GoldMark Jeff Lívia Tímea about Search Goldmark.org only

Stupid Email Disclaimers

A typical example is from Luton Sixth Form College, lutonsfc.ac.uk:

This e-mail is intended for the addressee shown. It contains information that is confidential and protected from disclosure. Any review, dissemination or use of this transmission or its contents by persons or unauthorized employees of the intended organisations is strictly prohibited. The contents of this email do not necessarily represent the views or policies of Luton Sixth Form College, its employees or students.

I have recently had my attention drawn to the phrase "persons or unauthorized employees" in the above disclaimer. Beyond drawing attention to it, it requires no comment.

Anyway, if the PHB's at Luton 6th Form College (or any other site whose stupid disclaimers I list here) think that their disclaimer (or anything else) makes it unlawful for me to quote the disclaimers here, they know where to find me.

Imagine the following disclaimer at the end of an email message:

Notice: Unless you are named "Arnold P. Fasnock", you may read only the "odd numbered words" (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender 10 GBP for each even numbered word you have read.

It appears that WebLaw's site agrees with me. Although they seem to advocate use of these disclaimers, their summary (based on their understanding of English law) of their Legal Position of Email Disclaimers document says

The value of disclaimers is limited, since the courts normally attach more weight to the substantive content of the communication and the circumstances in which it is made than to any disclaimer. Having said that, disclaimers may possibly be helpful if an issue ends up in court in various respects such as those described below and, since disclaimers cost (almost) nothing, it is worthwhile to use them. Even though their effectiveness in court is doubtful, they may provide a useful argument in negotiations to resolve a dispute.

Forbids mail being passed to the appropriate person

There are many cases where the sender of a message hopes that the message will get passed on to the appropriate person (who may not be explicitly addressed in the message), yet if the disclaimer is to be taken seriously that can't be done.

Mailing lists

Press releases

Official policy

If the disclaimer says that the message "does not necessarily represent official policy" then that is like having no disclaimer at all. It leaves it up to the reader to determine whether the message states official policy.

Is there a paper parallel?

So on the one hand, if I am not the recipient I am told that I cannot act on information in the message. On the other hand, I am instructed to take particular actions in that case.

One could, I suppose, say that the disclaimer doesn't apply to itself. (After all, I'd be violating them all by publishing them if they weren't.) But the disclaimers don't usually say that. And some of the disclaimers point out that the message may have been intercepted and tampered with, which surely does apply to the disclaimer. Indeed that is what adding the disclaimers actually does. So we are left with these highly legalistic sounding things which require the reader apply selectively because the authors of the disclaimer couldn't have actually meant what they said.

Tampering with mail

Addressee vs intended recipient

This is covered more in the section on what you are left with, but it is worth repeating. In adding the disclaimers, you may have both "false positives" and "false negatives". The former are messages that get the disclaimer but shouldn't (eg, press-releases, etc). The later are messages that don't get the disclaimers but should (eg. a message sent from an employee at home, but using a work email address).

False positives undermine your entire set of disclaimers. They simply tell people that your disclaimers are to be ignored. They also open the doors for people to do unwanted things with your messages (ignore press releases, remove things from archives that should be archived, get your users thrown off mailing lists).

False negatives invite people to assume that the messages that somehow come without the disclaimers are official policy or shouldn't be treated confidentially.

These problems are created by using disclaimers, making them worse than just silly.

Put the disclaimer on all out-going messages, but hope that the recipients will ignore it where it is ridiculous. I've described a few cases where application of the disclaimer is ridiculous. You could hope that people will just kindly laugh and ignore the disclaimer in those circumstances. Beyond making you look ridiculous, the problem with that is that it actually undermines the rule of law (and of course any teeth in the actual threat, as if someone uses the message in a way that you do wish to sue about, and you try to base your suit on the disclaimer, a defense can be that in a vast majority of cases you have allowed (and desired) violation of those terms.) If you wish to base your case on things other than the disclaimer, than the disclaimer is not needed. Have users select whether to include the disclaimer or not. This might work, but there is a slight problem. If some of your messages appear with a disclaimer and others do not, then there may be the implication that all those without the disclaimer at official policy or may be published or distributed. Try to write a disclaimer that covers all of the exceptions. I do not believe that this will be possible. It will probably end up doubling the size of most of your email as well. But there are strategies for this. You could say "unless otherwise noted in the text of the message, this does not reflect official policy" Thus, you ask your users to disclaim your disclaimer at various times. You could also get around the length problem by placing the disclaimer on a website and just mentioning the URL in the email. If you do this, be certain to maintain distinct versions of the URL disclaimer, since if you change what is on the web pages, previous email should have the "old" disclaimer. Despite these, I simply don't think that it would be possible to cover all of the exceptional cases beyond saying "please treat this email message in a reasonable way, or we might get angry".

And, of course, these do make your institution look silly.

