A $1 Billion Email Gaffe

Jake writes in with the story behind an explosive NYTimes scoop last week. It seems that the Times's pharmaceutical industry reporter, Alex Berenson, scored a page-one blockbuster when he revealed that Eli Lilly was looking to reach a settlement with federal prosecutors over the company's alleged inappropriate marketing of anti-psychotic drug Zyprexa. A settlement figure of $1 billion was mentioned. This scoop dropped into Berenson's inbox when a lawyer for one of Lilly's retained firms mis-addressed an email to a colleague with the same last name as that of the Times reporter. Some online observers are speculating that auto-complete is to blame, but this has not been confirmed.
Update: 02/08 17:19 GMT by KD : Jake writes in with an update: it seems that while Berenson did receive a misdirected e-mail from Pepper Hamilton, that e-mail did not contain a detailed description of the status of the Eli Lilly settlement talks. Berenson got his story from other sources.

auto-complete is at fault?

[ChrisMounce]

I notice the software is being blamed rather than the user.

Re:auto-complete is at fault?

[BigJClark]

http://en.wikipedia.org/wiki/PEBKAC [wikipedia.org]

Re:auto-complete is at fault?

[fohat]

Agreed, this is more likely to be a PEBKAC.

If the info was confidential it probably had a confidentiality notice at the bottom of it, stating that if you are not the intended recipient that you aren't allowed to do anything with the email. I saw one of those sig's today and started to wonder if that was legally binding in any way. Maybe we will find out now!

Re:auto-complete is at fault?

[Gat0r30y]

probably had a confidentiality notice

One would hope a lawyer working at a major law firm on a sensitive case would be required to have a confidentiality notice. I guess the question is, how do you know if you aren't the intended recipient? The guy must be in his address book? How does he know he's not just getting a hot tip from a disgruntled lawyer / whistleblower? Even if you are fairly certain you aren't the intended recipient, do those canned confidentiality sigs mean anything anyway? IANAL, anyone who knows a little better care to inform?

Re:auto-complete is at fault?

[mbstone]

As between lawyers, if the errant email had reached the opposing lawyer there are a number of attorney ethics rules, as well as court decisions, that basically say that the other lawyer must return any mis-transmitted documents and must not use the information. (Yeah surrre.) See Perlman, Untangling Ethics Theory From Attorney Conduct Rules: The Case of Inadvertent Disclosures [typepad.com] , 13 Geo. Mason L. Rev. 767 (2005).

These types of court decisions would not, however, support a "prior restraint" such as a court order prohibiting the NYT from publishing the information, see, e.g., New York Times Co. v. United States [wikipedia.org] , 403 U.S. 713 [cornell.edu] (1971) (5-to-3 ruling prohibiting prior restraint and allowing NYT to print the top-secret "Pentagon Papers").

Re:

[Architect_sasyr]

I'm thinking, regardless of legal consequences, posting something like this to the top page of an influential news rag is going to affect shares, public confidence and reputation. The damage is already done as it were, whether they are meant to use it or not ("but he sent it to me, it has my email in it!"). I've always thought those disclaimers were some sort of method of blaming software if something goes wrong anyway, this is a perfect example. PEBKAC, as others stated.

My (disjointed) $0.02 AU, Ignore at

Re:auto-complete is at fault?

[gruntled]

About ten years ago, when I was covering the antitrust trial for the Mercury News, Microsoft's PR arm accidentally emailed me half of their internal database describing how they dealt with reporters and who each reporter's handler was and why. I looked at it, decided to be a nice guy, called the lady up and said, Hey, this isn't what I asked for, you sent the wrong stuff. So minutes later I get another email from her. This contains the *second* half of the confidential data base. Well, what could we do but make fun of them...

Re:

[darkmeridian]

The California Supreme Court disqualified a law firm in Rico v. Mitsubishi Motors [law.com] for using inadvertently-produced privileged information. The facts are particular, but the holding is by its own terms broad: if you get an inadvertent, privileged e-mail, you can only read it to the extent necessary to realize it is privileged and inadvertent; then you must delete all copies of it and notify the sender.

Re:

[budgenator]

I always assumed and was told that Email is like a postcard, people who use them should have no expectation of privacy. It's rude to read a post card or an email that's not to you, but you should expect people to be rude, especially lawyers and reporters both occupations tend to be adversarial. Personally if I were on a jury in a malpractice case due to a breach of confidentiality and the dependent explained the Email was accidentally miss-addressed and was not encrypted, I would view that as an admission o

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Grishnakh]

I guess the question is, how do you know if you aren't the intended recipient?

