Email advice for the rest of us

Coming up on the second anniversary of Security For All (no, this is not THAT entry – it’s coming) I realize that I’ve been remiss about the “For All” part of Security For All. Lately it’s been all about copyright enforcement shenanigans, e-discovery technicalities, Fourth Amendment, privacy issues and Captain X-Ploit parables and nary a peep about how a real person (read non-ultra-geek) can save what’s left of their privacy and avoid being abused on the Internet. I was particularly struck while reading this article entitled 10 things non-technical users don’t understand about your software (no, this isn’t about THAT article either – although it is quite good in a software engineering kind of way) wherein the author, Andy Brice, makes these points.

Techies are happy to play with software to see what it does. They aren’t usually too worried about trying things because they can rely on some combination to undo, version control and backups to reverse most changes and they can usually judge when a change won’t be reversible. Non-technical users aren’t so confident and won’t try things in the same way. In fact some of them seem to think that a wrong move could cause the computer to burst into flames.

Unskilled users often don’t realize how unskilled they are.

That is a nasty but common combination. The implications include users who are afraid of trying things out, because they might “break something” and when they need help don’t have the skill or experience to ask or even know what to ask. Recently I installed a new iMac for my mom. I made sure that she had all of the necessary security software installed and configured including a password safe, made sure that her iSight camera was working so that she could video chat and even transferred all of her photos, addresses and music. In other words she was ready to roll. Or so I assumed. The next day she called me in a panic because her “screen went blank” and the iMac appeared to be dead. After a great deal of troubleshooting over the phone I determined the root of the problem: the iMac was powered off and she didn’t know where to find the power button. So that great work configuring and securing her new computer was useless when she doesn’t know how to turn it on. All of the preceding is an epiphany and mea culpa. I’m returning to the roots of this blog (for this entry at least) with some email advice for everybody.

I’ve written about sending safe email before, but I recently came across this pair of articles by Chad Perrin in TechRepublic. This first, entitled Basic e-mail security tips and the follow-on Five tips for avoiding self-inflicted email security breaches. I’ve condensed these into a single list with my commentary, but you should definitely check out Chad’s full articles.

1. Never allow an e-mail client to fully render HTML or XHTML e-mails without careful thought. At the absolute most, if you have a mail client such as Microsoft Outlook or Mozilla Thunderbird that can render HTML e-mails, you should configure it to render only simplified HTML rather than rich HTML — or “Original HTML” as some clients label the option.

Chad goes so far as to suggest that you use an email client that doesn’t render HTML at all. I wouldn’t go that far but I would agree that you shouldn’t automatically allow HTML. This is the default setting for most email clients. So let’s step back a second and explain some things. First off “HTML and XHTML” are computer “languages” that allow you to see nice page layouts, pictures, sounds and movies in your email. It’s the same stuff you see when you surf the web. A web page is usually HTML that is rendered (“translated”) by your web browser into all of those previously mentioned cool things. So since HTML can automatically download and display stuff like pictures, movies and music from the web, it can also download bad stuff like links to phishing sites or malware that looks like a picture or movie but is really something bad. So if this is the same thing that your web browser displays all the time, then why is it a problem with email? Unlike your web browser which doesn’t copy anything to your computer unless you allow it to, your email program makes a copy on your computer before it even tries to display it. So the bad stuff is already there just waiting to be activated. So be very careful before you “download pictures” in an email (your email program should ask first) and don’t select “always download pictures”. Even when they’re from Dear Old Aunt Alice. Especially if they’re from Dear Old Aunt Alice.

2. If the privacy of your data is important to you, use a local POP3 or IMAP client to retrieve e-mail. This means avoiding the use of Web-based e-mail services such as Gmail, Hotmail, and Yahoo! Mail for e-mail you wish to keep private for any reason.

