If You Can Read This, You're Breaking The Law!

from the your-mail-is-not-your-own dept

I get lots of (legitimate) email, intended for other people, sent to my email address. I guess it's easy to screw up your own address and wind up at mine -- or mine is just a popular one to use as a fake, when people don't want to supply their real one. Just today, I received an email from Remax, Northern Illinois, thanking me for registering on their site (and conveniently providing me with the password "I" used to sign up), which I didn't, an order confirmation for tickets to see Blue Man Group at the Pioneer Center (in Reno), which I did not purchase, and an "Acknowledgment Letter" from an attorney (maybe) with attachments and no message body aside from the following:
NOTE: This e-mail message (including attachments) is subject to attorney-client privilege and contains confidential information intended only for the person(s) to whom this email message is addressed. This e-mail may be covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521, which provides criminal penalties for your use of this email without permission. This message may contain Protected Health Information covered under HIPAA Rules and HITECH Standards including, but not limited to, all applicable requirements of the HIPAA Security rule in 45 C.F.R. §§ 164.308, 164.310,164.312 and 164.316, including any amendments thereto. If you have received this e-mail message in error, please notify the sender immediately by telephone or e-mail and destroy the original message without making a copy.
Now, although I have to admit that I was initially impressed by all those fancy numbers and § symbols, a few things struck me as odd. First of all, if the information is "intended only for the person(s) to whom this email message is addressed," and it was addressed to me, wouldn't that mean it's intended for me? Second, with absolutely no information in the body of the email, other than this warning, how am I supposed to know for sure that it was not intended for me? And, finally, if you mistakenly send someone else's confidential information directly to me (not because of an email server routing error), how is it that I am the one in danger of "criminal penalties" for opening my own mail?

As I have no interest in reading this person's confidential information, I have not opened the attachments and have no plans to do so. And although I'm not even certain a threat like this is enforceable, I will be canceling my email account, destroying my hard drive, and leaving the country for a while. Wish me luck.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Jeffrey Nonken (profile), Aug 11th, 2011 @ 3:30pm

    Better burn down your house, too. You know, just to be sure.

    Wouldn't want to get into trouble.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    The Buzz Saw (profile), Aug 11th, 2011 @ 3:34pm

    EULA ALL THE THINGS!

    Someday, I will purchase some EULA-wrapped software with some EULA-wrapped money.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    :Lobo Santo (profile), Aug 11th, 2011 @ 3:35pm

    Re: EULA ALL THE THINGS!

    Huh, there's a thought... perhaps one could get checks covered in *tiny* print (looks like a neat pattern to the naked eye) which comprises of an EULA for whomever accepts the funds... You could start it with "by accepting this check you agree to the following: "

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    MrWilson, Aug 11th, 2011 @ 3:39pm

    Re:

    Better yet: "...take off and nuke the entire site from orbit. Its the only way to be sure."

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Josef Anvil (profile), Aug 11th, 2011 @ 3:42pm

    Good luck

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Nicedoggy, Aug 11th, 2011 @ 3:43pm

    Re: EULA ALL THE THINGS!

    Stop using paypal please.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Jeff, Aug 11th, 2011 @ 3:44pm

    Don't forget to change your name and get a new passport. That second part's could be tricky. I once opened email that was unintentionally sent to me (the wrong person) and boom. Wouldn't ya know it, I have to live in Cuba now.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    PlagueSD (profile), Aug 11th, 2011 @ 3:45pm

    I'm almost willing to bet the attachment probably has some sort of virus/malware payload attached if he DID happen to open it. Sometimes spam e-mail is just fun to read...and laugh at.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Scote, Aug 11th, 2011 @ 4:22pm

    Fraudulent Disclaimer?

    I love all the boiler plate "this message may"s. Yeah, and the message **may** have been written by aliens. But none of the "mays" matter. The only thing that matters are what *actually* applies.

    What the message implies to me, in my opinion, is possible malpractice, for how else could Mike be receiving mail that "subject to attorney-client privilege and contains confidential information" that is not actually his? Are such boiler plate disclaimers merely written in the expectation of possible malpractice on the part of the attorney and his/her staff?

    And, I'll, bet that that same sig is used for all the attorney's e-mail, even when it isn't about a client and contains no privileged info. Not all info an attorney handles is privileged, so, again IMO, the disclaimer is likely fraudulent misrepresentation much of the time.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Aug 11th, 2011 @ 4:23pm

    Response to: PlagueSD on Aug 11th, 2011 @ 3:45pm

    You are likely right.
    I have seen similar emails but instead of Blue Man Group it was talking about money from a settlement.

    Maybe the spammers are getting good at targeting their campaigns, I do like money and there is no way they could ever guess that!

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Angry Webmaster, Aug 11th, 2011 @ 4:25pm

    Once upon a time...

