If You Can Read This, You're Breaking The Law!

from the your-mail-is-not-your-own dept

Thu, Aug 11th 2011 3:15pm — Michael Costanza

I get lots of (legitimate) email, intended for other people, sent to my email address. I guess it's easy to screw up your own address and wind up at mine -- or mine is just a popular one to use as a fake, when people don't want to supply their real one. Just today, I received an email from Remax, Northern Illinois, thanking me for registering on their site (and conveniently providing me with the password "I" used to sign up), which I didn't, an order confirmation for tickets to see Blue Man Group at the Pioneer Center (in Reno), which I did not purchase, and an "Acknowledgment Letter" from an attorney (maybe) with attachments and no message body aside from the following:

NOTE: This e-mail message (including attachments) is subject to attorney-client privilege and contains confidential information intended only for the person(s) to whom this email message is addressed. This e-mail may be covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521, which provides criminal penalties for your use of this email without permission. This message may contain Protected Health Information covered under HIPAA Rules and HITECH Standards including, but not limited to, all applicable requirements of the HIPAA Security rule in 45 C.F.R. §§ 164.308, 164.310,164.312 and 164.316, including any amendments thereto. If you have received this e-mail message in error, please notify the sender immediately by telephone or e-mail and destroy the original message without making a copy.

Now, although I have to admit that I was initially impressed by all those fancy numbers and § symbols, a few things struck me as odd. First of all, if the information is "intended only for the person(s) to whom this email message is addressed," and it was addressed to me, wouldn't that mean it's intended for me? Second, with absolutely no information in the body of the email, other than this warning, how am I supposed to know for sure that it was not intended for me? And, finally, if you mistakenly send someone else's confidential information directly to me (not because of an email server routing error), how is it that I am the one in danger of "criminal penalties" for opening my own mail?

As I have no interest in reading this person's confidential information, I have not opened the attachments and have no plans to do so. And although I'm not even certain a threat like this is enforceable, I will be canceling my email account, destroying my hard drive, and leaving the country for a while. Wish me luck.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: boilerplate, email, legalese, signatures

40 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Jeffrey Nonken (profile), 11 Aug 2011 @ 3:30pm

Better burn down your house, too. You know, just to be sure.

Wouldn't want to get into trouble.
[ link to this | view in thread ]
The Buzz Saw (profile), 11 Aug 2011 @ 3:34pm

EULA ALL THE THINGS!
Someday, I will purchase some EULA-wrapped software with some EULA-wrapped money.
[ link to this | view in thread ]
:Lobo Santo (profile), 11 Aug 2011 @ 3:35pm

Re: EULA ALL THE THINGS!
Huh, there's a thought... perhaps one could get checks covered in *tiny* print (looks like a neat pattern to the naked eye) which comprises of an EULA for whomever accepts the funds... You could start it with "by accepting this check you agree to the following: "
[ link to this | view in thread ]
MrWilson, 11 Aug 2011 @ 3:39pm

Re:
Better yet: "...take off and nuke the entire site from orbit. It�s the only way to be sure."
[ link to this | view in thread ]
Josef Anvil (profile), 11 Aug 2011 @ 3:42pm

Good luck
[ link to this | view in thread ]
Nicedoggy, 11 Aug 2011 @ 3:43pm

Re: EULA ALL THE THINGS!
Stop using paypal please.
[ link to this | view in thread ]
Jeff, 11 Aug 2011 @ 3:44pm

Don't forget to change your name and get a new passport. That second part's could be tricky. I once opened email that was unintentionally sent to me (the wrong person) and boom. Wouldn't ya know it, I have to live in Cuba now.
[ link to this | view in thread ]
PlagueSD (profile), 11 Aug 2011 @ 3:45pm

I'm almost willing to bet the attachment probably has some sort of virus/malware payload attached if he DID happen to open it. Sometimes spam e-mail is just fun to read...and laugh at.
[ link to this | view in thread ]
Scote, 11 Aug 2011 @ 4:22pm

Fraudulent Disclaimer?
I love all the boiler plate "this message may"s. Yeah, and the message **may** have been written by aliens. But none of the "mays" matter. The only thing that matters are what *actually* applies.

