Slashdot Mirror
Document Retention And E-mail
innocent_white_lamb writes "An interesting column by Jim Carroll about email within companies, document retention, how hard it is to actually get rid of an email, and how all of this can come back to bite you later on. "
(Disclaimer: I'm cofounder and cto of HavenCo, an offshore colo and supporting services company on Sealand)
This is one of the main reasons people put email servers offshore now, even if they're operating onshore. This got started with HavenCo's gaming clients, but we now have general-purpose mail server customers who just want to company with their existing onshore document retention policies without the risk of someone subpoenaing their mail server and then trying to recover the disk.
One of the features I'm working on now is some basic intelligence to detect out-of-character behavior by a mail server client -- such as attempting to download all messages, which would indicate they've been subpoenaed. If that happens, then we would attempt to contact the customer and get positive confirmation that they are *not* being investigated before allowing the transaction to continue. It's a trade-off between allowing normal function and protecting against legal attacks.
Perhaps an extension of normal document retention policies for companies can be to keep them locally for 3-6 months, then move them to offshore "cold storage" where they will only be released when the offshore agent holding the files is certain a request is not due to legal duress. Trade a bit of latency for a lot of security, and otherwise the documents get destroyed anyway.
Some estimates suggest that once it is all added up, American's send some 1.5 billion messages a day.
1.4 Billion SirCam "I send you this file for advice". Probably.
Simply include some extremely useful or important information in every email you send, and voila, you will find that it disappears every time, resisting even the most sophisticated attempts at retrieval :)
NB. This method works best if this is also the only copy of said information.
Tom Newton
So what is the lesson here? If you are planning on committing fraud, illegally maintaining a monopoly, or postponing a defective product recall to maximize profit, you should first make sure you have a document 'retention' policy? And then everything will be OK? What is wrong with this picture?
What about a story on the benefits of keeping old emails? I'm tired of hearing about the costs.
Fucking lawyers. Oh, my mistake. It isn't the lawyers, it is the legislators. Fucking legislators. Oh, my mistake. It isn't the legislators, it's the voters. Fucking voters. There, that's better.
jkljkl
When there's a lot of email, and your in a REAL hurry...
Is the only enterprise (and home use) e-mail client worth using if you handle that many e-mails.
And as to it comming back to bite you... Don't do anything bad.. Be open honest and totally transparent in all your business dealings.. then nothing can come back and bite you.
:-)
"Consider how lucky you are that life has been good to you so far. Alternatively, if life hasn't been good to you so far
I find it fascinating that people openly discuss ways of destroying evidence in case of possible legal action. Is this going to be a standard MBA course from now on: "How to cover your tracks" or "Case Studies: Failures in Shredding Policy from Watergate to Enron"?
It makes you wonder why nobody looks at it from the opposite side. If you don't do anything illegal then your e-mail archive could prove valuable for your own defense. Trading companies, for example, keep all records of customer interaction, including phone calls, for use in the event of a dispute. You can never claim that your broker did something without authorisation because they archive everything.
It is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail. - Abraham Maslow
Back when I worked at a .com years ago it seemed the exchange server crashed so much we could'nt keep our email longer then a few weeks if we did'nt back it up!!
:)
Then the CEO told us to auto delete mail older then 90 days... well the exchange server crashes took care of that too
I'm having a hard time figuring out what his point is. He's saying "we need a policy for archiving e-mail" and then he talks about Enron, where any policy regarding e-mail would have resulted in evidence being destroyed. Is he saying we need to start pre-emptively destroying email in case there's something incriminating in it?
"Digging up the dirt" isn't a new problem. Back when everything was done on paper, you could make copies and stash them somewhere, so shredding the original was never enough to ensure the document didn't exist anymore.
And as for saying "e-mail will play a role in many other unfolding corporate stories", well, duh!
... how hard it was for Bill Gates to keep all of those "leaked e-mails" from the public.
