Victor Roberts <xxx[at]lighting-research.com> wrote:
- quote -

Except in the example we have here, the recipient _wants_
his employees to read (some of) his email, so he has to give
them his private key.

- quote -

That's precisely why I wrote that shared-key encryption
works better in this case: the key shared with _each_
correspondent would be different, and employees wouldn't
have received the key shared with the CPA.

- quote -

That's at best optional (and at worst difficult to do,
depending on the implementation) with public-key encryption,
and required with shared-key encryption.

Seth

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

D. Stussy wrote in news:1196dn2lfjgsd1

- quote -

"Fox paw" is easier

--

Mike

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

"Phoebe Roberts, EA" <phoebe[at]cottagesoft.com> wrote:
- quote -

Perhaps, in this case, faut pas.

Stu

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

D. Stussy wrote:

- quote -

I'm chuckling right now. For Dick, in using the term "faux
pax", actually MADE a faux pas, most probably "on
poipoise."

And D., by using "faux paus", echoed the false step. (from
the world of ballet if memory serves.)

ChEAr$,
Harlan Lunsford, EA n LA

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

- quote -

No, he meant "faux pas."

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

D. Stussy wrote:

- quote -

faux pas?

Phoebe

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

- quote -

False peace? I think you meant "faux paus."

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Andy wrote:

- quote -

Before doing that, I would suggest that you review
applicable state law to determine whether "impersonating" a
CPA might have severe consequences. In my state it is at
least a misdemeanor and, upon second offense, it becomes a
felony.

MTW

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Stuart A. Bronstein <spamtrap[at]lexregia.com> wrote:
- quote -

Whether or not that's inherently wrong depends on whether
you're the one parked or you're the one looking for a
parking space.

Seth

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

"effi" <effi[at]ev1.net> wrote:
- quote -

i agree with avoiding a right vs. wrong thread

and suggest the op consult as to applicable laws: an
attorney, the irs, and/or the applicable regulatory state
board over the cpa

and as to applicable rules (which may not be codified as
laws ): "if" the cpa is a voluntary member of other relevant
organizations (e.g. state society or aicpa), those
organizations be contacted as to any rules that my have been
broken

as this is not the forum for determining whether the law or
rules have been broken

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

sethb[at]panix.com (Seth Breidbart) wrote:
- quote -

I'm not sure you understand PKE. The key to encode e-mail
sent to you is public, but the key to decode that e-mail is
private. That way, you never have to give anyone your
private key.

In any case, since the OP wanted his employees to read his
business e-mail, if he had been using PKE to protect e-mail
from unauthorized interception, then he would also have had
to give his employees his key, unless he had separate keys
for business and private e-mail, which would have the same
effect as the separate accounts for business and personal
e-mail I have been suggesting he should have used.

--
Vic Roberts
Replace xxx with vdr in e-mail address.

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

effi" <effi[at]ev1.net> wrote:

- quote -

I agree I may have missed the distinction between "read" and
"may have read" but that is not the main point of my note.

- quote -

The OP said he gave permission to certain employees to read
his e-mail account in his absence, and to facilitate this he
would have had to give these employees his password. Unless
he left specific instructions that e-mail from certain
individuals, such as his accountant were not to be opened, I
don't see any legal issue here. Even then, the case is
pretty weak.

- quote -

By giving his employees permission to read his personal
e-mail account he certainly did create the situation. As I
have stated in another message, no one intercepted his
e-mail, no one hacked into his e-mail, no one stole his
e-mail. His employees did only what they were asked to do.
Now, I do agree that perhaps the CPA should have checked to
make sure it was OK to send personal information to this
business e-mail account, so I will agree there is probably
some shared responsibility, but the majority of the blame
for this unfortunate situation rests with the OP. If I
remember correctly, the OP owns the business so the CPA
would not expect that OP's managers or IT department would
be reading his e-mail without his permission. Since the OP
intended to have his employees read his business e-mail
while he was out of the office, he should have set up
separate e-mail accounts for business information that he
intended to share with this employees and e-mail of a
personal nature that he does not want to share with his
employees.

- quote -

That seems to be what this thread has been mostly about. One
person after another citing sections of the IRC (as you did)
that the CPA violated.