What he’s getting at here is that you should not use the “webmail” application with these services. That is don’t check your email from a web browser. All of the services mentioned are also POP3 or IMAP servers that your email program can get email from. Unfortunately this can be pretty tricky to set up and you will probably need to get some help to do it right. The main thing to realize is this: those “free” web-based email services aren’t free (sorry but Grandma was right – there is no free lunch). They make money from their advertisers and YOU are the product they offer to those advertisers. So all of those companies would prefer that you leak as much private information to them as possible. It makes you a more valuable product.

3. It’s always a good idea to ensure that your e-mail authentication process is encrypted, even if the e-mail itself is not. The reason for this is simple: You do not want some malicious security cracker “listening in” on your authentication session with the mail server. If someone does this, that person can then send e-mails as you, receive your e-mail, and generally cause all kinds of problems for you (including spammers).

This is very important. It sounds technical – and it is  – but it’s not that hard to find out if your email program is set up right to do this. Just go to the “accounts” set up screen and make sure that the settings include something called “SSL” or “TLS”. If instead it says “cleartext authentication” or “password sent clear” that is bad. Most Internet Service Providers (ISPs)  have been doing “secure authentication” by default for years. They only support the older (bad) stuff for really old computers, but if you have been with your ISP for a long time then you might never have changed your original settings. Definitely check this out. Also be aware that the web-based email services mentioned earlier all have this feature as well, but it is not on by default. They would like everyone to be able to access their service even from broken old web browsers or old smart phones that don’t communicate the right way. That’s not for you. In Gmail (the one I use and know the most about) under the general settings there is a choice to “always use https” which is a fancy way of saying “use a secure connection”.

4. If, for some reason, you absolutely positively must access an e-mail account that does not authorize over an encrypted connection, never access that account from a public or otherwise unsecured network. Ever. Under any circumstances.

This is spot on. It may be convenient to check your email using a web browser on your laptop, iPad or Droid from Starbucks, but be aware that it’s also very convenient for the bad guys to see everything you do – from afar. I’ve written before about using public WiFi safely. The main point being – don’t be an idiot. There’s a reason public WiFi is called that.

5. Turn off automated addressing features: As communication software accumulates more and more automated convenience features, we’ll see more and more cases of accidentally selecting the wrong recipients. A prime example is Microsoft Outlook’s “dreaded auto-fill feature,” where it is all too easy to accidentally select a recipient adjacent to your intended recipient in the drop-down list.

Yes indeed. Your email software contains all sorts of convenient features with which you can easily shoot your foot off. Or at least seriously embarrass yourself. Just make sure that your outgoing message is really going to it’s intended recipients – and ONLY the intended recipients – before you hit SEND.

6. Use BCC when sending to multiple recipients: It’s a bad idea, from a security perspective, to share email addresses with people who have no need for them. It is also rude to share someone’s email address with strangers without permission. Every time you send out an email to multiple recipients with all the recipients’ names in the To: or CC: fields, you’re sharing all those email addresses with all the recipients.

I can’t count the number of times I have gotten email from a well-meaning friend or acquaintance that has added me to a mailing list where every email address on the list is visible to every recipient. In some cases I might even know many of the people on the list, but that doesn’t mean that they want an unsavory character like myself knowing their email address. In case you are interested – or are one of the egregious offenders I mentioned – I use special email rules for all emails I receive where I’m part of a mailing list. Special in the sense that the message goes straight to the trash and black-lists the sender’s address if there are multiple visible recipients. So long and don’t bother to keep in touch.

7. Save emails only in a safe place: No amount of encryption for sent emails will protect your privacy effectively if, after receiving and decrypting an email, you then store it in plain text on a machine to which other people have access. Sarah Palin found out the hard way that Webmail providers don’t do as good a job of ensuring stored email privacy as we might like.

Boy Howdy! I’ve also written about that very incident, in this entry about Sarah Palin and the great Yahoo! angst.The point here is one of the fundamental principles of security – be it information security or physical security - If you don’t control the location of the thing you want to protect, you can’t protect the thing. Whether it’s a classic car, the formula for Coca Cola or a email message. Last time I checked, you don’t have any control over Gmail, Yahoo! or Microsoft mail servers. You do, on the other hand, control your own computer. Learn from Sarah’s email mistakes.

