Slashdot Mirror
Deleting E-mail Could Get You In Trouble
Sterling D. Allan writes "A story in the Deseret News cautions governments and corporations from deleting legitimate email. Expensive measures are being called into place to archive the mail for future subpoena purposes. Think Enron on one hand. Think Monicagate on the other. Next they'll ask us to keep recordings of all our phone conversations? Big brother gets bigger -- with good reasons, as always. What about all those business propositions I get from Nigeria. Do I have to keep those too? "Get rich from home" (to pay for the purchase of a new hard drive to contain all your spam). One man's junk is another man's treasure. You never know what an IRS agent might find lucky."
I have no real problem with companies being subject to tighter restrictions. However, these restrictions shouldn't be too sweeping. If I send an e-mail to my friend using my Work's e-mail address the government should not be allowed to view that e-mail without a warrant.
Moreover, there should be a legal definition of what to keep and what can be tossed. I could imagine something like:
"a message that amounts to an instruction to an employee or specifying of company policy.." etc.
I don't want to store twenty thousand pieces of spam that every user might collect over two years. That makes e-mail quite an expensive tool if you have to do that.
There is one question I do have. Did the government have the power to collect so much information in the past? How many years worth of company paper memo's were stored? I suspect the ability was much reduced so in which case so why do they need so much more data?
Simon.
Seeing as their policy is "Archive, not delete", sounds like the perfect thing for Gmail.
Companies keep official correspondance.
One man's junk is another man's treasure. You never know what an IRS agent might find lucky.
Wait, what? Are you saying that IRS agents have small penises, and want to get rich from home, and want to gain a full cup size, and save Nigerian people from occupation?
Seems they consider e-mail to be somewhat akin to the paper way... everything must be documented in x y and z ways. My father's a lawyer, so I have some understanding of what it's like to document _every single thing_ that comes across your desk that's relevant...
I guess the idea is that if ever it came down to a court case, the e-mail records could be easily retrieved and used in the case. And destroying the records would be a crime, I suppose, which would also have it fall in line with what would happen if you were to destroy the paper records.
Join the Empire! http://www.empirereborn.net/
Salt Lake County is looking at a system whereby employees would decide whether the e-mail is a "non-record" (spam or personal; delete whenever you want);
So, no, we don't have to keep spam.
I'm scared of numbers that can't be written as a fraction. It's an irrational fear.
Next they'll ask us to keep recordings of all our phone conversations?
Actually trading corporations (like Bear Sterns or Bloomburg) are required to record all conversations relating to market orders. That means that some phone lines are always being recorded at all times. This is required by the SEC. You'd be suprised what restrictions are already in place to prevent things like insider trading from happening.
I submitted this story last night, and it didn't get posted.
It's like any other "suggestion". Eventually, they'll have to specify some sort of standard, and then the lawyers will find a way around it, like usual, for their clients.
I will forward all my work and home spam to the IRS for safekeeping.
Some companies have "document retention" policies that require employees to delete email after a certain period of time. It's not to free up space on the servers, it's to make sure the stuff can't be subpoenaed. Many respected companies have policies like this. Many even have tools that make the email deletion automatic, and require management approval to disable the tool.
So maybe this story is really just focused on banning policies like this.
Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
With so many people using so many spam filters, I'd bet that a fair amount of "legitimate " email is automatically deleted by service providers and automated email filters. How can one prove to a judge that SpamCop had a given domain on its blacklist on a given date or that the sent email did not accidentally contain some filter-triggering word on that date? It seems that either spam filters create a legal risk or that the legal system has a naive view of the legal standing of email.
I reality, email is no better than a slip of paper tossed an the front yard of the recipient. It has a greater chance of being thrown in the trash than read.
Two wrongs don't make a right, but three lefts do.
This might actually be a pretty good business idea for google... offer corporate (secure) e-mail---for a fee of course---possibly 10gig e-mail boxes; with SSL, and corporate administration (and logging) of e-mail accounts (all accessible via the net through google).
Sorta like Internet based Outlook outservice.
While "Deleting E-mail Could Get You In Trouble," not deleting it. will make you blind.
I asked about how long to save emails and any other type of documents. He said to have a policy and follow it. In other words, if your company's policy is to delete your emails after two years, then there's nothing to worry about. On the other hand, if you're getting sued, having a gov't agency investigate, or think one of those things are about to happen, and you still delete the docs (even with the policy), you will have a problem.