It's also annoying because I get a lot of informational mail that I "need" to keep. So it's either print them out or lose them. Well it would be if it worked right.
Top level MS officials no longer communicate with email.
All communications happen in closed door sessions.
Verbal communications are also discouraged.
Most of these meetings are like a game of charades.
Jamie Zawinski has a rather unpleasant story about this on his site:
http://www.jwz.org/gruntle/rbarip.html
A very good example of how essentially harmless email can be seriously misinterpreted.
just use a proprietary format (like Word's .doc) and store the emails on magnetic tape. 20 years later all is gone and what can be recoverd cannot be read. Some versions of what many people today think are html-documents also decay pretty fast, especially if they only display with a specific browser running on a specific OS. If this OS only runs on specific hardware, as soon as that hardware becomes unavailable the documents become unreadable.
On a related note, I find people that put things in email they would not put on ordinary paper quite unaware of reality. Don't they know there are devices called "printers", that can put emails on paper? Don't they know that email obviously is "written text"? Except for being far more convenient, I assume that an email is a written document, that will be stored by whoever I send it to.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
When I worked at a Fortune 500 company, I noticed that people use email for almost everything internally. Most of the stuff that large companies are liable for get thrown about in email when there are many other, often better communication methods. Unfortunately, there are a lot of middle-aged administrative assistants and managers that seem to think everything goes in email.
The lesson? Don't use email to distribute that 10 MBib presentation. If you have a memo, then email everyone a link to it and set the web server to spit out a no-cache HTTP header with the page. If you have a file to share with some people, put it on a file server and give people the link via an email, but don't just attach the little bastard file, which probably isn't so little anyway.
Emails can be forged so easily, how is their authenticity established?
I guess any decent sysadmin in the world could show the court a whole bunch of threatening emails from the CEO of his company, what would a court do in such a case?
Look, that's why there's rules, understand? So that you think before you break 'em. (Terry Pratchett)
Hey, as long as he had it in a .pst on a client machine and not on a server.. good for him. It's when that 6gb is sucking up server space when that starts to suck.
Don't Tread on Me
... this could be one use for USAs nuclear plans. Just EMP everyone to get rid of any potential damaging emails :)
Of course, I'm sure some will say this is beside the point. Nothing stops employees from printing/saving email, especially if they WANT to incriminate the company. I don't think email makes this more of an issue than non-email incrimination does, however... just don't talk dirt in your email, duh?
The email for my State government is covered under the freedom of information act.
What this means is that anyone can walk into any State agency and under this act require that the agency provide copies of it's email.
There is a charge to cover costs and a waiting period to allow the information to be gathered.
This can cause real problems for agencies that delete email without a policy covering the removal of this information. Basically, if the agency deletes email without such a policy they can be required to "recover" their email. If they don't have the expertise to do so they can be required to contract out to a company who does have the ability. This could cost them tens of thousands of dollars.
Better to have a policy and to stay within the guidelines!
The race isn't always to the swift... but that's the way to bet!
If you used to get things in snail mail in a plain brown wrapper, don't consider getting it via e-mail. It gets xeroxed and copies archived before it reaches your in-box. It's not a secret anymore for anyone who wants to know what you got last year. ;-)
The truth shall set you free!
As I was driving in to work, I heard a PSA from CPAs of America, or somesuch. Part of the announcement talked about deleting un-needed e-mail "to save on disk space."
Now there's a ready-made excuse for Enron...
668: Neighbour of the Beast
I've read a few comments already implying this is all about companies covering their tracks after commiting fraud or other criminal acts. These comments rightly ask why should we be concerned about policies and technological solutions to aid this.
However destroying evidence is only a small part of what this debate is about - it just makes for the flashiest headlines.
The issue is about the way email is used - many people write emails with an informality similar to speech, forgetting that email often has a 'lifespan' equivalent to many physical documents. When you also consider that emails are being used as documentary evidence in legal cases this begins to be a cause for concern. Why? Because people don't always express themselves precisely and may give a misleading impression - especially if the email is taken in isolation.
