Thursday, May 10, 2007
“Common sense? We don't need no steeenkin' common sense!”
At the botton of an email I received from a friend today, I following bit of legal verbiage appeared:
NOTICE OF CONFIDENTIALITY: The information contained in this email and any document attached hereto is intended only for the named recipient(s). It is the property of XXXXXX XXXXXXXXXX XXXX and shall not be used, disclosed or reproduced without the express written consent of XXXXXX XXXXXXXXXX XXXX. If you are not the intended recipient or the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this email or its attachments is strictly prohibited. If you have received this email in error, please notify the sender immediately by return email or by calling (561) XXXXXXXX. Thank you.
I found it amusing.
[The following three paragraphs were written based upon an incorrect assumption. See below for an update]
Let's see … the company my friend works for (and it's not a
law firm by the way) is claiming ownership of a stream of bits that have
been delivered to my inbox. Well, I think they're claiming
ownership of a stream of bits—it can't be the electrons because the
electrons used to transmit the bits have long since been recycled into other
bits streaming hither and yon. I can't see it being the magnetic flux on
the harddrive that's storing the message, because once I delete the email,
there is no message with which to claim ownership over (okay, technically,
deleting the message isn't enough since the bits comprising the message
still exist on the harddrive unless I overwrite the message with a
different pattern of bits, which I may have to do).
So, they're claiming ownership over the bits that comprise the message. Or
rather, the bits in the order they appear in the message, because the bits
in a different arrangement:
((())), ,, ,,,…‥156:ACCD EEF FIIIIIIILNN NOOOTTTTT XX XXXX XXXXX XXX XXX XXXXXXXX XXXXXXXX XXXXXX XX XXXXXXXY aaaa aaa aaa aaaaa aaaaaaaaaaaaa aa ab bbb bbbccccc cc cccccc ccccdddddd dddd ddd ddddd ddd dd ddddd eeeeeeeee ee eeeeeeeeee eeeeeee eee eeeeeee eeeeeee eeeeeee ee eeeeee eeeeeeeeee eeeee ee eef fff fff fff fggggghh hhhhhhhhh hh hhh hhhhhhhh ii iiiii iiiiiiiiiii iii iiiiiiiiii iiii iiiiiii ii iiiiiiiiii ii kll llllllll lllllllmmmmmm mmm mmm mmnnnn nnnnnnnn nnnn nnn nnnn nnnnnnnn nnnn nnnnnnnnnnn no oooooo ooo ooo ooooooo oooooooooooooo oooooooppppp pp ppppprr rr rrrr rrrrr rr rrr rrrrrrrrrrr rr rrrrrrrr rssssssssss ss sss ssss ssssssss ssst ttttt tt tttttt tttttt tttttt ttt tttttt ttttttttttt tt tttttt uuuuu uu uu uuvvvvv vwwwx yyyyyyyyy yyyyy yyy
lose all meaning (except for the preponderance of “X”, which
I used to cut out any identifying identification, you can determine
with a high likelihood of chance that the text was originally written in
English due to letter frequency). Unless they really are claiming
ownership of the bits reguardless of order they're in, but that's not made
clear.
Now, the part that goes “shall not be … reproduced without the express written consent …” Obviously, I don't have written consent to reproduce the message here on the blog (although I could claim “Fair Use” in this instance) but in reading the email initially I didn't have prior written consent because the very act of receiving the email caused a reproduction to be constructed—a copy from the bits streaming in from the network to electrical charges in memory and then a copy from said electrical charges in memory to the magnetic flux on the harddrive.
Two copies in which I had no written consent for reproduction.
And then there's the four reproductions made when I viewed the email initially (from disk to memory, from memory to network, from network to memory, and from memory to video screen).
I'm thinking their lawyers need a clue-by-four in how email works.
Then there's the last bit that goes “[i]f you are not the intended recipient or the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this email or its attachments is strictly prohibited.” Assuming I wasn't the intended recipient of this message, I would have had to “disseminate” the message (from the server to me) and “review” it to see that it was in fact, not intended for me. The theoretical legal implications of this are staggering.
Which is why I found this all so silly.
(And to my friend who sent this—yes, I realize you have no say in this, but that still doesn't mean your company isn't silly for including this in the first place)
Update some time later today
I misread what they were claiming ownership of—the information, not the actual bits.
When I was constructing the different arrangement, I briefly debated about using the original, non-censored paragraph, since the letters would be scrambled anyway. Then I thought that no, someone could conceivably reconstruct the censored portion, by removing the letters in the known portion, and unscrambling the remaining letters, which wouldn't be that hard. Scrambling the letters didn't hide the information enough to my liking, so I kept the Xs (which is what I use to censor information in case the associated CSS isn't used).
Which meant, it really was about the information.
How desperate do you have to be to spam someone? Part II
Okay, two days later and I have more information about that spammer: they're not trying to send email, they're trying to spam guestbooks and forums.
Before I get there, let me explain how the Obligatory Email Notification System works. When you fill in the form, your email address is added to an “optin” list, and an email is then sent. Only when you reply to that email is your email address moved from the “optin” list to the “verified” list and it's from the “verified” list that emails are sent when I make a new entry.
So I decided to check the “optin” list, and boy, was I in for a surprise. I haven't checked the actual “optin” list for, oh, three years or so? It would be an understatement to say the email addresses were predominately sex related. I grabbed one (hcl_tab_tramadol@hotmail.com) and lo, look at all that guestbook spam.
My guess: the spammer searched the net for HTML forms that looked like guestbook for forum forms, and since many guestbook forms have an email field (usually named email) they tagged my Obligatory Email Notification as a possible guestbook script (since it, too, has a field named email).
But here's where things get weird: the only fields they fill out, in regards to my Obligatory Email Notification form, are the fields defined in that form. I had hoped to see some additional fields being sent in, like comments or message (which wouldn't do anything anyway) but nope, the only fields they sent in were the fields defined for my form.
I thought maybe because I didn't have a field named comments or message they weren't sending in such a field. So I added a field named comments (it's a <TEXTAREA> but with a style of display: none).
Still, only the fields I had originally defined were being sent in.
Checking the logs, and yes, the spammer has definely cached the original form (because the spammer is simply doing a POST to the form, and not retrieving it before doing the POST). I'm going to rename the form and see if that has any effect.
One more thing though: It's one spammer doing all this, and while you would think I could just block that one IP address, I can't. That's because this particular spammer, running their script from 72.232.102.130, is using a series of open web proxies to submit the form, so the actual IP address to block changes all the time. So anyone who is getting spam to a guestbook or forum, and you're running Apache, you might want to check the environment variable HTTP_X_FORWARDED_FOR.