    I worked in a large and well known financial company a few years back. I had the same last name as a Sr. VP and due to the way they set up the address book, my name came up first.

    I was on the phone to compliance and legal at least twice a week because I read something I wasn't supposed to. (Hey, if it's in my inbox and isn't obvious spam, I'm going to look)

    Oh I could have been rich if I were as honest as your typical lawyer or politician. ;)

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    cybernia (profile), Aug 11th, 2011 @ 4:36pm

    Boilerplate

    I have attorneys as clients and that confidentiality thing is boilerplate stuff they insert on all emails and faxes. (Yes, lawyers still uses faxes.) It's easier to put it in with your signature so you don't have to cut and paste it every time they do send something confidential. And yes, it is a way to avoid malpractice.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Ron (profile), Aug 11th, 2011 @ 4:37pm

    Who's At Fault

    Assuming for a moment that the E-mail was legitimate, that the contents are really medical records of some sort, and that it was simply incorrectly addressed, and that the data was sent in the clear, then the sender is certainly in violation of the law by sending confidential information over an open network without having at least encrypted the data.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Charlie Hustle, Aug 11th, 2011 @ 4:46pm

    Re: Who's At Fault

    You are partially correct. I did data forensics for several years, and there were several instances when this "boilerplate" actually worked against the lawfirm.

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    cybernia (profile), Aug 11th, 2011 @ 4:50pm

    Just thought of something

    Why is a real estate company sending you confirmation for tickets? And why does the disclaimer mention Protected Health Information if it's a real estate company? Sounds like there's a virus in that attachment.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Bergman (profile), Aug 11th, 2011 @ 5:03pm

    Re: Re: EULA ALL THE THINGS!

    It would be at least as legally valid as a shrink-wrapped EULA you can't even read until you buy and open the packaging. But since most checks are deposited by machines these days, you wouldn't need to hide it in fine print, it'd likely get deposited anyway even if plainly written.

    Perhaps "By depositing or cashing this check you agree to waive and/or render void any End User License Agreement or standard contract you normally apply to your customers, for any services or products this check is used to pay for."

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Bergman (profile), Aug 11th, 2011 @ 5:05pm

    Re: Boilerplate

    How do you avoid malpractice if you put in that particular boilerplate, then send confidential documents to the wrong email address?

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Rich Kulawiec, Aug 11th, 2011 @ 5:11pm

    Email disclaimers: threats, adhesions, and pretty much all-around stupidity

    But they do make an excellent litmus test.

    See for example:

    Stupid E-mail Disclaimers and the Stupid Users that Use Them at http://attrition.org/security/rants/z/disclaimers.html

    and

    Don't Send Bogus Legalistic Boilerplate at http://www.river.com/users/share/etiquette/#legalistic

    As the latter correctly points out:

    First, such boilerplate contains useless adhesions, meaning the explicit and implied threats they make are particularly annoying. If you send something via email, the recipients (are you sure you aren't sending to a mailing list?) and anyone else who sees your clear text postcard in transit can undetectably and with full deniability do whatever they want with the information written on it in plain view. Even casual users of email know email is not a secure communications medium. Thus the threats in typical bogus legalistic boilerplate are naught but an attempt at highly improper intimidation. Demands made in this manner will be regarded as evidence of a hostile attitude on your part by a significant portion of recipients. The threats will negatively affect how your recipients perceive the other ideas in your message.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Aug 11th, 2011 @ 5:14pm

    Happens to me a fair bit.

    One of these days, I'm going to reply with "By communicating with this email address, you grant permanent, irrevocable, retroactive permission to me to post any and all messages from you to the of this address to the internet for the purpose of ridicule."

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    abc gum, Aug 11th, 2011 @ 5:21pm

    Upon learning of their error, they will probably demand return of the email.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Nicedoggy, Aug 11th, 2011 @ 5:24pm

    Re:

    Would they return the spider?

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Scote, Aug 11th, 2011 @ 5:24pm

    Re: Re: Boilerplate

    The same way you avoid breaching your fiduciary duty by printing a disclaimer on money you may or may not be giving to the wrong people!

    NOTE: These funds (including any and all lines of credit) are subject to fiduciary duty and are intended only for the person(s) to whom they are legally authorized. These funds and the use thereof may be covered by local, state and Federal 1aw, which provide criminal penalties for your possession, distribution and/or use of these funds without permission. If you have received these funds in error, please notify the sender immediately by telephone or e-mail and destroy the original account numbers and other credentials and access tokens without making a copy.


    Fiduciary duty solved! Easy.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Robert, Aug 11th, 2011 @ 5:43pm

    Legally binding?

    I've always wondered about this... if an email footer is legally binding....

    What prevents me from putting something like this in the footer and taking someone to court over it:

    You the recipient agree to pay me the sender $500 for receipt of this email. Payment is due within 90 days. Please reply to this email within 72hrs to arrange payment or you will be in breach of this agreement.


    Can I?

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Aug 11th, 2011 @ 5:47pm

    I own a cell phone number that was formerly owned by someone else. That person apparently has lots of problems - I get calls from law firms demanding I call back about various issues, and they often provide me with bank account numbers and other tidbits of information that I could probably use for nefarious purposes if I weren't so lazy.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Aug 11th, 2011 @ 5:50pm

    Holy May-day batman!

    Lot's of mays in that letter if you ask me, seems very suspicious. May... may means maybe... but it could also stand for May 1, the International Workers' Day celebrated by communists! Michael might be getting their secret covert messages for their upcoming attack on all that is democratic!

    Quick, to the bunker!!!

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    cybernia (profile), Aug 11th, 2011 @ 6:18pm

    Re: Re: Boilerplate

    I have no clue. I assume it's just a CYA, just in case.

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    ECA (profile), Aug 11th, 2011 @ 6:20pm

    I love to say this(not really)

    But this sounds like a wonderful SCAM.

    They send you a random letter..
    and tell you NOT to open unless this is REALLY YOU(to protect themselves)

    You OPEN it, to see if ANYTHING, MAY, Pertain to you...or just to be nosey..Or to find out if there is any info as to the person IT SHOULD GO TO..

    The attachment AUTO OPENS, and AUTO RUNS a web site..and installs a Background virus... or an auto exec that HAS to be run on start up(and only loops) so your machine wont START..

    AT LEAST with the post office, you could hand it INTO the window..After scratching off the Address..and someone ELSE delt with it.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Aug 11th, 2011 @ 6:47pm

    Destroy all copies!

    I once got an email obviously not intended for me, which had a version of this telling me I needed to "destroy all copies" of the email. Unfortunately, they sent this email to most of the company. Should I have taken them at their word and hacked each computer to ensure that all copies were deleted?

    I'd tell you what was IN the email, except I'm not sure if having the email addressed to me counts as being a party to the communication. It seems like someone just barely remembered to make it legal to "intercept" a communication to which you are a party. Good thing, because they defined "intercept" as "acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device." This is SO broad they actually had to make an exception for hearing aids.

    The law itself can be found at http://www.law.cornell.edu/uscode/18/usc_sup_01_18_10_I_20_119.html

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    G Thompson (profile), Aug 11th, 2011 @ 9:45pm

    Re: Legally binding?

    There is absolutely nothing stopping you from taking it to court, though I wish you all the luck in the world and be prepared to lose the case and be prepared to pay for costs and most likely a counter-suit for such things as fraud, misrepresentation, etc.

    Basically why you would lose is because there is no contract since unless they actually reply there is no "acceptance by conduct" which is what EULA's are based on.

    Also there is no consideration. No exchange of worth, no quid pro quo, no sufficiency, and definitely no forbearance nor past dealings.

    Not to matter there was definitely no intention to create legal relations on the part of the recipient.

    Without any of the above, no contract can be created, even if there is a so called offer (you sending) and acceptance (they receiving) of the contractual obligation.

    It's the same for nearly all of these so called one sided Non Disclosure agreements that are within emails nowadays because people don't want publicity (especially attorneys sending nastygrams).

    They are bogus, are really psychological FUD, and have no weight in law and can as Charlie Hustle above stated, come back to bite them right on the Arse later.

     

    reply to this | link to this | view in thread ]

  30.  
    icon
    Marcel de Jong (profile), Aug 12th, 2011 @ 12:30am

    It happens so often, especially on my gmail address. I get so many emails not intended for me.
    2 Nights ago, I got an email from a online take-away ordering system, telling me that my order of a can of Sprite and my Pizza Tandoori was on its way. (seconds later came another email telling me that the order was cancelled by the system, because they didn't trust my email)

    Yesterday, I got an email from a restaurant responding to a complaint about how their food had made someone ill. Apparently that someone had given my email address as their own.

    It's almost everyday now I get email not intended for me.

    If some lawyer decides to sue me for opening my email, they'll have another thing coming. They make a mistake in the address, then it's no fault of mine if I open it.

     

    reply to this | link to this | view in thread ]

  31.  
    icon
    Marcel de Jong (profile), Aug 12th, 2011 @ 12:32am

    Re:

    Actually, the compound at Guantanamo bay is technically on US soil. So, nope, you're not in Cuba.

     

    reply to this | link to this | view in thread ]

  32.  
    icon
    davnel (profile), Aug 12th, 2011 @ 1:44am

    I Don't Understand

    Several parts of this piece don't make sense.
    1. RE/MAX is NOT in the business of selling tickets of any sort, just real_estate and ONLY real_estate.
    2. Medical data???? What's HIPAA got to do with anything?
    3. You should move/copy the attachments to an isolated computer and open them just to see what's what.
    4. Sounds very much like spam or malware.
    5. Has anyone checked out this alleged attorney?
    Somethin's fishy.

