Main Area and Open Discussion > Living Room
For better security, maybe it's time to abandon e-mail?
40hz:
ts also a legal problem. Strictly speaking you are required by law to keep record somewhere somehow of all company internal written communications as much as is practical. At least in my understanding of business law anyway- I've seen quite a few cases where the courts order a company to present such.
Thus they were legally obligated to keep that information on record becase on the off chance they got investigated, it could be held as evidence in the courtroom and whoever was involved would be effectively screwed by the discovery of its contents.
-SeraphimLabs (December 22, 2014, 01:03 PM)
--- End quote ---
Depends on the jurisdiction I think. Here it only applies to "covered" communications. Many US corporations are now operating on a minimal retention policy. They only retain as much and as long as the law requires. With the exception of regulated securities-related communications; and tax documents and/or communications with government revenue services - which I have been told need to (or should be) be retained indefinitely.
Many companies have discovered that the old exhortation to "keep copies of everything to CYA" often backfires and makes much to be discovered in the event of a lawsuit or investigation.
There actually are recommended "retention schedules" issued by the government that cover most business documents and communications. Very few items on those schedules fall under the "retain indefinitely" category.
The trick is to religiously follow whatever schedule you adopt. If you claim you rigorously purge all internal memos every three years, you can't keep some and later destroy them if they're subpoenaed, citing your policy and stating they're "more than three years old." That's obstruction and destroying evidence. And it can also create the appearance your policy was specifically designed to impede and evade the law. Judges here don't usually like that very much.
My understanding is it's still a fairly open question here however. The current "best practice" to minimize "legal exposure" seems to be (got this from an attorney) to retain only what you absolutely must by law, and generally try to get rid of everything else as soon as is practically possible.
40hz:
Just the nature of the beast- if it is connected to the internet, it is with certainty hackable.
-SeraphimLabs (December 22, 2014, 01:03 PM)
--- End quote ---
True. In a purely mathematical model. But there are possibilities for success, and there are likelihoods of success. To reduce the liklihood of success to the point of where it statistically borders on the impossible is certainly attainable. Single-use cypher pads have already come very close to that ideal.
Even if it had been a message carried over the bitcoin blockchain, a hacker could have compromised the private key of an endpoint and still leaked that same message.
-SeraphimLabs (December 22, 2014, 01:03 PM)
--- End quote ---
Agree. The chain is only as strong as the weakest link. That's the real challenge here. How to make that weakest link incredibly strong.
I'm guessing some mechanism, whereby 'people' are removed from certain parts of the equation, is where it will need to go. With humans out of the picture in certain key areas, a major source of weakness is removed. It's no longer so much a "people problem" (i.e. insoluble) if there aren't people left in. QED. ;)
Deozaan:
What else?-40hz (December 22, 2014, 12:42 PM)
--- End quote ---
How about an option to totally disable the receiver from saving the message?
"This message will self-destruct in 5 minutes" (or upon closing).
40hz:
What else?-40hz (December 22, 2014, 12:42 PM)
--- End quote ---
How about an option to totally disable the receiver from saving the message?
"This message will self-destruct in 5 minutes" (or upon closing).
-Deozaan (December 22, 2014, 04:39 PM)
--- End quote ---
Sounds good. But in order to make it more equitable for both sides I'd like it more if such a message announced itself as being a read-once message and then ask the receiver if they wish to accept or reject that condition. That keeps everything on an opt-in basis. If the receiver accepts, it works as the sender specifies. If the receiver rejects that restriction, it bounces back to the sender with a notification that "the intended receiver of your message did not agree to your read-once provision and has elected not to receive your message as sent."
Sort of like what sometimes happens when you block your phone's caller-ID. Some phone numbers (mine for one) will play a message that says my phone does not accept calls from parties that have blocked their caller-ID. It then suggests the caller temporarily unblock their caller-ID and try again.
Opt-in combined with a non-confrontational and measured tit-for-tat game strategy! It's a very powerful and attractive concept once you start thinking along those lines. 8)
wraith808:
Opt-in combined with a non-confrontational and measured tit-for-tat game strategy! It's a very powerful and attractive concept once you start thinking along those lines. 8)
-40hz (December 22, 2014, 05:32 PM)
--- End quote ---
All very good points. I'm assuming also that since media connects to an unknown resource, it would be media unfriendly? And what about attachments and such?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version