I think it's pretty simple. If the email is in your inbox, then you're the intended recipient.

If the law firm didn't want this getting out, they shouldn't have emailed it to a reporter.

Re:auto-complete is at fault?

[yali]

If the info was confidential it probably had a confidentiality notice at the bottom of it, stating that if you are not the intended recipient that you aren't allowed to do anything with the email. I saw one of those sig's today and started to wonder if that was legally binding in any way. Maybe we will find out now!

IANAL, but I'm pretty sure that putting a notice at the bottom of a message creates a legally binding contract.

--
NOTICE: This message is distributed under the Slashdot Propriety License. By reading this message, you agree to moderate this message "+1 Informative" if you have mod points, otherwise to send $1,000 in small unmarked bills to the author. Failure to adhere to the terms of the license (which, if you are still reading at this point, you have already agreed to) will result in your being prosecuted under the terms of the DMCA and thrown in a small unheated cell on Guantanamo.

Re:

[ecavalli]

IANAL, but I'm pretty sure that putting a notice at the bottom of a message creates a legally binding contract.

And while I'm sure most courts would agree with you, does that contract become void if sent to an incorrect party?

If a lawyer is upset at a ruling and leaks a confidential document to a newspaper intentionally, no amount of confidentiality disclaimers intended for the document's original target attached to the bottom of the document will stop the newspaper from running it.

I think the end point is that you can't force confidentiality on an unsuspecting party simply by sending them a piece of paper th

Re:

[somersault]

And especially if the notice is at the *end* of the message, I mean what is the use if they've already read the juicy information? It's almost like sending a postcard rather than a sealed envelope.

Re:

[ecavalli]

Quite so.

And how would the courts rule if the unintended recipient claimed to have only read the first two paragraphs? That might be all they need to get the crucial info, but how could they be held to a contract they never actually saw?

Re:

[Vombatus]

Contracts not only require consent, they require considerations from both sides. If I write on a piece of paper that I give you my television and sign it, alone, that will never hold up in court. I must exchange the television for something.

If you give me your television, and a piece of paper saying that "I give you my television" then legally, you have given me your television - no doubt about it. Not many courts in any jurisdiction would say, "No, you didn't really give him your television".

You do n

Re:

[LordSnooty]

Well, the golden maxim of e-mail has always been that "it is like writing information on a postcard and sending it through the mail"...

Re:

[dattaway]

My software dims the signature after the double dash --

I blame my software for not seeing that disclaimer. Unfortunately, I copied and pasted the important text and forwarded it as an immediate release. Please accept my apologies.

Re:

[yali]

Judging from your four-digit ID number, I am going to assume that you wrote that software yourself, so you still owe me. Unless your software passes the Turing test, in which case you are safe but your computer is going to gitmo.

Re:auto-complete is at fault?

[Buran]

And how are you going to prove that I agreed to it? As you pointed out in your own message, these are a joke. How exactly are you going to extort that $1,000 out of me? How are you going to force me to turn it over? You can't prove in court that I agreed to your license because you provided the goods before you had my signature or other agreement. Software licenses and real-world goods licenses don't give you the goodies until AFTER you agree.

If someone emails me something and then whines about what I do with it, perhaps they should have come to me first and said "I'm sending you (x), but if I do, will you not do (y) with it?" and then only sent it after I agreed? THAT would be enforceable.

The lawyer is SOL.

Re:

[discogravy]

Guantanamo is in Cuba. There's not a whole lot of need for heated cells.

Re:auto-complete is at fault?

[MightyYar]

The unheated cells are the nice ones. The heated ones are in the same wing as the ones with "running water".

Re:auto-complete is at fault?

[BeeBeard]

Mod points wasted. AAAL, and I assure you it doesn't, any more than reading your signature creates a contractual obligation on my part to mod your posts "Informative" or send you money.

Also, since settlement information is excluded from evidence when trying to prove culpability, and never reaches the finder of fact in a court case anyway, this whole story is pretty pointless. While the leak may have a modest effect on stock prices, the fact that Eli Lilly attempted to settle and the amount in question couldn't possibly matter less in the case at bar.

Re:auto-complete is at fault?

[swillden]

AAAL

"Ah ahm a lahyah"

and a southern gentleman too.

That's right, it really, truly doesn't matter.

