[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Email disclaimers (was Re: debian rebooting randomly)

on Mon, Dec 08, 2003 at 10:45:18AM +1100, Ross Tsolakidis (rtsolakidis@powerserve.com.au) wrote:
> Hi all,
> A recently built box, running stable, all the latest security patches
> aswell.
> Almost on a daily basis, I find that it has rebooted, nothing in the
> syslog.
> Running kernel 2.4.18-686-smp
> I'm pretty sure that there is a powersaving feature in the BIOS,
> unfortunately the box is located at a remote location.
> Is there a way to find out whats causing this ?
> Can I disable PowerSaving in the kernel, is it even enabled ?  :)
> Any help would be greatly appreciated.
> --
> Ross.
> DISCLAIMER: This e-mail and any files transmitted with it may be
> privileged and confidential, and are intended only for the use of the
> intended recipient. If you are not the intended recipient or
> responsible for delivering this e-mail to the intended recipient, any
> use, dissemination, forwarding, printing or copying of this e-mail and
> any attachments is strictly prohibited. If you have received this
> e-mail in error, please REPLY TO the SENDER to advise the error AND
> then DELETE the e-mail from your system.  Any views expressed in this
> e-mail and any files transmitted with it are those of the individual
> sender, except where the sender specifically states them to be the
> views of our organisation.  Our organisation does not represent or
> warrant that the attached files are free from computer viruses or
> other defects. The user assumes all responsibility for any loss or
> damage resulting directly or indirectly from the use of the attached
> files. In any event, the liability to our organisation is limited to
> either the resupply of the attached files or the cost of having the
> attached files resupplied.
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

The original version of this document may be found at

                           Stupid Email Disclaimers

   It  has  become fashionable, particularly in the UK, for management in
   various   organizations   to   insist   on   various  disclaimers  and
   confidentiality  notices  be  appended to all out-going email address.
   I've seen loads of them over the years, but have only now (2001-01-22)
   started collecting them, so the collection does start very small.

   A typical example is from [1]Luton Sixth Form College, lutonsfc.ac.uk:

     This  e-mail  is  intended  for  the  addressee  shown. It contains
     information that is confidential and protected from disclosure. Any
     review,  dissemination  or use of this transmission or its contents
     by  persons or unauthorized employees of the intended organisations
     is strictly prohibited.

     The  contents  of this email do not necessarily represent the views
     or policies of Luton Sixth Form College, its employees or students.

   I  have  recently  had  my  attention  drawn to the phrase "persons or
   unauthorized  employees"  in  the  above  disclaimer.  Beyond  drawing
   attention to it, it requires no comment.

   Anyway,  if  the  PHB's  at  Luton 6th Form College (or any other site
   whose  stupid disclaimers I list here) think that their disclaimer (or
   anything else) makes it unlawful for me to quote the disclaimers here,
   they know [2]where to find me.

Table of Contents

    1. [3]Why these are stupid
    2. [4]What are you left with?
    3. [5]Don't just do something, stand there!
    4. [6]The list [Last modified: Wednesday, 02-May-2001 14:33:52 PDT]
    5. [7]Adding to this list and making suggestions
    6. [8]Fun  disclaimers [Last modified: Thursday, 26-Apr-2001 12:36:19
    7. [9]Problems  of  appending  disclaimers [Last modified: Wednesday,
       02-May-2001 21:06:54 PDT]
    8. [10]If you must
    9. [11]Other resources

Why these are stupid

   Why are these stupid? Let me count the ways.

  Legal status

   There  are typically to parts of these disclaimers. One part says that
   the  message doesn't necessarily represent official policy. If that is
   worded  carefully, it might be sensible. It is the other part of these
   things (confidentiality, unintended recipient, etc) that is the really
   silly  bit of these. I simply don't believe that those statements have
   any legal force whatsoever.

   Imagine the following disclaimer at the end of an email message:

     Notice: Unless you are named "Arnold P. Fasnock", you may read only
     the  "odd  numbered  words"  (every  other  word beginning with the
     first)  of  the  message above. If you have violated that, then you
     hereby  owe  the sender 10 GBP for each even numbered word you have

   Such  a  statement  should  have  no force of law. The sender can't in
   general unilaterally stipulate conditions on what the recipient may or
   may  not do with the email. (In specific cases, such as copyright, the
   author  may,  of  course,  stipulate  what  rights  are granted to the
   recipient.  There  are  other  instances  where  there  is  an implied
   contract  of  confidentiality, but those are not created merely by the
   sender sticking the word "confidential" on a message.)