And it's not just the informality it's the 'working document' status of email. Let's say a particular business decision is the subject of scrutiny in a legal case, and let's say it was a decision reached after some discussion. If that discussion took place in a meeting then the documentary evidence would be the minutes - which would express the decision reached. If that discussion took place over email - would you be able to discern later that an email saying "We should do X" was expressing the final decision or merely a point of view in an on-going discussion? What if you had to prove than Y not X was the final decision?
So the policies that need to be implemented are not necessarily about covering up wrong-doing, they are about making sure that documents (emails) which may be treated as written communcation, have the clarity and riguor that they need. If they are informal working documents then they may need to be either clearly marked or destroyed at an appropriate time.
In my view the heart of any sensible policy should be education about how to write emails appropriately. The guideline I always use is "am I still happy to send this knowing that my customer/competitor/a.n.other could potentially see it one day?" If the answer is no then the email either needs re-writing or possibly a different form of communication is needed.
Another aspect to this that seldom gets mentioned is the notion of one-sided archiving: Two people in negotiations have a dispute about how the e-mail-based conversations went, and only one can produce the prior e-mails (and often selectively at that, leaving out the ones that don't support his/her side of the argument).
About the only solution is to be as careful as you can about what you put into e-mail (in all iffy situations make explicit references to all pertinent correspondence and other docs), and make sure you can retrieve everything from your past e-mail when needed.
Firstly, users ability to deal with an increasing volume of business email varies enormously.
Some people are super efficient - their inbox is virtually always empty, anything they need to keep is moved more or less straight away to a permanent folder related to the subject, and anything they don't want to keep is deleted.
If I look over my shoulder at some of my more senior (chronologically speaking) colleagues, their inboxes are a mess. They can't recall email on a particular topic, they don't process incoming email into sensible subjects, they just let it pile up. Then I hear them complaining that they get too much email.
Secondly (and perhaps more ontopic) is the matter of physical document retention.
Many companies simply retain everything, and the cost of storing these documents mounts up and mounts up. People have the attitude that "we might need it some day". Yes, you might.
But you might not.
Cost of storage of every document ad infinitum = $x.
Cost of impact of not having a document at some arbitrary time in the future = $y.
If $y is less than $x then why are you keeping every document by default?
Or don't you know what x and y are?
I think.
I'm a little surprised the article didn't mention the greatest email bust of all. In 1987, the questionable para-military funding activities of USMC"Lt.Col.OliverNorth were uncovered partly by an investigation of messages that he thought he'd deleted from the White House's internal email system.
North hadn't counted on the "deleted" messages showing on backup tapes.
Partly because of this smoking-gun evidence, North was convicted in 1989 of aiding in the obstruction of Congress, accepting illegal gratuities, and destroying documents.
North's conviction was later overturned (with great irony considering his status as a law-and-order conservative icon) on a legal technicality.
This might be a factor: the other day I got a call from a gal with Lotus/IBM asking if I think a per user/per month external email would be marketable. This is the second time I've heard of a company starting to offer such a product, the first being Cisco. Since then I've come across a few companies marketing to the same tune.
Along the same idea as Microsoft's software subscriptions, this could be the email model of the future. Now we throw in the factor that companies may not even be in control of where/how their documents are being destroyed? Assuming, of course, that it is possible to destroy all evidence of an email. (Due to the nature this could be quite difficult)
I know that even with on-site, 100% controlled email it has proven difficult to find a good way to enforce a document retention policy. Users (and I'm no different) have tendency to want to horde their past emails, text index them, and search them from time to time, as you never know just what pieces of the past, from two weeks to two years, might prove useful. You can restrict the size of a user's mail-file size, but this only restricts how much the save and not how far back they can save. As of right now, mail servers don't seem to take into account an enforced document retention policy. Will a "Delete Documents Older Than:" field appear as an option on newer versions of Exchange or Domino?