[BeeBeard]

Posting without a Karma bonus because I just want to make sure that this poster understands the situation:

Yes, that's right, it absolutely won't have an effect on negotiations. That was the point of the post, to assure you that as a matter of law, their bargaining position hasn't been compromised at all because the settlement information can't come in at trial anyway (and the strength of each side's case are the bargaining chips in negotiations, not some dollar amount that the press accidentally found out.) Generally, any information obtained during negotiations, or even in this case--the incredibly boring revelation that negotiations took place--cannot come in as evidence at trial. This is an well-known evidentiary rule, and the point of it is that there is a strong public policy concern for encouraging settlements between parties, so as to not needlessly burden the judicial system. And the best way to encourage settlements is to make sure that the parties can be as candid with each other during negotiations as possible without having to worry that what they say can be used against them at trial. Both parties are free to continue negotiating. No harm, no foul.

That's why the information revealed in this leak doesn't matter, and why the focus of the story is on the far more interesting [i]way[/i] it was leaked. The prosecution cannot utter a word about this at trial, regardless of what the press knows or doesn't know. Eli Lilly is still in great shape, they just might want to consider getting different counsel! Was this an embarrassing screwup by the lawyer? Absolutely. Will it have any kind of extrinsic effect, like causing a dip in stock prices? [i]Maybe[/i]. But will it matter in a potential trial, and therefore prove damaging to Lilly's position during during negotiations? Absolutely not.

Re:auto-complete is at fault?

[fosterNutrition]

I heard from corporate counsel at a previous job that, at least up here in Canada, it is *not* legally binding. The company still used them, but they viewed it more as a request ("please delete this"), with maybe a little scare tactic ("or legal consequences may apply") thrown in for good measure.

Re:

[_KiTA_]

If the info was confidential it probably had a confidentiality notice at the bottom of it, stating that if you are not the intended recipient that you aren't allowed to do anything with the email. I saw one of those sig's today and started to wonder if that was legally binding in any way. Maybe we will find out now!

Of course it's not. The people who put those on them are hoping that the people who might see it are too stupid to realize that just because a lawyer says something, doesn't make it legally binding. That, and it gives them leverage if they decide to sue you later -- "But your honor, we WARNED HIM"...

Re:

[moderatorrater]

The problem is that the lawyer was using the wrong piece of software. If you're routinely dealing with communications that are sensitive, then you should be typing the full address in every time or use lists that have been verified to be correct.

What's funny is that the software ended up revealing a lot. Don't you find it interesting that one of the lawyers happened to have this reporter in their contact book?

Re:

[vux984]

The problem is that the lawyer was using the wrong piece of software.

If you're routinely dealing with communications that are sensitive, then you should be typing the full address in every time

Whole new use for Typosquatting.
Suddenly sjobs@aple.com, wbuffet@berksirehatheway.com, michael_dell@dall.com etc, etc, might have some additional value.

Or use lists that have been verified to be correct.

And how do you propose that? Run a completely separate mail identity for each case he works on, each with its own ca

Re:auto-complete is at fault?

[budgenator]

Why not just set up a separate user-space for each important case and only have the authorized contact information for that user-space/case available?

Re:auto-complete is at fault?

[schwaang]

Because who hasn't been bit by auto-complete or other software features which are pitfalls for human nature waiting to happen?

My current peeve in this area is my cellphone directory. Every entry is in the same huge list, which means I have to thumb carefully past people I definitely *don't* want to call by accident (but still need to have in my book). The lame workaround is to use an alphabetic prefix to move important people to the top of the list, take-out restaurants to the bottom, etc. Is this really the 21st century?

Re:

[B3ryllium]

My Razr has the solution for that: Activate voice mode, say "Lookup {name}", and it shows me the number and waits for me to confirm before dialing.

I've owned it for two years, and I only started playing with this feature a week ago. :)

Re:auto-complete is at fault?

[xaxa]

My favourite: 3 days after I started University I got an email...

Hi Peter (not my name),

The amount for the chemistry building work is now confirmed as £85,000,000.00 exactly -- I've left a cheque on your desk, could you sign it please?

Cheers, Dave

Turns out that my relatively unusual surname is shared with the finance director at my university. For about a month I got a few of his emails, I assume because my first name is earlier in the alphabet.

Re:auto-complete is at fault?

[rs79]

I had a client back in the mid 90s whose last name was watson and he grabbed watson.com; I ran the email for him. I handled the postmaster account, he didn't want to.

I got a bounced mail from somebody at ibm. Every other address on the line was to "watson.ibm.com". Just not this one.

Long story short after about five of these over a few months I finally got a thing about secret nucular testing. I called them and explained what they did.

Never saw another one, ever.

I'm guessing somebody didn't get their xmas bonus that year.

Re:auto-complete is at fault?

[Viceroy Potatohead]

which means I have to thumb carefully past people I definitely *don't* want to call by accident (but still need to have in my book)

Tell me about it...

