Putting the smackdown on old school spam

Guess what I got today?
Envelopes I’ll throw away
Pamphlets, brochures on clothes
Samples, tampons, nylon hose
Junk mail junk mail
Junk Mail by Circle Jerks

Lately I’ve been getting back to basics with entries like this one that have tremendously useful (would you believe marginally useful?) ideas that actual people can apply. In real life even. Well this post takes that even further. I’ve gathered some information on how you can reduce your postal mail spam footprint. That’s right, postal mail. Snail mail. The stuff in that box outside your door. Nowadays pretty much everything I receive through the US Postal Service is some kind of junk mail. So I decided to share with you, dear readers, some stuff I learned from these great articles including this one in LifeHacker all about The Best Sites, Numbers, and Forms for Banishing Junk Mail and this one in Senior Brigade called How to Reduce Telemarketing Calls and Junk Mail.

Jacqui Cheng at the always informative Ars Technica has offered up four great starting points to hit the most egregious tree-choppers and mailbox stuffers:

Note that some of the sites mentioned above have offerings and rules are that are not terribly obvious, so check out the original Ars Technica article for additional details. They are pretty amusing as well as informative. In addition to those links the folks at LifeHacker and Senior Brigade have gathered some other sites to help reduce your junk mail that I’ve summarized here.

  • Go straight to the junk mail source – The “We really aren’t intentionally annoying” section of the Direct Marketing Association is a Mail Preference Service. Sign in to opt out of catalogs and newsletters you don’t want. Your name will remain on this “delete file” for five years. Alternatively you can complete this form, or draft a letter including your name and address, and mail it to:
    DMA Mail Preference Service
    P.O. Box 9008
    Farmingdale , NY 11735-9008
  • Send mail for previous owners/occupants to the real-world bit bucketLos Angeles County’s Dept. of Public Works suggests the following: “If the former residents of your house neglected to fill out a ‘Change of Address Form’ or it expired, you can fill one out for them. You must fill out a card for each unique last name. On the card write ‘Moved, Left No Forwarding Address’ as the new address. Sign your own name and write on the form ‘Form filled in by current resident of the house, (your name), agent for the above’. Once submitted, this information will be entered into the U.S. Postal Service’s National Change of Address (NCOA) database and remain active for a year and a half.”
  • Slice up credit card offers – The Big Three credit bureaus—Experian, TransUnion, and Equifax offer a toll-free number you can call to remove your home and identity from their third-party hand-outs: 1-888-5-OPTOUT (1-888-567-8688). You can also visit http://www.optoutprescreen.com where you can choose to opt out for five years, or permanently. You can also call the same number or visit the same website to opt back in. Like that would ever happen.
  • Filter out porn mail – The U.S. Postal Service gets real cranky when the stuff they deliver to your mailbox is sexually explicit. Just grab Form 1500, “Application for Listing and/or Prohibitory Order,” from the USPS’ PDF forms listing (Google Docs version here), fill it out, file it, and lose the nasty stuff.
  • Just say no to coupon packs – Val-Pak, Carol Wright, and ADVO offer up the bundled packs of coupons that some folks really groove on. If you are not one of those folks, Obviously.com lists the big three coupon opt-out methods in their junkmail how-to, along with many more junkmail avoidance ideas.
  • Be uncharitable to charity solicitations – Just because you gave once doesn’t mean you want to continue giving forever. Unfortunately very few charities have anything like opt-out forms on web pages. And almost all of them share donor information promiscuously. As do magazines and other subscription publications. Tell magazines to which you subscribe, and charities to which you donate, that you don’t want them to share your name with other businesses or charities. Request the same from mail order companies. The BBB Wise Giving Alliance recommends sending a letter informing the charities you do support that you don’t want your information given out and asking the other charities by mail to stop contacting you. Be sure to include the original mailing label, which often has information needed to process your request.
  • Tell your bank to keep their junk out of your mailbox – Read the privacy policies of your credit card companies and banks. The policies must give you an “opt-out” option, by which you can tell the bank not to share your personal information with other companies. The bank may still be allowed to share your information with its “affiliate” companies. Weasels.
  • Don’t play sucker games – Don’t enter sweepstakes and drawings. The main purpose of many contests is to compile mailing lists. If you enter one contest, you are likely to receive mailings from other contests.

