Spam
October 20, 2003 10:49 AM   Subscribe

How will they disable cut and paste?
posted by Mayor Curley at 10:54 AM on October 20, 2003

or screen capture? or taking a picture with a digital camera? or...
posted by mazola at 10:56 AM on October 20, 2003

The shift key turns all that stuff off.
posted by WolfDaddy at 10:58 AM on October 20, 2003

WolfDaddy do you have a good lawyer
posted by wigu at 10:59 AM on October 20, 2003

Dear Mr. Gates,

I love you.

Sincerely,

Karl Rove

(This message will self-destruct in 12 seconds.)
posted by stonerose at 11:01 AM on October 20, 2003

If I were the publisher of Outlook, I might see if the company that wrote the Windows OS would tell me how to disable cut and paste, screen capture, etc.

But I doubt if stopping leaks is the primary application. I'd guess that the real value is to prevent lawyers from mining e-mail logs for evidence. That said, I can't see how the SEC, etc. would ever allow this feature to be deployed at the companies they regulate.
posted by spotmeter at 11:02 AM on October 20, 2003

it's possible to disable cut and paste. i've had software where it wasn't usuable. screen capture is another thing, of course, but it's hardly practicle to do that for lengthy or numerous emails.

this is an interesting feature, i think. i'm curious how this will play out.
posted by dobbs at 11:05 AM on October 20, 2003

It seems to me you could bypass this quite handily with a packet sniffer.... not that I'd know anything about these types of things.
posted by jon_kill at 11:14 AM on October 20, 2003

If I were the publisher of Outlook, I might see if the company that wrote the Windows OS would tell me how to disable cut and paste, screen capture, etc.

Did I miss something, or is spotmeter unaware that Microsoft is the company that makes Outlook?
posted by XQUZYPHYR at 11:17 AM on October 20, 2003

And how pray tell is Microsoft going to cause mail to self destruct on my Linux box? Or any other client besides Outlook for that matter?
posted by PenDevil at 11:24 AM on October 20, 2003

This would also require that all email users under the aegis of an organization that wants to implement this steaming load would have to use Outlook and the MS Server package.

Which is fine (FSVO 'fine') for a Fortune 500 with the requisite IT shock troops, but any place that allows their environment to have any sort of tech diversity is not going to want to deal with this crap.

...

On preview, What PenDevil said.
posted by ursus_comiter at 11:27 AM on October 20, 2003

Nominally, the point of the "self-destructing" email is probably to support corporate records management policies in an automated fashion. While this may seem like it's intended to avoid problems with regulators by destroying the evidence, there are legitimate practical and legal reasons why records management policies are important and need to be managed.
posted by djfiander at 11:33 AM on October 20, 2003

Well hell, they got the self-destructing program thing down cold already.
posted by gottabefunky at 11:33 AM on October 20, 2003

From the article: "Earlier this year, brokers Morgan Stanley were fined $1.65m for failing to keep e-mail records."

... yet had they kept those emails, the fines could have amounted in the $10s of millions. In more than one industry, government fines are not looked upon so much as a deterrent, but as overhead.
posted by mischief at 11:42 AM on October 20, 2003

You may recall this famous thread. This is probably the real reason for the feature. Deleting email out of inboxes isn't really a terribly viable way of 'destorying', so I'm not so sure this is targeted at that...
posted by daver at 11:43 AM on October 20, 2003

So would the mails be encrypted or something so no other mail client could read them?
posted by signal at 11:46 AM on October 20, 2003

Microsoft seems to specialize in making their users pay for a sense of false security...
posted by insomnia_lj at 11:50 AM on October 20, 2003

Actualy, cut'n'paste isn't something that you have to disable, rather you actualy have to write your own code to make it work. It's not much code but you still have to write it. After all how would the OS know how to intrepret "Ctrl+C" and what data is currently selected and she be put on the clipboard, how it should be intrepreted, etc.

So all they need to do is turn off their own cut+paste code.

I doubt this would be very secure, though. At the very least you could video tape the screen when you read it.

Or you could just manualy type it into another program.
posted by delmoi at 11:51 AM on October 20, 2003

djfiander, I had the same thought, but from the opposite angle. This "feature" would seem to violate data retention policies at many companies. If, for example, my company requires email to be saved for 3 years, and someone sends me an email that "self-destructs" after 10 days, it violates the policy.

BTW... the email should still be in backups, at least temporarily...
posted by mkultra at 11:52 AM on October 20, 2003

But will the emails be sent with a cute little bom which fuse gets shorter every 15 seconds gif.? / lemmings [oh no] >/lemmings
posted by ginz at 11:53 AM on October 20, 2003

Now that would be a feature - a "nuke" icon in Microsoft Outlook which wantonly destroys all your email. The only problem is, I'd never get any work done.
posted by BigCalm at 11:57 AM on October 20, 2003

Uh, hate to be a bummer and all, but this is a technology w/ legs.