[Me autodialling]
Callee: Hello?
Me: Hey baby, it's Thursday. I've got the Tantric oil, buttplug, and Fischer-Price chainsaw ready. When are you heading over?
Callee: Ummm... How's your week going?
Me: Mom?

Every Thursday, like clockwork...

Re:auto-complete is at fault?

[jollyreaper]

Tell me about it...

[Me autodialling]
Callee: Hello?
Me: Hey baby, it's Thursday. I've got the Tantric oil, buttplug, and Fischer-Price chainsaw ready. When are you heading over?
Callee: Ummm... How's your week going?
Me: Mom?

Every Thursday, like clockwork...

Let's just hope one of those times she doesn't say "Oh, what the hell, I'll try anything once."

Re:

[fm6]

The user played a role, certainly (and I suspect that particularly lawyer is now unemployed). But when badly-designed software facilitates user error, then yes, the software deserve primary blame.

Good software takes into account the various flaws in the ad-hoc heuristic programming of carbon based units. Geeks never seem to grasp this, which is why so much end-user software is as usable for day-to-day tasks as a 50-pound hammer. Mail clients are particularly horrible. I use Thunderbird, not because it lacks

Re:auto-complete is at fault?

[isomeme]

Sufficiently bad design can justify blaming the software.

I routinely send emails to a member of my team named David. At some point a few months ago I emailed another person named David. Guess which one Outlook always autocompletes to, forcing me to arrow down to pick the correct one? I've sent a couple of (innocuous) emails to the other David when I forgot about this 'feature'.

You'd think any sensible autocomplete feature would remember your last selection for the same string, or at least make the default choice the most recently emailed match.

Re:

[Airconditioning]

IF it helps, Shift + Del will remove an entry from the autocomplete list.

But yeah, sort by most used would have been wise...

***Legal Notice*** and I mean it.

[Anonymous Coward]

If you are not the intended recipient of this response, please disregard and forget this posting.

You are legally binded from reading, forwarding, printing, copying, remembering, discussing or in any other way acknowledging this post.

I am planning on robbing the bank on Fifth and Elm. Do not alert the police. Meet me at the warehouse after.

captcha:overlook

New feature! Auto-complete your career!

[syousef]

Tired of that pesky work getting in the way of having fun? No problems, with our new email auto-complete, work will never be a problem again. Tired of looking competent. Too few opportunties to end your career over a simple typo? Problem solved with auto-complete. People will blame you the dumb user for making the smallest mistake at any time of the day or night and regardless of your workload. With auto-complete your career is guaranteed to end in the jiffiest of jiffies.

This happens to me all the time!

[MightyYar]

I've gotten stuff from all sorts of folks - including the Times - because my gmail address is just may last name, and people seem to always forget to include the first letter of a first name, or they leave off stuff before a period: bob.smith@gmail.com or bsmith@gmail.com becomes smith@gmail.com.

Re:

[JazzyMusicMan]

How do you manage to notice emails from the Times and folks sifting through all the offers for a larger penis and requests to temporarily hold funds for nigerian family members

Re:

[MightyYar]

Ahem, I *said* it was Gmail... no ghetto spam filter here :)

I do get 30-50 spam messages a day, but they go into the spam bucket. It misses maybe 3 a month.

I use pine - never had any issues like this happen

[backslashdot]

I use pine for my email, and I have never had these issues. The fact that I'm not a lawyer dealing with billion dollar settlements has nothing to do with it.

Pine? HA!

[Anonymous Coward]

I telnet to port 25 and type my emails into the server by hand. If I screw up, I have to start over. You pine users have it easy.

I don't know what Eli Lilly's lawyers charge

[agrippa_cash]

but I'm sure they can afford PGP/gnupg AND a highschool kid to show them how to use it.

It's funny, you know ...

[ScrewMaster]

but if I were running a major law firm that regularly handled confidential matters for multi-billion dollar clients ... I'd certainly encrypt the Hell out of every communication that left my offices. I mean, all they had to do was install some free (free!) encryption software like PGP, and there'd have been no problem.

Huh. I'll bet they will now.

Re:

[ghakko]

How would encryption have helped? The staffer in question did not have her mail intercepted, but mistakenly sent mail to the Times reporter.

Re:

[MightyMartian]

If the thing was encrypted, the person without the private key couldn't decrypt its contents. Yes, they'd get an email message from the law firm, but it would do them no damned good.

