If You Can Read This, You're Breaking The Law!
from the your-mail-is-not-your-own dept
I get lots of (legitimate) email, intended for other people, sent to my email address. I guess it’s easy to screw up your own address and wind up at mine — or mine is just a popular one to use as a fake, when people don’t want to supply their real one. Just today, I received an email from Remax, Northern Illinois, thanking me for registering on their site (and conveniently providing me with the password “I” used to sign up), which I didn’t, an order confirmation for tickets to see Blue Man Group at the Pioneer Center (in Reno), which I did not purchase, and an “Acknowledgment Letter” from an attorney (maybe) with attachments and no message body aside from the following:
NOTE: This e-mail message (including attachments) is subject to attorney-client privilege and contains confidential information intended only for the person(s) to whom this email message is addressed. This e-mail may be covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521, which provides criminal penalties for your use of this email without permission. This message may contain Protected Health Information covered under HIPAA Rules and HITECH Standards including, but not limited to, all applicable requirements of the HIPAA Security rule in 45 C.F.R. §§ 164.308, 164.310,164.312 and 164.316, including any amendments thereto. If you have received this e-mail message in error, please notify the sender immediately by telephone or e-mail and destroy the original message without making a copy.
Now, although I have to admit that I was initially impressed by all those fancy numbers and § symbols, a few things struck me as odd. First of all, if the information is “intended only for the person(s) to whom this email message is addressed,” and it was addressed to me, wouldn’t that mean it’s intended for me? Second, with absolutely no information in the body of the email, other than this warning, how am I supposed to know for sure that it was not intended for me? And, finally, if you mistakenly send someone else’s confidential information directly to me (not because of an email server routing error), how is it that I am the one in danger of “criminal penalties” for opening my own mail?
As I have no interest in reading this person’s confidential information, I have not opened the attachments and have no plans to do so. And although I’m not even certain a threat like this is enforceable, I will be canceling my email account, destroying my hard drive, and leaving the country for a while. Wish me luck.
Filed Under: boilerplate, email, legalese, signatures
Comments on “If You Can Read This, You're Breaking The Law!”
Better burn down your house, too. You know, just to be sure.
Wouldn’t want to get into trouble.
Re: Re:
Better yet: “…take off and nuke the entire site from orbit. It?s the only way to be sure.”
EULA ALL THE THINGS!
Someday, I will purchase some EULA-wrapped software with some EULA-wrapped money.
Re: EULA ALL THE THINGS!
Huh, there’s a thought… perhaps one could get checks covered in *tiny* print (looks like a neat pattern to the naked eye) which comprises of an EULA for whomever accepts the funds… You could start it with “by accepting this check you agree to the following: “
Re: Re: EULA ALL THE THINGS!
It would be at least as legally valid as a shrink-wrapped EULA you can’t even read until you buy and open the packaging. But since most checks are deposited by machines these days, you wouldn’t need to hide it in fine print, it’d likely get deposited anyway even if plainly written.
Perhaps “By depositing or cashing this check you agree to waive and/or render void any End User License Agreement or standard contract you normally apply to your customers, for any services or products this check is used to pay for.”
Re: Re: EULA ALL THE THINGS!
People still use checks?
Re: Re: EULA ALL THE THINGS!
It wasn’t followed by the quote: “your soul, and all your earnings, are now mine.”
Re: EULA ALL THE THINGS!
Stop using paypal please.
Good luck
Don’t forget to change your name and get a new passport. That second part’s could be tricky. I once opened email that was unintentionally sent to me (the wrong person) and boom. Wouldn’t ya know it, I have to live in Cuba now.
Re: Re:
Actually, the compound at Guantanamo bay is technically on US soil. So, nope, you’re not in Cuba.
I’m almost willing to bet the attachment probably has some sort of virus/malware payload attached if he DID happen to open it. Sometimes spam e-mail is just fun to read…and laugh at.