You are receiving this message because your browser supports Slashdot Sigs and you have Slashdot Sigs enabled.
A corporation is a legal construct designed to give a business the same rights as a person, right? If so, in the face of a subpoena duces tecum, why can't a corporation plead the fifth amendment? I assume there's a clear legal answer, but IANAL.
The biggest question I have about this is how can they prove that the person whose name is on the From: actually sent the e-mail?
We all know just how insecure e-mail really is and how easy it is to forge an e-mail, so how can these e-mails stand up as evidence. I can see some justification in if the headers show the e-mail coming from that person's workstation's IP connecting to ${CORPORATE_MAIL_SERVER}, but even this is not 100% proof that it came from ${PERSON}.
There are procedures which have withstood legal challenges for offshore trusts and their records which we follow with the systems administration of the mail servers.
The overarching principle is that the party having received the subpoena is not capable of taking the action, and does not contribute to the action being prevented.
I can see a feature in the next version of Exchange where the admin can select an email and have it deleted from all mailboxes that it resides in. With Single Instance Storage it's not that big of a deal. The problem comes when people archive email to personal folders. I can see "solutions" from Veritas and some other companies for smart email archival software.
All this destruction of e-mail for liability reasons thwarts mining e-mail for the purposes of knowledge management, such as can be done by products like Lotus Knowledge Discovery System. With today's high turnover rates, KM is needed to maintain long-term productivity, but evidently legal issues are dwarfing anything like actually earning money by being productive. (Hmm, has a ring of revenue generation by old large companies through patent portfolios rather than innovation, doesn't it?)
This post is completely miss-leading, even assuming 'HavenCo' have a legit claim to be off-shore.
Placing/using an email Server 'off-shore' offers not more protection than refusing to hand over the messages in the first place, you will be in contempt of court and go to jail until you agree to turn them over. FACT!
Causing the destruction of evidence is a crime, in most countries, even if it is carried out by an agent. So in most cases, all 'HavenCo' will achieve is to further incriminate.
BTW: How does a mindless commercial plug warrent +5 Interesting ?
I am the CEO of a UK-based company. I send documents to you, with the instructions "Give me access to these documents on demand, unless you think I'm being subpoenaed". Then, when the subpoena comes, I'm supposed to tell the court "I can't give you those documents; I'm paying HavenCo not to give them to me"?!
I effectively made a contract with you designed to obstruct justice. They'll just lock me up for contempt until you hand them over. In that case, are you still planning to keep them locked up forever while your customer rots in jail?
You must have gotten Prince Roy pretty wasted before he signed the contract to allow you to do business in Sealand. He must be regretting jumping on the Internet bandwagon about now. This behaviour will eventually prompt Britain or the EU to take action and dissolve Sealand, and you won't care because it's not your little-recognized sovereign nation you destroyed with your shady business practices.
Oh I don't know - GB sized .pst files anywhere seem to give Outlook fits. I'm alwasy amazed at people who have all their email in ONE folder and complain about sluggishness. They're amazed when we tell them they can file stuff in folders both on and off the server.
As for storage of email - I've never really figured this out. Yes, some companies log email, etc, etc. Stuff gets caught on backup tapes, etc. But even then stuff drops out after a while. As an IT manager, I'd almost WANT to ditch email serve rbackup tapes after 6 months to a year, less legal hassles :)
Besides - if its not on the server or the defendants machine (IANAL) - its tough to use as evidence - I mean you can spoof an email easily if you're the plaintiff to make it LOOK like someone sent something. Now do courts understand that? I doubt it :)
Top Most Bizarre/Disturbing Error Messages
I learned to do that too while in the government. I never delete an email except for notifications from anti virus software. Every so often I archive to .pst and burn it to CD and take it home.