Re:

[fm6]

Except that email encryption is generally done with public key encryption. That means that every recipient has a public/private key pair; the public key is used to encrypt the message and is known by everybody who wants to send them email; the private key is used to decrypt the message and is only known by the recipient. When I say "known by" I really mean known by the user's software — few people bother memorizing umpteem-bit key values.

If the lawyer had been encrypting his messages, his email would

Re:

[bn0p]

It's simple, the Times reporter would not have been able to read the e-mail in question.


Never let reality temper imagination

Re:

[ghakko]

Most mailers supporting encryption (including Outlook with PGP and Thunderbird with Enigmail) will automatically encrypt using the recipient's key and have no way of inferring whether the recipient address is correct.

So, in this case, I'm not sure how encryption would have helped at all.

Re:

[immcintosh]

I think he means actual encryption of the textual content. As in, sending a PGP encoded block rather than plain text. You've probably seen the like:

-----BEGIN PGP MESSAGE-----

Followed by the identification of the program used to encrypt and then a lot of gibberish. It can (at least supposedly) only be decrypted by a person in possession of the private key matching the public key with which it was encrypted. Presumably Eli Lilly doesn't go around giving their private keys to news reporters :)

Re:

[Curmudgeonlyoldbloke]

You're right - a system such as PGP wouldn't have here. If the lawyer corresponded with both the journo and the colleague (which seems likely - both were in her personal address book) then an email program that encrypted using the public key of the intended recipient would simply have used the wrong public key.

Understanding how public key encryption works is different to ensuring that information stays secure...

I advised my attorney to encrypt

[MichaelCrawford]

She had one of those disclaimers for her sig. I pointed out that there were lots of ways that her email could be intercepted. She replied that her concern was not that someone might read her email, but that she would be held liable for allowing it. She said that the disclaimer absolved her of that liability.

IMHO, that's just wrong.

Re:I advised my attorney to encrypt

[Anonymous Brave Guy]

In the opinion of several lawyer friends I've asked about this one, that's wrong, too. Oh, and I mean factually, not ethically. It sounds like there is at least some credibility in some jurisdictions if you have a notice *before* the rest of the content, but all these corporate types appending legalese essays to the end of every outgoing message are just jumping on a bandwagon with no wheels.

No, I'm not going to tell you who my lawyer friends are or the jurisdictions in which they practise. Yes, if you take anything you read on Slashdot as legal advice, you're a fool. No, I am not a lawyer myself.

Very Nasty Stuff

[grumpygrodyguy]

Zyprexa

I was on this terrible crap for a while...after 2 weeks I had gained 15 pounds (not exaggerating).

I remember finding myself on the candy Isle at the supermarket shoveling 12-packs of twix, snickers, and all kinds of other candy into my shopping cart...and I usually don't eat sweets.

These 'medications' are really horrible...it's sad that so many people believe schizophrenia is easily treated with them. Big pharma marketdroids are mostly to blame. In fact, after 6 months, 80% of the people on these medications quit (I suspect the other 20% are forced to take it by hospital staff)...they actually prefer being crazy (unable to work, take care of themselves, go to public places, etc.) rather than take them...the side-effects are that bad.

Re:Very Nasty Stuff

[Shados]

Whats to blame is the psychiatrists. They're virtually trained (and not by the big pharams, though they don't help) that meds are the cure to everything, as opposed to psychologists. I remember reading statistics showing that the VAST majority of people who go see a psychiatrist end up with a prescription, regardless of if they truly had problems.

The best example is the insane amount of kids with an ADD diagnostic... sure, there ARE people who are truly chemically imbalanced and such, and need treatments of some kind...I really feel for these people. The rest just need some discipline stuck in their head. As far as I know (and I know quite a few people in the field), most people getting these prescriptions don't even pass a fraction of the tests that would be required to make a proper diagnostic. The psychiatrist just go by "guts feeling".

And then you end up on mind control medication.... You're "better", but you're not "you" anymore... Some treatments are required... some mental illness CAN be treated... but in general, whats available right now is just a big cash cow, not treatments.

Re:

[DdJ]

As far as I know (and I know quite a few people in the field), most people getting these prescriptions don't even pass a fraction of the tests that would be required to make a proper diagnostic. The psychiatrist just go by "guts feeling".

FWIW, I had to go through tests to get my prescription. And I've tried a few -- tried to switch to the non-stimulant Stratera a few years back, and some of the side effects from that attempt have still not gone away yet.

