Print

Print


As a technology consultant, this question hit me with a bit of a shock. The
 fact is that you can not prove the acceptance of email by a specific person,
 unless you can (a) physically place that person at a specific location on an
 internal network, and (b) can prove that the mail was read at that terminal at
 that time (the location can easily be spoofed by pro to map a specific
 location onto an outside one). OR
(c) the person responded with a verifiable email (i.e. - digital signature
 verification, etc) or physical mail showing a response that could have only
 come as a result of having received information that was contained in said
 email. Please note that the even the response email may have been spoofed, but
 with a digital signature, the odds are greatly reduced.

As a former computer criminal turned pro within the industry, the following
 statements apply:

1. Anyone with adequet skill can seize, reroute, delete any email, or create
 false reply for any email for any person. Access points for such things can be
 acheived through social engineering (i.e. - calling in and pretending you
 forgot your password inorder to gain the access information), dipsy-dumpster
 diving (to grab reams of print outs), physical access (walking up to a
 computer while the owner/user is away in the kitchen, at lunch, etc),
 telephone interception (i.e. - hooking a modem up to your phone line and
 making it listen passively for password information, etc), and so forth. As a
 result, you have to physically put the recipient at the location it was
 received at the time it was received (with the possible exception of French
 based cannon law).

2. The mail can have been received by the intended recipient's computer and
 then accidentally deleted, either through user error, computer crash or
 automated housekeeping (i.e. - my aol account has options to clear out
 messages after 1 or 2 weeks, 1,2 or 6 months, or 1 year). While you may be
 able to establish the receipt, you can not establish that the message was
 actually viewed, in as much as while you can get a letter into someone's
 physical mailbox, you can not necessarily gaurantee that they actually read
 it, unless there was witness to the fact or irreputable evidence that it was
 responded to by the intended recipient.

3. The mail may have been received and attempted to be read by the recipient,
 but the recipient may have been unable to actually decode it. The perfect
 example of this is a longer message sent from a UNIX system machine to the
 average Macintosh user with an AOL account. The unix box may encapsulate the
 message as a .uu encode, or as a .mim (mime attachment), which would then
 arrive at the recipient's mailbox as a file whose contents were unviewable
 unless he specifically had a .uu/mime decoder (which is unlikely unless the
 recipient is technically knowledgable); a .uu/mime decoder is not a standard
 part of many of the connection packages on the market, including the most
 popular one -- AOL. A secondary example is a specific file type (say Word98)
 which was sent and which the user has no capability to open due to lack of
 appropriate translators and software.

4. The contents of a message can easily be spoofed for a court of law or other
 purpose. While the headers (if available) may show the routing (which may have
 also been spoofed, at least for the first couple stops on it's journey -- a
 tactic used by bulk emailers), the traffic may have been logged as having
 passed on some of the other servers it passed through (traffic reports usually
 get killed after a few days -- the file is erased and starts over), it still
 does not prove that the content of the email is the same as that shown to the
 court.

In closing
The defense may have to prove to the court that there may be reason to suspect
 that the intended recipient didn't receive their own email, either through
 standard access of other people (i.e. - a family sharing a single email
 account, or a secretary who uses the same account), or a reason to suspect
 that the system (or his/her email) was tampered with (including by virtue of a
 crash). The fact remains, using pure logic (not legal system logic), that
 there is absolutely no way to prove it reliably without direct, uninvolved
 witness.
Finally, I have never had a postman ask me for my ID when receiving certified
 mail.

Sincerely Yours,
Marc S.A. Glasgow
*----------------------------------------------------------------*
|  “If Reality impedes your Performance, try reallocating        |
|   your Reality_Buffer at a higher value...”                    |
|          (c) 1983, Marc S.A. Glasgow aka The CyberPoet(tm)     |
*----------------------------------------------------------------*
|                    Marc S.A. Glasgow                           |
|                  Technology Specialist                         |
|        Contributing Technology Writer, XRAY Magazine           |
| personal email:                         AardWolf Consulting    |
| <A HREF="Mailto:[log in to unmask]">[log in to unmask]</A>
 <A HREF="Mailto:[log in to unmask]">[log in to unmask]</A>    |
| Phone (813) 446-0700                      1835 Druid Road E.   |
|                                          Clearwater, FL, USA   |
| VM & Digital Pager (813) 438-0004       zip+6 = 33764-460835   |
*----------------------------------------------------------------*
| Alpha Pager: [log in to unmask]                 |
*----------------------------------------------------------------*
In a message dated 6/10/98 9:16:00 AM, you wrote:

>I am presently engaged as an expert witness in a Net-related
>case, and the law firm involved told me (by telephone) that
>anything I send via e-mail can be used in the case.  My question
>is how do you verify that somebody received the e-mail like you
>would do with certified mail?
>
>George