That website is confusing; however, the line about “email attachments” I believe is meant to refer to the website contact form. I think it is attempting to explain why there is no way to attach files in that form. I know it is not an “email” and this message confused me too, but it is in fact common practice to send emails with attachments in the format specified.
“For security, we can’t receive email attachments” most likely means they don’t want to be opening files from random petitioners which could install malware on a government computer. So the exact method by which the file is sent wouldn’t especially matter. Note the next sentence (emphasis mine): “If you wish to send an attachment, please do so by mail.”
(I’m a security guy, and I agree with the California government that avoiding untrusted attachments is a good way to avoid malware. It’s true that lots of people open them, but lots of people have poor security practices in general. Another factor is that the California state government can expect to be targeted by more sophisticated cyberattacks than your average Joe or Jane.)
So yeah, I strongly recommend that you edit the instructions here and on your website ASAP.
The instructions you see above come directly from the Governor’s office by email to somebody on our team a month ago. They are the instructions that are used for sending support letters and they have been used for multiple years by people who know the governor’s office well. They are also used by other organizations for other bills.
I was also confused when I saw that line on the website, since it contradicts the specific instructions and also because it is on a page that does not have an email address. (Why would the Governor’s office give people instructions for sending emails on a page that does not list an email address? It doesn’t make sense. That’s why my hypothesis is that the word “email” is a misnomer and it actually refers to the contact form on that page, which does not have a place for attachments.)
I agree with you that it seems like a poor security practice. But I err in favor of following the explicit written instructions provided to us by the Governor’s office.
I see, thanks for the info. Seems confusing. Maybe people could put their letter in both the body of the email and also in an attachment, just to be on the safe side.
Warning: the Governor’s “Contact Us” page (gov•ca•gov/contact) says:
So, if you were planning to send a PDF, I would also send a second email with the letter in the body of the eMail.
@Center for AI Safety Time to change the instructions on your website?
That website is confusing; however, the line about “email attachments” I believe is meant to refer to the website contact form. I think it is attempting to explain why there is no way to attach files in that form. I know it is not an “email” and this message confused me too, but it is in fact common practice to send emails with attachments in the format specified.
“For security, we can’t receive email attachments” most likely means they don’t want to be opening files from random petitioners which could install malware on a government computer. So the exact method by which the file is sent wouldn’t especially matter. Note the next sentence (emphasis mine): “If you wish to send an attachment, please do so by mail.”
(I’m a security guy, and I agree with the California government that avoiding untrusted attachments is a good way to avoid malware. It’s true that lots of people open them, but lots of people have poor security practices in general. Another factor is that the California state government can expect to be targeted by more sophisticated cyberattacks than your average Joe or Jane.)
So yeah, I strongly recommend that you edit the instructions here and on your website ASAP.
The instructions you see above come directly from the Governor’s office by email to somebody on our team a month ago. They are the instructions that are used for sending support letters and they have been used for multiple years by people who know the governor’s office well. They are also used by other organizations for other bills.
I was also confused when I saw that line on the website, since it contradicts the specific instructions and also because it is on a page that does not have an email address. (Why would the Governor’s office give people instructions for sending emails on a page that does not list an email address? It doesn’t make sense. That’s why my hypothesis is that the word “email” is a misnomer and it actually refers to the contact form on that page, which does not have a place for attachments.)
I agree with you that it seems like a poor security practice. But I err in favor of following the explicit written instructions provided to us by the Governor’s office.
I see, thanks for the info. Seems confusing. Maybe people could put their letter in both the body of the email and also in an attachment, just to be on the safe side.