BTW, I asked this a year ago, so I don't think that much has changed in the last year.
The summary here seems to be implying that this has something to do with the government trying to get peopel to keep their PERSONAL emails. Read the article. That isn't the case.
This is simply talking about measures to force companys (and only them) to retain their internal emails. This way its hopefully harder for the CEO to say 'what funds? i don't know any embezzeled funds' after emailing his coherts about their plans.
Slashdot of all places should appreciate the fact that without a paper trail, corporate accountability is a pipe dream. This article is simply talking about trying to ensure that the paper trail exists.
This is hardly a surprise; the rules have applied to paper documents since forever.
If you've ever worked for company with a clue you surely encountered their "records retention policy", which is actually a "records destruction policy", since the general rule is that you are expected to delete everything as soon as the law allows you to. At places I've worked the managers made no bones about the fact that it was to keep damaging documents from coming out during lawsuits.
Sheesh, evil *and* a jerk. -- Jade
Do they mandate that you use an email system that keeps track of deletions? If not, there seems to be a bit of a hole there...
I'm a little concerned about our company policy. I work for a newspaper and our policy is that all reporters should delete their notes after a story has run. This policy was created specifically so that reporters notes cannot be subpoenaed.
I think it's called echelon...
Well, technically, it's not "Who let the government in," it's "Who let the public in" since the government created the Internet (ARPAnet).
...and nobody used it to conduct business, especially financial matters.
Now we have the government telling me what I can and can't delete.
The government has always told certain categories of businesses that certain things must be saved. My friend who is a private, fee-based financial planner/advisor, has to keep all emails and a call log (don't remember with notes or not) when it concerns a client.
Please help metamoderate.
I'm not really opposed to this, and it does seem to be in direct opposition to a lot of "company e-mail policies" as it's written too.
I dont think that companies should get a pass on these types of written correspondences. These days, it's just too easy to hatch a "dominate the globe" policy at the corp. level and then eliminate the evidence through a "document destruction policy" like those at Arthur Anderson/Enron/MS/etc.... I've seen a clear policy of "destroy everything" with regard to e-mail and written transactions at almost every company I've been at. Seems more like the policy is geared towards eliminating any incriminating evidence rather than simply keeping space on the server to a manageable level. That's too bad, because I've seen some smoking guns that SHOULD be loosed on the world.
On the other hand, these types of policies are instituted because it's just too easy for lawyers to get ahold of those records for the purposes of "fishing expeditions," think SCO and their associated scum. Lawyers can just come in with the vague outline of some scheme and get all of a company's e-mails to help create a real case where none existed before. The cost of handing off an entire archive isn't trivial, and discovery is just too easy to do.
Whatever the outcome, it just seems like you and I (read the little guys) will have ALL of their e-mails "go down on our permanent records" while the big guys will always seem to have a good excuse why the mail server suddenly destroyed all the records for that pending lawsuit. I can just hear the lawyers now...."..yeah, it's funny how only the VP's e-mails dissapeared, and only for a 3 month period, but we've got him on a special server that's set to explode in flames every 90 days."
I think that this type of national policy will ultimately hurt the little guys/companies more than the real targets of such legislation. The big guys will just start having oral meetings without taking notes or some such method of non-trackable information sharing.
As with all government intervention, the "quick-fix" is never really that quick, and the problem is almost never fixed.
Maybe we can save everyone a heap of trouble: forward all spam to the IRS instead of saving it.
Sent from my ASR33 using ASCII
Seems apropos. My company, who I can't name for reprisal purposes, is a fortune 10 company. We have a policy that any email must be deleted after 30 days. No backup of any electronic means. However, *paper* archive is fine, and is the only approved method of maintaining email over 30 days. It's insane. What my colleages do is zip up our outlook folders, encript, rename, and save to "safe" backup folder to let our system save it on tape/dlt. If I ever need an important "pearl harbor" file, then I can request an old renamed, zipped backup, and then pull it. I've done it once.