What the message implies to me, in my opinion, is possible malpractice, for how else could Mike be receiving mail that "subject to attorney-client privilege and contains confidential information" that is not actually his? Are such boiler plate disclaimers merely written in the expectation of possible malpractice on the part of the attorney and his/her staff?

And, I'll, bet that that same sig is used for all the attorney's e-mail, even when it isn't about a client and contains no privileged info. Not all info an attorney handles is privileged, so, again IMO, the disclaimer is likely fraudulent misrepresentation much of the time.
[ link to this | view in thread ]
Anonymous Coward, 11 Aug 2011 @ 4:23pm

Response to: PlagueSD on Aug 11th, 2011 @ 3:45pm
You are likely right.
I have seen similar emails but instead of Blue Man Group it was talking about money from a settlement.

Maybe the spammers are getting good at targeting their campaigns, I do like money and there is no way they could ever guess that!
[ link to this | view in thread ]
Angry Webmaster, 11 Aug 2011 @ 4:25pm

Once upon a time...
I worked in a large and well known financial company a few years back. I had the same last name as a Sr. VP and due to the way they set up the address book, my name came up first.

I was on the phone to compliance and legal at least twice a week because I read something I wasn't supposed to. (Hey, if it's in my inbox and isn't obvious spam, I'm going to look)

Oh I could have been rich if I were as honest as your typical lawyer or politician. ;)
[ link to this | view in thread ]
cybernia (profile), 11 Aug 2011 @ 4:36pm

Boilerplate
I have attorneys as clients and that confidentiality thing is boilerplate stuff they insert on all emails and faxes. (Yes, lawyers still uses faxes.) It's easier to put it in with your signature so you don't have to cut and paste it every time they do send something confidential. And yes, it is a way to avoid malpractice.
[ link to this | view in thread ]
Ron (profile), 11 Aug 2011 @ 4:37pm

Who's At Fault
Assuming for a moment that the E-mail was legitimate, that the contents are really medical records of some sort, and that it was simply incorrectly addressed, and that the data was sent in the clear, then the sender is certainly in violation of the law by sending confidential information over an open network without having at least encrypted the data.
[ link to this | view in thread ]
Charlie Hustle, 11 Aug 2011 @ 4:46pm

Re: Who's At Fault
You are partially correct. I did data forensics for several years, and there were several instances when this "boilerplate" actually worked against the lawfirm.
[ link to this | view in thread ]
cybernia (profile), 11 Aug 2011 @ 4:50pm

Just thought of something
Why is a real estate company sending you confirmation for tickets? And why does the disclaimer mention Protected Health Information if it's a real estate company? Sounds like there's a virus in that attachment.
[ link to this | view in thread ]
Bergman (profile), 11 Aug 2011 @ 5:03pm

Re: Re: EULA ALL THE THINGS!
It would be at least as legally valid as a shrink-wrapped EULA you can't even read until you buy and open the packaging. But since most checks are deposited by machines these days, you wouldn't need to hide it in fine print, it'd likely get deposited anyway even if plainly written.

Perhaps "By depositing or cashing this check you agree to waive and/or render void any End User License Agreement or standard contract you normally apply to your customers, for any services or products this check is used to pay for."
[ link to this | view in thread ]
Bergman (profile), 11 Aug 2011 @ 5:05pm

Re: Boilerplate
How do you avoid malpractice if you put in that particular boilerplate, then send confidential documents to the wrong email address?
[ link to this | view in thread ]
Rich Kulawiec, 11 Aug 2011 @ 5:11pm

Email disclaimers: threats, adhesions, and pretty much all-around stupidity
But they do make an excellent litmus test.

