in the last 2 decades! Even the debit card is
not new, just far more common today. The merchant
agreement and banking procedures have not changed
in any substantial way since the 1950's. Certain
trappings around the way we use card-based payments have changed; notably the incredibly high
interest rates on consumer loans, and of course the instantaneous accounting of the transaction
by modem. The ATM is new (since the late '70s, then common in the 80's, now *everywhere*), but
the business model is not.
Until a recent purge of old crap, I could have produced credit card receipts from the '60s to
compare the language of the fine print. It would
be interesting to compare the language on credit
applications also, but I assure you they haven't changed much, except in superficial ways.
It's simple: it's the guy's fault. (Score:2)
So, it's the company owning the infected computer that's responsible for sending it's secrets out.
--
Re:Well.... (Score:2)
Any society that doesn't teach it's ethics will only have them for a single generation.
You need only look around your neighborhood (assuming you're in the US) to see that I'm right.
-
Re:Well.... (Score:2)
No, irony is thinking it's OK to distribute images of commercial music CDs, but not OK to distribute privately-created CDs of Open Source software.
In fact, if the former is OK, then it should be OK to put images of the official CD up on Napster.
-
Re:IANAL (Score:4)
I hate that damned disclaimer. I regularly see it appened to email in mailing lists, and it's always a struggle for me not to respond to the guy that, no, I wasn't the original recipient, and he'd probably better check next time before he sends "proprietary and confidential" info to, say, the Pink Floyd mailing list.
I know that many businesses have such disclaimers automatically tacked on by a server or gateway, but that doesn't make it right. If it's legally binding, then it's legally binding for EVERY email on which it appears, in which case, it shouldn't be on the public mail forums. If they can make a case that the disclaimer doesn't apply there, then, well, why can't I make a case that it never applies?
Anyway, just a pet peeve. :)
Attachments (Score:3)
And that's probably just from a half dozen attached MSWord interoffice memoes that could have conveyed the same information in, oh, about 20KB of plain text per document, right?
Can't anyone write a simple memo or office communication without using four different fonts and imbedded graphics any more? Some of the impact of things like SirCam are because of the feeling that many office workers have that their memoes won't be taken seriously unless they demonstrate their prowess in MSWord. Apparently they feel that, by not taking advantage of most of the available word processor options, their memo won't have the pizazz necessary to get their coworkers to stop leaving the empty coffee pot on the burner.
Anyway... Does anyone know whether SirCam is pulling documents out of the default document location or is it scanning the entire hard disk for `*.doc'? If it's the former -- and without having read details on how SirCam works, I'm betting this is the case -- companies can limit their exposure by making sure that employees do not keep company confidential material in the default document directory. Or better yet, prohibit those documents from being stored anywhere but on a central file server and never on someone's unsecured desktop and definitely never on a laptop. Unless the company's management doesn't care if their strategic plans were on a stolen laptop, that is.
--
Re:Confidentiality clauses (Score:2)
Even if EVERYONE knows about it because ofa virus or a leak, anyone using it is doing so illegally and may be prosecuted for stealing trade secrets. If they delete it, no problem, if they keep it, big illegal problems.
That's fine for people who sign your contract. But what if the info is sent to someone who didn't sign your contract?
This appears to be the question being asked in this Ask /., getting info from "a lot of documents from total strangers I've never heard of before."
Steve M
Re:Confidentiality clauses (Score:2)
Either way you slice it, there aren't any really difficult questions.
Perhaps not, but they miss the point.
The point of the original question was, if I recieve confidential info from someone I do not know because it was sent to me (in this case specifically due to a virus), are there any legal ramifications to me using or publishing that info?
I do not care what happens to the 'sender'. I don't care who was 'negligent'. I have not signed a contract dealing with this info. I do want to know what can happen to me.
Well, there's only two ways the info can be sent to someone who didn't sign the contract: ...
This is not true. Alice has signed the contract. Bob has not, nor is he the owner. Cindy has not, nor is she the owner. Alice sends it to Bob. Bob sends it to Cindy. Cindy, has received it from someone who is niether the owner nor signed the contract.
