LISTSERV mailing list manager LISTSERV 16.0

Help for CMPLAW-L Archives


CMPLAW-L Archives

CMPLAW-L Archives


CMPLAW-L@LISTS.UFL.EDU


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Monospaced Font

LISTSERV Archives

LISTSERV Archives

CMPLAW-L Home

CMPLAW-L Home

CMPLAW-L  June 1998

CMPLAW-L June 1998

Subject:

Re: Certified Email

From:

Marc Tibbar <[log in to unmask]>

Reply-To:

Internet and Computer Law Association <[log in to unmask]>

Date:

Wed, 10 Jun 1998 10:57:30 EDT

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (99 lines)

As a technology consultant, this question hit me with a bit of a shock. The
 fact is that you can not prove the acceptance of email by a specific person,
 unless you can (a) physically place that person at a specific location on an
 internal network, and (b) can prove that the mail was read at that terminal at
 that time (the location can easily be spoofed by pro to map a specific
 location onto an outside one). OR
(c) the person responded with a verifiable email (i.e. - digital signature
 verification, etc) or physical mail showing a response that could have only
 come as a result of having received information that was contained in said
 email. Please note that the even the response email may have been spoofed, but
 with a digital signature, the odds are greatly reduced.

As a former computer criminal turned pro within the industry, the following
 statements apply:

1. Anyone with adequet skill can seize, reroute, delete any email, or create
 false reply for any email for any person. Access points for such things can be
 acheived through social engineering (i.e. - calling in and pretending you
 forgot your password inorder to gain the access information), dipsy-dumpster
 diving (to grab reams of print outs), physical access (walking up to a
 computer while the owner/user is away in the kitchen, at lunch, etc),
 telephone interception (i.e. - hooking a modem up to your phone line and
 making it listen passively for password information, etc), and so forth. As a
 result, you have to physically put the recipient at the location it was
 received at the time it was received (with the possible exception of French
 based cannon law).

2. The mail can have been received by the intended recipient's computer and
 then accidentally deleted, either through user error, computer crash or
 automated housekeeping (i.e. - my aol account has options to clear out
 messages after 1 or 2 weeks, 1,2 or 6 months, or 1 year). While you may be
 able to establish the receipt, you can not establish that the message was
 actually viewed, in as much as while you can get a letter into someone's
 physical mailbox, you can not necessarily gaurantee that they actually read
 it, unless there was witness to the fact or irreputable evidence that it was
 responded to by the intended recipient.

3. The mail may have been received and attempted to be read by the recipient,
 but the recipient may have been unable to actually decode it. The perfect
 example of this is a longer message sent from a UNIX system machine to the
 average Macintosh user with an AOL account. The unix box may encapsulate the
 message as a .uu encode, or as a .mim (mime attachment), which would then
 arrive at the recipient's mailbox as a file whose contents were unviewable
 unless he specifically had a .uu/mime decoder (which is unlikely unless the
 recipient is technically knowledgable); a .uu/mime decoder is not a standard
 part of many of the connection packages on the market, including the most
 popular one -- AOL. A secondary example is a specific file type (say Word98)
 which was sent and which the user has no capability to open due to lack of
 appropriate translators and software.

4. The contents of a message can easily be spoofed for a court of law or other
 purpose. While the headers (if available) may show the routing (which may have
 also been spoofed, at least for the first couple stops on it's journey -- a
 tactic used by bulk emailers), the traffic may have been logged as having
 passed on some of the other servers it passed through (traffic reports usually
 get killed after a few days -- the file is erased and starts over), it still
 does not prove that the content of the email is the same as that shown to the
 court.

In closing
The defense may have to prove to the court that there may be reason to suspect
 that the intended recipient didn't receive their own email, either through
 standard access of other people (i.e. - a family sharing a single email
 account, or a secretary who uses the same account), or a reason to suspect
 that the system (or his/her email) was tampered with (including by virtue of a
 crash). The fact remains, using pure logic (not legal system logic), that
 there is absolutely no way to prove it reliably without direct, uninvolved
 witness.
Finally, I have never had a postman ask me for my ID when receiving certified
 mail.

Sincerely Yours,
Marc S.A. Glasgow
*----------------------------------------------------------------*
| “If Reality impedes your Performance, try reallocating |
| your Reality_Buffer at a higher value...” |
| (c) 1983, Marc S.A. Glasgow aka The CyberPoet(tm) |
*----------------------------------------------------------------*
| Marc S.A. Glasgow |
| Technology Specialist |
| Contributing Technology Writer, XRAY Magazine |
| personal email: AardWolf Consulting |
| <A HREF="Mailto:[log in to unmask]">[log in to unmask]</A>
 <A HREF="Mailto:[log in to unmask]">[log in to unmask]</A> |
| Phone (813) 446-0700 1835 Druid Road E. |
| Clearwater, FL, USA |
| VM & Digital Pager (813) 438-0004 zip+6 = 33764-460835 |
*----------------------------------------------------------------*
| Alpha Pager: [log in to unmask] |
*----------------------------------------------------------------*
In a message dated 6/10/98 9:16:00 AM, you wrote:

>I am presently engaged as an expert witness in a Net-related
>case, and the law firm involved told me (by telephone) that
>anything I send via e-mail can be used in the case. My question
>is how do you verify that somebody received the e-mail like you
>would do with certified mail?
>
>George

Top of Message | Previous Page | Permalink

Advanced Options


Options

Log In

Log In

Get Password

Get Password


Search Archives

Search Archives


Subscribe or Unsubscribe

Subscribe or Unsubscribe


Archives

February 2005
August 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
June 2002
March 2002
February 2002
January 2002
November 2001
October 2001
August 2001
July 2001
June 2001
April 2001
March 2001
January 2001
December 2000
November 2000
October 2000
September 2000
June 2000
April 2000
March 2000
February 2000
January 2000
December 1999
November 1999
October 1999
September 1999
August 1999
July 1999
June 1999
May 1999
April 1999
February 1999
January 1999
December 1998
November 1998
October 1998
September 1998
August 1998
July 1998
June 1998
May 1998
April 1998
December 1997
November 1997
October 1997
September 1997
August 1997
July 1997
June 1997

ATOM RSS1 RSS2



LISTS.UFL.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager