 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Frank Chasen wrote: > As an attorney, I am not sure that the law firm is actually asking > for encoded mail. True, they are not. > If they are communicating with their clients as > well as their own attorneys then the clients would need the software > as well. It sounds to me like they are simply asking what procedures > are in place at your company to prevent people from reading other > user's mail. No, they are asking me to put my company into a position of being sued if one of our employees makes an honest mistake that leads to disclosure of one of their clients' sensitive messages. We would have to prove ourselves innocent. Ironically, right after I posted this item to linux-sig, another law-firm client called us with a beef about their email being offline for more than 24 hours. Upon investigation, it turned out to be a stuck queue caused by a problem with their mail server software's interaction with the headers of a particular mail message. When I looked at that message, I couldn't help but notice that the message body had some very relevant information about the internal staffing of that law firm (for obvious reasons, I won't go into it here). This experience proved to me beyond a shadow of a doubt that if I give the mail queue passwords to anyone else in my firm, I simply cannot accept this legal responsibility. (Indeed mail queue management is already shared by 4 individuals.) > A *very* simple description of how unix security works > with particular regard to mail files may be sufficient. In addition > an explanation of how only your sysops can be root users and your > company's written restrictions on their reading mail files may be > sufficient. > > Talk to the law firm and see what they really want. Already done, and the above is not sufficient. In fact, our disclaimer of liability has been in writing (by our law firm Testa, Hurwitz & Thibeault) for the past couple of years. I think we're about to lose a major client over this issue. I have asked them to research the major online providers and provide examples from them of the wording they are seeking; thus far they only came up with an oblique reference amid CompuServe's policies. -rich
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
