“For security, we can’t receive email attachments” most likely means they don’t want to be opening files from random petitioners which could install malware on a government computer. So the exact method by which the file is sent wouldn’t especially matter. Note the next sentence (emphasis mine): “If you wish to send an attachment, please do so by mail.”
(I’m a security guy, and I agree with the California government that avoiding untrusted attachments is a good way to avoid malware. It’s true that lots of people open them, but lots of people have poor security practices in general. Another factor is that the California state government can expect to be targeted by more sophisticated cyberattacks than your average Joe or Jane.)
So yeah, I strongly recommend that you edit the instructions here and on your website ASAP.
The instructions you see above come directly from the Governor’s office by email to somebody on our team a month ago. They are the instructions that are used for sending support letters and they have been used for multiple years by people who know the governor’s office well. They are also used by other organizations for other bills.
I was also confused when I saw that line on the website, since it contradicts the specific instructions and also because it is on a page that does not have an email address. (Why would the Governor’s office give people instructions for sending emails on a page that does not list an email address? It doesn’t make sense. That’s why my hypothesis is that the word “email” is a misnomer and it actually refers to the contact form on that page, which does not have a place for attachments.)
I agree with you that it seems like a poor security practice. But I err in favor of following the explicit written instructions provided to us by the Governor’s office.
I see, thanks for the info. Seems confusing. Maybe people could put their letter in both the body of the email and also in an attachment, just to be on the safe side.
“For security, we can’t receive email attachments” most likely means they don’t want to be opening files from random petitioners which could install malware on a government computer. So the exact method by which the file is sent wouldn’t especially matter. Note the next sentence (emphasis mine): “If you wish to send an attachment, please do so by mail.”
(I’m a security guy, and I agree with the California government that avoiding untrusted attachments is a good way to avoid malware. It’s true that lots of people open them, but lots of people have poor security practices in general. Another factor is that the California state government can expect to be targeted by more sophisticated cyberattacks than your average Joe or Jane.)
So yeah, I strongly recommend that you edit the instructions here and on your website ASAP.
The instructions you see above come directly from the Governor’s office by email to somebody on our team a month ago. They are the instructions that are used for sending support letters and they have been used for multiple years by people who know the governor’s office well. They are also used by other organizations for other bills.
I was also confused when I saw that line on the website, since it contradicts the specific instructions and also because it is on a page that does not have an email address. (Why would the Governor’s office give people instructions for sending emails on a page that does not list an email address? It doesn’t make sense. That’s why my hypothesis is that the word “email” is a misnomer and it actually refers to the contact form on that page, which does not have a place for attachments.)
I agree with you that it seems like a poor security practice. But I err in favor of following the explicit written instructions provided to us by the Governor’s office.
I see, thanks for the info. Seems confusing. Maybe people could put their letter in both the body of the email and also in an attachment, just to be on the safe side.