[Pct] Notification/reporting correspondence to clients - PDF vs. email body

Gerry Peters gerrypeters at jttpatent.com
Fri Feb 16 06:13:52 EST 2024 

> But most secure servers are themselves third party services? Most
> fileservers are hosted outside of our direct and sole control.

True on both counts, but the 2nd point has some nuance to it. Relevant
points are whether data is encrypted in transit _and_ at rest, and who
has decryption key. Given the reality of the Internet age, where server
is physically located is less important than who can decrypt; at least
that's the impression I get reading US government guidelines for
storage of secure data (some of us were discussing this a few years
ago, so I know I'm not the only one who has seen those
regulations/specifications). 

My understanding is that at least sync.com and tresorit.com are
encrypted at rest and only client has decryption key (always interested
in learning of additional providers, especially if open source and/or
code is auditable).

One interesting phenomenon is that the good services tend to
mysteriously disappear over time. Wuala was great while it lasted.

---Gerry


>> BEGIN MSG ID
>> DM8PR16MB4358C108AEA94E3ABFA91996B34D2 at DM8PR16MB4358.namprd16.prod.outlook.com
>> <<

Date: Thu, 15 Feb 2024 14:29:26 +0000
From: Timothy Snowden <Timothy at thompsonpatentlaw.com>
To: "For users of the PCT and ePCT. This is not for laypersons to seek
legal advice." <pct at oppedahl-lists.com> Cc: Gerry Peters
<gerrypeters at jttpatent.com> Subject: Re: [Pct] Notification/reporting
correspondence to clients - PDF vs. email body

But most secure servers are themselves third party services? Most
fileservers are hosted outside of our direct and sole control.

Also, there is secure email (Proton is a favorite among some of our
software clients) and/or other messaging services (like Signal).
Practically, they would be as secure as a secure server. I'm guessing
that if a party wants to make the argument that using 3rd party
services waives your expectation of privacy, then the cat's out of the
bag (docketing, remote file server, virtual server, AWS / Azure /
Google cloud).

Just my barely-connected thoughts!
________________________________
From: Pct <pct-bounces at oppedahl-lists.com> on behalf of Gerry Peters
via Pct <pct at oppedahl-lists.com> Sent: Wednesday, February 14, 2024
8:58 PM To: For users of the PCT and ePCT. This is not for laypersons
to seek legal advice. <pct at oppedahl-lists.com> Cc: Gerry Peters
<gerrypeters at jttpatent.com> Subject: Re: [Pct] Notification/reporting
correspondence to clients - PDF vs. email body

Those are good points, Krista, but I think there is at least one case
(federal case against Snowden's email provider) in which US government
took position that there can be no expectation of privacy where 3rd
party service such as email or fax service is used (ridiculous
position but it is what it is). Conversely, where US government
requires secrecy, I remember seeing regulations specifying exactly what
sort of end-to-end encryption is sufficient (3rd party service provider
can't have ability to decrypt). While you make a good point about
timestamps and recordkeeping if your goal is to persuade a court your
client is entitled to privilege, if possession is 9/10's of the law
and privilege belongs to the client, it gives me a warm fuzzy feeling
to know that there is no 3rd party that can be pressured to betray
its users. Also, besides privilege, there is the issue of keeping
material secret until a foreign filing license has issued, and for
that I think plaintext email or any email that can be decrypted by a
3rd party is probably insufficient where communications are happening
internationally or with potential access by noncitizens.
        ---Gerry

--
Pct mailing list
Pct at oppedahl-lists.com
https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Foppedahl-lists.com%2Fmailman%2Flistinfo%2Fpct_oppedahl-lists.com&data=05%7C02%7Ctimothy%40thompsonpatentlaw.com%7C767969cee59c4bf766d308dc2dd21f88%7Cbbad2d5600a44a43ade926f8d0710fee%7C0%7C0%7C638435627699766211%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=ofOuJGYucWlJzbjFJJRgwHDkZh74ZUJ7nbGFkAXANLk%3D&reserved=0<http://oppedahl-lists.com/mailman/listinfo/pct_oppedahl-lists.com>

>> END MSG ID
>> DM8PR16MB4358C108AEA94E3ABFA91996B34D2 at DM8PR16MB4358.namprd16.prod.outlook.com
>> <<

More information about the Pct mailing list