Slashdot Mirror

← Back to Stories (view on slashdot.org)

Self-Shredding E-Mail

Posted by timothy on from the plausible-deniability dept.

yoink! writes: "I just read an article on CNN.com describing a self-shredding e-mail system. With all the persistent e-mail documents gathered by the Government in the MS Anti-Trust case, and the massive shredding of paper documents by parties in the Enron fiasco, it's no wonder people have been looking for an electronic solution to a material problem solved years ago with some cutting tools, a motor, and a garbage bag." One of the companies highlighted here was called Disappearing, Inc. when it was mentioned a few years ago, but now several others have joined the fray.

20 of 210 comments (clear)

  1. Common sense? by Em+Emalb · · Score: 4, Insightful

    How bout not sending anything that could get you in trouble? Common sense should prevail here. But in the wake on Enron, I am sure they will do well.

    One thing I did not see in the article, what happens if the person on the other end saves the email as an attachment, or saves it? I doubt it would be able to "shred" that. This is a very niche market item imo. Once again, DON'T SEND IT IF IT COULD GET YOU IN TROUBLE.

    --
    Sent from your iPad.
    1. Re:Common sense? by lawyamike · · Score: 2, Insightful
      In most cases, one is not able to contemplate whether the content of an e-mail will cause trouble for the sender.

      Sure, there are easy cases: Bill Gates should not have sent e-mails about destroying Netscape, and all corporate officials should receive training in which buzzwords will always set off antitrust alarm bells.

      That said, what about the cubicle monkey who sends pricing information that is unwittingly the focus of a Patman Act claim? Or the secretary who sends along an agenda and participants at a meeting between competitors? The point is, almost anything can be identified as worrisome ex poste. An auto-shredding system -- properly implemented -- is a good fail-safe.

  2. It won't work... by jnievele · · Score: 3, Insightful

    People still will be able to print out messages, or make screenshots of their MUA - ESPECIALLY when they know that the mail is going to self-destruct. So these expensive systems still won't guarantee against a copy surviving (especially if it's something hot that could be used to blackmail somebody, such as the order to shred all records...).

    In short: Why waste money on a system that prevents Email from getting read by Law-enforcement-officers? Why not simply do nothing illegal? ;-)

    1. Re:It won't work... by InsaneGeek · · Score: 4, Insightful

      You need to look at what this is targeted at. It's not really for hiding anything illegal, most large companies would have used some form of crypto (having used PGP's Outlook plugin, you can't get much easier). But more for everyday things that really appear harmless, that come back and bite you. Best example off the top of my head:

      Microsoft subpoenaed Netscape for all those internal message board documents, saying how much better IE was than Netscape. Nothing illegal, but would have been great to be killed automatically, look at how much damage *legal* posts did.

      Now, someone actually subpoenaing a couple emails of printed off is probably very little of a concern, when compared to possibly gigs & gigs of emails laying around that can be subpoenaed and gone through, that would not only include the couple of printed emails already, but possibly even more.

      I look at it like security, just because the only truely safe system from network hackers is a unplugged system, doesn't mean I shouldn't throw in the towel and not secure the systems that are plugged in.

    2. Re:It won't work... by Anonymous Coward · · Score: 1, Insightful

      because it will probably be argued that without the original electronic document to back it up, that the paper document's existence is suspect.

      What an odd twist of affairs THAT would be...a physical document that can't be authenticated against an electronic source version of the document?

  3. Snake Oil ? by CaptainZapp · · Score: 3, Insightful
    I'm sure many corporate bigwigs would sure be happy, if some of their e-mails sent/received might have self destructed. (Kenny Boy and his Anderson crownies come to mind).

    I fear however that they might be in for a surprise when the apparently "self shredded" messages pop up at all those likely and unlikely places like backup tapes, swap files, printouts and the like.

    It's probably safer to employ a clean and transparent corporate culture, then getting kicked in the but by embarassing messages popping up on ol' backup tapes.

    --
    ich bin der musikant

    mit taschenrechner in der hand

    kraftwerk

  4. Honest men by xenocide2 · · Score: 3, Insightful

    have nothing to hide. I don't think shareholders would see an email shredder as good news. Sure, you've reduced "liability," but you could further reduce it by having a higher set of moral codes. If I was a shareholder, I'd probably dump the company if news that the company needed to protect itself from itself.