This story is impossible, there is a very hard limit to pst's at 2GB. It is due to the fact that pst's are just an implementation of the archaic microsoft JET database, a system that dates back to the late 80's. This is one of the most glaring bugs (other than the security problems) left in Outlook. I can't count the number of people that have lost email because their .pst went over 2GB. Until recently there wasn't even a way to recover the file, but there is now a tool that will allow you to shave off some of the end of the .pst file so that you can at least recover most of your old email.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
"Things will be misconstrued" is a cop-out. How do you misconstrue a direct warning that the recipient is too pre-occupied to do anything about? If there is an explanation, give it. I don't think juries are that stupid. If they are, then we're in alot more trouble and need to work more at educating them, or at least not putting them to sleep in court.
Sure, anything can be taken the wrong way. But the solution isn't to give nothing, but rather to assist people in seeing the right way. Unless there isn't one! In which case, you're guilty, and I don't see why anyone should help you hide your guilt.
I keep everything too:
du -k ~/.netscape/nsmail /home/ethereal/.netscape/nsmail
...
296495
This is for almost four years at this particular company. I'm not up to boss-like standards (of course, the fact that I can communicate without using .doc and .ppt files probably helps) but it's still a hefty archive.
Is it useful? Often it is - I have exact records of all my correspondence for the last four years, sorted by date, topic, etc. as I want it. And when all else fails, I can grep for the text in the message that I want. Of course, it helps that I religiously file mail into folders so that my inbox only contains email about tasks I haven't completed yet.
Frankly, I don't see how I could live with the example quoted in the article of deleting everything over 30 days old. I would be unable to function without reference to technical discussions, product release information, and the latest management diktats from 30 days, 3 months, or even three years ago (OK, maybe I could live without the mgmt stuff :). Do these companies with such a destruction policy just convert all their important email into other documents so that they can maintain state past 30 days? I honestly don't understand how you could just throw all that information away and hope to keep your business rolling forward. Maybe someone can enlighten me...
Your right to not believe: Americans United for Separation of Church and
Back in the days when I first began using email on UNIX, I realized that
1) far too many people had root access to the email servers;
2) far too many people could put sniffers/tcpdump on the ethernet; and
3) far too much mail transited through university campuses (Rutgers Univ comes to mind)
We came to realize, and to advise our management, that email was public speech.
Anything you said was subject to being overheard and repeated. That applies to recipients who forward mail, too.
The same eventually was realized about voice mail.
Encryption (usually) doesn't control recipients storing and forwarding your messages.
$12 USD? No, that's what storage costs on your PC at home. $300/month would be more in line for 6 GB storage, internal corporate no-profit charges.
at my work, a major corporation, it is nearly impossible to KEEP a bloody email for more than 90 days. We use exchange (yes I know) and the system will purge anything in a .pst folder format older than 90 days. It patrols your offline archives, it will even find a .pst or archive folder that has its' filetype changed. The only successful way I have found it to back it up on physical media and restore to an offline computer. If you put it back on a connected computer the damn thing will find it and purge it overnight. Only certain users with legal requirements are able to exceed this bloody purge.
errr....umm...*whooosh* *whoosh* Is this thing on ?
Don't use Traven for god's sake, have you ever done a real test to see how much you can recover? In one test on an older traven we were only able to recover about 25% of the tapes! There is a reason Traven is cheap, it's built cheap. For the sake of your users get DLT, LTO or some other real tape solution.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Personally, I have little difficulty reading my 1/2" tapes from 1974. They are mostly card images, or tar format.
Very high quality tape? I have to admit I don't have personal experience with old tapes, but I heard in several places that the oxide layer is flaking off on some of them and the read signal gets very weak with time.
The copy-trough-effect also degrades ordinary tapes when they are unwound and rewound (as in "playing" them). I also have several 5-8 year old 3.5" floppies that have become unreadable because of weak read signal.
Anyway, I will accept that my time-frame is wrong if you say your old tapes are still good.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
Sealand is already recognized officially, as well as that little island off the US that was bought by some other right guy.
The one off the US coast even has a mutual protection pact with the US.