See for example:

Stupid E-mail Disclaimers and the Stupid Users that Use Them at http://attrition.org/security/rants/z/disclaimers.html

and

Don't Send Bogus Legalistic Boilerplate at http://www.river.com/users/share/etiquette/#legalistic

As the latter correctly points out:

First, such boilerplate contains useless adhesions, meaning the explicit and implied threats they make are particularly annoying. If you send something via email, the recipients (are you sure you aren't sending to a mailing list?) and anyone else who sees your clear text postcard in transit can undetectably and with full deniability do whatever they want with the information written on it in plain view. Even casual users of email know email is not a secure communications medium. Thus the threats in typical bogus legalistic boilerplate are naught but an attempt at highly improper intimidation. Demands made in this manner will be regarded as evidence of a hostile attitude on your part by a significant portion of recipients. The threats will negatively affect how your recipients perceive the other ideas in your message.
[ link to this | view in thread ]
Anonymous Coward, 11 Aug 2011 @ 5:14pm

Happens to me a fair bit.

One of these days, I'm going to reply with "By communicating with this email address, you grant permanent, irrevocable, retroactive permission to me to post any and all messages from you to the of this address to the internet for the purpose of ridicule."
[ link to this | view in thread ]
abc gum, 11 Aug 2011 @ 5:21pm

Upon learning of their error, they will probably demand return of the email.
[ link to this | view in thread ]
Nicedoggy, 11 Aug 2011 @ 5:24pm

Re:
Would they return the spider?
[ link to this | view in thread ]
Scote, 11 Aug 2011 @ 5:24pm

Re: Re: Boilerplate
The same way you avoid breaching your fiduciary duty by printing a disclaimer on money you may or may not be giving to the wrong people!

NOTE: These funds (including any and all lines of credit) are subject to fiduciary duty and are intended only for the person(s) to whom they are legally authorized. These funds and the use thereof may be covered by local, state and Federal 1aw, which provide criminal penalties for your possession, distribution and/or use of these funds without permission. If you have received these funds in error, please notify the sender immediately by telephone or e-mail and destroy the original account numbers and other credentials and access tokens without making a copy.

Fiduciary duty solved! Easy.
[ link to this | view in thread ]
Robert, 11 Aug 2011 @ 5:43pm

Legally binding?
I've always wondered about this... if an email footer is legally binding....

What prevents me from putting something like this in the footer and taking someone to court over it:

You the recipient agree to pay me the sender $500 for receipt of this email. Payment is due within 90 days. Please reply to this email within 72hrs to arrange payment or you will be in breach of this agreement.

Can I?
[ link to this | view in thread ]
Anonymous Coward, 11 Aug 2011 @ 5:47pm

I own a cell phone number that was formerly owned by someone else. That person apparently has lots of problems - I get calls from law firms demanding I call back about various issues, and they often provide me with bank account numbers and other tidbits of information that I could probably use for nefarious purposes if I weren't so lazy.
[ link to this | view in thread ]
Anonymous Coward, 11 Aug 2011 @ 5:50pm

Holy May-day batman!
Lot's of mays in that letter if you ask me, seems very suspicious. May... may means maybe... but it could also stand for May 1, the International Workers' Day celebrated by communists! Michael might be getting their secret covert messages for their upcoming attack on all that is democratic!

Quick, to the bunker!!!
[ link to this | view in thread ]
cybernia (profile), 11 Aug 2011 @ 6:18pm

Re: Re: Boilerplate
I have no clue. I assume it's just a CYA, just in case.
[ link to this | view in thread ]
ECA (profile), 11 Aug 2011 @ 6:20pm

I love to say this(not really)
But this sounds like a wonderful SCAM.

They send you a random letter..
and tell you NOT to open unless this is REALLY YOU(to protect themselves)

You OPEN it, to see if ANYTHING, MAY, Pertain to you...or just to be nosey..Or to find out if there is any info as to the person IT SHOULD GO TO..

The attachment AUTO OPENS, and AUTO RUNS a web site..and installs a Background virus... or an auto exec that HAS to be run on start up(and only loops) so your machine wont START..