    Its too bad that company execs won't see things that way. I guess the most valuable thing then to have as an investor is the list of Dissapearing, Inc's clients.

    --
    I Browse at +4 Flamebait

    Open Source Sysadmin

    1. Re:Honest men by zangdesign · · Score: 3, Insightful

      Then explain why we have cryptography, steganography, spy agencies, wiretaps, etc.

      That's the same horsecrap argument right-wing Republicans have been using for years.

      --
      To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
    2. Re:Honest men by Carmody · · Score: 5, Insightful

      "Honest men have nothing to hide."

      Not only is this statement false; it is dangerous.

      If an honest man comes up with a new, beautiful, invention, shouldn't he hide it until the patent forms come out?

      If an honest man writes a personal email to an honest woman, thanking her in detail for the honest sex they had last night, would he be suddenly dishonest if he didn't want those details accessible to any snoop a few years later?

      If an honest man writes an email to his honest colleague, and makes some honest fun about the way that his honest customer dresses, just the way that colleagues often jest and jape, is it that big a stretch that he wouldn't want that email to surface years later in some lawsuit?

      If you are living your life in such a way that you never write or say anything that you would like to keep private, I wouldn't call you "honest," I would probably call you "bland." And I don't believe that being bland is a virtue to which we should aspire.

      --
      God is real unless declared integer
    3. Re:Honest men by mpe · · Score: 3, Insightful

      ...have nothing to hide.

      Not even from the dishonest?

    4. Re:Honest men by edp · · Score: 4, Insightful

      "Honest men have nothing to hide."

      The most obvious and American counterexample to that is the voting booth. It has a privacy curtain, and I bet you use it.

      Honest people have things to hide from dishonest people. Hiding your vote protects you from being threatened or rewarded for your vote. Hiding your business plans prevents your competitor from beating you to the punch. Hiding your homework prevents other students from cheating. Hiding your phone number prevents some telemarketers from bothering you. Hiding your home address prevents customers from bothering you after business hours. Hiding an embarrassing (but ethical) hobby provides enjoyment of life while protecting from harassment. Hiding your religion protects you from persecution.

    5. Re:Honest men by sphealey · · Score: 4, Insightful
      And for B, I guarantee, you Mr. Conspiracy Theorist, that I have not broken 50-100 laws this morning, unless Congress has passed a law against skipping breakfast. We (at least I presume you do as well) live in the United States of America, not Communist Russia, where anything worth doing was illegal
      I don't go in for conspiracy theories much, myself. Although there clearly are powerful groups of people in the world who enjoy power/money for its own sake.

      As for your comment about not breaking any federal laws, clearly you haven't read the US Code (or the Federal Register, since the Supreme Court ruled that administrative regulations have the force of law) lately. Flush the leftover pills from a prescription down the toilet and and the question is not if you have broken FDA and EPA regulations but how many. ill you be prosecuted for that? Probably not - unless someone decides you have something they need. What's that? One of the customers for your database consultancy is the local mosque? Hmmm...

      Before you flame back, please spend a few hours at your local library scanning through a couple weeks' Federal Registers.

      To you other points: countersuits are a nice idea, unless you are facing an opponent with 100,000 times your resources. Then you are screwed, because even if you win your $10,000 award will not cover your $500,000 in legal fees. And it is nice to think that the feds only go after "bad guys", but the definition of "bad guy" can change quite rapidly. Just ask Mr. Ashcroft.

      sPh

  5. Self-Shredding email by blibbleblobble · · Score: 2, Insightful

    Does anyone have information on how this idea works?

    Okay, you have a remote encryption key (Me to keyserver: "Please make this key publicly available until 5/5/2002") which you can use to decrypt documents for a while.

    But what is to stop people taking a copy of this key, or of the decrypted message? Do you have to run a "trusted software" reader to view the message?

    Either way, it sounds like the equivalent of sending a Yahoo card - "Click here to view your message, which we will store for 3 months"

    But then, screenshots are still admissable in court.

  6. copy protection? by Mr.+Slippery · · Score: 2, Insightful
    These digital-rights management tools work much like copy-protection systems being developed for music, movies and e-books

    And we all know how overwhelmingly successful those have been at preventing copying...

    The old bromide that "information wants to be free" is not just a statement about copyright. It's a statement about privacy as well - whether you want it to spread or not, once you set information in a digital form and send it to someone else, controlling it becomes well-nigh impossible.