The main reason for this is that the lawyers waaaay up there in the chain got really afraid of the Enron type email digging, and released the policy of "destroy, good or bad"
It sux.
that its not that big brother is recording our emails - they realize they can't.. so they make it law that we have to spy on ourselves by saving emails. So, If I delete my own emails - can I plead the 5th amendment? But, forcing my employer to spy on me, now that is an interesting work-around to the 5th. Not one I like, just interesting.
meh
When I worked as a Unix guy at Computer Associates, who fired me for reporting them to the BSA, I fondly remember being told that CA policy was to delete all email off the servers after a period of 90 days, and that no email server was to *EVER* participate in the enterprise backups. In other words, if any email server had a failure which resulted in data loss, that data was gone, and the hundres of affected users were down shit creak with no paddle. I was informed that this policy was enacted several years previous when the SEC busted down the doors and seized the emails servers looking for some evidence against the company. So CA simply made it so no email is ever kept on any archive, less it be the users own personal archive on their computer terminals. Even then, most users would have to delete emails in their own archives to cope with space issues. So enacting laws that requires companies to retain an archive si a bit silly in my experience. Also, what would happen if a company retained an archive of email, but encrypted the mail data-base, and keyed it on the users password? Would that violate the letter of the law, or the spirt, to retain the emails in a cipher-text format. Certainly you could get a court order to force somebody to provide the password, right?
Just thinking outloud here...
Thanks.
It isn't a lie if you belive it.
...and follow it.
For emails, ours is "relevent life". Upon becoming irrlevent, it gets whacked.
If someone later orders you to produce email, you'll probably not have it. If you can show that you didn't delete it as a result of the order, or in an effort to destroy evidence, you cannot be prosecuted for not having it. A retention policy is key to this, because it eliminates any arbitration regarding when (or why) something was whacked.
help me i've cloned myself and can't remember which one I am
You should probably delete them, so that when they turn out to be true, you can't be sued for corporate malfeasance for not having responded appropriatly. :)
I complain when people delete emails anyway... :)
I have every email I received over the past 5 years in my mailbox (with the exception of some spam, though I have a lot of that too since it's automaticly put in my Spam folder)
My maildir only uses 650 MB (150 MB compressed), so it's not like space is a reason to delete email... People just need to make folders and use them.
Luke-Jr
Let's say you receive an OpenPGP (PGP, GPG) encrypted email which requires your public key to decrypt. Once your key expires you're going to switch to a new key. Even if you're good at keeping old legacy expired keys around, eventually the message will become unreadable (forgot passphrase etc.) I don't know where I'm going with this mind you
I think Mr. Ellis needs to go get an independent consultant to double-check the software contractor's results. If users are just filing e-mail, then saving meta-data should be automatic. All the e-mail programs I use commonly that let me file messages in folders (Pine, Evolution, Mozilla Mail, Thunderbird) save the complete SMTP headers with the meta-data in question automatically. If the company Mr. Ellis is getting his "solution" from charges extra for saving what's commonly saved automatically, they're probably gouging him on more than just that.
When will it be illegal to not have a valid email address?
I own a small company that among other things helps implement e-mail archiving systems for compliance. Some information:
1. The archiving of e-mail applies only to company e-mail. ALL e-mail inside a company is considered to be owned by the company and is NOT private! (If you check your AOL account at work and it's not blocked this isn't company mail.) If you're using your work e-mail you have no privacy. As to spam, not spam etc. If it's caught by a spam filter at the firewall and the user doesn't see it it's spam and doesn't need to be kept. IF it makes it to the user, it isn't spam, (even if it really is;)
2. There are specific regulations applying to trading firms, (such as SEC 17a-4 and NASD blah,) but more general legislation such as Sarbanes Oxley can also be interpreted to apply to archiving and making searchable electronic records such as e-mail. This really isn't any different than keeping memos or other paper records that have been generated in companies and kept in archives for years.
3. Having a policy for what to keep for how long as far as electronic records is good, but it's not the whole battle. You need to document why you choose a given amount of time to keep a record, how you kept it, (can it be altered? Can it be eraseed without anyone knowing it?) How you're auditing those records. (E-mail was deleted after 7 years, prove it!) And how you can prove nothing was lost. It's just doing your homework.
4. This is all actually an opportunity for companies to save money, right now, most companies keep everything the employee doesn't delete until they leave and the account is deleted. Why keep potentially damaging information that's taking up space and costing money for storage if you don't have to? Also if a company is sued and an employee is for instance accused of sexual harassment through e-mail, it's an easy matter to check isn't it? It'll stand up in court, something e-mail wouldn't do if it isn't really being turned into a record.
"Expensive measures are being called into place to archive the mail for future subpoena purposes."
I work for the State of Washington. In this state's government there is no problem deleting email as long as your department has a written policy defining the retention time for email.