     

    reply to this | link to this | view in thread ]

  33.  
    icon
    Marcel de Jong (profile), Aug 12th, 2011 @ 2:52am

    Re: I Don't Understand

    Reading is difficult.
    1: The RE/MAX thing was not related to the selling of the tickets, that was actually second email.

    2: The attorney may be working for a hospital, and have used a boilerplate disclaimer at the bottom of his email, because of his work at a hospital.

    3: Sound advice, but why should we? Why not just toss the email out instead of opening it?

    4: It's generally not spam. Sure spammers also send stuff unsolicited, and often mis-addressed. But that's not the case in what Mike is telling here, and not what I have said in one of my previous comments. In my case, I usually send an email back saying they've reached the wrong person, and that I hope they have another way of contacting them. If it's happened that I get email destined for the same person multiple times in a row, I ask the sender to notify said person to pay closer attention to what email address they use.

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    Josh in CharlotteNC (profile), Aug 12th, 2011 @ 2:52am

    Re: Re: EULA ALL THE THINGS!

    People still use checks?

     

    reply to this | link to this | view in thread ]

  35.  
    icon
    ECA (profile), Aug 12th, 2011 @ 2:59am

    Re: Re: I Don't Understand

    And #4 sounds like a great way to get your email location..

    They then know its a viable EMail.

    Then if they can match it up to other data they find on the net..

     

    reply to this | link to this | view in thread ]

  36.  
    icon
    The eejit (profile), Aug 12th, 2011 @ 3:06am

    Re: Re: EULA ALL THE THINGS!

    It wasn't followed by the quote: "your soul, and all your earnings, are now mine."

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    Oh THAT Brian!, Aug 12th, 2011 @ 5:14am

    Using my email as a 'throw-away' address

    I've had my address for over 15 years and the amount of spam is low (must be my email servers use of filters). It's a simple, short email address and I love it.

    However, I periodically get emails from companies where someone gave my email adddress as theirs - thinking that nobody would ever see it.

    I have news for you - I did. I've cancelled numerous accounts with companies like Monster.com, gaming sites, etc. Sometimes, I wait until the person who used my account has racked up gaming points before I will change the password.

    I also had a woman use my address at several auto dealers in California. Guess what? I sent the dealers an email saying that she used a bogus email address, so what else about her might be suspect? If she was applying for credit to buy a car, the dealers might have second thoughts.

    I seldom cancel these accounts - I normally just screw with your profile (if I'm in a nasty mood) and then change the password so you can't undo the damage.

    If you don't want things like this happening to you, use your own email address!

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    Anonymous Coward, Aug 12th, 2011 @ 5:27am

    Re: Returning email and wishful thinking

    I wish there was such a thing. In postal paper mail days if you got something intended for someone else you just scribbled 'wrong address' on the piece of mail and sent it back poof. Now, however, if your email address mistakenly gets associated with someone else's activity, god luck with that. I too have gotten many order confirmations, real estate communications and the like clearly intended for others. But the most worrysome ones are the ones from the North Carolina Department of Corrections; they obviously have mis-entered my email address into a record of one parolee who hasn't checked in with her parole officer, hasn't gotten passing grades in a couple college courses and a few other things. They won't change it despite dozens of requests from me to do so. Therefore, to Simone in North Carolina, if you happen to read this, please contact your parole officer quickly to get this resolved. They think you are ignoring them and are not happy, and that's not a good thing for you.

     

    reply to this | link to this | view in thread ]

  39.  
    icon
    Marcel de Jong (profile), Aug 12th, 2011 @ 6:17am

    Re: Re: Re: I Don't Understand

    I am not responding to spam, however to genuine mis-addressed emails I do respond and tell them of their mistakes.

    And it's quite obvious when it's spam and when it isn't. It would take too much effort to make spam look like this.

     

    reply to this | link to this | view in thread ]

  40.  
    icon
    The Devil's Coachman (profile), Aug 12th, 2011 @ 6:44am

    I ran this through my gibberish translator.

    Here is what this boils down to:

    NOTE: This e-mail message (including attachments) is subject to attorney-client privilege and contains confidential information intended only for the person(s) to whom this email message is addressed. This e-mail may be covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, which provides criminal penalties for your use of this email without permission. This message may contain Protected Health Information covered under HIPAA Rules and HITECH Standards including, but not limited to, all applicable requirements of the HIPAA Security rule in 45 C.F.R. 164.308, 164.310,164.312 and 164.316, including any amendments thereto. If you have received this e-mail message in error, please notify the sender immediately by telephone or e-mail and destroy the original message without making a copy.

    Translation: I am a careless idiot, but if necessary, it will be proven your fault in a court of law. Neener, neener, neener!

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This