Just How Private are Lotus Notes Private Items?

Just How Private are Lotus Notes Private Items?

Lotus Notes Private Items, Read Receipts and Encryption

Following on from my colleague Twan’s brilliant blog on Private Items in Outlook / Exchange,  (see here -> https://www.neroblanco.co.uk/2015/08/how-private-are-private-items-in-exchange/  ) we thought we would put together a similar one on Lotus Notes.

My colleague Neil Langston already touched on parts of this with his equally brilliant Blog on detecting Private Folders ( https://www.neroblanco.co.uk/2014/06/detecting-private-folders-targeted-communications/  )

At the end of the day, Lotus Notes items are often simply controlled by a binary field value that toggles it on or off. Most seasoned Notes Admins can get around Prevent Copy, Private Item and Read Receipts.  Quite likely any savvy experienced Notes user could get around it as well.

These features should definitely not be considered “Secure, Compliant or Confidential” features. Lotus Notes Encryption on the other had is indeed what it says on the tin, however it still allows the recipient far too much leeway to circumvent the sender’s intent.  The recipient of an encrypted Lotus Notes email can simply decrypt it, or forward it on unencrypted.

Read Receipts

First up let’s look at Read Receipts.  Natively in Lotus Notes there is no way for a Recipient to know that the Sender hand put a Read  Receipt on the email, nor is there any easy way for the Recipient to stop the Receipt being returned.

Adding a Read Receipt to an email is easy.  Simply select Delivery Options.

image001

image002

 

You*can* also set it for ALL emails in your Mailfile Preferences…

image003

 

When the recipient sees the email in their inbox they are none the wiser, and when they open it they are oblivious to the Receipt being sent… unless they view the status bar observantly in their Notes Client

image004

·
Or if they are running in Local / Offline / Island mode, in which case the Read Receipt to be sent will sit in their local mail.box until they re-connect to the network and the mail is sent via their Replicator page.  This can be seen before it is sent and could be deleted by the user.

image005

image006

So, what can we do to get around this…

Well, we can add a Column into the Inbox older view, so we can see at a glance:

We simply add the following formula to the Column Value:

@If(ReturnReceipt=”1″ & $KeepPrivate = “1”; 92; ReturnReceipt=”1″; 123; $KeepPrivate = “1”; 62; @IsAvailable($title); 91; “”)

image008

Note the “Blue Envelope” Icon

Then we add a button to the Action Bar of the Inbox Folder to strip it off:

image009

Finally, we add a little bit of code on to the Query Open Document design element of the Inbox Folder, so that when we open the email we are prompted whether we want to send a Read Receipt or not.

image010

@If(@IsAvailable(ReturnReceipt);

       @If(ReturnReceipt = “1”;

             @If(@Prompt([YesNo];”Send Return
Receipt?”; “The Sender has requested a Return Receipt for this
email.   Do you wish to send a Return Receipt?”);

             @SetField(“ReturnReceipt”;”1″);

             @SetField(“ReturnReceipt”;”0″));

       “”);

“”)

  

Prevent Copy, Forward or Print

Again, as above very easy for the Sender to enable this feature to “Protect” their email using the Delivery Options button from the Action bar.

image011

When the recipient Opens the email, the Print Options have been removed (CTRL+P also does not work as a keyboard shortcut) and when trying to Reply with History or Forward you get this message:

You cannot forward or otherwise copy the contents of  this document.  This document is set to prohibit copying and duplicating.

 

image012

So, what can we do to get around this…

 Again, our Column from above warns us if the email has been “protected”

image013

We can simply use the “Unprotect” Button that we have added to the Action Bar.

What magic does it do? Not much… it simply Deletes the Field $KeepPrivate and voila we can Print, Forward and Reply with History.

FIELD $KeepPrivate := @DeleteField;

“”

Before

After

image014

image015

 

Mark as Private

This feature is only available on Calendar Items in Lotus Notes, there is no opportunity on the email form.

It is enabled right on the Appointment Form.

image016

 

In the Calendar view a small padlock is available.

Invite

image017

Open the Item

image018

Any Delegate only sees this:

image019

Mark as NOT Private..

So, how do we unmark it from being Private?  Well simply put, IF the field $PublicAccess  is present, then it is not private.  Thus,  we just add it 🙂

Create a Simple Notes Agent in your Mailfile or on the Icon Bar with the following code:

Field $PublicAccess:=”1″;

 image020

In the Calendar item it now looks like this:

image021

Now when Dan Carter Opens Richie’s Calendar he sees this:

image022

 

Private Folders

Private Folders are a bit of legacy Notes things mainly used in the R4.5 – R5 era. Private Folders are only visible by the User that created them.

Whilst you *can* still create them, it is not a common thing anymore.  You may still see them in old mailfiles for users that have been in the organisation a long time, or more likely in Shared Mailboxes / Mail-In Databases that are used by multiple people that have again been around for a long time..  In later versions, you actually have to dig around to create them now.

image023

Here is what they look like:

image024

The thing is that while the Folder itself is Private, denoted by a Grey Folder – or in later Notes versions a small grey padlock – rather than a traditional Yellow one, the emails contained inside them are not Private and are simply visible in the All Documents View anyway!

When Dan opens up my mail file as a delegate, he can’t see the folder, but he can easily see the email.

image025

Neil’s blog here again on detecting them: https://www.neroblanco.co.uk/2014/06/detecting-private-folders-targeted-communications/

There is some code around to convert Private Folders back to Shared.  Again we at Nero Blanco have more advanced code and have in fact worked out a way to get the Server to do this on the back-end rather than user interaction being required.

http://searchdomino.techtarget.com/tip/Changing-Private-Views-Folders-to-Shared-on-Selected-Target-Server-Database-Files

 

A user can do this themselves by creating a second “normal” folder, say called My Folder 2, move the items to that Folder.  Delete the Private Folder, and rename the new folder back to the old Private one.

 

Notes Encryption

Like the others above, Lotus Notes Encryption is an email Option.

image026

In this screenshot we have enabled everything! (Other than S/MIME interaction…)

The recipient sees the email like this:

image027

However, decryption is only a few clicks away… You do need some more advanced skills to create a LotusScript Agent to decrypt emails, but the code is readily available and in fact IBM make it available.

http://www-01.ibm.com/support/docview.wss?uid=swg21110567

http://www-01.ibm.com/support/docview.wss?rs=899&uid=swg21089495

Note, there are far more mature and robust LotusScript Agents available that do a better job than the IBM one above.  We ourselves have a far more optimised version we use during migrations.

Quite often it is used in Migrations from Lotus Notes to Exchange where users would rather be able to see the content of their emails in Outlook, than not at all, or have to refer back to Lotus Notes all the time.

Interestingly just Forwarding the email you can remove the encryption there and then, or if you send to a Recipient external to your organizations Domino Domain, you cannot (Lotus Notes) encrypt the email anyway.  For this you need a S/MIME Certificate for yourself and the recipient.  And that’s a whole other Blog topic on how to set that up in Notes!!

Conclusion

As you can clearly see, although Notes has some nice features, they are able to be circumvented with relative ease – unlike Microsoft Exchange’s Information Rights Management tied Active Directory Rights Management Server.

So “Just How Private are Lotus Notes Private Items?” – not very!