Instead managers should look at the nature of the organization and email from it. If you are a university, you have staff, faculty, students, maybe alumni sending from your network or with email addresses in your domain. Recipients know that. Maybe it would be good to move toward distinguishing in the email addresses the different types of people. People know that students don't speak for their universities.

For a business, just as you train and allow people to talk to outsiders on the telephone you may wish to issue customer relations guidelines for email.

Also send mail with comments or additions. I'll try to incorporate them as I have time.

Limited credit

So what would such a least bad disclaimer look like? Here are some criteria

It should be true No threats of legal action with no basis in law No claims to bind someone to a confidentiality or other conditions which they didn't accept. No requests to not distribute things that actually should be distributed. No claims of non-official policy on messages which are official policy. False negatives shouldn't be a problem. It should be short. It should avoid pretentions, pompous or legalistic langaguage where possible.

Email from people at your.domain.here does not usually represent official policy of Your-Organization-Here. See URL-Of-Policy-Document-Here for details.

Let's look at this bit by bit. It doesn't say anything like "this message". That way, a false negative (a message without the statement) can't be so easily taken to be official policy. It says "not usually" so it does allow for official policy to occassionally be stated in email. You may replace "usually" with "necessarily" if you feel that a substantial portion of email with your organization's name on it does state policy. It doesn't make any ridiculous legal assertions about the responsibilities of recipients. It doesn't make any claim about the legal status of the message it is appended to.

These should not be implemented the absolutely stupid way nor the merely stupid way. Instead it should be applied using both the fairly silly way and the merely silly way, as discussed in the document that discusses the manner of appending stupid disclaimers.

Are you disappointed at how weak this disclaimer is?

Stupid disclaimers are not in the best interest of your organization. Please don't put your personal need to be "seen to be doing something" above the interests of your organization.

What should be on the cited policy document

Must not include false or unenforcible legal requirements upon the recipient. Must not assert things about all messages unless you are absolutely sure that it is true of all messages. Should advise readers that email can be very easily forged, and may wish to point users to resources regarding that. Should advise readers that email can easily be misaddressed, and request that should the receive such a message that they inform the sender and respect the senders wishes where appropriate. Should advise readers that email may be intercepted, or even tampered with by third parties. Should inform readers of your institutions policies regarding interception and tampering of email. Should provide (or link to) detailed contact information including postal address, full legal name, telephone and fax address, how to contact DPA officer (UK only). Must provide information on how a recipient of some mail can verify whether its contents should be taken as policy of the organization. Should provide information on who (usually postmaster) a recipient can contact to verify a suspected forgery. Must maintain a version history, so people can find the version that was published at any time in the past (particularly at the time that a particular message was received).

Email Disclaimer FAQ (SOMIS, Dundee University) This takes a slightly more sympathetic approach to the question than I do, but is generally concludes that they are more trouble than they are worth. The version I read was last modified April 1999. WebLaw's Legal Position of Email Disclaimers They take a far more sympathetic view of such disclaimers than I do, but see my comment on their summary in the legal status section. Anubha Charan's article on Rediff This article discusses the perceived need for disclaimers and their usefulness (about which it is skeptical). The general issues overlap with what is described here. It's focus is on Indian law. The Register's Longest Email Disclaimer award It also lists links to some other winners of dubious honors with respect to email disclaimers. Slashdot's discussion of the Register's award. Someone in that discussion pointed out this page. That discussion has many examples illustrating the same points made here. A site advocating use of email disclaimers I will leave it to readers to decide whether their advocacy piece addresses the concerns that I raise in my document. It does a good job of distinguishing among the many perceived reasons for having disclaimers. Although it advocates disclaimers, it clearly notes that a disclaimer does not eliminate employer liability for employees sending libelous material. Interestingly the owner, Deborah Galea, of emaildisclaimers.com and the companion site, www.email-policy.com, fails to identify herself on the sites. Nor do the sites mention that she works for Red Earth Software, which sells PolicyPatrol, an add-on to MS-Exchange which will (among other things) add email disclaimers. There is, of course, nothing wrong with advocating the use of tools you sell. But I do wonder why the relationship between the analysis/advocacy sites and the software firm has been left so obscure for so long. At the very least one would have expected them to mention this fact on the page where they compare a few providers of disclaimer-adding software, http://www.emaildisclaimers.com/Global_signature_software.htm" . One would think that people so concerned about disclaimers would be careful to disclose such important information. Whether this calls into question the trustworthiness of Red Earth Software is something for potential customers to decide for themselves. Note: My comments about emaildisclaimers.com apply to their site as seen as recently as July 23, 2003. According to their webserver, the crucial pages haven't been modified since December 18, 2001.

Version: $Revision: 1.43 $

Last Modified: $Date: 2003/08/14 13:33:09 $ GMT

First established Jan 22, 2001

Author: Jeffrey Goldberg