This is not a NASA Website. You might learn something. It's YOUR space agency. Get involved. Take it back. Make it work - for YOU.
Commercialization

CASIS and Confusing Claims of Confidentiality

By Keith Cowing
NASA Watch
August 26, 2013
Filed under

Keith’s note: CASIS sent out a news release today by email to the news media. At the bottom of the email was a confidentiality clause i.e. “The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message.”
I was never asked in advance by CASIS or anyone else if I wished to receive confidential information from CASIS nor do I desire to receive confidential information from CASIS. So I asked CASIS about this.

The response from Patrick O’Neill (also with a confidentiality disclaimer): “It is CASIS company policy (and most other companies) that all e-mails have the disclaimer on the bottom of them in order to ensure that if the information contained in the e-mail is intended for the recipient. However, in discussions with my Manager of Contracts and Compliance (John Schubert, cc’d on this email), he has indicated that the attached press release (from this morning’s CASIS ED Announcement) that went out (to approximately 450 plus on our media distribution list) this morning is already in the public domain and you can release the attachment to the e-mail at your leisure.”
I asked if all CASIS email was “confidential” (that is what it seems). The response (again apparently confidential) “No. However, there are many emails that are distributed where confidentiality is necessary. The disclaimer is made to protect CASIS in instances where information that should not be made public is distributed without our consent. In this instance, when CASIS provides an attachment that reads “For Immediate Release”, this is intended for public consumption and is not subject to confidentiality. Lastly, should the recipient have any questions as to whether or not the information received is something that they can make public, they can always work with CASIS staff on what is approved to disseminate publicly.”
So the disclaimer (on everything that CASIS employees send out by email) proclaims everything to be confidential unless (and this is not spelled out in the disclaimer) they have already released the information (which you are supposed to know about before they send it to you). Or, in more murky circumstances, if the information was not supposed to be sent out. In other words CASIS can send things to the news media or other people and then decide after the fact that it is/was confidential and that you were not supposed to share it.
So, the smart assumption would be that any an all email from CASIS – on every topic – is confidential until and unless they specifically tell you otherwise – and that CASIS is going to bind you to a de facto confidentiality agreement before you get something – even if you did not ask to be sent anything confidential or agree to any confidentiality agreements.
In addition to being confidential, this information is for one’s “personal” use – so any inquiries you might make as a reporter or representative of an organization or company cannot be used for business purposes – only personal uses – unless every email receives a waiver from CASIS in advance – and only after CASIS has already sent it to them. What if the recipient did not want the confidential information in the first place? Too late. CASIS may have already sent it to you – you have to have the presence of mind to ask.
The people at CASIS are a confused bunch. Their task is to advance the utilization of a unique facility built with tax dollars for the betterment of the taxpayer. Instead of trying to foster openness and transparency they clamp down on the exchange of information with an unenforceable and inherently contradictory confidentiality agreement that they slap on every piece of email communication they issue. Given the way that their email disclaimer is worded they can come back at you at any time, for any reason, and claim that whatever they want to claim is/was “confidential”.

NASA Watch founder, Explorers Club Fellow, ex-NASA, Away Teams, Journalist, Space & Astrobiology, Lapsed climber.

31 responses to “CASIS and Confusing Claims of Confidentiality”

  1. ellegood says:
    0
    0

    Please! This is standard boilerplate legalese. Clearly it shouldn’t have been included on a news release, but does this deserve a barrage of tweets and a critical dissection on NASA Watch?

    • kcowing says:
      0
      0

      You might read what I wrote before you comment. They put this disclaimer on every single email sent by everyone at CASIS to everyone about everything. EVERYTHING. Technically even their answers to my questions about it are confidential.

      • Frank Coffin says:
        0
        0

        Keith, I have to kind of agree with ellegood here. Although I agree with you in that CASIS ought to revise their email standards and that it really is kind of stupid and/or overreaching of CASIS to place the confidentiality statement on every email, the simple fact of the matter is that I really couldn’t care. When I come to NASAwatch, I look forward to in depth articles and research by you and Marc that matter more than email’s confidentiality disclaimer. It’s not that I don’t agree with you, it’s just that it seems so petty and below the higher standards of reporting I’ve become accustomed to from NASAWatch (Or Space Quarterly for the matter…).

