Software

A very public lesson in email manners and reputation

Here's one story of what happens when people write things down in email that they would not want to see shared with the world.

In this blog, I try to drive home the importance one's online reputation has. One of TechRepublic's bloggers, Scott Lowe, had an interesting experience in which someone online mistakenly dropped his name in relation to an unfolding OpenBSD scandal. Today, I'd like to feature Scott's take on that experience. Here is Scott's story:

A couple of weeks ago, a large part of the technical Internet community got to see what happens when people:

  • Write things down in email that they would not want to see shared with the world
  • Make unsubstantiated accusations against members of a community
  • Recklessly share with the world that which was intended to be kept private

The situation

You may recall that the OpenBSD community was abuzz with what, if true, would be a devastating blow to OpenBSD and, frankly, overall trust in what is considered to be a solidly reliable open source development process. Specifically, a gentleman by the name of Theo de Raadt forwarded a private message he received from another gentleman named Gregory Perry. In this private message, Mr. Perry makes a claim that the FBI has paid a developer to add backdoors to OpenBSD's cryptographic framework and has paid others, including "Scott Lowe [...] a well-respected author in virtualization circles who also happens top be on the FBI payroll, and who has also recently published several tutorials for the use of OpenBSD VMs in enterprise VMware vSphere deployments."

While Mr. Perry did not specify which Scott Lowe to which he was referring, I'm far from being a major player in the virtualization community and I have not recently written any tutorials related to OpenBSD. Further, both the "other" Scott Lowe and I denied any such involvement in these activities and he and I had a little bit of email back and forth as a result of this message.

The fallout

Although the whole thing blew over very quickly, it was an interesting situation made a bit more interesting because of the multiple Scott Lowes involved. This is far from the first time that the EMC Scott Lowe and I have been confused with one another. It happens pretty regularly on Twitter where he is known as @scott_lowe and I am @otherscottlowe. I used to use a different Twitter handle, but decided that I would have a little fun with the name confusion and own the "other" Scott Lowe moniker. In most cases, I don't mind at all being confused with EMC Scott Lowe. Frankly, the guy is brilliant and is an all-around nice guy and, as I understand it, recently found out he's going to be a grandfather for the first time (by the way, Scott, if you read this: Congrats!).

For me, the situation brought to the forefront just how fragile an online reputation can be. Through no fault of either Scott Lowe, a third party dragged our shared name through the mud - albeit, in a private message - without the benefit of defense. I suppose I'm not sure which is worse - falsely accusing someone of something in what was supposed to be a private message or having that message go public. At least once something like that goes public, it provides an opportunity for defense.

The mistakes

There were three basic rules of communication that were negligently violated in this scenario:

  1. Mr. Perry wrote things down in an email message that should never have seen the light of day. But, guess what - we all do it. Probably every day. We reply to a message with something that, if published in the paper, would be embarrassing or devastating. That said, this kind of situation should be an eye opener.
  2. Mr. Perry made negligent unsubstantiated accusations against members of a community - namely, Scott Lowe. Yes, he did so in a private message, but as far as I am aware, he didn't bother to verify his claims with anyone before breaking them to Theo de Raadt. One can only hope that Mr. Perry's email account was hijacked, although that doesn't seem to be the case.
  3. Mr. de Raadt recklessly shared with the world that which was intended to be kept private. In his outing of Mr. Perry's note, Mr. de Raadt did indicate that he wouldn't appreciate his private communication being made public on the grounds that the potential conspiracy outweighed the privacy issues related to the email communication.

Summary

So, beyond the security lessons that were shared by Chad Perrin, there are a number of takeaways to be had from this, including:

  • Realizing just how easy your online reputation can be ruined, although that has been far from the case in this situation. That said, it could have gone the other way, too.
  • Breaches of email etiquette are still commonplace and can have ramifications even when someone believes that the communication is being kept private.

About

Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive w...

6 comments
kordoniss
kordoniss

Your comments are not answering the question. Did the FBI paid someone (mr Lowe or somebody else) to add backdoors to OpenBSD or not? Because it seems that you miss the point. Yes, it is bad to out somebody (falsely or not), but the issue here is if a system considered highly secure is full of holes and a Federal agency is working outside the Law. That's the REAL issue.

jsaubert
jsaubert

My father passed on a good set of advice to me that he picked up in the military and working for the government: Never record anything you don't want civilians/voters/the public to know. Never say anything behind someone's back you wouldn't say to say to their face. Never repeat anything that your not 110% sure is true or you've heard in confidence. Never believe anything you haven't seen yourself, and even then severely doubt. I can't say that I've always followed it but it has served me well in many situations. He shared this with me very young in my life and I'm glad he did.

shsdarwin
shsdarwin

Very good points to consider. I think we all, at times, tend to forget that our email conversations are not as private as we think. My policy is therefore to only ever write what I'd be happy to confirm and if need be, defend in person.

Sterling chip Camden
Sterling chip Camden

I bet the FBI's not happy about losing two of its best agents. just kidding.

kevaburg
kevaburg

The point of the article was to point out that unproven information was disemminated to the wider community to the potential detriment of innocent third-parties. Maybe the FBI are paying/did pay someone. Perhaps the CIA are tapping everyones phone lines. It could be the British Secret Service reads everyones emails. It could also be that Tescos will reduce all of their products to 10% of their normal price the day after tommorow. The point of this article is to show that speculation and conspiracy theories have the potential to ruin an innocent persons reputation and worse.

LLH3
LLH3

As a former government contractor, that piece of advice is as highly rated as the golden rule itself. Your father is very wise and it seems you follow well in is footsteps.

Editor's Picks