I was just sent an email by a blog visitor containing a response to an question posed to theIPCC. The footer of the email says:
AUTHENTICITY NOTE: This email is electronically signed
I’m not entirely sure what this means. I googled and found this. I suppose the intention is to create records that make it difficult for anyone to create a fake email, spoof the return address and give someone the impression it was authentic. I wonder if they keep a record of each outgoing email along with information indicating that it had been signed. If so, it would be interesting to know who keeps that and where.
The footer continued:
This e-mail including any attachments is confidential and may be
privileged. It is intended solely for the addressee. If you have
received it by mistake, please notify the sender by e-mail and delete
this message from your system. Any unauthorised use or dissemination of
this e-mail in whole or in part is strictly prohibited.
I think we previously read that people from the IPCC might begin adding this sort of mystifying boiler plate to their email footers. Obvious questions that pop into my head include:
- By whom is e-mail in whole or in part strictly prohibited. US law? I doubt it.
- UN law? Does have any jurisdiction over whether an email sent to the Us can be disseminated?
- Legally, can confidentiality be imposed on both parties of a conversation by one of them adding a trailer that says it’s confidential? Wouldn’t the IPCC functionary have to write back and let the person asking the question know that he will answer the question if the questioner agreed to be bound to confidentiality?
I’ve read the contents of the email. It’s straightforward question and the IPCC’s functionaries notion of an appropriate response. I can’t even begin to image why anyone who actually thought about imposing a condition of confidentiality on this response would think it was wise to do so. Now the technical question will continue to be debated and if people accept the notion that the correspondence is confidential, the IPCC’s position on the issue will remain a secret to the world.
But there you go. Naturally, for now, I’m just discussing the footer. I’m sure the rest of the email will “leak” rather quickly.
A crypto “signature” is simply a technique to make sure that messages aren’t corrupted in transit. Historically, computers used “checksums” to verify that messages weren’t corrupted ACCIDENTALLY, but somebody could INTENTIONALLY change a message, then also change the checksum, so their deception wouldn’t be detected. Nowadays, the checksum can be encrypted to prevent it from being intentionally changed. Using crypto signatures, you can detect if somebody has change the message.
it usually means that person in question has enabled crypto features in their emails, so that they can occasionally send/receive encrypted email. As a side effect, such software tends to sign outgoing emails that aren’t encrypted.
The legal boilerplate is a second issue. it’s essentially meaningless under any nation’s laws. The only people who need to worry about it are lawyers, who can get into trouble when receiving misdirected emails regarding cases they are working on. Therefore, lawyers put this boilerplate on their emails in case other lawyers receive the email by mistake.
Standard footer that is put at the bottom of emails by all sorts of organizations these days. Simply intended to bluff and intimidate, has no legal force.
Plod is afoot in the UK, rounding up the Usual Suspects.
First, IANAL, and second, this was an interesting question because I remembered that I had relatively recently (i.e., sometime earlier this year) read something about legal footers on emails. I don’t know how to do links, but I think this was the article that I read.
http://www.economist.com/node/18529895
Basically, I think the bottom line is that the footers are there to scare people but are not enforceable (but, IANAL).
I agree with the comments above – it is essentially meaningless in a legal sense but it is also certainly intimidating. It doesn’t do the image of the person adding it to emails any good. It probably doesn’t keep any information secret – perhaps the reverse. So, just unpleasant, then.
The last email I received from the BBC’s Roger Harrabin was about a year ago, and was an Out of Office AutoReply, to tell me he was away from the office until January 4th.
The footer said, among other things, “This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.” and “Do not use, copy or disclose the information in any way…..”
So, sue me. 🙂
Signing Emails
Many emailers have a pair of crypto keys. (A key is basically a lump of data that is used for certain crypto operations). The pair consists of a private key (that is kept secret) and a public key that is made publicly available, often at a public server like keyserver1.pgp.com.
To sign an email, you compute a “hash” of the email, using the private key, and attach it to the email. A receiver of the email can test the hash, using the public key, and be certain of two things:
1. The email contents have not been changed.
2. The hash was created with the private key: i.e. it was sent by the owner of the private key (even though the receiver has never seen the private key).
This is enough to legally prove the it was sent by who it claims to be sent by, and that it hasn’t been changed.
Most modern email programs are aware of signatures and will perform the validation for you, if they are configured correctly.