Re: Response to: PlagueSD on Aug 11th, 2011 @ 3:45pm
You are likely right.
I have seen similar emails but instead of Blue Man Group it was talking about money from a settlement.
Maybe the spammers are getting good at targeting their campaigns, I do like money and there is no way they could ever guess that!
Fraudulent Disclaimer?
I love all the boiler plate “this message may”s. Yeah, and the message **may** have been written by aliens. But none of the “mays” matter. The only thing that matters are what *actually* applies.
What the message implies to me, in my opinion, is possible malpractice, for how else could Mike be receiving mail that “subject to attorney-client privilege and contains confidential information” that is not actually his? Are such boiler plate disclaimers merely written in the expectation of possible malpractice on the part of the attorney and his/her staff?
And, I’ll, bet that that same sig is used for all the attorney’s e-mail, even when it isn’t about a client and contains no privileged info. Not all info an attorney handles is privileged, so, again IMO, the disclaimer is likely fraudulent misrepresentation much of the time.
Once upon a time...
I worked in a large and well known financial company a few years back. I had the same last name as a Sr. VP and due to the way they set up the address book, my name came up first.
I was on the phone to compliance and legal at least twice a week because I read something I wasn’t supposed to. (Hey, if it’s in my inbox and isn’t obvious spam, I’m going to look)
Oh I could have been rich if I were as honest as your typical lawyer or politician. 😉
Boilerplate
I have attorneys as clients and that confidentiality thing is boilerplate stuff they insert on all emails and faxes. (Yes, lawyers still uses faxes.) It’s easier to put it in with your signature so you don’t have to cut and paste it every time they do send something confidential. And yes, it is a way to avoid malpractice.
Re: Boilerplate
How do you avoid malpractice if you put in that particular boilerplate, then send confidential documents to the wrong email address?
Re: Re: Boilerplate
The same way you avoid breaching your fiduciary duty by printing a disclaimer on money you may or may not be giving to the wrong people!
Fiduciary duty solved! Easy.
Re: Re: Boilerplate
I have no clue. I assume it’s just a CYA, just in case.
Who's At Fault
Assuming for a moment that the E-mail was legitimate, that the contents are really medical records of some sort, and that it was simply incorrectly addressed, and that the data was sent in the clear, then the sender is certainly in violation of the law by sending confidential information over an open network without having at least encrypted the data.
Re: Who's At Fault
You are partially correct. I did data forensics for several years, and there were several instances when this “boilerplate” actually worked against the lawfirm.
Just thought of something
Why is a real estate company sending you confirmation for tickets? And why does the disclaimer mention Protected Health Information if it’s a real estate company? Sounds like there’s a virus in that attachment.
Email disclaimers: threats, adhesions, and pretty much all-around stupidity
But they do make an excellent litmus test.
See for example:
Stupid E-mail Disclaimers and the Stupid Users that Use Them at http://attrition.org/security/rants/z/disclaimers.html
and
Don’t Send Bogus Legalistic Boilerplate at http://www.river.com/users/share/etiquette/#legalistic
As the latter correctly points out:
First, such boilerplate contains useless adhesions, meaning the explicit and implied threats they make are particularly annoying. If you send something via email, the recipients (are you sure you aren’t sending to a mailing list?) and anyone else who sees your clear text postcard in transit can undetectably and with full deniability do whatever they want with the information written on it in plain view. Even casual users of email know email is not a secure communications medium. Thus the threats in typical bogus legalistic boilerplate are naught but an attempt at highly improper intimidation. Demands made in this manner will be regarded as evidence of a hostile attitude on your part by a significant portion of recipients. The threats will negatively affect how your recipients perceive the other ideas in your message.
Happens to me a fair bit.
One of these days, I’m going to reply with “By communicating with this email address, you grant permanent, irrevocable, retroactive permission to me to post any and all messages from you to the of this address to the internet for the purpose of ridicule.”