   It  appears  that [12]WebLaw's site agrees with me. Although they seem
   to  advocate  use  of these disclaimers, their summary (based on their
   understanding  of  English  law)  of their [13]Legal Position of Email
   Disclaimers document says

     The  value  of  disclaimers  is  limited, since the courts normally
     attach  more weight to the substantive content of the communication
     and  the  circumstances in which it is made than to any disclaimer.
     Having  said  that, disclaimers may possibly be helpful if an issue
     ends  up in court in various respects such as those described below
     and,  since  disclaimers cost (almost) nothing, it is worthwhile to
     use  them.  Even  though  their effectiveness in court is doubtful,
     they  may  provide  a  useful argument in negotiations to resolve a

   Which  sounds  like they are saying that they have no legal value, but
   you  still  might  be  able to frighten people with them anyway if you
   have sufficiently scary lawyers.


   The  "this  message  is  intended  for  the  intended  recipients"  is
   tautological at best. At worst it ...

  Forbids mail being passed to the appropriate person

   When  I  was  an  assistant postmaster at a mid-sized UK university, I
   would  routinely get mail forwarded to me for me to deal with. But the
   original  mail  contained  such a non-disclosure blurb. I would act on
   the  message,  even  though  according  to  the  blurb  my  acting  on
   information in a message not addressed to me was "strictly prohibited"
   (or "subject to litigation" or whatever nastiness is threatened.)

   There  are  many  cases  where  the sender of a message hopes that the
   message  will  get passed on to the appropriate person (who may not be
   explicitly  addressed  in the message), yet if the disclaimer is to be
   taken seriously that can't be done.

  Mailing lists

   Email  discussion  lists  get  widely  distributed  and often publicly
   archived.   That  appears  to  be  in  violation  of  these  sorts  of
   disclaimers.  Thus your silly disclaimer is archived for all the world
   to see in a place where it clearly is silly.

  Press releases

   The  New  Scientist  has  complained about getting press releases with
   those disclaimers. What is it suppose to do with those?

  Official policy

   If  the  mail  system always adds a disclaimer saying that the message
   doesn't  represent  official  policy,  then  how do you state official
   policy by email.

   If  the  disclaimer  says  that  the  message  "does  not  necessarily
   represent  official  policy" then that is like having no disclaimer at
   all.  It  leaves  it up to the reader to determine whether the message
   states official policy.

  Is there a paper parallel?

   I've always wanted to know whether organizations which insist on those
   disclaimers  also  apply  to  the  same policy to paper communication.
   Suppose  I  get  email with such a disclaimer and I get a paper letter
   from  someone in the organization without one. Am I to conclude that I
   may disclose what is in the paper letter and that is official policy.

  Contradictory requirements

   Instead  of being tautologies, some of these disclaimers actually give
   you  contradictory requirements. Basically the say things like "If you
   are not the intended recipient ... any action taken ... is prohibited.
   ...  If  you  have received this e-mail message in error please notify
   [us] ... Please delete this message."

   So  on the one hand, if I am not the recipient I am told that I cannot
   act  on information in the message. On the other hand, I am instructed
   to take particular actions in that case.

   One could, I suppose, say that the disclaimer doesn't apply to itself.
   (After  all,  I'd  be  violating  them  all by publishing them if they
   weren't.)  But the disclaimers don't usually say that. And some of the
   disclaimers  point  out that the message may have been intercepted and
   tampered  with, which surely does apply to the disclaimer. Indeed that
   is  what  adding  the  disclaimers  actually does. So we are left with
   these highly legalistic sounding things which require the reader apply
   selectively  because  the  authors  of  the  disclaimer  couldn't have
   actually meant what they said.

  Tampering with mail

   Adding  these  disclaimers may be considered tampering with mail. Some
   people  have  said  that  adding  these  disclaimers  in Germany would
   probably  be illegal. I have made no attempt to verify that assertion,
   but  suspect  that it is false if the senders of the mail are informed
   that such tampering will occur.

  Addressee vs intended recipient

   In   my   experience  most  misdirected  is  a  consequence  of  users
   misaddressing  messages.  Typically  they  select the adjacent line in
   their  address  book  from  what they intended. These disclaimers talk
   about  the  "addressee". On the other hand, if they were to talk about
   the "intended recipient" it would require that the recipient be a mind

  [14]False positives and false negatives may leave you more vulnerable

   This is covered more in the [15]section on what you are left with, but
   it  is  worth  repeating. In adding the disclaimers, you may have both
   "false  positives" and "false negatives". The former are messages that
   get  the disclaimer but shouldn't (e.g., press-releases, etc). The later
   are  messages that don't get the disclaimers but should (e.g. a message
   sent from an employee at home, but using a work email address).