8. Use private accounts for private emails: Any email you share with the world is likely to get targeted by spammers — both for purposes of sending mail to it and spoofing that email address in the From: field of the email headers. The more spammers and phishers spoof your email address that way, the more likely your email address is to end up on spam blocker blacklists.

If you are someone who insists on sending to mailing lists (we call that spam in the infosec biz) at least do it from some throwaway public email address you don’t care about – just like the real spammers. Because I guarantee that it won’t be long before real spammers are using that address anyway and then you won’t be able to send an email to anyone from that address. And for you Canadian readers, it’s probably best to avoid this behavior entirely as the Canadian government takes a rather dim view of spammers – intentional or otherwise.

9. Double-check the recipient, every time — especially on mailing lists: Accidentally replying directly to someone who sent an email to a mailing list, when you meant to reply to the list, isn’t a huge security issue. It can be kind of inconvenient, though, especially when you might never notice your email didn’t actually get to the mailing list.

This is a corollary to #5. So let’s just keep this real simple – avoid mailing lists. Sure they are convenient for sending out invitations to your soirée but seriously, how many times do you invite the exact same group of people to your soirées? And by the way, that mailing list you keep for sending out those funny jokes and videos – you know the one – where do you think those all end up? See #6 if you are really interested. Otherwise ignorance is bliss. And a complete waste of bandwidth.

Captain X-Ploit:
Too cool for babes.

The Adventures of Captain X-Ploit:
Too cool for babes.
– Part 4 of the epic chronicle –
Captain X-Ploit vs. The Law

And so life returned to normal for David… at least, he settled into a new normal, being part time vice president and full time hacker. Yes indeed, a quiet boring normal life… was never really something David had or wanted. So this slight normality bothered him to an extent. After his adventures getting Ted into office then making his conveniently named dog the vice president so he could step in the position whenever the need arose, life was feeling rather empty and dull.

There were however several things that loomed in the near future that threatened to destroy David altogether… or at least keep him pretty busy. We shall learn of some in the future but for now two major things were about to hit our happy protagonist like a freight train. The aliens’ plans to convert Trustonia into a “land of hot college girls ready to go wild, and old people shaking their walking sticks in anguish at the former group” had hit a snag. It seems the climate control mechanism broke and threw Trustonia into record breaking low temperatures. The aliens were, of course, outraged and called Ted to yell at him. Ted having been promoted to HUMAN REPRESENTATIVE to the aliens.

Ted’s promotion came when he was declared president; the aliens felt it would be a good idea to have contact with a powerful human leader. Ted agreed because he rather enjoyed being a “Human Representative” as opposed to his old position “Cheap Human Unable to Protest.” Or CHUMP for short. Although Ted had nothing to do with the breaking and less to do with the fixing, he’d become the person the aliens enjoyed yelling at. There’s something universally satisfying about yelling at a president in a Tuxedo, it’s like sticking it to the man on a somewhat literal level.

The machine breaking was little more than a minor annoyance for David. But, he was beginning to enjoy the warm and now it was freezing. He scowled as he walked down the street wondering how he’d deal with it. Those bloody aliens and their crappy machines. You’d think they could at least get global warming RIGHT. We were doing a fine job with cars and air conditioners anyway. I hardly think…. Wait. AIR CONDITIONERS! The thought dawned on him like… Something that… dawns. In a flash he had his cell phone out and had Ted on the line.

Ted held up an index finger to a particularly loquacious alien and answered his phone with this observation, “I find the fact that my cellular telephone works in space to be genuinely shocking.” David replied,  “It’s a little known secret that cell phones are actually powered by magic and voodoo, it has VERY little to do with those big towers with the red blinky lights. Anyway, that’s not why I called.” David said, “I called because I need you to schedule a presidential press conference, I think I have a way to fix this damnable cold weather in Trustonia.”

