The Fallacy of Internet Privacy

I was just having a FB conversation with a fellow author regarding internet privacy and the fact that privacy on the internet is, in fact, a fallacy. However, the conversation made certain things slot into place and I suddenly realized that what I had previously thought was the weird behavior of my department head (at my day job), in fact made sense.

Several weeks ago, I was on a routine conference call regarding the status of our Franchisees in the Asian markets. The head of our department was not on the call that day. The Asian Supply Chain (SCM) staff person was working with a local vendor to get them approved as a supplier of a particular ingredient for the Franchisees in that area. When asked if he had received the specs to give to the vendor, he said that I hadn’t sent him the specs. I replied that I had not sent specs because I was waiting for the signed Confidentiality Agreement (CDA) to be returned. The SCM staff person told me to just send the specs, we didn’t need the CDA because our emails all contain that standard, boiler plate statement of privacy and confidentiality that almost all companies have in their emails these days. He said that was as good as a signed agreement.

My mouth was in gear before my brain really caught up and I said no, those statements are all pro forma do not guarantee confidentiality, they are to keep honest people honest. The only email communications that are covered by privacy laws are ones exchanged within a relationship that is already protected. In other words, your emails with your lawyer and your doctor are legally confidential because those relationships are already protected. Any and all other email communications are discoverable and can be used as legal evidence. You can’t confess to a crime via email and then claim your confession can’t be used against you because your email contained a claim of confidentiality.

When I was done talking, it was quiet on the conference call and I thought I’d over stepped and was going to get a talking to. Instead, one of my bosses said that the policy stated that I was to collect a signed CDA before releasing specs and that’s the way things would be done for the sake of consistency. End of story.

This exchange made it into the meeting notes which are distributed to the head of the department. I didn’t think any more about it. I never received a signed CDA so I never sent specs so the vendor hasn’t been approved. Whatever, not my problem.

Last time the department head was in our office, he handed me a document to read. Just for my own information he said, no need to do anything with it other than read it. It turned out to be a judge’s decision from one of our international markets. We had a case of trademark infringement in an Asian country. Our logo and product names were being used by someone who was not our franchisee. They claimed that they were legally allowed to use those things because one of their ingredients was one of our registered formulas. A vendor had signed the CDA, gotten the specs, decided they didn’t want to supply our Franchisee and sold our formula to someone else. We suspect they didn’t think US attorneys could/would navigate the Asian legal system. What they didn’t count on was that our law firm has an office in an Asian country and had no problems at all handling the case.

I just now realized that he handed me the decision to read because of what I had said in the conference call. The two incidents are unrelated, but the decision itself basically made what I said correct. Because the vendor had signed the CDA, they violated the contract by selling our formula and owed us damages. The company using our logo and product names tried to claim that their internal email conversations were confidential. The judge ruled that they weren’t covered by confidentiality because the relationships between the people sending the emails weren’t protected. They were used as evidence against the company to prove they had knowledge that they were buying a stolen formula. They were guilty of infringement and had to cease and desist and pay damages.

I guess I was being told that my adherence to the rules was a good thing and that what I had said in the call was accurate. Apparently, the U.S. email confidentiality standard is becoming or has become the international standard.

Needless to say, I’ll keep collecting the signed CDA’s before sending out specs, and I’ll send nothing in an email that I don’t want making it into a court transcript if the worst should happen.