   False  positives undermine your entire set of disclaimers. They simply
   tell  people  that  your disclaimers are to be ignored. They also open
   the  doors for people to do unwanted things with your messages (ignore
   press  releases,  remove things from archives that should be archived,
   get your users thrown off mailing lists).

   False negatives invite people to assume that the messages that somehow
   come  without  the  disclaimers  are  official  policy or shouldn't be
   treated confidentially.

   These  problems  are  created  by using disclaimers, making them worse
   than just silly.

What are you left with?

   If  the  disclaimers  are  meant  to  do  anything  (and  are not mere
   tautologies) then you are left with a few possibilities if you want to
   keep the disclaimer and non-disclosure notice.

    1. Put  the  disclaimer  on all out-going messages, but hope that the
       recipients while ignore it where it is ridiculous.
       I've  described a few cases where application of the disclaimer is
       ridiculous.  You could hope that people will just kindly laugh and
       ignore the disclaimer in those circumstances.
       Beyond  making  you look ridiculous, the problem with that is that
       it actually undermines the rule of law (and of course any teeth in
       the  actual  threat,  as if someone uses the message in a way that
       you  do  wish  to  sue about, and you try to base your suit on the
       disclaimer,  a defense can be that in a vast majority of cases you
       have  allowed (and desired) violation of those terms.) If you wish
       to  base  your  case on things other than the disclaimer, than the
       disclaimer is not needed.
    2. Have users select whether to include the disclaimer or not.
       This  might  work,  but there is a slight problem. If some of your
       messages  appear  with  a disclaimer and others do not, then there
       may  be  the  implication that all those without the disclaimer at
       official policy or may be published or distributed.
    3. Try  to write a disclaimer that covers all of the exceptions. I do
       not  believe  that  this will be possible. It will probably end up
       doubling  the  size  of  most of your email as well. But there are
       strategies  for this. You could say "unless otherwise noted in the
       text  of the message, this does not reflect official policy" Thus,
       you ask your users to disclaim your disclaimer at various times.
       You  could  also  get  around  the  length  problem by placing the
       disclaimer  on a website and just mentioning the URL in the email.
       If  you  do  this, be certain to maintain distinct versions of the
       URL  disclaimer,  since  if  you  change what is on the web pages,
       previous email should have the "old" disclaimer.
       Despite  these,  I simply don't think that it would be possible to
       cover  all  of  the  exceptional cases beyond saying "please treat
       this email message in a reasonable way, or we might get angry".

   In  the  end,  I think, although I am vastly ignorant of the law here,
   that  adding  disclaimers  only  makes  you  more  vulnerable. This is
   because  without  disclaimers  reasonable conventions and existing law
   apply.  But  once you add the disclaimer you had better get it exactly
   right  and on exactly the right messages, and you sacrifice reasonable

   And, of course, these do make your institution look silly.

Don't just do something, stand there!

   I  can sympathize with the manager who is getting worried about all of
   the  communication  going in and out of the organization with the help
   of  modern technology. That manager may fear that someday one of those
   email  messages  is  going  to  come  back  and  bite  them. It is not
   unreasonable  to  worry  about  that.  And  there  is often the strong
   feeling  that  "something  must  be  done".  But often when there is a
   feeling  of  urgency that something must be done, the wrong thing gets
   done.  Managers looking for something to do see the stupid disclaimers
   of others and follow that crowd.

   Instead  managers  should  look  at the nature of the organization and
   email  from  it.  If  you  are  a university, you have staff, faculty,
   students,  maybe  alumni  sending  from  your  network  or  with email
   addresses in your domain. Recipients know that. Maybe it would be good
   to  move  toward  distinguishing  in the email addresses the different
   types  of  people.  People  know  that  students don't speak for their

   For  a  business,  just  as  you  train  and  allow  people to talk to
   outsiders  on  the  telephone you may wish to issue customer relations
   guidelines for email.

The list

   See  a  separate  file  for  [16]the list of stupid disclaimers. [Last
   modified: Wednesday, 02-May-2001 14:33:52 PDT]

Adding to this list and making suggestions

   If    you    know    of    a   stupid   disclaimer,   send   mail   to
   [17]disclaimers@goldmark.org .   I  will  keep  your  identity  secret
   although  I  may  try  to verify the disclaimer by writing to the site
   saying   that   they've   been  anonymous  nominated  for  the  stupid
   disclaimers web page.

