Comment - Practical Data Protection

Recently, Rawat and Saxena proposed a method for protecting data using “Disclaimer Statement”. This paper presents some issues and several flaws in their proposal. 1 Data Protection using “Disclaimer Statement” Recently, Rawat and Saxena [1] proposed a method for securing data using “disclaimer statement” in email. Typically, the disclaimer statement is appended at the end of email. But, Rawat and Saxena intended to put the disclaimer statement at the beginning of the email. They claim that their method achieves the following characteristics: the method provides very tight confidentiality and could be extended towards creative disclaimers based on security requirements and level. As subject of the email may give some clue to the receiver, no subject on “Subject” field of the email. In fact, they suggested to write “subject” after the disclaimer. the “disclaimer” method makes all current encryption methods obsolete. We refer interested reader to [1] for a quick review of their proposal. In next section, we show that none of the their claims provides any data protection mechanisms. 2 Comments and Remarks I cannot see any data protection method in Rawat and Saxena’s method [1]. They neither provide any methods for data confidentiality nor safeguard data privacy. The picture of their proposal [1] would be pretty clear from the following comments, which one could easily observe these flaws from their proposal. The basic purpose of email is to communicate message in between sender and receiver. Although some unsolicited junk emails are not new these days; however, one may adopt some strategies to safeguard/minimize mail server from receiving unsolicited emails. The basic purpose of “disclaimer statement” attached to email is to defend the sender/organization’s intention (accidental or intentional) against data abusing in