Upon learning of their error, they will probably demand return of the email.
Re: Re:
Would they return the spider?
Re: Returning email and wishful thinking
I wish there was such a thing. In postal paper mail days if you got something intended for someone else you just scribbled ‘wrong address’ on the piece of mail and sent it back poof. Now, however, if your email address mistakenly gets associated with someone else’s activity, god luck with that. I too have gotten many order confirmations, real estate communications and the like clearly intended for others. But the most worrysome ones are the ones from the North Carolina Department of Corrections; they obviously have mis-entered my email address into a record of one parolee who hasn’t checked in with her parole officer, hasn’t gotten passing grades in a couple college courses and a few other things. They won’t change it despite dozens of requests from me to do so. Therefore, to Simone in North Carolina, if you happen to read this, please contact your parole officer quickly to get this resolved. They think you are ignoring them and are not happy, and that’s not a good thing for you.
Legally binding?
I’ve always wondered about this… if an email footer is legally binding….
What prevents me from putting something like this in the footer and taking someone to court over it:
You the recipient agree to pay me the sender $500 for receipt of this email. Payment is due within 90 days. Please reply to this email within 72hrs to arrange payment or you will be in breach of this agreement.
Can I?
Re: Legally binding?
There is absolutely nothing stopping you from taking it to court, though I wish you all the luck in the world and be prepared to lose the case and be prepared to pay for costs and most likely a counter-suit for such things as fraud, misrepresentation, etc.
Basically why you would lose is because there is no contract since unless they actually reply there is no “acceptance by conduct” which is what EULA’s are based on.
Also there is no consideration. No exchange of worth, no quid pro quo, no sufficiency, and definitely no forbearance nor past dealings.
Not to matter there was definitely no intention to create legal relations on the part of the recipient.
Without any of the above, no contract can be created, even if there is a so called offer (you sending) and acceptance (they receiving) of the contractual obligation.
It’s the same for nearly all of these so called one sided Non Disclosure agreements that are within emails nowadays because people don’t want publicity (especially attorneys sending nastygrams).
They are bogus, are really psychological FUD, and have no weight in law and can as Charlie Hustle above stated, come back to bite them right on the Arse later.
I own a cell phone number that was formerly owned by someone else. That person apparently has lots of problems – I get calls from law firms demanding I call back about various issues, and they often provide me with bank account numbers and other tidbits of information that I could probably use for nefarious purposes if I weren’t so lazy.
Holy May-day batman!
Lot’s of mays in that letter if you ask me, seems very suspicious. May… may means maybe… but it could also stand for May 1, the International Workers’ Day celebrated by communists! Michael might be getting their secret covert messages for their upcoming attack on all that is democratic!
Quick, to the bunker!!!
I love to say this(not really)
But this sounds like a wonderful SCAM.
They send you a random letter..
and tell you NOT to open unless this is REALLY YOU(to protect themselves)
You OPEN it, to see if ANYTHING, MAY, Pertain to you…or just to be nosey..Or to find out if there is any info as to the person IT SHOULD GO TO..
The attachment AUTO OPENS, and AUTO RUNS a web site..and installs a Background virus… or an auto exec that HAS to be run on start up(and only loops) so your machine wont START..
AT LEAST with the post office, you could hand it INTO the window..After scratching off the Address..and someone ELSE delt with it.
Destroy all copies!
I once got an email obviously not intended for me, which had a version of this telling me I needed to “destroy all copies” of the email. Unfortunately, they sent this email to most of the company. Should I have taken them at their word and hacked each computer to ensure that all copies were deleted?
I’d tell you what was IN the email, except I’m not sure if having the email addressed to me counts as being a party to the communication. It seems like someone just barely remembered to make it legal to “intercept” a communication to which you are a party. Good thing, because they defined “intercept” as “acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.” This is SO broad they actually had to make an exception for hearing aids.