There are of course other ways that someone who is neither a contract signee nor an owner of the document can receive it from some one who is not a signee nor owner. I'll leave determining them as an exercise for the reader. (Some hints: Dave is a burglar, Ed is a publisher, Fay is a dumpster diver, ...).
Steve M
Re:IANAL either (Score:2)
Hmmm... (standard IANAL disclaimer) ...
Chapter 119 talks about intercepting electronic communications. But in this case I did not intercept it, it was sent to me. Thus it would appear that I am a party to this communication, albeit an unintended one.
Chapter 2702 refers to service providers. I am not a service provider. So this would not seem to apply to me.
Chapter 605 reads in part: Except as authorized by chapter 119, Title 18, no person receiving, assisting in receiving, transmitting, or assisting in transmitting, any interstate or foreign communication by wire or radio shall divulge or publish the existence, contents, substance, purport, effect, or meaning thereof, except through authorized channels of transmission or reception, ... (bold added)
The information was sent to me through an authorized channel, email. So this doesn't seem to apply to me either.
It seems these laws refer to either those involved in the transmission of electronic communications or those attempting to intercept such communications. It is not clear that they apply in the case whiere I am the addressee of an email.
Perhaps some one who IAL could provide more insite.
Steve M
Re:Well.... (Score:4)
Let's say it's 1942 and Adolf Eichman's transcript of the Wannsee Conference is accidentally faxed to you. Since you took an ethics course, I will assume that you would not be in favor of the Final Solution. Do your ethics continue to compel you into silence?
Re:How to open safely? (Score:2)
True, but copying byte by byte is really slow. I'd increase the block size to something like 8 or 16K to make that operation a lot faster.
Re:Excellent Question (Score:2)
Should using Microsoft Outlook be considered an "attractive nuisance"?
Re:Stupid Friends.. learn to read (Score:2)
This has nothing to do with hsi friends being stupid. It has to do with getting email from people he does not know, that has attachments.
I got one the other day from someone I don't know. It was a word doc attachment. I'm just glad I use Linux and don't have word or anything loaded on my machine to read that crap.
I don't want a lot, I just want it all!
Flame away, I have a hose!
Using MS products != Due dilligence (Score:2)
If a document is stored on a computer that is known ahead of time to be virus-friendly then I think it's pretty clear that the owner/use of that computer is not exercising due dilligence in protecting that document. It's not like it's a one-time accident. Everyone should know by now, Melissa and ILoveYou were a long time ago.
People who select Microsoft products should be held accountable for the consequences of their choice. If you lose your secret due to someone else's gross carelessness, sue 'em back to the stone age. If you obtain someone else's secret due to someone's gross carelessness, well... you'll have to evaluate the situation.
---
Re:Well.... (Score:3)
The best ethics aren't passed on. They're derived from Game Theory.
---
Re:IANAL (Score:2)
Or what if the virus encrypts the files that it sends, perhaps with zip or bzip? (That is certainly as secure as rot13.) Then whose rights are violated if you check on what has been sent to you?
Our current set of laws is totally lunatic. The people who wrote them should be confined in Bedlam (and be chained to the walls, as was traditional).
Caution: Now approaching the (technological) singularity.
Thanks (Score:2)
Caution: Now approaching the (technological) singularity.
The answer is always BBEdit (Score:2)
Even the free Lite version will open anything.
I'm a smug Mac user, running Eudora 4 no less, and the only thing that's been sent to me was a Windows shortcut! "blahblah.ext.lnk" or something similar.
.pif were Windows 3.1 files that ran DOS programs.
Pope
What? Bear is driving car? How can that be?!
Re:Even if it _is_ illegal... (Score:2)
Re:What does that say about your friends? (Score:2)
How does it spread? (Score:2)
Re:why do people keep doing this? (Score:2)
Ever try opening a sircam doc? (don't.) (Score:2)
I havn't received one... (Score:2)
1 gigabytes of files? Sounds like you need some new friends if they don't know they're sending all that crap to you!