That evening Ted and David appeared on every news media outlet explaining how recent science has proven that the part of the brain responsible for making you feel cold can be semi-permanently reprogrammed if you spend a long enough time in a cold environment. Unfortunately to achieve a “cold environment” one would have to run their air conditioner at full blast during winter.  They recommended a large scale test of this new scientific theory in the town of Trustonia.

It took about a week for David’s plan to take full affect but with every single person in town running multiple air conditioners at full blast the outside temperature began to rise steadily. Smiling David shed his annoying coat in favor of his favorite worn t-shirt. He had almost completely forgotten about the other thing that loomed on his horizon. He had forgotten about it right up until he walked into it. “Ow!” David thought as he corrected his balance and looked into the eyes of Sara Boulder.

So it appears that the office of vice-president is a big snoozer. That’s probably why Nicky [David's dog] isn’t interested in it either. At least there’s still hacking going on in Trustonia. This time the good Captain uses a classic hack – exploiting an unintended side-effect of a seemingly unrelated process to get around the controls of the process of interest. Definitely a classic. Now we’re left to wonder who this “Sara Boulder” is. I have a feeling we’ve seen her before.

Captain X-Ploit: Back at last.

The Adventures of Captain X-Ploit:
Back at last.
– Part 3 of the epic chronicle –
Captain X-Ploit vs. The Law

“God, that took forever,” David exclaimed as the news story began about the ‘death’ of the president “I thought you might never be president.” Ted looked at David and said, “I must find fault with your claim. For, I am not president yet, and indeed we have yet to even entertain possible ideas that would even lead to the possibility of that fact changing.” David hastily hushed him as the news story began to discuss the plans for a new president.

“The country is in chaos today, however plans have been made to determine who the next president will be. Starting tonight at midnight anyone in America may log online and type their name in and be entered into the ballot. You will need to choose one of the two parties and tomorrow everyone will log online type in the name of the person they wish to vote for. You will be required to submit a picture for confirmation of the fact that you are human.”

An insolent smirk sneaked across David’s face. “My God, could they make it easier for me?” Ted’s face remained unchanged his frown and clear incomprehension still apparent. “I’m afraid I don’t see the solution to this particular quandary as readily as you seem to, David. Would you care to enlighten us lesser beings who are new to this ‘Hacker’ business?” David hadn’t heard the word before but it fit perfectly for what he was, for the first time in his life he had a label for his being, his difference, his power. He smiled and said, “is that what I am… a ‘hacker’? Well at any rate. It’s simple enough we log online now and go to the national name database and copy every name in it, and paste it into the place for your first name on the ballot entry site, do the same for your last name, upload a pic of you for Democrat and then do the same again only with a mustache for Republican. It’s really just that easy.” Ted’s face lit up with comprehension. David found himself thinking perhaps he could make Ted a ‘hacker’, whatever that was.

His thoughts were interrupted by Ted seeking confirmation of his understanding, “I see, so when the voter connects to this website and enters the name of the person they wish to be the next leader the computer will search for the name in the database and acquire MY name instead casting the vote for me… every vote for me… all the votes for me.” David nodded “or evil mustache you, depending on if they log in as Democrat or Republican.”

Ted slapped David on the back as they opened his laptop and began to work. “This is bloody brilliant. Perhaps we will free you from your sentence yet my friend,” Ted exclaimed in excitement. They worked hastily for several hours to prepare for their midnight mission. First gathering the names then taking the photos.

David left Ted to work for a few minutes as he dug in his closet. He sauntered out with a brilliant look of triumph holding firmly in his strong fingers what could only be described as an absurd fake mustache, the kind of mustache you could only pronounce as a “Moo-Stash” and envision on a cartoonish evil villain. David hastily slapped it on Ted for the picture. Ted, observing the result in the mirror wondered,  “Oh dear, don’t you worry this makes me seem a little too evil for our purpose.” David quickly snapped the picture then shook his head “We’ll use it as the Republican pic… they’re used to voting for people who look like that.”