Re:

[repapetilto]

First of all I want you to just realize that you're grouping all psychiatrists together here just based on the bad ones. And second of all its a job like any other. Really don't trust your body to doctors or psychiatrists or anyone like that, they are people just like you who do the same half assed things sometimes. The only difference is that they're more informed so their half-assed opinion is better than yours. If you're ever confronted with someone prescribing something for you do your own research to t

Re:

[Shados]

I group psychiatrists based on the majority. This was a post in a discussion, I didn't write an article on the subject, and considering the attention span of the average forum dweller, and the type of discussions we find on these forums, I don't bother posting more than that.

Of course, that also means your reaction is fully justified, so I understand, no biggy.

That being said, its a bit like veterinarian and pet food: they're simply not trained (or have very little training in the matter), so they suggest t

Re:

[Anonymous Brave Guy]

Mod GP (-1, Do Not Meddle In The Affairs Of Scientologists, For They Are Subtle And Quick To Anger)

Re:Very Nasty Stuff

[Anonymous Coward]

You're supposed to tell your Doctor if you experience urges of that kind while taking Zyprexa, it's one of the side effects some people experience. Now, the vast majority - myself included - are effectively treated with no side-effects and can therefore go on to lead productive and happy lives. And Zyprexa is a hell of a lot better than the previous treatment, haldol, which is a butcher of a medication. So much so that the instant Zyprexa, an effective replacement, became available haldol was dropped like the proverbial hot-potato. Also Zyprexa will not cause uncontrollable muscle movement after 20 years like haldol.

Um, no.

[Minwee]

Some online observers are speculating that auto-complete is to blame, but this has not been confirmed.

As I tried to explain to one of the Three Letter Acronyms of our company this morning, "Auto-Complete" is not to blame. "Not Paying Attention" is to blame. If you can't be bothered to look at who you are sending stuff like this to, then please step back from the computer and have someone else handle complicated things like email for you.

Surely if you are doing billion dollar deals then you can afford to hire someone capable of working a keyboard without embarrassing him or herself.

Re:Um, no.

[vux984]

As I tried to explain to one of the Three Letter Acronyms of our company this morning, "Auto-Complete" is not to blame.

Agreed.

"Not Paying Attention" is to blame.

Yes, but mistakes happen. You can't just tell people 'pay more attention' and expect that to solve all problems.

If you can't be bothered to look at who you are sending stuff like this to, then please step back from the computer and have someone else handle complicated things like email for you.

Surely if you are doing billion dollar deals then you can afford to hire someone capable of working a keyboard without embarrassing him or herself.

The sarcasm was unwarranted, but the idea is right. If you are dealing with really sensitive material, it should be vetted by a 2nd set of eyes before its released.

And in any case it holds it in the outbox for 5 minutes before actually sending, so if you have one of those... "push send... oh shit"... moments you can still stop it from being sent.

And maybe something can be done at the software level, like a custom email client that requires you enter a passphrase that encrypts the email . The software won't send without a passphrase, and the recipient must know the passphrase to open the email. Each case file would have its own passphrase, and the case file is included in the message. So if the email reached the wrong recipient they wouldn't know the passphrase and couldn't read the message.

You could speed the process up by maintaining a dictionary of cases and passphrases, and let the recipients automatically open any email in the passphrase dictionary, and rather then enter a passphrase have them enter a case number. So, anyone involved with the case would have to add the passphrase-case number pair to their dictionary just once.

Its not bullet proof... I'm sure better solutions exist. but it would be more effective at dealing with this sort of mistake than either 'typing in the address each time', or 'yelling pay more attention' at people.

You'd use a separate email program entirely for casual non-sensitive communication with your family, friends, reporters, your chauffer, dog groomer, and staples representative...

Pardon the pedantry...misleading headline

[holden caufield]

The headline is misleading. Eli Lilly was going to pay the $1 billion anyway, regardless of who received the email. They simply didn't want anyone to know about that.

Re:

[jadin]

Exactly, for the moment the mistake costs them zero. Horrible headline.

Re:

[timeOday]

Yup, from reading the story, it appears all that Eli-Lilly lost was the opportunity to manage the announcement of the penalty. BFD. At least, not a $1 BN mistake by any means.

What about the disclaimer in the footer?

[Alereon]

So how legally enforceable are all those disclaimers I get in the footers of e-mails warning me that the e-mail is confidential and if I am not the intended recipient of the e-mail I am required to delete it immediately?

Re:

[BitZtream]

They aren't.

Re:

[cswiger]

Not very-- especially if the email disclaimer makes unilateral demands and you have no prior relationship with the sender. On the other hand, if you previously agree to have a confidential discussion, and then break that agreement, the disclaimer might be enforcable. There's a site here:

http://www.goldmark.org/jeff/stupid-disclaimers/ [goldmark.org] ...with more detailed analysis of this.