There are more ideas on how to stop junk mail and telemarketing at the Federal Trade Commission

So now in addition to Inbox Zero maybe we can get to Mailbox Zero.

Is privilege transitive?

A little less than a year ago in a post called No privilege for you! a situation was discussed where communication that appears on the surface to be clearly privileged, that between a client and attorney, was not. Due to the circumstances of the communication. Namely it was an email thread that took place over a corporate email network where the court deemed that there was no reasonable expectation of privacy due to the corporate policy. No expectation of privacy, no privilege. Well now we have yet another twist in the attorney client privilege for email saga. In this entry in Electronic Discovery Law blog the situation is described as follows.

The magistrate judge rejected the explanation of plaintiffs’ son that his “technical assistance was necessary for his parents to timely receive the email communications from counsel” because his parents were “not proficient in the use [of] electronic mail.”  The magistrate judge reasoned that “[l]ack of technical competence … is not the equivalent of an inability to communicate.

Now hang on just a darn minute! This magistrate is saying that if you need help getting your email then any correspondence with your attorney isn’t privileged? Apparently this is a really young judge with no older parents or grandparents. A millennial orphan perhaps. Or possibly a tech-savvy computer senior who just wants to punish his internet-illiterate peers. In any case I can assure you that if my mom’s lawyer sent her an email, her first call would be to me to make sure she got it with no problems. Fortunately the district court that reviewed the issue when the plaintiffs objected to the order took a more realistic view.

The district court identified an exception to the principle that communications involving third parties are generally not privileged where “the purpose of the communication [to a third party] is to assist the attorney in rendering advice to the client” and where the party asserting the privilege can establish that the client had a reasonable expectation of privacy with respect to the communication at issue and that disclosure to the third party was necessary for the client to obtain informed legal advice.  The court further established that disclosure to an agent of the attorney or the client does not result in waiver.

Actually New York State law is pretty clear on this matter.

New York State law addressing the “attorney-client privilege’s application in the context of electronic communications, including email.”  Section 4548 of the New York Civil Practice Law and Rules states:  “No communication … shall lose its privileged character for the sole reason that it is communication by electronic means or because persons necessary for the delivery or facilitation of such electronic communications may have access to the content of the communication.

So this certainly brings up some interesting questions. With almost all communications happening electronically over the internet and with more lawyers and doctors becoming aware of the need to protect correspondence with clients and patients as a result of regulatory compliance, the mechanisms that will be put in place to protect these communications are only going to make it more complex for a large portion of the recipients. This will necessitate ever more assistance from tech-savvy helpers. I mean seriously, there’s no way you can expect my mom to be able to decrypt email without assistance. So does that  imply that if I help my mom (don’t worry she loves it when I use her as an example – right mom?) communicate with her lawyer electronically that the privilege is transitive to me? I mean her privilege. I certainly wouldn’t expect privilege to extend to unrelated correspondence between her lawyer and me. But if so how far does the transitive privilege extend? To children? Siblings? Cousins? Any relative? Friends? Nigerian princes? [just kidding]. In any case this is an important question that will no doubt be tested further in courts as technology continues to outstrip the ability of an ever larger portion of the population to comprehend it.

Security For All is two years old!

Cumpleaños Feliz,
Te deseamos a ti,
Qué los cumplas en tu día,
Qué los complas feliz.

