Educause Security Discussion mailing list archives
Re: Encrypting Data-in-Transit
From: Alan Amesbury <amesbury () OITSEC UMN EDU>
Date: Tue, 15 Feb 2005 21:03:29 -0600
Valdis Kletnieks wrote: [snip]
Based on what I'm actually seeing, many site's "Solution" is to just stick a "This email may contain confidential and privileged information and if you're not the intended recipient, you shouldn't read it" on everything that goes out, confidential or not. Unfortunately, this likely *is* the actual solution some of these sites are using....
[snip] I know of very, very few people who scroll to the bottom to check for special handling instructions when first reading a message, so I fail to understand why sites that use such disclaimers habitually place them at the very END of every e-mail message. To me it makes much more sense to place it at the BEGINNING of every message, where unintended recipients are more likely to read it FIRST, before reading any misdirected "confidential and privileged information" that might accompany it. An even more effective approach (inasmuch as such disclaimers can be labelled "effective") would be to place the disclaimer first, immediately followed by several pages of blank lines, making it less likely that "confidential and privileged information" will be visible when a message is first displayed. Recipients would have to scroll down to view anything but the disclaimer. As a side effect, the several pages of blank lines would cause the disclaimer to function as a sort of banner page, should the message be inadvertently printed somewhere where "unintended recipients" could view it. Of course, I also think that such an approach is sheer nonsense. If you're already slinging "confidential and privileged" data around in plain-text e-mail, I think you've got problems that a simple disclaimer is not going to adequately address. -- Alan Amesbury (not speaking for the) University of Minnesota ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Encrypting Data-in-Transit Michael G Carr (Feb 14)
- <Possible follow-ups>
- Re: Encrypting Data-in-Transit Joe St Sauver (Feb 14)
- Re: Encrypting Data-in-Transit Valdis Kletnieks (Feb 14)
- Re: Encrypting Data-in-Transit Alan Amesbury (Feb 15)
- Re: Encrypting Data-in-Transit Valdis Kletnieks (Feb 15)
- Re: Encrypting Data-in-Transit Scholz, Greg (Feb 16)
- Re: Encrypting Data-in-Transit Kevin Shalla (Feb 16)
- Re: Encrypting Data-in-Transit Valdis Kletnieks (Feb 16)
- Re: Encrypting Data-in-Transit Drews, Jane E (Feb 16)