Re:

[geekoid]

IANAL - I can't see how it would actually hold up in court.

Re:

[Asic Eng]

how legally enforceable are all those disclaimers I get in the footers of e-mails

Actually, they are absolutely watertight. Nothing you can do if you get one of those.

--

LEGAL NOTICE: if you are the intended reader of this slashdot post, or indeed any other person reading this post, you owe me $100,000. Contact me in a mail without any footer so we can arrange the payment details.

Why was the address there?

[grub]

Why was the reporter's email address already in the lawyer's address book? They should check his mail logs and see what else he send to that person before.

Tell Me About It

[corby]

Dudes, you should see the crazy shit I get.

Signed,
Pritchard Cheney

Been there, done that.

[ChangeOnInstall]

I left one company and went to another. Email addresses were identical but for the domains, i.e., myname@oldcompany.com/myname@newcompany.com. Friends who had me in their work address books (Outlook/Exchange setups) reported that they simply could not get rid of the old entry. Every time they typed my name in, Outlook would complete the old address. The new address was present in the address book, and the old one was nowhere to be found.

Re:

[Lehk228]

lookout also uses message history in determining what to autocomplete.

encryption?

[hardtofindanick]

It's interesting how some people are suggesting using encryption. I wouldn't be surprised to see an email like this; "Dear Eli, attached is the encrypted document. Regards, Your laywer PS: the password is zomg!1billion"

Value of the boilerplate?

[140Mandak262Jamuna]

Almost all the mails coming out of many corporations have some standard boilerplate appended to them. Something like, this email communication is super confidential and if you got it by mistake, promptly delete it or we will come and sue you, your brother and your guardian angel too. Really really bizarre language, sometimes stretching for half a screen or more, with the actual email contents less than one line. So are these lawyers going to find the value of adding that boilerplate or what?

No auto complete is NOT to blame

[geekoid]

the person who couldn't be bothered to check is to blame.
This is like blaming spell checker for a spelling mistake.

legal situation?

[apodyopsis]

hmm. there was an instance recently of a legal firm getting a court to agree that publication of their letters was an offense. whats the legal ground here? I presume the document had legal statements included in the front of it - but I assume they are only applicable if they are signed or does journalistic laws cover this as free speech?

I'm kinda hoping somebody with more knowledge on this subject can help me out so when the scoop of a lifetime lands in my inbox I can do something about it! Presumably th

I take ten milligrams of Zyprexa every day

[MichaelCrawford]

I take it for my schizoaffective disorder [geometricvisions.com]. I didn't make the decision to take Zyprexa lightly - I was and still am concerned it could give me diabetes.

But schizoaffective disorder is a devastating illness: it's just like being manic-depressive and schizophrenic at the same time. The risperdal I took previously for my psychotic symptoms wasn't working anymore. From 2003 through 2007, I was in the emergency room five times for psychiatric reasons, culminating in an ambulance ride to the mental ward, where I stayed for three weeks.

The Zyprexa completely eliminates the paranoia and visual hallucinations I would otherwise have almost all the time. It also brought me down from the bipolar mania that led to my ambulance ride, and prevents me from getting manic anymore.

As a result of taking it, I am able to hold a steady job - and a good one - as a software engineer, to provide for my wife and to pay her University tuition.

I've heard rumours that Zyprexa might be withdrawn from the market. I really hope that doesn't happen, as I've never had a medicine work so well.

Hey Hey! This IS /.

[Sfing_ter]

This is slashdot so it must be Microsoft's fault, it IS that easy.

I had this happen the other day...

[Loco3KGT]

I had a lady from my company's payroll send me the list of 70+ people and their annual bonuses for this last year. I'm a programmer, the email was intended for a VP with the same last name.

Homer Says

[maz2331]

DOH! ^32

Happened to me once...

[knodi]

Some guy bought a motion-sensitive webcam, pointed it out his window, and set it up to email him whenever it took a picture.

Except he misspelled his own email address, and the images started coming to me, a complete stranger.

I stitched all the shots together into this time-lapsed movie:
http://knodi.com/images/floral_park/time_lapse.gif [knodi.com]

I had this happen with a university address, lots

[patio11]

I was the campus token conservative columnist. He was very flamboyantly gay. Our university email addresses were generated off of initials plus, since we had a catastrophic hash collision, one distinguishing digit which people botched quite frequently. He got my death threats, I got his love letters, and neither of us was very happy with the matter.