        • kcowing says:
          0
          0

          Sorry, I obviously do not agree with you – this is a topic that NASA Watch has covered since 1996.

      • ellegood says:
        0
        0

        Like I said, it’s boilerplate. Automatically inserted at the bottom of emails, probably as suggested by their attorneys. I see it all the time nowadays…another sad example of our over-litigious culture.

        Definitely not appropriate for something like a news release, but not an offense worth complaining about.

        • kcowing says:
          0
          0

          I obviously do not agree with you. I know of no other organization that does business with NASA that uses this language on every single email they send out – regardless of the content of the message. It is not only un necessary but shows a certain laziness on the part of CASIS.

          • ASFalcon13 says:
            0
            0

            Sorry Keith, but ellegood is correct. That you personally do not know of any other organization that does this does not mean that they aren’t out there. Rather than trying to shoot down everyone that disagrees with you, instead why not try going over to Google, and do a search on the terms “email confidentiality boilerplate”? It’ll only take a few seconds (that’s all it took me, anyway), and you’ll quickly find out that yes, these things are widespread; yes, it’s lawyers pushing this dreck; and yes, they are a waste of time and bandwidth. CASIS is hardly the only offender here.

          • kcowing says:
            0
            0

            Please provide an example of an organization that works with NASA who issues press releases to the media in this fashion – there is actually an example: OSC – but they are trying to get the legal language off of their distribution system because they agree that it does not belong on a press release distribution.

          • Steve Whitfield says:
            0
            0

            To be honest, I’m disappointed at the number of people out there who seem to think that Googling provides official, reviewed answers to anything at all. All Google does is index existing web pages, which are created by other people.

            The web is an end-to-end system, which means that whatever one person puts up is exactly what other people will see — there is no peer review, or review of any kind, by anybody. This is why there is so much utter crap on the web. Anybody can post anything, no matter how wrong or stupid it might be, and it stays there forever for all to see. Only the original poster can ever change it.

            Googling anything is not research — unless you are prepared to make the effort to investigate and qualify every single source you use, which takes significant time and proper research habits. Also consider that with every day that passes the “relevancy” of Google’s indexes gets less accurate and less useful.

            You can’t prove anything with Google, except that the web is full of junk, and there’s no way short of hard work to tell the good from the bad.

          • ASFalcon13 says:
            0
            0

            To be honest, I’m disappointed that you missed my point entirely Steve. My point wasn’t to put together a thorough, peer-reviewed analysis of the implications of e-mail boilerplate. It was to point out that rather than dismissing the experiences of others here (I, too, have received my share of e-mails with pointless statements appended) and arguing that it obviously doesn’t exist because he’s never seen it before, even a cursory bit of token research might reveal that this phenomenon is more widespread than Keith is aware of.

            If you’d like to put together a deeply-researched, peer-reviewed analysis of pointless e-mail legalese, please, don’t let me stop you. On the other hand, I’m really not inclined to spend more than a few minutes of brainpower on thesubject.

          • Steve Whitfield says:
            0
            0

            ASFalcon13,

            I didn’t miss your point, and I agree it’s not something that any of us here would want to waste time doing. The issue is certainly not going to be settled on NASA Watch.

            I have to stick by my guns on this one, though. As a personal opinion, I don’t consider offering up web pages returned by Google, or any other web search engine, to be proof of, or even clear support for, this issue, or the many others that I’ve seen treated the same way. We’ve seen clearly that people are making statements on this based on no actual knowledge of the facts, which is pretty reckless considering that we’re discussing a legal issue.

            And less acceptable, in my opinion, is assigning the blame to the lawyers after one second of thought and no facts, as more than one poster has done; that’s just people being lazy. But more important, to my mind, is if someone is expressing an opinion, or merely guessing, then they should state as much, so as not to mislead other equally uniformed and lazy people.

            I think it’s fair to say that your assertion that this type of email disclaimer is widespread is justified, based on what we’ve all seen, and based on the number of hits that Google returns on your search (but not based on the content of those returns, just the quantity). But all of the other “conclusions” offered up by people in this thread are really nothing more than supposition and conjecture, as far as I’m concerned.

            This post is just my opinion, of course; I’m not a lawyer. As a generality, what bothers me more than the use of boilerplate legalese, and similar legal practices, is the extent to which people (who are, in theory, legally bound by it, and by the “fine print” in every document) will go to ignore, or make unfounded assumptions about, these appended legal statements, leaving themselves wide open to the consequences.

            And worst of all, when lazy people do get caught by the fine print, they’ll inevitably call it stupid or unfair, or other such meaningless accusation, and blame the people who wrote it or appended it, instead of accepting that the blame was their own for not having bothered to read it. I’ve had many a person get impatient with me for keeping them waiting while I read the fine print before signing or continuing. Too bad for them.

            I refuse to screw myself by making assumptions about legal issues; I read every word and ask for clarification when I don’t understand a statement (which, to my mind, is exactly what Keith has done with the CASIS press release). We’re usually stating that we’ve done exactly the same by the simple act of signing on the dotted line. If you want a real surprise, try reading through the Terms and Conditions that we all agree to when we sign the back of a credit card; they’re even more scary than the application was.

            Sorry to ramble on for so long ASFalcon13, but this is a somewhat slippery issue and I wanted to make sure we were communicating accurately.

            Thanks,

            Steve

          • kcowing says:
            0
            0

            I simply do not agree with you, ellegood etc. on this matter. Why is it that y’all feel free to go after me – but I can’t respond? Odd.

          • chrisfoster says:
            0
            0

            Keith, Jacobs Engineering has a boilerplate disclaimer like this, although they temper it with “This communication may contain” instead of the more broad “contains”.

        • Steve Whitfield says:
          0
          0

          Since you offer no references to support your position, I have to assume that you’re only making assumptions (you started it). Your argument is basically: since you’ve seen it lots of times before, it’s standard procedure everywhere and therefore doesn’t mean anything. I’ve made myself a note to never do business with you.

          Question: Since you’ve dismissed this “automatic” “boilerplate” as meaningless, what, in your opinion, should CASIS, or anyone else, do if they actually want an email, or other document, to actually be considered confidential for real?

          Keith’s argument makes sense; yours doesn’t. Any document that requires you to read it before you can know whether or not you can read it is not policy; it’s a screw-up. The idea that the security status of an email can be retroactively changed by the sender after it has been sent is ridiculous. It’s very unprofessional behavior by CASIS. In fact, it’s bad enough to make me wonder if there are any clauses in the contract that null the contract, or proffer other penalties, for unacceptable business practices.

          Lastly, I’m troubled by the idea that other people might read your interpretation of this and adopt it because it’s easier to do nothing than to find out the correct answer. It reminds me of Heinlein’s contention that free advice is generally worth exactly what you paid for it.

          • ellegood says:
            0
            0

            I just did a search for “intended recipient” in my Gmail inbox. It provided hundreds of hits with this silly legal boilerplate, from all sorts of organizations (including NASA contractors). I don’t like the practice and think it becomes pointless (read: ignored) when overused. Blame the attorneys.

            If you want something to remain confidential, then you shouldn’t send it via email, or you can at least selectively identify it as confidential up-front instead of using two paragraphs of dense legalese at the tail end of each and every message.

          • ASFalcon13 says:
            0
            0

            Answer: it’s the content of the e-mail or document that makes it subject to certain regulations, not the markings or legends appended to it. Applying proper markings to the document is one strategy (so that folks know the sensitivity of the included information and how to handle it), but so is correct handling of the document (limiting access and distribution, encryption of electronic files, that sort of thing). There are guidelines out there for handling information of various degrees of sensitivity. In general, though, since a sender has little control of the path of an e-mail message outside of a company’s own servers, e-mail shouldn’t be relied upon as a secure form of document or information transmission.

          • Steve Whitfield says:
            0
            0

            I see the logic in your assessment, but the fact remains that email is admissible as evidence in court, so your logic is overruled by law (which is certainly not an uncommon circumstance in our crazy world). It basically comes down to the equivalent of caveat emptor, whereby the recipient needs to cover his or her own butt. Unfortunately, it would appear that blaming the process/system for the inclusion of these statements does not absolve either the sender or the recipient of any legal vulnerabilities.