AT LEAST with the post office, you could hand it INTO the window..After scratching off the Address..and someone ELSE delt with it.
[ link to this | view in thread ]
Anonymous Coward, 11 Aug 2011 @ 6:47pm

Destroy all copies!
I once got an email obviously not intended for me, which had a version of this telling me I needed to "destroy all copies" of the email. Unfortunately, they sent this email to most of the company. Should I have taken them at their word and hacked each computer to ensure that all copies were deleted?

I'd tell you what was IN the email, except I'm not sure if having the email addressed to me counts as being a party to the communication. It seems like someone just barely remembered to make it legal to "intercept" a communication to which you are a party. Good thing, because they defined "intercept" as "acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device." This is SO broad they actually had to make an exception for hearing aids.

The law itself can be found at http://www.law.cornell.edu/uscode/18/usc_sup_01_18_10_I_20_119.html
[ link to this | view in thread ]
G Thompson (profile), 11 Aug 2011 @ 9:45pm

Re: Legally binding?
There is absolutely nothing stopping you from taking it to court, though I wish you all the luck in the world and be prepared to lose the case and be prepared to pay for costs and most likely a counter-suit for such things as fraud, misrepresentation, etc.

Basically why you would lose is because there is no contract since unless they actually reply there is no "acceptance by conduct" which is what EULA's are based on.

Also there is no consideration. No exchange of worth, no quid pro quo, no sufficiency, and definitely no forbearance nor past dealings.

Not to matter there was definitely no intention to create legal relations on the part of the recipient.

Without any of the above, no contract can be created, even if there is a so called offer (you sending) and acceptance (they receiving) of the contractual obligation.

It's the same for nearly all of these so called one sided Non Disclosure agreements that are within emails nowadays because people don't want publicity (especially attorneys sending nastygrams).

They are bogus, are really psychological FUD, and have no weight in law and can as Charlie Hustle above stated, come back to bite them right on the Arse later.
[ link to this | view in thread ]
Marcel de Jong (profile), 12 Aug 2011 @ 12:30am

It happens so often, especially on my gmail address. I get so many emails not intended for me.
2 Nights ago, I got an email from a online take-away ordering system, telling me that my order of a can of Sprite and my Pizza Tandoori was on its way. (seconds later came another email telling me that the order was cancelled by the system, because they didn't trust my email)

Yesterday, I got an email from a restaurant responding to a complaint about how their food had made someone ill. Apparently that someone had given my email address as their own.

It's almost everyday now I get email not intended for me.

If some lawyer decides to sue me for opening my email, they'll have another thing coming. They make a mistake in the address, then it's no fault of mine if I open it.
[ link to this | view in thread ]
Marcel de Jong (profile), 12 Aug 2011 @ 12:32am

Re:
Actually, the compound at Guantanamo bay is technically on US soil. So, nope, you're not in Cuba.
[ link to this | view in thread ]
davnel (profile), 12 Aug 2011 @ 1:44am

I Don't Understand
Several parts of this piece don't make sense.
1. RE/MAX is NOT in the business of selling tickets of any sort, just real_estate and ONLY real_estate.
2. Medical data???? What's HIPAA got to do with anything?
3. You should move/copy the attachments to an isolated computer and open them just to see what's what.
4. Sounds very much like spam or malware.
5. Has anyone checked out this alleged attorney?
Somethin's fishy.
[ link to this | view in thread ]
Marcel de Jong (profile), 12 Aug 2011 @ 2:52am

Re: I Don't Understand
Reading is difficult.
1: The RE/MAX thing was not related to the selling of the tickets, that was actually second email.

2: The attorney may be working for a hospital, and have used a boilerplate disclaimer at the bottom of his email, because of his work at a hospital.

3: Sound advice, but why should we? Why not just toss the email out instead of opening it?

4: It's generally not spam. Sure spammers also send stuff unsolicited, and often mis-addressed. But that's not the case in what Mike is telling here, and not what I have said in one of my previous comments. In my case, I usually send an email back saying they've reached the wrong person, and that I hope they have another way of contacting them. If it's happened that I get email destined for the same person multiple times in a row, I ask the sender to notify said person to pay closer attention to what email address they use.
[ link to this | view in thread ]
Josh in CharlotteNC (profile), 12 Aug 2011 @ 2:52am

Re: Re: EULA ALL THE THINGS!
People still use checks?
[ link to this | view in thread ]
ECA (profile), 12 Aug 2011 @ 2:59am

Re: Re: I Don't Understand
And #4 sounds like a great way to get your email location..

They then know its a viable EMail.

Then if they can match it up to other data they find on the net..
[ link to this | view in thread ]
The eejit (profile), 12 Aug 2011 @ 3:06am

Re: Re: EULA ALL THE THINGS!
It wasn't followed by the quote: "your soul, and all your earnings, are now mine."
[ link to this | view in thread ]
Oh THAT Brian!, 12 Aug 2011 @ 5:14am

Using my email as a 'throw-away' address
I've had my address for over 15 years and the amount of spam is low (must be my email servers use of filters). It's a simple, short email address and I love it.

However, I periodically get emails from companies where someone gave my email adddress as theirs - thinking that nobody would ever see it.

I have news for you - I did. I've cancelled numerous accounts with companies like Monster.com, gaming sites, etc. Sometimes, I wait until the person who used my account has racked up gaming points before I will change the password.

I also had a woman use my address at several auto dealers in California. Guess what? I sent the dealers an email saying that she used a bogus email address, so what else about her might be suspect? If she was applying for credit to buy a car, the dealers might have second thoughts.

I seldom cancel these accounts - I normally just screw with your profile (if I'm in a nasty mood) and then change the password so you can't undo the damage.

If you don't want things like this happening to you, use your own email address!
[ link to this | view in thread ]
Anonymous Coward, 12 Aug 2011 @ 5:27am

Re: Returning email and wishful thinking
I wish there was such a thing. In postal paper mail days if you got something intended for someone else you just scribbled 'wrong address' on the piece of mail and sent it back poof. Now, however, if your email address mistakenly gets associated with someone else's activity, god luck with that. I too have gotten many order confirmations, real estate communications and the like clearly intended for others. But the most worrysome ones are the ones from the North Carolina Department of Corrections; they obviously have mis-entered my email address into a record of one parolee who hasn't checked in with her parole officer, hasn't gotten passing grades in a couple college courses and a few other things. They won't change it despite dozens of requests from me to do so. Therefore, to Simone in North Carolina, if you happen to read this, please contact your parole officer quickly to get this resolved. They think you are ignoring them and are not happy, and that's not a good thing for you.
[ link to this | view in thread ]
Marcel de Jong (profile), 12 Aug 2011 @ 6:17am

Re: Re: Re: I Don't Understand
I am not responding to spam, however to genuine mis-addressed emails I do respond and tell them of their mistakes.

And it's quite obvious when it's spam and when it isn't. It would take too much effort to make spam look like this.
[ link to this | view in thread ]
The Devil's Coachman (profile), 12 Aug 2011 @ 6:44am

I ran this through my gibberish translator.
Here is what this boils down to:

NOTE: This e-mail message (including attachments) is subject to attorney-client privilege and contains confidential information intended only for the person(s) to whom this email message is addressed. This e-mail may be covered by the Electronic Communications Privacy Act, 18 U.S.C. �2510-2521, which provides criminal penalties for your use of this email without permission. This message may contain Protected Health Information covered under HIPAA Rules and HITECH Standards including, but not limited to, all applicable requirements of the HIPAA Security rule in 45 C.F.R. �� 164.308, 164.310,164.312 and 164.316, including any amendments thereto. If you have received this e-mail message in error, please notify the sender immediately by telephone or e-mail and destroy the original message without making a copy.

Translation: I am a careless idiot, but if necessary, it will be proven your fault in a court of law. Neener, neener, neener!
[ link to this | view in thread ]