It's not a Outlook add-on as much as a messaging add-on. The Microsoft site has info on "Information Rights Management" and where these things are going.

There is a market out there for controlling messages. Encryption works fairly well, but the problem is it only has as much reach as the certificate. IRM stays w/ the message, is the pitch.

Financial and Healthcare are the two big markets taking a hard look at this.

I know it's fun, in a "M$ = evil" sense to dismiss these things, but this one's an up-and-comer, I'm telling you.

So no, I'd say it's not bloatware. Message security is going to be a growing topic in time to come.
posted by Elvis at 12:12 PM on October 20, 2003

Killer feature or bloatware

Trenchant insight or false dichotomy? (sorry Samdeep - couldn't resist)
posted by holycola at 12:15 PM on October 20, 2003

I have the same concern as Signal. Currently, as far as we know, no other email client supports this. So this might be a ploy to help get corporations to move over to using Outlook. And that's basicly the only area where this sort of protection would work.

I'm sure someone will devise a crack/decryptor that will let whistle blowers call the authorities.

And then that person will be arrested under the DMCA. =/
posted by Darke at 12:19 PM on October 20, 2003

Better all email programs just transparently incorporated PGP so that everyone would actually use it.
posted by rushmc at 12:19 PM on October 20, 2003

As someone who used IRM often for beta-testing purposes (disclaimer: I work for Microsoft and yes, I do sacrifice live puppies on daily basis), I thought I might answer some questions posed here.

IRM is not a client-only solution, bu rather a client-server one. When you receive an IRM email message, it is encrypted. Your client (Outlook) must contact the Exchange server to obtain authorization and key to decrypt and show the message. So, it can only be displayed in Outlook for time being, which can (and does) disable cut-n-paste, printing, message saving, etc. The IRM features of course won't work if the message is accessed with a non-MS email (say, from PenDevil's unix box), but then it won't be viewable, either. Similarily, going to the Exchange store directly with a public API (WebDAV, CDO, etc) won't work.

Conclusion: IRM is a MS-only solution. Conspiracy theories go here.
posted by blindcarboncopy at 12:24 PM on October 20, 2003

Wouldn't it be nice if all spam self-destructed after 10 seconds. Now that would be a feature. And I'm with ginz, if it's going to self-destruct ... I want a little bomb gif and maybe a sound file counting down the seconds ...

I really don't get it. As far as my business email goes, I keep everything. If someone has sent me something, I want to be able to PROVE that they have sent it if there is ever an issue about it. I also keep copies of all the business mail I send out for the same reason. From now on, anyone I do business with sends me a self-destructing email, and I don't do business with them, I guess.
posted by Orb at 12:25 PM on October 20, 2003

I suspect this is directed more towards preventing inadvertent forwards and ensuring that people actually delete what they are supposed to delete (most people don't realize you need to empty the deleted items folder, too). To use one important example: If an attorney sends a communication to his client by e-mail, that communication is covered by the attorney/client privilege. If, however, the client then forwards the e-mail to others, the information contained therein is arguably no longer subject to the privilege (since the attorney wasn't involved in that communication). This actually happens quite often in corporations. A lawyer sends an e-mail to her contact, who in turn forwards it on to, say, the CFO and the HR Director. The privilege has been lost, and the e-mail is subject to discovery in a subsequent lawsuit. This is actually a big, big issue in the legal community. Lots of people have been pushing for this type of feature for some time.
posted by pardonyou? at 12:27 PM on October 20, 2003

From the article:

In the United States, destroying e-mails is a federal offence, regarded in a similar light to shredding documents.

So, is anyone going to use it? The emails will always be retrievable in some way no matter the claims of Microsoft, e.g. by tape backups of the mail-server. The privacy/self-deleting emails could not work outside of a close-knit group of companies either (unlike PGP, which does work across differing mail systems). I could see some applications for the military, or excessively paranoid companies, but I can see this being more an annoyance than an actual help.
posted by BigCalm at 12:32 PM on October 20, 2003

The emails will always be retrievable in some way no matter the claims of Microsoft, e.g. by tape backups of the mail-server.

Easily handled. One method is to store encryption keys separately in a non-retrievable medium. As blindcarboncopy described above, this is a purely MS system, so all these factors would fall under MS control.
posted by mischief at 12:45 PM on October 20, 2003

yes, I do sacrifice live puppies on daily basis

yes, but do you do it slowly and painfully, making it wait for RPC's and torturing it with incompatible or missing DLL's?
posted by quonsar at 12:46 PM on October 20, 2003

Wonderful. After reading this, I flashed back to my previous job, where I needed to keep an extensive email archive for CYA CMA purposes. I can't tell you how many times I needed to dig up an email to prevent Development & Engineering or my own manager from screwing me over: "See, you did say you would have the new build by this Friday." With this new feature, all my proof would evaporate right out from under me.