      • madlyb says:
        0
        0

        I think you have majorly overblown the work of clueless lawyers and/or overeager email admins. This exact verbiage has been attached to emails for years (Google the entire string) and in many cases is attached by the mail server *after* the user sends it.
        Doesn’t mean that it shouldn’t be brought to their attention, but trying to turn it into news was honestly, reaching.

        • kcowing says:
          0
          0

          If you think NASA Watch is reaching then please avail yourself of the other fine space news websites out there.

          • madlyb says:
            0
            0

            Wow…just wow.

            Fair enough, your site, your opinion and apparently no ability to consume constructive criticism.

            Consider this reader gone.

  2. Graham West says:
    0
    0

    It’s very silly to slap that on everything and it always makes me think the sender doesn’t understand the law very well.

    • Steve Whitfield says:
      0
      0

      Agreed, stipulating that “the sender” is the writer of the email and not the person/program who/that slapped the footer on after the fact.

      And when we consider the fact that emails are now admissible evidence in the courts, you’d think that the recipients would be a little more concerned about this and want to know the correct legal answer instead of just saying that the lawyers are dumb. This sounds like it has the potential to harm both sender and recipient alike.

      I’m half inclined to send a handful of emails with an appended footer containing ambiguous, contradictory nonsense to a bunch of selected recipients and see if anyone actually reads them.

  3. Jeff2Space says:
    0
    0

    I see this sort of boilerplate all the time at the bottom of emails. Here are two examples sitting in my inbox:

    This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.

    CONFIDENTIALITY NOTICE:
    This communication and any attachments may contain confidential and/or privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it and its contents is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy all copies of this communication and any attachments.

    • Geoffrey Landis says:
      0
      0

      I do see it all the time, but I agree with Keith that it is stupid. And particularly stupid when they send it out with a public release.
      And I am puzzled as to why they think it has any legal validity. Since you did not agree to those terms, this is not an “agreement”.

      • kcowing says:
        0
        0

        In a nutshell can I send you something and proclaim that it is confidential and require you to keep it confidential even if you never asked for or agreed to receive confidential information? And to put this on a press release sent to the media? What are the media supposed to do with this confidential information – they can’t write about it – so why sent it to them.

  4. NewSpacePaleontologist says:
    0
    0

    This is indeed silly – but Keith is not the silly one. Those
    who believe such a declaration to be valid are the silly ones. These are coming
    more and more from all sorts of organizations. I have seen them include SEC
    (Security and Exchange Commission) type warnings about how the e-mail is not
    intended to provide forward looking business projections, etc. Many times these
    warnings are longer than the message itself. I have even seen such warnings on
    company’s marketing materials.

    And, regarding people’s lawyers telling them that they have
    to use such a warning, those lawyers should be challenged. You will find that
    when such cautions become part of the standard communication and people do not
    have to decide (via criteria) to attach it, they are invalid. My former big company started putting versions
    of “company confidential” on everything. NASA contracts came to them after a
    while and told that if they could not discriminate what was really confidential
    and what was not, the NASA folks would treat nothing a confidential. The
    lawyers fixed the situation the next day.

    I now just ignore such boilerplate recognizing most writers
    are stuck with organizational rules they cannot change.

  5. Jackalope3000 says:
    0
    0

    I agree with Keith on this one. What they did was run around putting a Wet Paint sign on every railing, regardless of whether it has been painted or not. The difference is, someone can take legal action on you if you touch the railing anyway.

  6. kcowing says:
    0
    0

    Read earlier stories on NASAWatch.

  7. hikingmike says:
    0
    0

    “The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above.”

    It’s pretty rare when an email goes to someone other than the recipient. 🙂

    Just close your eyes and send it to me, Keith, and I’ll send it back without the warning. That way you can read it. I’m a regular old civilian and not a journalist either so there is really no consequence for me. I guess you may want to still check if it is something that they really want to keep secret to be nice. /facetiousness

  8. Steve Whitfield says:
    0
    0

    How about “better criticism on CASIS than this.,” not “then this”?

    Is that better criticism?