Confidential Information being shared from bogus account
- Thread starter Vigilance
- Start date
- Status
BSF
Explorer
Eosin,
I am not sure that harassment delivered via PM is actionable under the COC. As has been pointed out, it is not easy to ascertain the authenticity of a PM. Efforts to determine authenticity violate privacy policies and can violate local & federal law.
Sending threatening email through any method likely violates federal law. That should be reported to a law enforcement agency for advice on how to pursue it. Along that path, a court order might require EN World to try to track it down.
Vigilance, I understand your concern, but I don't understand what you expect EN World to do about it. Forging IP's is not hard. Forging email addresses is even easier. As well, through the wonders of Network Address Translation (NAT, or IP Masquerade) it is quite likely that you will have more than one person posting from one apparent address. All 474 people at my workplace will originate from the same IP Address because we use NAT with a private addressing scheme behind our firewalls. As well, my wife posts from the same address at home since we use NAT with a private address scheme at the house as well. From time to time, my friends might post from here as well since I often share my encryption keys with them so they can jump onto my wireless network when they are over.
It isn't an easy, straightforward situation where you can track down the sender. To do so likely requires technical assistance from more than one source as well as a legal order requiring this assistance. Otherwise, one or more people involved in tracking this down could be in violation of several laws.
As I said, I understand your concern, but I don't understand what you think they should be doing.
I am not sure that harassment delivered via PM is actionable under the COC. As has been pointed out, it is not easy to ascertain the authenticity of a PM. Efforts to determine authenticity violate privacy policies and can violate local & federal law.
Sending threatening email through any method likely violates federal law. That should be reported to a law enforcement agency for advice on how to pursue it. Along that path, a court order might require EN World to try to track it down.
Vigilance, I understand your concern, but I don't understand what you expect EN World to do about it. Forging IP's is not hard. Forging email addresses is even easier. As well, through the wonders of Network Address Translation (NAT, or IP Masquerade) it is quite likely that you will have more than one person posting from one apparent address. All 474 people at my workplace will originate from the same IP Address because we use NAT with a private addressing scheme behind our firewalls. As well, my wife posts from the same address at home since we use NAT with a private address scheme at the house as well. From time to time, my friends might post from here as well since I often share my encryption keys with them so they can jump onto my wireless network when they are over.
It isn't an easy, straightforward situation where you can track down the sender. To do so likely requires technical assistance from more than one source as well as a legal order requiring this assistance. Otherwise, one or more people involved in tracking this down could be in violation of several laws.
As I said, I understand your concern, but I don't understand what you think they should be doing.
Steve Conan Trustrum
Explorer
Okay, putting aside the question of legal action, let's look at it this way:
The person in question is clearly using their PM function to send information that is violating someone else's privacy, even if it isn't invading any privacy here on EnWorld. If the email being copied and pasted is one passed between two businesses in private, I think some of the statements in this thread regarding said email not being a matter of confidentiality are highly suspect. Third parties may not be in a legally strong position here, but EnWorld, as a private service provider (these messageboards) is in a position to use the information given them to act on their own without revealing any of that data to third parties.
It is perfectly legal for EnWorld to use their own, internal registration data to take internal action. Are they legally required to do so? Highly unlikely, unless a third party wishes to file suit against EnWorld for furnishing services that have allowed for a confidentiality breach and it can be illustrated that EnWorld took no intenal action (unlikely, but it's happened against Yahoo and similar services, which is why they are now so quick to dump yahoogroups that have allowed things like this to happen.) Does it illustrate a clear failing on EnWorld's part to have a matter such as this brought to their attention and have them state that they won't take any internal, private action despite their services being used for such activity? Yes, it most certainly does. It's like me sending a personal email (say, about my health) to a group of people I'm associated with--an email that has nothing to do with my business--and that someone creating a false account here to PM that email to other people. Regardless of whether it is illegal or not, the fact remains that something said in confidence is being spread through EnWorld's services. If EnWorld were to then tell me it wouldn't so much as take internal action (meaning they'd deal with it but couldn't tell me who was responsible), then yes, they are definately doing less than the law allows them to do and certainly less than their responsibility to their users demands. The fact that confidential business information rather than personal information is the subject of this particular instance doesn't change that.
The person in question is clearly using their PM function to send information that is violating someone else's privacy, even if it isn't invading any privacy here on EnWorld. If the email being copied and pasted is one passed between two businesses in private, I think some of the statements in this thread regarding said email not being a matter of confidentiality are highly suspect. Third parties may not be in a legally strong position here, but EnWorld, as a private service provider (these messageboards) is in a position to use the information given them to act on their own without revealing any of that data to third parties.
It is perfectly legal for EnWorld to use their own, internal registration data to take internal action. Are they legally required to do so? Highly unlikely, unless a third party wishes to file suit against EnWorld for furnishing services that have allowed for a confidentiality breach and it can be illustrated that EnWorld took no intenal action (unlikely, but it's happened against Yahoo and similar services, which is why they are now so quick to dump yahoogroups that have allowed things like this to happen.) Does it illustrate a clear failing on EnWorld's part to have a matter such as this brought to their attention and have them state that they won't take any internal, private action despite their services being used for such activity? Yes, it most certainly does. It's like me sending a personal email (say, about my health) to a group of people I'm associated with--an email that has nothing to do with my business--and that someone creating a false account here to PM that email to other people. Regardless of whether it is illegal or not, the fact remains that something said in confidence is being spread through EnWorld's services. If EnWorld were to then tell me it wouldn't so much as take internal action (meaning they'd deal with it but couldn't tell me who was responsible), then yes, they are definately doing less than the law allows them to do and certainly less than their responsibility to their users demands. The fact that confidential business information rather than personal information is the subject of this particular instance doesn't change that.
Steve Conan Trustrum said:
The only evidence they have is from the recipient, because the admins can't access the contents of the message that was sent. And acting against a user based on a single, easily falsifiable report, is terrible policy. There would be nothing to stop someone from making an enworld account emailable and then saying "I got a message from Steve Conan Trustum containing a hundred SSNs and associated credit card numbers", and the enworld admins would have precisely as much verifiable evidence for that claim as they do for Vigilance's report. They don't want to get involved in that kind of headache, for which I don't blame them.
Steve Conan Trustrum
Explorer
Bull. I run a messageboard and am aware that there are legal ways to go way beyond the "meh" response that is being vocalized thus far. If the answer is "it's too much trouble to ensure a member's privacy isn't being violated" then I'm not certain that I'm (as a publisher and as just some guy who uses messageboards) sympathetic to that headache.DanMcS said:
IronWolf
blank
Steve Conan Trustrum said:
It sounds like they used the email function, not the PM function to which it appears Vigilance agrees to in post 32. Email is not a secure means of communication unless encrypted. To rely on email as a secure communucations medium is sort of asking for it. As seen here it can easily be forwarded on to other parties or in more extreme cases sniffed off the wire by a properly motivated individual. There is even doubt as to how much an email disclaimer at the bottom of emails can help you in regards to confidentiality and such.
Steve Conan Trustrum said:
In this case Spoony Bard has stated (in post 24) that the email module isn't maintaining a log of the input in the email form. So apparently there isn't much for them to even look at, click submit and the message is off and away with little history.
It's an option as to whether you want to accept emails or not through the site. If you don't want your privacy invaded then it may be best to disallow that option for your user account.
- Status
Similar Threads