Ah, it's good to be out of there.
posted by given2fli at 1:34 PM on October 20, 2003

obviously microsoft is just trying help inspector gadget keep his email out of the evil clutches of dr. claw.

duh.
posted by boogah at 4:17 PM on October 20, 2003

Doesn't any computer using MS Outlook periodically self-destruct anyway?
posted by uosuaq at 5:08 PM on October 20, 2003

Screen capture + OCR = cut-n-paste?


Or....I read MS Exchange e-mail through a web app. I use Konqueror on Linux. I can't cut-n-paste out of that?
posted by gimonca at 5:32 PM on October 20, 2003

"Several Wall Street analysts and bankers have been reprimanded or sacked in recent years for sending potentially incriminating electronic messages."

Why is this something that needs to be remedied?
posted by ZachsMind at 5:37 PM on October 20, 2003

Conclusion: IRM is a MS-only solution. Conspiracy theories go here.

blindcarboncopy nails it. This has little to do with confidentiality, and everything to do with lock-in.

Right now, no one owns e-mail. That makes it hard for Microsoft to charge monopoly rents on it. If MS can convince corporations that they need some proprietary extensions on top of standard e-mail, they can get them locked into Outlook and Exchange the same way they have been locked into the Word file format. Confidentiality is just a useful scare tactic.

Smart Tags was their last (failed) attempt. Look for MS to keep trying to extend e-mail with everything they can think of for the benefit of corporate managers.
posted by fuzz at 6:14 PM on October 20, 2003

Screen capture + OCR = cut-n-paste?

Just wait for Secure Video Path.
posted by inpHilltr8r at 6:43 PM on October 20, 2003

This is going to be the best thing EVER for child pornographers and terrorist organizations.

Is Congress going to make this illegal to export, since it seems to cover the same niche as strong encryption?

/polemic
posted by Ptrin at 8:20 PM on October 20, 2003

Did I miss something, or is spotmeter unaware that Microsoft is the company that makes Outlook?

Sigh. Let me try that again... sarcasm If I were the publisher of Outlook, I might see if the company that wrote the Windows OS would tell me how to disable cut and paste, screen capture, etc. /sarcasm

Better?
posted by spotmeter at 9:12 PM on October 20, 2003

Why would this autodestruction of email be a good thing? I mean, as the far as the public is concerned?
posted by moonbiter at 10:34 PM on October 20, 2003

I like the digital camera option myself. If you can see it, you can copy it.
posted by gen at 12:37 AM on October 21, 2003

This whole system is yet more bullshit microsoft monopoly bloatware.

Pendevil asked a good question:
"And how pray tell is Microsoft going to cause mail to self destruct on my Linux box? Or any other client besides Outlook for that matter?"

The answer to that is, you won't even be able to read the mail. I'm guessing you'll need a whole new mail protocol with encryption and metadata, that will not be able to be read on anything other than a modern Windows system running the latest version of Outlook. They're trying to sneak Palladium (http://www.microsoft.com/resources/ngscb/default.mspx) in through the back door.

The fact is simple. If you want something kept confidential, don't send it with e-mail!
posted by derbs at 3:29 AM on October 21, 2003

Think I'm going to use a microsoft program to handle my email? That's how you get viruses and suchlike isn't it?

As pointed out above this is just M$ PR bullshit, and we're all falling for it.
posted by walrus at 3:42 AM on October 21, 2003

This is a tool for MANAGEMENT to control how email is distributed WITHIN THEIR ORGANIZATION. So the sender has the ability to control who views the message, it can't just be forwarded on. There's no reason that this will violate retention laws, as it'll all still be storable and there would (presumably) be a master key to view all the mail being stored/managed by a single corporation.
It has potential value, but it PGP didn't get massive exposure because users are lazy. That hasn't changed.
posted by vvv at 5:16 AM on October 21, 2003

I can't see how this is going to prevent Linux (and similar) clients from reading the mail and potentially do naughty things with it.
If the authentication/decryption rests with the user it can be transferred to any OS, if it rests with the program (outlook) or the platform (windows) it can be reverse engineered - it's incredibly easy to analyze and falsify bits going trough any sort of digital network.

So how is it supposed to work? Is the management going to ban people from bringing non-Microsoft platforms to work?

"Microsoft boasts of a new feature in Outlook- self-destructing e-mail."
Isn't that an old 'feature'?
posted by spazzm at 7:29 AM on October 21, 2003

Simple. It isn't e-mail. It's some kind of Microsoft message system that really has very little in common with email.
posted by sfenders at 11:23 AM on October 21, 2003