The law itself can be found at http://www.law.cornell.edu/uscode/18/usc_sup_01_18_10_I_20_119.html
It happens so often, especially on my gmail address. I get so many emails not intended for me.
2 Nights ago, I got an email from a online take-away ordering system, telling me that my order of a can of Sprite and my Pizza Tandoori was on its way. (seconds later came another email telling me that the order was cancelled by the system, because they didn’t trust my email)
Yesterday, I got an email from a restaurant responding to a complaint about how their food had made someone ill. Apparently that someone had given my email address as their own.
It’s almost everyday now I get email not intended for me.
If some lawyer decides to sue me for opening my email, they’ll have another thing coming. They make a mistake in the address, then it’s no fault of mine if I open it.
I Don't Understand
Several parts of this piece don’t make sense.
1. RE/MAX is NOT in the business of selling tickets of any sort, just real_estate and ONLY real_estate.
2. Medical data???? What’s HIPAA got to do with anything?
3. You should move/copy the attachments to an isolated computer and open them just to see what’s what.
4. Sounds very much like spam or malware.
5. Has anyone checked out this alleged attorney?
Somethin’s fishy.
Re: I Don't Understand
Reading is difficult.
1: The RE/MAX thing was not related to the selling of the tickets, that was actually second email.
2: The attorney may be working for a hospital, and have used a boilerplate disclaimer at the bottom of his email, because of his work at a hospital.
3: Sound advice, but why should we? Why not just toss the email out instead of opening it?
4: It’s generally not spam. Sure spammers also send stuff unsolicited, and often mis-addressed. But that’s not the case in what Mike is telling here, and not what I have said in one of my previous comments. In my case, I usually send an email back saying they’ve reached the wrong person, and that I hope they have another way of contacting them. If it’s happened that I get email destined for the same person multiple times in a row, I ask the sender to notify said person to pay closer attention to what email address they use.
Re: Re: I Don't Understand
And #4 sounds like a great way to get your email location..
They then know its a viable EMail.
Then if they can match it up to other data they find on the net..
Re: Re: Re: I Don't Understand
I am not responding to spam, however to genuine mis-addressed emails I do respond and tell them of their mistakes.
And it’s quite obvious when it’s spam and when it isn’t. It would take too much effort to make spam look like this.
Using my email as a 'throw-away' address
I’ve had my address for over 15 years and the amount of spam is low (must be my email servers use of filters). It’s a simple, short email address and I love it.
However, I periodically get emails from companies where someone gave my email adddress as theirs – thinking that nobody would ever see it.
I have news for you – I did. I’ve cancelled numerous accounts with companies like Monster.com, gaming sites, etc. Sometimes, I wait until the person who used my account has racked up gaming points before I will change the password.
I also had a woman use my address at several auto dealers in California. Guess what? I sent the dealers an email saying that she used a bogus email address, so what else about her might be suspect? If she was applying for credit to buy a car, the dealers might have second thoughts.
I seldom cancel these accounts – I normally just screw with your profile (if I’m in a nasty mood) and then change the password so you can’t undo the damage.
If you don’t want things like this happening to you, use your own email address!
I ran this through my gibberish translator.
Here is what this boils down to:
NOTE: This e-mail message (including attachments) is subject to attorney-client privilege and contains confidential information intended only for the person(s) to whom this email message is addressed. This e-mail may be covered by the Electronic Communications Privacy Act, 18 U.S.C. ?2510-2521, which provides criminal penalties for your use of this email without permission. This message may contain Protected Health Information covered under HIPAA Rules and HITECH Standards including, but not limited to, all applicable requirements of the HIPAA Security rule in 45 C.F.R. ?? 164.308, 164.310,164.312 and 164.316, including any amendments thereto. If you have received this e-mail message in error, please notify the sender immediately by telephone or e-mail and destroy the original message without making a copy.
Translation: I am a careless idiot, but if necessary, it will be proven your fault in a court of law. Neener, neener, neener!