Bring Clippy back
"I see you're trying to send a bulk e-mail, would you like some assistance with filling the BCC field?"
Gloucestershire Police has been fined £80,000 for failing to blind-copy an email that contained the names and email addresses of victims of child abuse. The Information Commissioner's Office handed down the penalty after investigating the bulk email error, which took place in December 2016 and exposed the names of 56 people – …
<FTFY>
Gloucestershire Police has taxpayers have been fined £80,000 for police failing to blind-copy an email that contained the names and email addresses of victims of child abuse.
</FTFY>
Fines do nothing but feed a voracious regulatory beast with hidden tax monies purloined from the taxpayers. Real change will come when offenders lose their jobs or are charged with criminal offenses.
Fines do nothing but feed a voracious regulatory beast with hidden tax monies purloined from the taxpayers
ICO "fines" go to the treasury, and I doubt that many people would call the ICO "voracious" nor a "regulatory beast". In many respects, enforcement would be better if the ICO were funded from fines - they'd have more incentive to collect, and to proactively investigate.
ICO "fines" go to the treasury, and I doubt that many people would call the ICO "voracious" nor a "regulatory beast". In many respects, enforcement would be better if the ICO were funded from fines - they'd have more incentive to collect, and to proactively investigate.
One Government body fining another is a rather pointless round-robin anyway. Gloucester plod is hardly going to be allowed to go under like a badly run business.
Dismals and or court action, it's the only way, or they'll only offend again.
"Has that ever been known to work when the email gets sent outside the organisation."
It usually doesn't work INSIDE the organisation. I can point to at leats a half dozen ways of ensuring that attempting it not only wont work but will highlight the message.
Making email safe is a tough challenge. Email DLP is a weak filter, as are other such controls, and they are minor protection from wet-ware bugs. I would definitely be in favor of having completely different systems for communicating with those whose personal details need to be kept private.
As for Outlook, there are enhancements that do help. One's I have yet to see, though, would include an option to always show the BCC line or hide the CC line. There are those that tag the subject line as external for incoming emails, and I'd like to see a better warning when replying all when external emails are present. Yes, there are warnings for this, but it's just not prominent enough. There should be an option to prompt with a list of external address, along with the option to delete email in that prompt, instead of just that little warning that's way too easy to overlook.
I was told once that the standards require the contents of the Bcc field not to be revealed to the recipients in the To and Cc fields, but they do not require that Bcc recipients not be revealed to each other. See sections 3.6.3 and 5 of RFC 2822 and see if you agree. However, even if it is allowed, it would be very unhelpful to implement this in the unexpected way, and these days nobody pays any attention to the RFCs in any case, so I don't know why I bother to mention this.
"Seems pretty explicit?"
On first reading 3.6.3 I thought the same - however, now read section 5, then go back to 3.6.3, and you'll pick up on something you may have missed the first time.
Specifically. it describes three ways a BCC field can be used, and you need to look at the second.
In the second case, recipients specified in the "To:" and "Cc:" lines each are sent a copy of the message with the "Bcc:" line removed as above, but the recipients on the "Bcc:" line get a separate copy of the message containing a "Bcc:" line.
I initially interpreted 'a "BCC:" line' to mean one containing just that recipient's address, and didn't register what the next sentence said:
(When there are multiple recipient addresses in the "Bcc:" field, some implementations actually send a separate copy of the message to each recipient with a "Bcc:" containing only the address of that particular recipient.)
Some implementations do what I automatically interpreted the preceding part as meaning - but if it's mentioning that as something that some implementations do, it follows that some systems may allow some BCC'd recipients to see other BCC'd recipients' addresses.
And then the key bit from section 5:
When the second method from section 3.6.3 is used, the blind recipient's address appears in the "Bcc:" field of a separate copy of the message. If the "Bcc:" field sent contains all of the blind addressees, all of the "Bcc:" recipients will be seen by each "Bcc:" recipient.
It's effectively saying this is a bad way to do it - but it prompted me to go back and read the 'second method' again, and pick up what I missed.
"On first reading 3.6.3 I thought the same - however, now read section 5, then go back to 3.6.3, and you'll pick up on something you may have missed the first time."
Which is that RFCs (Particularly older RFCs) are generally written in badly formed american colloquial english, with an assumption that the reader is already familiar with the subject in question and easy access to the RFC author for clarification (because they're just down the hall)
The number of ambiguous phrases in RFCs is a constant source of amusement and annoyance. I've been told of non-native english speakers _screaming_ in RFC authors faces that their interpretation of the RFC is perfectly valid, despite it being the polar opposite of that the authors intended.
Very few RFCs are actually standards - the ones that are, are called STD{XX} - and even those ones are badly written.
This post has been deleted by its author
I mean, basically the government is now handing out a fine to an institution which got paid with... government money (aka: the taxpayers money!) in the first place. Could someone please explain to me how exactly this is going to have an effect?
It can have an effect because the PHB of government department X takes if very seriously if a chunk of money is deducted from his budget and moved to the budget of some other department's PHB. The basic goal of managers in government is to maximise their department's budget and/or headcount. Taking money away and giving it to "the competition" stings.
It'll just mean that in the next round of funding there will be an even bigger 'our police are underfunded' mantra, coupled with some 'terists* and pedos* are getting away with it because we're not giving the police enough money' from the Daily Wail.
(* spolling is deloberate)
When it comes to government organisations, the concept of being more efficient with money doesn't apply - they just need more of it.
The few law enforcement information systems I've been around use formal configuration and content management subsystems to segregate "Law Enforcement Sensitive" information from Official Use Only and releasable... And I would fervently hope that identities of assault victims would be accorded such protection.
It takes a deliberate act to transmit LES information over email, and LES identities are in separate contact lists to avoid precisely the fsckup this law man committed.
Not foolproof, but at least its a speed bump.
Then again, for every procedure I can find you an idiot that will overmatch it...
"bounce anything going to more than 10 people in the CC field to the chief constable."
For £500 I'll reconfigure the email server to reject more than 3 in the Cc: list and limit the number of total recipients to 10.
More than that should use a mailing list.
" the force recalled the mail "
If this is the level of knowledge of people using email, then I despair.
I'd really like email clients to include a snarky message under the "recall message" menu option, saying "If you wanted to do that you should have thought about it before hitting send or "I'm sorry Dave, it's impossible to do that and everyone's now laughing at you"
... into every workstation that reaches up and slaps offenders in the face with a rotten fish, when the offense is one of the following:
(1) idiots that 'reply all' telling idiots doing a 'reply all' to a group email that they shouldn't 'reply all'
(2) guys who 'reply all' to emails I BCC'ed on and out the fact I BCC'ed
I take some responsibility for (2); I no longer simultaneously use Bcc and Cc list, too risky
More to the point, why was email being used to send this sort of sensitive information in the first place, regardless of idiotically blabbing everyone’s names and email addresses?
I’m assuming that the actual email body must have been unencrypted, because the chances of ordinary people and most journalists (let alone, as we see, many police employees) knowing how to set up and correctly use encrypted email are slim to non-existent (and I include myself in that list: I could probably do it if I really set my mind to it, but as virtually no one I communicate with would know how to, it would be pointless).
We urgently need to replace email with a secure, easy to use, open standard and open source universal messaging system, and we need it by 1995, if not sooner...