The only virus/virii i have seen is the snow white and the seven dwarves that hit all the oracle consultants on a weekly basis.. other then that, nothing.. nada..
Re:I havn't received one... (Score:2)
I think it is kind of funny..
Re:Yet Another Outlook Virus (Score:2)
No change (Score:2)
In another case,however , a company sold an old computer with confidential data encrypted on it. They forgot to erase the harddrive. The person who bought the computer found out the password from a previous employee, and got to the information. The judge ruled that they forfeited protection by not erasing it.
Re:IANAL (Score:2)
This report has been prepared by the division, group, subsidiary or affiliate of UBS AG ("UBS") identified herein. In certain countries UBS AG is referred to as UBS SA, which is a translation of UBS AG, its registered legal name. UBS Warburg is a business group of UBS AG. This report is for distribution only under such circumstances as may be permitted by applicable law, including the following: This report has no regard to the specific investment objectives, financial situation or particular needs of any specific recipient. The report is published solely for informational purposes and is not to be construed as a solicitation or an offer to buy or sell any securities or related financial instruments. The securities described herein may not be eligible for sale in all jurisdictions or to certain categories of investors. The report is based on information obtained from sources believed to be reliable but is not guaranteed as being accurate, nor is it a complete statement or summary of the securities, marketsor developments referred to in the report. The report should not be regarded by recipients as a substitute for the exercise of their own judgement. Any opinions expressed in this report are subject to change without notice and UBS is not under any obligation to update or keep current the information contained herein. UBS and/or its directors, officers and employees may have or have had interests or long or short positions in, and may at any time make purchases and/or sales as principal or agent, or UBS may act or have acted as market-maker in the relevant securities or related financial instruments discussed in this report. Furthermore, UBS may have or have had a relationship with or may provide or has provided corporate finance, capital markets and/or other financial services to the relevant companies. Employees of UBS may serve or have served as officers or directors of the relevant companies. UBS may rely on information barriers, such as "Chinese Walls," to control the flow of information contained in one or more areas within UBS, into other areas, units, divisions, groups, or affiliates of UBS.
Options, derivative products and futures are not suitable for all investors, and trading in these instruments is considered risky. Past performance is not necessarily indicative of future results. Foreign currency rates of exchange may adversely affect the value, price or income of any security or related instrument mentioned in this report. Clients wishing to effect transactions should contact their local sales representative. UBS accepts no liability whatsoever for any loss or damage of any kind arising out of the use of all or any part of this report. Additional information will be made available upon request.
EEA: This report has been issued by UBS Warburg Ltd., regulated in the UK by the Securities and Futures Authority. In the UK this report is for distribution to persons who are not UK private customers. Customers should approach the analyst(s) named on the cover regarding the contents of this report. For investment advice, trade execution or any other queries, customers should contact their London representative. Switzerland: This report is being distributed in Switzerland by UBS AG. Italy: Should persons receiving this research in Italy require additional information or wish to effect transactions in the relevant securities, they should contact either Giubergia UBS Warburg SIM SpA, an associate of UBS SA, in Milan or UBS Warburg (Italia) SIM SpA, a subsidiary of UBS SA, in Milan or its London or Lugano Branch. South Africa: UBS Warburg Securities (South Africa) (Pty) Ltd. (incorporating J.D. Anderson & Co.) is a member of the JSE Securities Exchange SA. United States: This report is being distributed to US persons by either UBS Warburg LLC or by UBS PaineWebber Inc., subsidiaries of UBS AG; or (ii) by a division, group, subsidiary or affiliate of UBS AG, that is not registered as a US broker-dealer (a "non-US affiliate"), to major US institutional investors only. UBS Warburg LLC or UBS PaineWebber Inc. accepts responsibility for the content of a report prepared by another non-US affiliate when distributed to US persons by UBS Warburg LLC or UBS PaineWebber Inc. All transactions by a US person in the securities mentioned in this report must be effected through UBS Warburg LLC or UBS PaineWebber Inc., and not through a non-US affiliate. Canada: This report is being distributed by UBS Bunting Warburg Inc., a subsidiary of UBS AG and a member of the principal Canadian stock exchanges & CIPF. A statement of its financial condition and a list of its directors and senior officers will be provided upon request. Singapore: This report is being distributed in Singapore by UBS Warburg Pte. Ltd. Hong Kong: This report is being distributed in Hong Kong to investors who fall within section 3(1) of the Securities Ordinance (Cap 333) by UBS Warburg Asia Limited. Japan: This report is being distributed in Japan by UBS Warburg (Japan) Limited to institutional investors only. Australia: This report is being distributed in Australia by UBS Warburg Australia Limited in relation to fixed income securities, and UBS Warburg Australia Equities Limited in relation to equity securities. New Zealand: This report is being distributed in New Zealand by UBS Warburg New Zealand Ltd in relation to fixed income securities and UBS Warburg New Zealand Equities Ltd in relation to equity securities.