    --
    Tom Swiss | the infamous tms | my blog
    You cannot wash away blood with blood
  7. Re:PGP can be a substitute by Mr.+Slippery · · Score: 2, Insightful
    Doing this prevents the recipiant from saving a plain text version on their disks

    ...providing you trust the recipiant.

    If I trust the recipient, all I need do is write "Please to not save a plain-text version of this document." Which, essentially, is all that this option can do - ask. Not prevent.

    --
    Tom Swiss | the infamous tms | my blog
    You cannot wash away blood with blood
  8. not in a corporate environment by Tenebrious1 · · Score: 5, Insightful

    Maybe for personal email. But a corporate email system is the property of the company. Anything you create on corporate time becomes the property of the company. An email you send to your co-worker does not become the "property" of the co-worker. It's still part of the corporate network and is still the property (and responsibility) of the company. Thus they have every right to "shred" the message.

    They have every right to tell you not to print it out and save it; but of course that's what people will do if they know the messages will be deleted after a certain time. I print out and save messages to cover my own ass.

    Which brings up a point. I print out the stuff with full headers, with message ID and info when it was sent; however, does it really serve a purpose? I remembered thinking that while watching "Clear and Present Danger", when Harrison Ford prints out a memo and shoves it into the other director's face saying something like "here's the proof". What good is my printout if I don't have server logs to back up that the message was actually sent to me? What good is a backup of the server logs if I can't prove it wasn't tampered by myself? I know my boss will believe me if I used it as proof to protect my ass, but would a jury? Am I just wasting trees?

    --
    -- If god wanted me to have a sig, he'd have given me a sense of humor.
  9. Re:Lessons Learned by rarose · · Score: 4, Insightful

    My very first manager at my first real corporate job drilled into my head that you assume every email you write will be published in the paper... if you aren't comfortable with that then it shouldn't be said in email. It's a rule that's served me well...

    --
    --Rob
  10. Re:Yeah, whatever. by GooberToo · · Score: 3, Insightful

    And if you use this system for which law enforcement access is required whereby the emails are no longer available will you now be charged with interference of an investigation? Dustruction of evidence? Failure to co-operate in an investigation?

    I doubt there is currently much a legal-leg to stand here to prevent your self from being raked over one way or another.

    Please keep in mind, I'm not a lawyer, however, these seem like the obvious paths law enforcemet would go to ensure these systems don't prohibit their ability to investigate.

  11. Re:legal?!?! by pozar · · Score: 2, Insightful
    Not true as it has held up in court that you can destroy documents as a matter of course of doing business and not destroying documents that are about to be or are involved in a legal proceeding.

    Companies and individuals destroy documents for a number of legal reasons. Such as keep the competition from seeing trade secrets, draft copies that are not ready for public release and to minimize discovery costs.

    Many companies have document retention policies right now. Most paperwork can be destroyed at any time. Some paperwork may be required by federal, state or local law to be kept. For instance, companies that are regulated by the feds have certain paperwork that they need to keep around such as banks, airlines and radio stations. Some of these document retention systems will give you the ability to differentiate between the document you are creating and how long it is to stick around.

  12. Re:They're at it again. by David+Price · · Score: 4, Insightful

    This is absolutely true. However, these systems are not at all designed to foil the presumed intent of the recipient to copy the content (as DRM systems for copyrighted entertainment content are). They're designed to give a level of automatic prevention against inadvertent copying.

    Consider, as an example: I run a business in which sensitive information is bandied about by internal corporate e-mail. In order to keep a whole variety of bad things from happening to that information (subpoenas years later, inadvertent forwarding to somebody who shouldn't see it, proprietary information being leaked by cast-off hardware), I enact an electronic document destruction policy; one year after an internal e-mail is sent, it is destroyed. I mandate use of one of these self-shredding systems to help enforce my policy.

    Now I haven't really helped anything from a strict can-it-be-done standpoint: a whistle-blowing employee can still take the aforementioned camcorder and set it up; a sysadmin who's for some reason obsessed with archiving all his mail can probably download a crack for the system in question. These issues are pushed into the realm of policy, but the number of such issues that have to be dealt with strictly by policy means decreases by an order of magnitude. What I have really accomplished is to drastically reduce the probability that something will happen that nobody in the organization intended.