   Also  send  mail  with  comments or additions. I'll try to incorporate
   them as I have time.

  Limited credit

   I  wish  to thank many many people who have submitted things to me and
   who  have  provided  extremely  useful  and  insightful  (and amusing)
   comments.  However, a number of the submissions come from people close
   to  the  organizations  with  the stupid disclaimers, and so I thought
   that  I  should leave all contributions uncredited with the exceptions
   of the ones that I noticed.

Fun disclaimers

   See   a  separate  document  for  the  [18]parody  disclaimers.  [Last
   modified: Thursday, 26-Apr-2001 12:36:19 PDT]

Appending disclaimers

   There  is a separate document which discusses [19]problems of actually
   appending  the  disclaimers.  [Last  modified:  Wednesday, 02-May-2001
   21:06:54 PDT]

If you must...the least stupid way

   If,  after  all  of this you still feel that you need to be seen to be
   doing  something  even  though it will do more harm than good for your
   institution, it is worth looking at a form of disclaimer which has the
   least severe of the problems discussed.

   So  what  would  such  a least bad disclaimer look like? Here are some
    1. It should be true
         1. No threats of legal action with no basis in law
         2. No  claims  to  bind  someone  to  a confidentiality or other
            conditions which they didn't accept.
         3. No  requests to not distribute things that actually should be
         4. No  claims  of  non-official  policy  on  messages  which are
            official policy.
    2. False negatives shouldn't be a problem.
    3. It should be short.
    4. It  should  avoid  pretentions,  pompous  or legalistic language
       where possible.

   Basically,  these criteria rule out the confidentiality stuff and the
   intended  recipient  stuff.  It  also  rules  out  a one-size-fits-all
   statement  which  is  supposed  to apply to the specific message it is
   appended  to. That leaves a generic reminder that email messages don't
   necessarily represent official policy. So,

     Email  from  people  at your.domain.here does not usually represent
     official       policy      of      Your-Organization-Here.      See
     URL-Of-Policy-Document-Here for details.

   Let's  look  at  this  bit  by bit. It doesn't say anything like "this
   message". That way, a false negative (a message without the statement)
   can't  be so easily taken to be official policy. It says "not usually"
   so  it  does  allow  for official policy to occasionally be stated in
   email. You may replace "usually" with "necessarily" if you feel that a
   substantial  portion of email with your organization's name on it does
   state  policy.  It  doesn't make any ridiculous legal assertions about
   the  responsibilities  of  recipients. It doesn't make any claim about
   the legal status of the message it is appended to.

   These  should not be implemented the [20]absolutely stupid way nor the
   [21]merely  stupid  way.  Instead  it should be applied using both the
   [22]fairly silly way and the [23]merely silly way, as discussed in the
   document   that   discusses   [24]the   manner   of  appending  stupid

  Are you disappointed at how weak this disclaimer is?

   This  "least  bad" disclaimer makes a very weak statement, and doesn't
   seem like it is worth having at all. Well, maybe it isn't worth having
   at all. But at least this one doesn't make ridiculous claims about the
   email that you send.

   Stupid  disclaimers are not in the best interest of your organization.
   Please don't put your personal need to be "seen to be doing something"
   above the interests of your organization.

  What should be on the cited policy document

   The policy document listed in the disclaimer
    1. Must not include false or unenforcible legal requirements upon the
    2. Must   not  assert  things  about  all  messages  unless  you  are
       absolutely sure that it is true of all messages.
    3. Should  advise  readers  that email can be very easily forged, and
       may wish to point users to resources regarding that.
    4. Should  advise  readers that email can easily be misaddressed, and
       request  that  should  the receive such a message that they inform
       the sender and respect the senders wishes where appropriate.
    5. Should  advise  readers  that  email  may  be intercepted, or even
       tampered with by third parties.
    6. Should  inform  readers  of  your  institutions policies regarding
       interception and tampering of email.
    7. Should provide (or link to) detailed contact information including
       postal address, full legal name, telephone and fax address, how to
       contact DPA officer (UK only).
    8. Must  provide  information  on  how  a  recipient of some mail can
       verify  whether  its  contents  should  be  taken as policy of the
    9. Should provide information on who (usually postmaster) a recipient
       can contact to verify a suspected forgery.
   10. Must  maintain  a  version history, so people can find the version
       that  was  published  at any time in the past (particularly at the
       time that a particular message was received).