Last week marked the second anniversary of Security For All. Yeah, I can’t believe it’s been that long either. In some ways it seems like forever and in others it seems like just yesterday. Cognitive temporal distortion aside, it has been an interesting and eventful year. In no particular order:

  • The global economy well and truly tanked. A whole bunch of us lost our jobs. The geniuses who pwned the financial system got their bonuses slashed and people were mean to them. Meanwhile politicians couldn’t decide whether more regulation or sanctions were in order. So they did nothing. Other than bail the miscreants out. [What they could agree on was who funds the all-you-can-waste cash trough and refused to bite the hand that feeds them. Same circus, different clowns]
  • I joined the social networking craze. Got actual Twitter and Facebook accounts. Got active. Decided that it was pretty much an egregious time sink designed primarily to invade and exploit my privacy. So after seriously enhancing my profile information with  commercially useless but amusing fiction I pretty much only post automatically nowadays or write inflammatory replies to idiots to induce them to unfriend me. [It's not all bad, just all nonsense]
  • Any privacy we had left after martial law was imposed in the name of “anti-terrorism” is being systematically revoked in the name of “anti-piracy” (copyright or IP rights enforcement). Culminating in Microsoft anti-piracy being used as an excuse to seize computers in Russia. [If you think it won't happen here you haven't tried to get a laptop into the US recently]
  • The state of Colorado and, I suspect, most other states have decided that they can’t afford even basic IT security. They prefer to wait until they are breached to do anything about it. Apparently litigation and prosecution is cheaper. Since they are incapable of finding any criminals to prosecute I’m sure it’s much cheaper. Leaving them free to waste our money (er… pursue more political activities) while we twist in the wind. [While they worry about cyber-war we get hammered by cyber-stupidity]
  • British Petroleum was responsible for the largest eco-disaster in world history. Followed by big PR blitz explaining that they alone are not to blame. Once the oil stopped flowing unchecked from the Deep Water Horizon well into the Gulf of Mexico, the media and the great American consumer forgot all about it. Now BP is whining that the offshore drilling ban is hurting business. [Makes you proud to be an American. Not.]
  • People discovered that big printers and copiers are networked computers with hard drives and everything. Just like a PC. Only less secure. Big score for data thieves. [This definitely got my bosses' attention. Fortunately we've been working on this problem for a long time at InfoPrint. Our low-end competitors not so much]
  • The Supreme Court still didn’t decide what to do about Business Process patents (i.e. what most software is patented as). Actually they decided that someone else should decide. In the meantime the boom in patent lawyering continues unabated. And patent trolls persists. [Thomas Edison had it so much easier]
  • Alan Shimel left StillSecure to found the CISO group and devote more time to other interests. [Like writing articles and the new Security.exe podcast)
  • Securosis continued it’s expansion and march toward security world domination by absorbing yet more serious talent. Not that Rich Mogull and Adrian Lane aren’t serious talent by themselves. Add Mike Rothman, David Mortman, Gunnar Peterson, Dave Lewis and James Arlen. Mix well. Incite world. [Long on talent short on bull. Looking forward to the coming year]
  • Last but certainly not least, Nicholas Webster joined Security For All, penning (or keyboarding) the Adventures of Captain X-ploit, a humorous allegory of hacker life involving seedy politicians, tramps with tuxedos and extraterrestrials in Trustonia. [It's really funny. And makes sense too. Sometimes]

So it’s been a fascinating year. I was once again surprised by the Security For All entries that got the most traffic. Apparently we’re getting a reputation for legal and privacy issues. Here is the Top Ten List (yep – still love lists).

Security For All Second Year Top Ten Posts

10. E-discovery is hard [August 10, 2010]
9. Sam Spade, CISSP [December 6, 2008]
8. How the TSA can be like Rihanna or not [December 19, 2009]
7. Thanks for all the phishing [November 22, 2009]
6. Gray haired computing [November 29, 2009]
5. Caregivers in Colorado: the saga continues [November 12, 2009]
4. Does encryption imply expectation of privacy? [November 2, 2009]
3. Colorado Weirdness [October 25, 2009]
2. Exposing yourself Web 2.0 style [October 27, 2009]
1. No privilege for you! [October 9, 2009]

And once again we’ve got a new theme. WordPress that is not content. So here’s looking forward to year three of Security For All.

Thanks for following and don’t hesitate to comment.