- quote -

I don't disagree with this suggestion. I do hope the OP
gives the attorney the same info he posted he: "I gave
certain of my employees permission to read my business
e-mail when I was out of the office. My CPA sent my tax
return to this e-mail account - the same e-mail account I
had been using to communicate with him. Those employees who
had permission to read my e-mail read the message from my
CPA."

If there has been a violation of the law, I hope the OP will
post that info back here.

--
Vic Roberts
Replace xxx with vdr in e-mail address.

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Thank you for your response.

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

"effi" <effi[at]ev1.net> wrote:

- quote -

Likewise you can do something that's in violation of the
law, but is not inherently wrong. Such as overstaying your
time at a parking meter.

Stu

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

"Jonathan Kamens" wrote in part:

- quote -

what is the difference between the "right thing to do" and
the law?

Moderator:
Hopefully I can interject here to avoid the extension of a
right versus wrong thread. You can easily do something
wrong without breaking the law. That is generally known as
a faux pax. Being stupid, ignorant, or careless are not
usually violations of the law, but they may be violations
of Standards of Professional Practice. And even if they
are neither, they still are stupid, ignorant, or careless.

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

"Victor Roberts" <xxx[at]lighting-research.com> wrote:
- quote -

you say above
" Everything you said is interesting, but in this case the
OP _gave_ permission to read his e-mail to those people who
ended up reading the message from this CPA."

the op has not stated "those people...read" anything from
the cpa (op stated he assumed they did), so concluding they
did is not based on the facts given

additionally, the issue is not about a "message" but about
tax information (i.e. a tax return in this case), which is
specifically regulated by irc section 7216

you also say
"The OP created this problem by his own actions."

the op is not responsible for the acts of his return
preparer, and thus did not create any problem resulting from
the return preparer's actions, if any exist, and, most
importantly, this is not the forum for developing the facts
and applying the law

the op would be well advised to consult a professional (e.g.
attorney) well versed in irc section 7216 instead of relying
on this discussion group for a definitive answer to his
questions

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Jonathan Kamens <jik[at]kamens.brookline.ma.us> wrote:

- quote -

I'd say that this example is an argument _against_ Public
Key Encryption; if each sender had a _private_ key (shared
with the recipient), then the email from the CPA would not
have been readable by other employees, because they wouldn't
have been given that particular private key.

Seth

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

- quote -

First of all, since you were responding to only my last
paragraph above, i.e., 7 lines of text, you didn't need to
quote my entire article, i.e., 137 lines of text. People
who are reading the thread have already read my article;
they don't need to see the whole thing again. Please follow
the proper Usenet etiquette of trimming messages to which
you are replying so that only the text to which you are
directly responding is quoted.

Second, it would seem to me that there are in fact many
"issues" being discussed here, not merely the one you
singled out. Whether or not the CPA broke any laws about
disclosing tax information is one issue. However, other
issues being discussed are whether the CPA's behavior was
reasonable or unreasonable, whether his behavior represents
the "norm" for tax accountants, and whether the CPA was
wrong from the "right thing to do" point of view as opposed
to the "were any laws broken" point of view.

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

jik[at]kamens.brookline.ma.us (Jonathan Kamens) wrote:

[snip]

- quote -

Everything you said is interesting, but in this case the OP
_gave_ permission to read his e-mail to those people who
ended up reading the message from this CPA. This is not a
matter of poor security. It is not a matter of intercepted
e-mail. It is not a matter of the business owners or
managers reading an employee's e-mail. This would not have
been prevented with PKE, since the OP would have provided
the passkey along with the permission if he wanted his
employees to be able to read and respond to e-mail in his
absence. The OP created this problem by his own actions.

This was also not the first time that the OP had given
permission to his employees to read his e-mail while he was
out of the office. He states that in those prior cases he
would inform family and such to not send personal messages
during his absence.

This whole mess would have been prevented if the OP had at
least two separate e-mail accounts: one for business e-mail
that he might want his employees to read when he was away
from the office and a second for personal correspondence
that he did not want to share with his employees.

--
Vic Roberts
Replace xxx with vdr in e-mail address.

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->

Earlier, I wrote in part:

jik[at]kamens.brookline.ma.us (Jonathan Kamens) writes:

- quote -

The word "not" in the sentence above (marked with asterisks)
should have been omitted.

<< -------------------------------------------------> << The Charter and the Guidelines for submitting > << messages to this newsgroup are at www.asktax.org > << ------------------------------------------------->