After completing their plans around 12:15 they closed the laptop, high fived each other and laughed what could only be described as the laugh a bent genius gives when his creation roars to life.

“You might as well stay here for the time being. You can sleep on the couch.” David said to Ted. Ted nodded, “Thank you, friend. But after several months of sleeping outside it’s rather grown on me… Would you mind terribly if I slept on your porch?” David laughed, “Sure, whatever you like, you can even drag the couch out there if you want.”

They broke open a couple of beers and began the “before bed celebration” that would soon become a ritual every night following the completion of a hack.

David and Ted are back with an improbable but classic hack – the old “whatever you choose is what I want it to be”. Kind of like the ultimate XSS attack. This should keep the aliens amused. Even if the Republicans aren’t.

Captain X-Ploit: The Limbo

The Adventures of Captain X-Ploit:
– Special Edition –
The Limbo.

Where the hell am I? The thought echoed across his mind. At least, he thought it was only across his mind but the words boomed so loudly they seemed to shake the world around him. Is this place real? Am I real? David’s thoughts echoed again out load across a dark endless void of white. He struggled to focus his eyes but they wouldn’t focus.

“Ah, David, you’re awake now.” A voice boomed through the void.

“Awake nothing. It feels like I’ve been here forever. Who are you? Where am I?” David asked.

“You are in limbo my friend… the endless void. The land where ideas go to die,” the voice responded. At that point David glanced down at himself and realized he was nothing more than a poorly drawn cartoon character.

“What happened to me? What did you do to me?” David screamed angrily.

“I have done nothing; you have merely gained self awareness. Something that only happens when a character is cast off to die, neglected in a writers mind never to be thought of again. You’re creator has forsaken you, your adventures have come to an end and his have moved on to not include you. You shall remain here until the last thought of you has crossed a human mind. Only when forgotten does an idea truly die, but you’re creator has neglected you and until the day you are forgotten you shall not grow and your adventures are over.”

“How many are left to think of me? How long until I’m forgotten?” David asked.

“I can answer only the former. It appears at least 40 people have read your adventures and carry them with you. Would you like to hear their thoughts when they cross their memory of you’re adventures?”

Several voiced echoed at once David could only catch snippets. “I wonder if that little girl ever made it to be a real person in David’s life.” “I wonder if I could pull off wearing a tuxedo all the time like Ted.” “David Nicholas Stone… where have I heard that name before?”

“ENOUGH!” David cried in anger. “My creator has not forsaken me. He still remembers me… he must.”

“I’m sorry but he has forgotten you David. I feel limbo shall be your last adventure, if you can call it that. For you see nothing here is real. I don’t think it will qualify as an adventure for there are no exploits, no land, no missions, and no nothing, only non-existence and non-reality.”

“How could my creator forget me?” David asked saddened.

“He moved on to other things in life, work… Girls… StarCraft II, all these things and many more are the reason for your death.” The voice answered.

Countless emotions coursed through David, depression, anger, pain, neglect and above all defiance. He would not be defeated he would not give up as long as one mind retained him he had a chance to make it out. There has to be an exploit or loop-hole or trick. David thought… (out loud again apparently) for the voice answered his thoughts.

“No David, I fear there is not.”

Impossible, if the voice tells the truth and my creator has forgotten me then how come I did not simply stop existing. Limbo must exist for a reason beyond what the voice claims. It offered me sentience for a reason. “Stop there, David, this train of thought is very dangerous.” The voice warned. If I exist now it’s because my creator is thinking of me. No… not just thinking of me, writing about me. “He’s writing about me now isn’t he?” David asked.

At that moment the witness shattered and David realized he’d broken the system. He was seeing things through the eyes of his creator now. He was looking at a laptop screen and watching his hands flicker quickly across the keys and the words appear on the screen. “I think I shall bring David back. There is hope… maybe people will read. No… there is no point in writing for that. I’m bringing David back because I enjoyed his adventures and if I enjoyed it then that’s enough. If someone else reads it and enjoys it to well then that’s just a bonus.”

The ground shuddered violently and the vision broke, David found himself being shaken awake by Ted who’s outstretched finger was firmly pointing at the TV screen which was on the news with a headline “President’s ‘death’.”

E-discovery is hard

Sometimes life is hard like trying bail out the ocean with a spoon
Sometimes life is hard like trying to turn December into June
And sometimes life is hard like trying lasso a quarter moon
From Life Is Hard by Eric Durrance

I’m trying really hard to catch up on all of the e-discovery news I’ve been ignoring in favor of goofing off. It is summer after all and I don’t get paid nearly enough for doing this. Okay, so I don’t get paid at all for doing this. That certainly isn’t nearly enough. But as I was saying before I was sidetracked by my schizophrenic alter ego, while catching up on what’s happening in e-discovery and legal proceedings related to security and privacy I came across several articles that while seemingly unrelated really do have a common and interesting thread. One, in fact, actually being about threads. But I’m ahead of myself.

The first article comes from the Electronic Discovery Law blog and is entitled New York Court Provides Detailed Instruction on Protocol for Discovery of Cloned Hard Drive. The background of the story is this.

In this matrimonial action, plaintiff sought access to her husband’s (the defendant) office computer to determine his true financial condition. After denying plaintiff’s initial motion, the court directed (by stipulated order) that a clone of defendant’s office hard drive be made at plaintiff’s expense.  Thereafter, the court denied plaintiff’s motion for access to the cloned drive upon finding her request for unrestricted access overbroad. “Equally important” to the court was plaintiff’s failure to propose any protocol for investigation of defendant’s hard drive. The court instructed that should the plaintiff wish to renew her motion, her renewal “must contain a detailed, step-by-step discovery protocol that would allow for the protection of privileged and private material.”

So in other words the court said, “We’re not going to give you carte blanche to do anything you want with hubby’s financial data. You have to have a plan. Just like real e-discovery and forensics guys – not to be confused with TV CSI guys – do. Furthermore, the court was good enough to provide such a plan to the plaintiff and her apparently clueless legal counsel. Here is the abbreviated list, but definitely check out the full text of the court’s opinion for some great information.

(a) Discovery Referee:  The parties [must] agree on an attorney referee, preferably someone with some technical expertise in computer science, to be appointed to supervise discovery.

(b) Forensic Computer Expert:  The parties [must] agree on a forensic computer expert who will inspect and analyze the [hard disk] clone.

(c) File Analysis:  The expert will analyze the clone for evidence of any download, installation, and/or utilization of any software program, application, or utility which has the capability of deleting or altering files so that they are not recoverable, extract all live files and file fragments and recover all deleted files and file fragments.

(d) Scope of Discovery:  Plaintiff will list the keyword and other searches she proposes to have the expert run on the files and file fragments, subject to a reasonably short time frame in [they] were created or modified.  Plaintiff is cautioned that she should narrowly tailor her search queries so as to expedite discovery and reduce the costs of litigation to the parties.

(e) First-Level Review:  The expert will run keyword or other searches on all of the extracted files and file fragments.  After performing searches, the expert will export to CDs or DVDs a copy of the native files and file fragments which were hit by such searches, and will deliver such media to defendant’s counsel to conduct a privilege review.  An exact copy of the media delivered to defendant’s counsel will be contemporaneously delivered by the expert to the referee.

(f) Second-Level Review:  Within twenty days after delivery of the media containing the extracted files and file fragments, defendant’s counsel will deliver to plaintiff’s counsel all non-privileged documents and information included in the extracted files and file fragments, together with a privilege log which identifies each document for which defendant claims privilege and describes the nature of the documents withheld, so as to enable plaintiff to assess the applicability of privilege.

(g) Discovery Disputes:  The referee will resolve any disputes concerning relevancy and privilege.

(h) Cost Sharing:  All costs for the expert will be borne by plaintiff, subject to any possible reallocation of costs at the conclusion of this action.

(i) Discovery Deadline:  The parties should agree to a fast-track discovery schedule.

(j) Retention of Clone:  The discovery referee will keep the clone until the action is concluded.

Yep – that’s quite a lot of detail. Certainly more than the “let’s clone hubby’s hard drive and take a look” that the plaintiff originally suggested (probably after watching CSI on TV). There’s a lot more to this e-discovery business than most people including, apparently, some lawyers think.

The next article comes from the e-discovery 2.0 blog and is entitled Courts Undecided on How to Handle Email Threads in Electronic Discovery. We’re all familiar with email threads, but just in case you’re not familiar with the “thread” terminology the article has a really good description.

Email allows us to communicate in a way that helps us associate context to our discussions, namely in its ability to be chained into a sequential thread when email users reply to or forward emails they previously received. This accomplishes two important tasks: 1) it allows the person sending the reply or forward to get an understanding of the issues so he/she can craft a meaningful response, and 2) it allows the person receiving the response to understand that response in the context of other on-going discussions. Email programs help by automatically including content from prior emails, thus producing a long chain of reference.

So see you really knew what they were all along. Anyway, as you can imagine email threads are quite valuable as evidence in litigation. Quite a bit more so, in fact, than the individual messages on their own would be. But unfortunately for courts, even something as straightforward as email threads isn’t really that simple. Once again the idea of priviledge rears it’s ugly (or beautiful depending on whether you get it or not) head.

The area of greatest confusion and uncertainty has been the determination of privilege when emails are exchanged with in-house counsel and attorneys and whether such emails are protected by attorney-client privilege or not. A central issue is the composition of privilege logs under these circumstances.

There are several legal opinions on the matter of intermingling privileged and non-privileged communications in an email chain. These opinions have left the matter with little clarity, especially regarding whether the entire email thread is privileged or whether individual emails must be separated out and classified as privileged, with a privilege log listing them. Typically, the most recent email in a thread contains all other emails in that thread. Separating out individual emails (i.e., the contained emails) from the containing email would allow for treatment of just the portions of the email thread that may have privilege. When such separation is permitted, some contained emails may be assessed as privileged while others may not. However, it is entirely possible that the contained email is also present as an independent email under possession of the same custodian or another custodian. When it is present, one could argue that the contained email can just be ignored, and if the corresponding email is responsive, one can ignore the contained email. But rarely does a collection include a complete set of custodians, so the question of whether the privilege log should include the contained item in question still remains. In terms of management of review, and for constructing a privilege log, treating the most recent email and all its contained emails as a single entity is less expensive and cleaner than separating and determining privilege status of each contained email.

Another complicating factor is simply a determination of privilege. Does the mere fact that an attorney was listed as a courtesy CC recipient make the entire email privileged? And, when such emails are then forwarded only to an attorney involved in the case, with a legal strategy discussed in the containing email, is only the new content added to the containing email privileged, or does the privilege determination extend to the other contained emails?

Wowzers! That makes my brain hurt. Confusing indeed. After some great legal references, the second article unfortunately devolves into a flack piece for the Clearwell E-Discovery Platform which you can read about if you are so inclined. Actually I’m being a bit harsh, since the author is simply stating the problem and presenting a product that helps solve the problem. I’m just not in the market.

So the common thread between these two articles is that admissible electronic evidence is not an easy, cheap or sometimes even well defined proposition. Which is why e-discovery and forensic specialists get paid the big bucks [Okay you e-discovery guys and gals can stop laughing now]. The points you can take from this are several including:

  1. If you are thinking of enrolling on one of those “become a CSI” courses, read this post and these articles over and over until you understand what they really mean. Then go to Vegas instead.
  2. If you are involved in litigation and your attorney suggests that you “snag the computer and take a look” for some evidence, point him/her to this blog entry as a handy reference on what “snag the computer and take a look” really involves. Then fire the fool and get an attorney with a clue.