Slashdot Mirror

← Back to Stories (view on slashdot.org)

Deleting E-mail Could Get You In Trouble

Posted by timothy on from the not-yet-mandatory-for-your-own-email dept.

Sterling D. Allan writes "A story in the Deseret News cautions governments and corporations from deleting legitimate email. Expensive measures are being called into place to archive the mail for future subpoena purposes. Think Enron on one hand. Think Monicagate on the other. Next they'll ask us to keep recordings of all our phone conversations? Big brother gets bigger -- with good reasons, as always. What about all those business propositions I get from Nigeria. Do I have to keep those too? "Get rich from home" (to pay for the purchase of a new hard drive to contain all your spam). One man's junk is another man's treasure. You never know what an IRS agent might find lucky."

26 of 205 comments (clear)

  1. I'm not that bothered by Ckwop · · Score: 3, Insightful

    I have no real problem with companies being subject to tighter restrictions. However, these restrictions shouldn't be too sweeping. If I send an e-mail to my friend using my Work's e-mail address the government should not be allowed to view that e-mail without a warrant.

    Moreover, there should be a legal definition of what to keep and what can be tossed. I could imagine something like:

    "a message that amounts to an instruction to an employee or specifying of company policy.." etc.

    I don't want to store twenty thousand pieces of spam that every user might collect over two years. That makes e-mail quite an expensive tool if you have to do that.

    There is one question I do have. Did the government have the power to collect so much information in the past? How many years worth of company paper memo's were stored? I suspect the ability was much reduced so in which case so why do they need so much more data?

    Simon.

    1. Re:I'm not that bothered by Tim+C · · Score: 5, Insightful

      If I send an e-mail to my friend using my Work's e-mail address the government should not be allowed to view that e-mail without a warrant.

      But how do they know that what you sent was a personal email, without reading it? When you send an email from your work account, you are effectively speaking on behalf of your company. If you want to send a personal email, you should use a personal email account.

      How many years worth of company paper memo's were stored? I suspect the ability was much reduced so in which case so why do they need so much more data?

      I suspect that if paper records were as easy to store as electronic ones, they would have required just as much to be retained. A couple of SAN-type things the size of an office filing cabinet would no doubt be capable of storing all the records your company is likely to ever create; the actual filing cabinets may only be sufficient for a couple of years' worth of paper records.

      --
      It's official. Most of you are morons.
    2. Re:I'm not that bothered by Anonymous Coward · · Score: 3, Informative

      It's not just your e-mail. The infrastructure belongs to the company. I'd be careful about using my work e-mail to converse with friends. Web based email, pocket PC's, laptops, phones and t9 on a break work just fine.

      Yes government had the power. And it's not uncommon for companies to keep a lot of paperwork until long after it was useful, occasionally purging all the really old stuff.

    3. Re:I'm not that bothered by JackAsh · · Score: 4, Informative

      Actually, I think the regulations are a bit more industry specific. The company I work at is in the Financial Services area, and we are regulated by NASD and the SEC. I believe both have rules for various different forms of communication. 3 years for electronic communications. 7 years for paper xyz forms. 6 years for TPS reports. You get the picture. I've actually seen a huge, 30-page grid of the various regulations that apply to different items - and these were small, 2-line items on each cell of the grid - the number of regulations is staggering.

      Other questions come to mind, like what is an electronic communication? E-mail? Instant Messaging? Video Conference systems? VoIP? Regular phone calls? The general answer you will find these days is "yes".

      It used to be prior to Enron and Worldcom that most people believed what you don't have can't hurt you, so they'd ignore these regs or at best take a very limited view of their coverage (Joe, you work in the XYZ critical department, so you need to copy all your business email to this mailbox). These days they go for "the whole company gets journaled to an external service provider" type of approach. And apps like Instant Messaging are not allowed unless we have a server to capture all the traffic from the app.

      So yeah, if you're a company, big brother can come and get you - or at least one of his smaller, more industry-specific siblings. It really depends on where you are.

      -Jack Ash

    4. Re:I'm not that bothered by moonbender · · Score: 4, Insightful

      I suspect that if paper records were as easy to store as electronic ones, they would have required just as much to be retained.

      Interestingly enough, although electronic records are easier to store than paper ones, they are also far more easily deleted. Deleting email is easier than throwing away a paper letter. And what's more important, deleting a thousand or ten thousand emails isn't a lot more difficult than deleting just one. It's psychologically easier, as well, since paper documents have a more significant, official feel to them.

      --
      Switch back to Slashdot's D1 system.
    5. Re:I'm not that bothered by sql*kitten · · