Legal Insanity

Disclaimers are a bit silly by nature, but in their digital form they generally go over the edge.

What is the value of a disclaimer attached to an email message? If I receive a message, I read it top-to-bottom. The disclaimer is invariably posted at the end of a message, because most people would instantly discard email that starts with a disclaimer.

Disclaimers often state that the contents of the message may only be read by the intended recipient. But they say that after you read the message. This legally invalidates the should-not-have-read-it statement because you can never be convicted by rules introduced after you performed an action.

Another thing often stated in a disclaimer is that the late arrival of the email system itself is not the fault of the sender, nor the failure to deliver an email to a non-listening email server. This falls for the same reason: You can write down anything you want on a local medium, but until I have seen it I cannot work from its assumptions. So any statement on deferred delivery or no delivery at all is senseless.

Finally, some larger organisations have a tendency to disclaim the opinion of their employees as a non-organisational opinion. In other words, the organisation does not trust its employees to act professionally. For me as a recipient, this means that I cannot rely on anything written in such emails. If I contact an organisation's employee, I want to communicate with them as a representative of the organisation, rather than getting to know them privately. Why would some disclaimers want to make this impossible? If I cannot rely on the contents of emails, then there is no practical way to rely on the organisation. For communication with such organisations, email is a dead medium. I generally resolve to getting everything confirmed on paper, and of course without such silly disclaimers.

Technical Madness

When we write letters, we tend to sign them. Why is that? It serves to let the recipient recognise us as the originator of a message, and it serves to give a formal status to what we wrote above the signature. Professional email should be signed for exactly the same reasons.

When we write letters, we stick them in an envelope to convey their contents to anyone but the intended recipient. We have laws protecting such envelopes from opening them by others than the intended recipient. No need for disclaimers. Professional email should also be stuck into envelopes, for exactly the same reason.

All this is possible, and it is not even hard. It just takes a bit of growing up for email users who think of email as a volatile, non-sticking medium. But this is not how email is used in reality -- email is just a fast way of non-interactive communication, like letters but much faster. Since signing and enveloping usually takes a bit of explicit action, it will always be possible to distinguish professional email from less-professional email.

Signatures are codes attached to a document to authenticate the message as having originated from a particular party. That party uses a private key, held in its private possession, to create the signature. A loosely bound public key makes it possible for anyone in the world to authenticate the email as having come from the party holding that particular private key.

The technical term for an envelope is encryption. This is the act of scrambling a message's content so thoroughly that it would take immensely long to crack; in practice, this can be made impossible. Except for one party, namely the holder of the recipient's private key. Again, the public key that is loosely coupled to that private key can be used to envelope the message.

Keys aren't very practical to handle, because they are numbers. So it is common for keys to be bound to some form of identity, forming a so-called certificate. A common example are X.509 client certificates, another form of certificate is a so-called PGP key. The names X.509 and PGP refer to the two types of technology that are suitable for email. The difference is that X.509 is usually proposed by parties who want to sell you their certificates, and PGP is usually proposed by people who simply want to work with signatures and envelopes without much additional nonsense.

Professional Simplicity

Let's make a deal now. If we write email, we will do our best to write properly, and if we miss a detail then so be it. It is a way of exchanging information. We won't add disclaimers because they make fun of ourselves, but we do need a common-sense approach to unsigned email.

In addition, if we want to make strong and professional statements, let's agree on signing and enveloping emails. If you are a lawyer, you should know better than to leave off such stamps of professionality. If you are trading online, you can send email with propositions, and use a signature if you want to establish a hard agreement.

Finally, if a message has any bit of sensitivity, envelope it so only intended recipients can read it. It's so easy to do that you are a real fool if you don't. Because the only proper place to start with encryption is at the place where the data starts, which is at the sender's.

If recipients see this distinction in your email, their common sense will kick in to tell them when you are serious (or professional) and when you are not. What's more, a judge or jury can also tell the difference between your "levels" of email communication. So if you ever end up in court, you won't need to point at disclaimers that fall as soon as the opposing party blinks at them; instead, you can point out that you didn't sign a proposal as you are accustomed on hard promises. If your recipient overlooked that obvious distinction then they are at fault. And that's just what you wanted in the first place.

Exchanging keys. Below is an image of my business card. Note the numerical code on the bottom; it enables the most cautious recipients to confirm that an email was indeed signed by the person who handed them this card. After one such verification, they can instruct their system to trust my certification of identity on future emails. That's all that needs to be done to established a trusted communications channel.

Expert Guidance

OpenFortress is available to guide you through the process of selecting, rolling out and starting to use the systems and programs that implement digital signing and enveloping. You are welcome to contact us for details.