+ 2001. All rights reserved. No part of this report may be reproduced or distributed in any manner without the written permission of UBS. UBS specifically prohibits the re-distribution of this report, via the Internet or otherwise, and accepts no liability whatsoever for the actions of third parties in this respect.
Visit our website at http://www.ubswarburg.com
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.
I was having fun with this. (Score:2)
Since we're currently discussing the legality of this, someone who's brave enough should set up a repository for files we've received and who we received them from, with cross reference links, etc. If someone was infected, theres a good chance that a large quantity of the data stored on his harddisk is available to the internet at large. If all this information was displayed publicly (LEGALLY even), what a nice incentive to switch to a less virus prone operating system.
-Restil
Re:Excellent Question (Score:2)
For example, if the neighbors kid trespasses onto your property and drowns in your pool, then YOU are to blame (in NY/CT).
Re:Excellent Question (Score:2)
American law seems to assume by default that you can sue someone if you have an accident on their property, or using their product, regardless of whether this was a result of negligence on your behalf or whether it was simply bad luck or stupidity on their part. Only in America does a metal ladder need a warning against resting it against power lines - in the rest of the world people know better, and accept the consequnces if they fuck up - their reaction would be "I can't believe I was so stupid!", not "Who can I sue for this?...".
Re:How to open safely? (Score:5)
Only in the World of Windows would adding 137kilo-bloat to a word processor document be considered "stealthy."
Re:Well.... (Score:2)
Re:Confidentiality clauses (Score:2)
Bzzt. Carl is limited in what he can do, because he doesn't own the copyright to the document. So no, he can't publish it without violating that copyright. But copyright won't prevent him from showing it to other people, or publishing a fair use subset of the document.
Maybe 'informed consent,' not 'consideration' (Score:2)
As a counterexample, the Microsoft tax arguably violates that since I'm forced to pay for a software license of absolutely zero value to me, a software license that I can't even transfer to another party due to their "OEM license vs. retail license" provisions. I'm out hard cash, and have nothing of value (to me) for it. But it's a large corporation that's able to *ahem* make its own law.
What the original poster was refering to is closer to "informed consent," but even that isn't quite right.
Credit cards (Score:2)
Not pre-approved credit card offers, actual working credit cards.
Some people used them, charging to the max. Then refused to make any payment, daring the bank to collect. The banks tried, but failed since 1) the consumer never signed any contracts and 2) the bank had no reasonable expectation that every credit card would be properly delivered and not stolen from an unlocked mailbox.
Ironically, it was the people who refused to make any payments who got away with this. Make any payment, even a dollar, and you clearly indicated agreement to repay the charges.
Re:Credit cards (Score:2)
BIG HINT: It was because the banks had to take a big hit once because they approved charges even though the customer had signed nothing promising repayment. Because they got unsolicited credit cards and the credit card slips at that time didn't include that contract.
As for the cite, try checking damn near any undergraduate business law book. Audacity magazine also covered it. It all went down when Mastercharge (which later became Mastercard) (iirc) tried to take the relatively limit-use general credit card introduced by Diner's Card in the 50s to the mass market. All of this happened in the late 1960s.
It was a major case because it actually covered *anything* you received without solicitation. Charities used to send you token gifts (e.g. ties), then try to guilt you into donations. No more. Sleazy companies would "accidently" send you stuff, stuff it was cheaper to pay for than ship back. No more - they can demand it back, but they have to pay for shipping.
(BTW, a general cluestick: most of the "new" problems faced by the internet today are little different than those encountered repeatedly during the past 100 years. The only difference is that companies are trying - and often succeeding - to rewrite the rules because so many people have forgotten the hard-earned lessons in the past.)
Re:Confidentiality clauses (Score:2)
At least not without a click button...
Re:why do people keep doing this? (Score:2)
I do agree that posing these questions to Slashdot in general is rather silly. I've attempted once to volunteer to provide a "not a legal opinion" opinion on legal questions (specifically intellectual property, since that's my area of expertise)... but I never got a response. I think in general Slashdot prefers inane rants to reasoned opinions.
Thalia
Oh, in case you were wondering, you should delete the files that SirCam sent to you. You can be held liable for disclosing a trade secret. Odds are, however, that no jury would convict you. Still, it's an expensive/painful process, so unless the information is valuable enough that you're willing to risk jail time, just delete it all.
Re:Encrypted polymorphic viruses and the DMCA (Score:3)
pif and com files (Score:2)
Attention Rob! (Score:3)
Re:Confidentiality clauses (Score:2)
And I am writing contracts which say 'all your base are belong to us'.
You can write 'em how you like. Just don't expect a court to enforce 'em.
Now that documents can distribute themselves (Score:2)
Re:IANAL either (Score:2)
The relevant parts of US Federal Law are contained under the Code of Federal Regulations, also known as the U.S. Code, part 47 covers telecoms and the FCC and part 18 is criminal laws and punishments
18 USC 119 [cornell.edu] bars the disclosure of any electronic communications to which you are not a party
18 USC 2702 [cornell.edu] defines the criminal act of disclosing intercepted communications
47 USC 605 [cybercrime.gov] (the Communications Act of 1934) also bans the disclosure or use of third-party communications.
There are similar laws here in Europe, but I can't find any of those bookmarks. If anyone is interested, google yourself.
the AC
Archiving "proprietary" emails sent to public list (Score:2)
The GCC development lists get this kind of thing a lot. Occasionally someone will suggest blocking emails originating from these kinds of auto-appended, shit-fer-brains mail servers. The idea seems to be gaining more and more support, especially considering that everything sent to the lists is archived forever.
The trick of course is to filter (and bounce with a helpful note) such messages /before/ distributing them.
Hmmmm... on a related note, many of the *-bug@gnu.org mailing lists have all kinds of crap stored in their archive, because RMS forbids the gnu.org admins to do any kind of spam filtering on the lists. (Go check out, say, the archives for gdb-bug.) The main lists at @gcc.gnu.org are filtered, but the ones at @gnu.org are not. If some proprietary information is sent to one of those @gnu.org lists, they could be in trouble.
Re:So what have you guys gotten? (Score:2)
Re:An analogy... (Score:2)
When the jewelery is sent/stolen from the store, then there is no longer jewelery at the store.
Maybe if the thief made COPIES of the jewelery and sent the copies.... ?
Re:Public Domain (Score:2)
I think you're right, except I strongly dispute your use of the words "Public Domain" in the Subject: headers
If the document contains "company confidential" information, such as a trade secret like the formula for Coke, you may argue that you obtained it legally, because the sender, umm, sent it to you, even if not knowingly, and you may be free to republish that trade secret. (Interesting aside -- the Berne convention may well protect, by default, all such documents. You may be free to transcribe the trade secret in your own words, but republishing coke_formula.doc would be in violation of Coke, Inc's copyright over the "work" of its employee, even if the "work" was just a company internal memo.)
If it's material nonpublic information ("insider information") on a company, the instant you read it, you become an insider under SEC regulations. Any gains you make while trading based on this information are illegal, and the SEC can (and should) come down on you like a ton of bricks.
If it's classified information (i.e. in the .gov sense of the word, not the corporate sense of the word), you have a legal obligation not to disseminate it, you probably have a legal obligation to stop reading when you discover that it's classified, and you may even have a legal obligation to delete it (and to delete it as securely as you can), once you've stopped reading it.
Which leaves open an interesting question for you .mil and .spooky types out there -- while recipients are clearly "better off" (in the sense of "less risk to themselves from pissing off three-letter agencies by exposing their pointy-haired-bosses as clueless") by just deleting it (albeit securely), do recipients have any obligation to report the leak, and if so, to whom should it be reported? (The Catch-22 is that if you don't have clearance for the information, you probably don't have clearance to know to whom you can report it without further compromising security! Do you just put on your Groucho Marx glasses, run to the nearest U.S. embassy, and frisbee the disc over the wall? :-)
All three SirCam risks ("company confidential", "insider information", and "classified") extend to more than just today's virus/worm, BTW. Just about anyone buying a used computer or laptop runs the risk that the machine was improperly wiped, and that they may come into posession of information they wouldn't (and shouldn't) ordinarily have access to.
Re:How do you prove it? (Score:2)
In a previous Slashdot post, I was in a very paranoid mood, and I speculated that this is precisely what the author of SirCam intended.
I'm reserving judgement on whether I was "being too paranoid" or "not being paranoid enough" until we find the author.
Re:Well.... (Score:3)
Obvious T-shirt fodder:
"My Ethics prof was so convinced he was doing a good job, that he didn't monitor the final exam, which made it real easy for me to get an 'A' in the course by cheating!"
Re:Confidentiality clauses (Score:2)
arguably, bob has been negligent in letting his computer be infected. A very clear analogy is Bob keeping the confidential documents in a physically insecure place, where a casual visitor can easily read them.
It is then up to the courts to decide to which extent Bob has been negligent. Has he been negligent in running an OS which is known to have many security holes? Is he responisble for keeping it secure?
Guru Bruce Schneier predicts that computer security will only become a concern for people like bob when their insurance premiums and legal risk of prosecution hurt them where it counts.
This is a commonly recurring theme on comp.risks (well recommended for friday afternoon reading).
Exactly! How could they possibly prosecute? (Score:2)
How about an mp3-spreading virus? (Score:4)
Can you imagine a beow*LART* okay, I guess not.
Inadvertent Disclosure Doesn't Kill Trade Secrecy (Score:4)
So, no, virus-spread documents cannot be considered liberated from trade secret restrictions, simply because they are zipping around uncontrolled on the Net as a result of the virus. But you would have to know the actual circumstances and contents in order to decide in any given situation if at the end of the day trade secrecy really applied.
If you really want to get nosy (Score:5)
For about a weekend or so it was a sport with me. I downloaded a ton of stuff I am sure was not meant for the public -- there was a breakup letter where the writer stoped midsentence and types "aw fuckit i'll stay with her" (but then for some reason saved the letter ? don't ask me). I also found some business oriented xls files and ppt files. Most interesting was the fact that you could find what I think were people's outlook and eudora mailfiles, those inbox.dbx things. I have no idea how to view those.
Anyway, I got bored and moved on to other shit. The best thing I found was a file called either "private.txt" or "secrete.txt" which looked like the following:
SSN: #########
PIN(ATM): ####
PIN(VISA): ####
WellsFargo: user/passwd
yahoo: user/passwd
(a university student network domain): user/passwd
So I guess this guy decided to consolidate all of his sensitive info into one place, decided to put it on a computer, and then accidently shared it with the whole fucking internet.
I wanted to try the yahoo user/passwd just to see if it was real, but at that point I stopped and thought and decided that actually using the information people were inadvertendly sharing to snoop information they _weren't_ inadvertently sharing was probably where the legal/ethical boundary would be crossed. I never sent email to the yahoo address or the university one because I was afraid of being accused of being a hacker. The sad thing is that my gnutella client automatically moves completed downloads to the shared directory, so it is possible I further shared that file with others before I deleted it.
If there were some way you could filter your gnutella search results on IPs belonging to cable/DSL users in the DC area, or by those belonging to employees of a particular company, etc, then you could really do some damage.
I talked about this with other people and some of them apparently search for the names of
So I guess the moral is, make sure your friends know how to configure their gnutella clients correctly.
IANAL (Score:5)
...but I *do* get to deal with this on a more-or-less daily basis these days.
According to the lawyer types I work with, it's more or less the same as if a fax went through to the wrong number. They are prohibited from disclosing the information if there is a legal blurb on the bottom of the page or wherever that says so.
I never thought I'd see the day when I'd welcome more legalese on documents... but any sensitive documents should really have that blurb, quoted (well, mostly) here:
In the case of financial documents, which is what I concern myself with, the use of them for gain is tantamount to insider trading and is a Bad Thing for He Who Gets Caught.
Zaphod B
Hotmail deleted all my mail because of this virus (Score:5)
During that time, my hotmail Inbox filled up with these sorts of messages (large attachements with the text: "I send you this file in order to have your advice").
Once it reached the maximum size for hotmail diskspace, hotmail started automatically deleteing older messages: all the messages in all of my folders had been deleted by the time I checked my hotmail account.
All that was left was spam in my Inbox.
Thanks, Microsoft!
Trade Secrets are just that... (Score:3)
If you have some intellectual property you have 4 ways to protect it:
- Trade Mark
- Copyright
- Patent
- Trade Secret
The first three rely on government protection. The last one relies on your own ability to keep it secret. If you're unable to keep it secret then you should use one of the first three methods to protect yourself. If you fail to keep it secret and don't use one of the other methods then you are unprotected and there's nothing you can do - that's why the other methods exist.IANAL But I recently had one explain all this to me.
--Strangers (Score:4)
Those are the worst kind of strangers!
why do people keep doing this? (Score:5)
Judging from the uninformed comments above, evidently not, but there are a *ton* of clueless idiots who are more than happy to spout off their opinions on a subject they know nothing about. But hey, that's what most Slashdot discussions are anyway.
Trade secrets are covered by a myriad of laws, and you can get in serious trouble for divulging them even if you learned of them by accident. Call a lawyer to find out more details. Slashdot can't provide much help on legal questions, as we've proved over and over and over again...
--- egomaniac
Encrypted polymorphic viruses and the DMCA (Score:5)
Consider a virus writer being caught, then going after the major antivirus software vendors for breaking the encryption on his virus...
-- fencepost
Even if it _is_ illegal... (Score:5)
On another note... are you saying I can't post those so-called confidential emails between Slashdot and goatse.cx paying for click-throughs?
--
Re:Confidentiality clauses (Score:5)
Let us say that Alice and Bob enter into a contract, with a confidentiality clause. Bob's computer is infected with SirCam and it mails the contract to Carl. Carl then publishes the contract in a news paper. Alice may have grounds to sue Bob for breach of contract (Bob's copy was leaked) but doesn't have grounds to sue Carl for a breach since Carl was never a party to the contract.
Now for Bob or Alice to release any information may still be a breach, but Carl can do whatever he wants.
Stupid Friends (Score:3)
Wow, talk about a lot of stupid friends. I've only gotten a few of the SirCam virus emails, so I have to assume either a) people don't like me enough to put me in their address book, b) my friends are smarter than CmdrTaco's, c) my friends don't use outlook
Confidentiality clauses (Score:3)
If they delete it, no problem, if they keep it, big illegal problems.
IANAL, but I hired one and thats what they said.
Re:Well (Score:3)
- You did not do anything illegal to get it
- They did not take sufficent precautions to prevent the leak.
I would guess you would be safe in releasing it. But, if it got to you, it probably got to many others so the leak would not be traceable.See a lawyer.
you could go on with this all day... (Score:5)
You shouldn't set your email program to automatically execute attachments...
You shouldn't open attachments from someone you don't know...
Oh wait, you might get the virus from someone you DO know, but you shouldn't open attachments unless you know what they are and were expecting them...
Always use BCC:
Keep your virus definitions up to date...
Keep your programs/operating system/server up to date with the latest patches...
Always backup your data...
You shouldn't be superuser-equivalent unless you need it briefly to change something...
You should choose a password that is not easy to guess...
You should change your password regularly...
You shouldn't use the same password on different systems...
Do not feed the bears...
It could go on and on. Your idea is fine. It represents one of the many things that *should* be done. But who is going to do it? The fact of the matter remains, people won't follow good security practices because it's inconvenient, they don't want to, they don't know about them, or their Aunt Ruth has a beard.
The point of the question above is that when someone receives something confidental, accidentally, the ethical thing to do is to delete it. Who's responsible? Well, the virus writer, if the file was spread as a result of a virus. Sure, the user should have kept his document secure, but he didn't. Are users guilty of violating any of the above policies? Sure. Are sysadmins? Yep. We do it too.
Of course, we need to educate our users and enforce security policies. Saying "this will work; problem solved" isn't sufficient. Proactive education, policies, and enforcement are the answer. Now I've got to get back to work and do it!
"I say consider this day seized!" -Hobbes
Re:why do people keep doing this? (Score:5)
Is there some secret stash of lawyers on Slashdot that I'm not aware of yet?
Sure!
CmdrTaco) Hmm... Got another law 'Ask Slashdot' here.
Hemos) Another? What's it about?
JonKatz) It's a case that has the ugliest implications not only for the press (online and off) but for open discussion of technology, and especially for the First Amendment.
CmdrTaco) Some guy wants to know if he can post secret documents he gets e-mailed.
Roblimo) Are you sure we want to post this? Don't you think slashdot is posting too many law-related stories, when there are no lawyers reading? We don't want the site to get boring...
JonKatz) Slashdot is at times witty, imaginative and entertaining, no small accomplishment, especially this summer. It reminds us that when it comes to ominous design and atmosphere, nobody can top CmdrTaco. Where he seems to have trouble is with storytelling.
Hemos) Well, we could just blindly post it... or we might have to break out the.... SECRET STASH OF LAWYERS!
CmdrTaco) Great idea! Where did you leave the lawyers, Cliff?
Cliff) They're in the fridge, behind the Jolt.
I think that's about how it went.
Michael
SirCamExchange.com? (Score:3)
Re:Confidentiality clauses (Score:5)
You cannot forward a document to a stranger and then legally bind that stranger to behave according to the content of that document. Not in the USA.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ the real world is much simpler ~~
Re:Excellent Question (Score:4)
What happens if someone steals your car and causes a fatal accident with it? Given my car, it's quite likely the theif was the one who died.
What happens if a child finds the gun you left in your dresser and shoots himself?
He'll be very very wet or hit by a paint ball.
What happens if someone breaks into your house, trips over something and breaks a leg?
Not only will they have a broken leg, they'll be covered in doggie drool. So with a broken leg and buckets of doggie drool, they'll be searching for the missing portable phone. And if all he broke was his leg, he's lucky. There's lots of stuff to trip over in my house.
So... (Score:5)
I send this Ask Slashdot to you to get your advice.
Thanks, Taco... (Score:3)
I'm sure the authors of all these recent viruses would just love to implement this. I can think of lots of fun things to do now:
Outlook virus that sends not only itself to all persons in the address book, but also a random file from "My Documents" or somesuch. Especially good if the virus picks files that are .doc, .xls, etc.
IIS exploit that fully allows "visitors" to read all cgi scripts, as well as perform "updates" to these scripts.
Now, if you'll all excuse me, I've got some MS exploits to write....
Re:Well.... (Score:3)
Based on that conversation, this is what I understand the situation to be here in Canada: if there is no pre-existing NDA in effect, a person who receives a document labelled "confidential" is not under any legal obligation to maintain that confidentiality.
I was cautioned however, that there would be no guarantee that any information received in such a manner would be accurate or authentic...
Caveat emptor.
Re:How to open safely? (Score:5)
Save the file on your harddisk, then remove the first 137216 bytes. You need a hex editor to do that.
Or with Cygwin it's
$dd if=virus.doc.pif of=clean.doc bs=1 skip=137216Rename it to the actual file type and open it.
Do not double click it, instead open it from the correct app (just in case you didn't remove the virus properly - Word doesn't open windows executables)