We both maintained a pretty good sense of humor about it, though. These were typical, with the vile language excised:

FWD: You fascist ... [Ed: I think it is for you]

FWD: I want to ... you [Ed: I think this one is for you]
RE: FWD: I want to ... you [Ed: No, read it more carefully]
RE: RE: FWD: I want to ... you [Ed: Ah, whoops, my apologies]
RE: RE: RE: FWD: I want to ... you [Ed: No problem. Hey, FWIW, I think he was out of line]

Get Over It

[Chris Johnson]

"You have zero privacy anyway. Get over it." -Scott McNealy

This is exactly why Scott's idea isn't entirely a bad thing. The fact is, there is a certain amount of parity.

You and I don't necessarily have privacy from Eli Lilly Corporation should it try to profile things about us in order to make up a more compelling lie to get us to try its products.

But, much to its surprise, Lilly doesn't have privacy either as it tries to negotiate an enormous payoff to the government to escape the consequences of one of its screw-ups.

The dystopia is clearly the idea that consumers and citizens are helpless pawns of the big corporations who can skilfully control outcomes to be anything they want, by controlling their messages and carefully monitoring what people are thinking. They'd get away with murder, because they could always tell what's going to be deemed acceptable and what has to be covered up.

The reality and the counterbalance is: it will always be possible to catch information that's off-message when it slips through holes like this one, and that opens up the controlling corporation to the force of public opinion.

They don't have privacy either. If they insist on being monsters- opportunities will arise to bring that to light.

Keep the parity. Make sure these entities remain vulnerable to mistakes of this nature. If they arranged it so that if you publicised the leak you were sent to Guatanamo Bay, it would be quite the chilling effect- you've got to protect freedom of speech w.r.t. stuff that's accidentally leaked. The burden of self-protection has to stay on the company's side, they can't make it your responsibility to not reveal their shattering secrets when you're not actually part of their organization, or might actually be their enemy.

WARNING: GNAA

[SirBudgington]

Don't click the link, goes to shock site and screwes with your browser.

Re:

[dal20402]

Just freezes Safari/OmniWeb. No downloaded files or permanent damage. Too bad about those 26 tabs you had open, though.

Re:

[Lehk228]

no it screws with YOUR browser. my browser is just fine.

Re:WARNING: GNAA

[Critical Facilities]

And while we're commenting on it, I think that SirBudgington (1232290) [slashdot.org] may be our troll given his last 5 comments. Can you say karma whore?

Little hint, Sir B, you might want to vary your "WARNING: GNAA" headline every once in a while, just for variety.

Re:WARNING: GNAA

[jbosmans]

And the culprit is (most likely).... timecop [slashdot.org]. Smart enough to post AC, dumb enough to leave his user name in the url :p

Re:

[_KiTA_]

No problems with Firefox here. Perhaps you're allowing untrusted Javascript?

No, it just tries to auto-open several obscene newsgroup names.

Re:

[Anonymous Coward]

And how would that help? One day it's goatse, the next its nimp, there was a city of some description recently, what happens when they start using tiny URL or perhaps wikipedia? You can't filter things like that, you just have to surf properly, safely and look after yourself.

Slashdot is a site for geeks after all, you'll only click something like that once.

Re:WARNING: GNAA

[OrangeTide]

then filter -1. that's the beauty of the /. system, you don't have to hack in a bunch of protection you let a minority do the enforcing and the majority can benefit.

Re:The best part is,

[MightyMartian]

If these guys would use PGP or some other form of encryption, then even if you did send something critical like that to the wrong address, it wouldn't be so devastating. The technology to protect email has been around for nearly twenty years.

Re:

[budgenator]

If the lusers can't tell the difference between Alex Berenson and Bradford Berenson, why would you assume that they were competent enough to use PGP or GPG? Pretty bad when a law firm that's probably billing a thousand dollars an hour or better needs to hire a high school kid to proof read email addresses.

Re:The best part is,

[rjstanford]

If these guys would use PGP or some other form of encryption, then even if you did send something critical like that to the wrong address, it wouldn't be so devastating. The technology to protect email has been around for nearly twenty years.

That pretty much assumes that the encryption is done out of band. Personally, most usable variants of email encryption are handled by the client itself (at least as an initiant). At some point, when you select "Jim Smith" as the intended recipient, you have to expect that it will be delivered to "Jim Smith" in a format that he can open, regardless of any interim encryption. This might involve encoding it with his public key, but that wouldn't help the fact that you meant to send it to "Jan Smythe" now would it?

Any more intrusive method just wouldn't be used in the real world, since the hugely vast majority of all emails are actually intended to be read by the person that the author listed in the "To:" field. Any kind of catch-all solution smacks of vistaNag.