The correct answer is A. Confidentiality because the scenario describes sensitive information being transmitted in clear text, meaning the contents can be read by any unauthorized party who is able to intercept the traffic. In information security, confidentiality is the principle that ensures information is accessible only to authorized individuals, entities, or processes. When communications are sent without adequate protection—such as encryption—attackers performing network interception (for example, through man-in-the-middle positioning, packet sniffing on compromised routers, malicious Wi-Fi, or upstream monitoring) can directly view the document contents. That is a direct failure of confidentiality controls.
The prompt’s key phrase is that “anyone intercepting the traffic can read the contents.” This is not describing altered messages or forged emails; it is describing unauthorized disclosure. Confidentiality is typically protected using mechanisms such as encryption in transit (e.g., TLS for SMTP submission and server-to-server transport where possible, S/MIME, PGP), secure key management, and policy enforcement at email gateways. In legal environments, confidentiality is particularly critical because client communications and legal documents often contain privileged or regulated information. Clear-text transmission exposes the firm to compliance violations, reputational harm, and potential legal consequences.
Why the other options are not correct: Integrity concerns whether the message or document is altered in transit (tampering, modification, insertion). The scenario does not mention changes—only unauthorized reading. Non-repudiation ensures parties cannot deny sending or receiving a message (often supported by digital signatures and logging). The issue here is not proof-of-origin but exposure. Availability relates to whether systems and data remain accessible when needed (uptime, resilience, DoS). Nothing indicates service disruption.
Therefore, transmitting sensitive legal documents in clear text violates the fundamental security principle of confidentiality.