Email is covered by the freedom of information act which means that it is not hard for an average citizen to request copies of email sent and received by the department. There is a procedure, fee and waiting period that discourages someone from coming in and requesting all mail during the retention period. It could be done but it would be very expensive. Not really worth it for someone on a wild fishing expedition but doable for a citizen that wants specific information..
If we receive a subpoena for email that was sent or received within out written email retention policy we had better be able to produce it. If we can't the requesting party could conceivably compel us to hire a very expensive data retrieval company to come in and reconstruct our data in order to comply. And of course if the courts believe that we deleted email prior to the retention date in an attempt to destroy evidence there is a chance that someone could be spending some quality time as Bubba's new love toy. If you know what I mean...
The race isn't always to the swift... but that's the way to bet!
You've got to be kidding me. Are we all supposed to live under the threat of legal action? I don't give a shit about some lawyer or overpaid legal advisor telling me that it's to protect myself from liability... My business practices should not be centered around litigation. What the hell has this country become, and when is it going to change back? I better be careful, this message expressing subversive opinions may someday be used against me.
So if we save all our e-mails for future legal purposes, the e-mail probably would not be valid evidence anyways. I mean think about it. I get dozens of e-mails per day that come from a phony or 'borrowed' e-mail source address. How would the e-mail be verified as ligitimitate, and not a fake? Come on, If you can't track down all the spammers (or virii) from the hundreds of messages per day in everyone's inbox how can you expect to tell me that CompanyX actually set me that message in my inbox offering me money for free? - James.
- James
What the hell has this country become, and when is it going to change back?
The problem is that the US has punitive damages, and generally no caps on said damages. It also has class action lawsuits with no caps on attorney fees (there should be *flat caps*). The initial point of this was to rein in out-of-control companies, but it has horrendously backfired. Now, a huge amount of our business overhead results from attempts to compensate for ridiculous legal concerns. My disposable coffee cup each day has a molded plastic top with a huge blurb of text right in front of my eyes when I'm drinking that reads "WARNING! SIP WITH CAUTION! CONTENTS MAY BE HOT!"
In general, I do not believe that this has been a net win for society. We spend a huge amount of time in businesses doing stupid things to avoid legal problems. Many useful things that a company *might* do to help someone (like offer advice from their helpdesk with solutions that aren't on the "script" when the "script" has been exhausted and can't help anyone) are now avoided for fear of litigation. We see class-action lawyers (such as for the tobacco lawsuits) sucking down *huge* fees, on the order of hundreds of millions of dollars. The result has been flat bans on litigation (which, in my opinion, should never, ever be done and should be unconstitutional -- the lawsuit is the way our legal system allows a citizen to demand reparations). Now, a citizen cannot file suit against a food company for food "making them fat", and came close to not being able to file a lawsuit against tobacco companies (thanks to John McCain and Clinton for shooting that down). I'm not saying that either of these lawsuits would have merit, but the idea of banning lawsuits is appalling, and the idea of taking control of whether a lawsuit is reasonable or not from the judicial branch is particularly egregious.
May we never see th
nice guy - reporting the company... did it profit you any?
Actually, I'd say he is. If you define "nice" as "willing to take personal cost to benefit others (in this case society)", I'd say that he pretty much falls exactly into that category.
If "nobody likes a snitch" then perhaps everybody should stop breaking the law at their company. Frankly, I think it's too bad that we can't reward whistleblowers even more.
May we never see th
A few years ago I took my former employer to court for late payment of wages. Against his claims that I had agreed to being paid late I produced printouts of emails I had sent over a period of two years complaining about this. So it would have been a good company policy, but not necessarily in the interests of the staff when they are in any dispute with the company, or are being set up to be the scapegoat for some transgressions of the bosses. If any of your team are caught or killed, the Secretary will disavow any knowledge of your actions. This tape will self-destruct in 10 seconds.
Actually I had backed up my entire email correspondence for almost 10 years into one zip file of about 20 MB. That's lot of correspondence. The average message comes in at about 2-4 kb. I think now with the current fashion of using HTML mail, or even worse, attached DOC files, the average is at least 10 and perhaps 100 times that now. I understand Outlook stores all your mail in one single binary file of undocumented structure, mine is in Unix MBX format. Given all that I'd guess that the vast proportion of email storage is huge slabs of [div][font Arial Helvetica size=2] [/font][/div] and so on. These days for my personal email I strip it back to plain text before archiving it.