Other resources

   I  don't  (yet)  have  much in the way of other resources, but as I've
   said elsewhere, all lists start small.

   [25]Email Disclaimer FAQ (SOMIS, Dundee University)
          This takes a slightly more sympathetic approach to the question
          than  I  do,  but  is  generally  concludes  that they are more
          trouble  than  they  are  worth.  The  version  I read was last
          modified April 1999.

   WebLaw's [26]Legal Position of Email Disclaimers
          They  take a far more sympathetic view of such disclaimers than
          I  do,  but  see  my  comment on their summary in the [27]legal
          status section.

   [28]The Register's [29]Longest Email Disclaimer award
          It  also  lists  links  to some other winners of dubious honors
          with respect to email disclaimers.

   [30]Slashdot's discussion of the Register's award.
          Someone   in  that  discussion  pointed  out  this  page.  That
          discussion  has many examples illustrating the same points made

   Search GoldMark.org: _________________________

   [31][Best  viewed with any browser] hosted by [32]Hurricane Electric |
   [33]about goldmark.org
   If  you  enjoyed  this,  you  may  wish  to see other [34]Net rants by
   Jeffrey Goldberg. [35][Valid HTML 4.0!] 

   Version: $Revision: 1.36 $
   Last Modified: $Date: 2001/07/27 13:15:44 $ GMT
   First established Jan 22, 2001
   Author: [36]Jeffrey Goldberg


   1. http://www.lutonsfc.ac.uk/
   2. http://www.goldmark.org/jeff/
   3. http://www.goldmark.org/jeff/stupid-disclaimers/#sec-stupid
   4. http://www.goldmark.org/jeff/stupid-disclaimers/#sec-whatnow
   5. http://www.goldmark.org/jeff/stupid-disclaimers/#sec-stand
   6. http://www.goldmark.org/jeff/stupid-disclaimers/list.html
   7. http://www.goldmark.org/jeff/stupid-disclaimers/#sec-add
   8. http://www.goldmark.org/jeff/stupid-disclaimers/fun.html
   9. http://www.goldmark.org/jeff/stupid-disclaimers/apply.html
  10. http://www.goldmark.org/jeff/stupid-disclaimers/#sec-least-stupid
  11. http://www.goldmark.org/jeff/stupid-disclaimers/#sec-other
  12. http://www.weblaw.co.uk/
  13. http://www.weblaw.co.uk/artemail.htm
  14. sec:morevulnerable
  15. http://www.goldmark.org/jeff/stupid-disclaimers/#sec-whatnow
  16. http://www.goldmark.org/jeff/stupid-disclaimers/list.html
  17. mailto:disclaimers@goldmark.org
  18. http://www.goldmark.org/jeff/stupid-disclaimers/fun.html
  19. http://www.goldmark.org/jeff/stupid-disclaimers/apply.html
  20. http://www.goldmark.org/jeff/stupid-disclaimers/apply.html#abs-stupid
  21. http://www.goldmark.org/jeff/stupid-disclaimers/apply.html#stupid
  22. http://www.goldmark.org/jeff/stupid-disclaimers/apply.html#fairly-silly
  23. http://www.goldmark.org/jeff/stupid-disclaimers/apply.html#silly
  24. http://www.goldmark.org/jeff/stupid-disclaimers/apply.html
  25. http://somis.ais.dundee.ac.uk/dataprotect/emaildis/emaildis.htm
  26. http://www.weblaw.co.uk/artemail.htm
  27. http://www.goldmark.org/jeff/stupid-disclaimers/#sec:legal
  28. http://www.theregister.co.uk/
  29. http://www.theregister.co.uk/content/35/19057.html
  30. http://slashdot.org/articles/01/05/22/0016201.shtml
  31. http://www.anybrowser.org/campaign/
  32. http://www.he.net/
  33. http://www.goldmark.org/about/
  34. http://www.goldmark.org/netrants/
  35. http://validator.w3.org/check/referer
  36. http://www.goldmark.org/jeff/

Thank you.


Note that as a consequence of your dislaimer, I'll assume any posts
you've made to list are inadvertant and not for public disclosure, and
will delete them unread.  And unanswered.

If you are posting from a corporate account which postpends such
disclaimers automatically, please investigate an alternative, such as a
remote ssh-accessed system, web-based mail, or similar.

Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    "Nothing at all," intoned Marvin dismally, "not an electronic sausage."
    -- HHGTG

Attachment: pgpcHVFH4N81D.pgp
Description: PGP signature

Reply to: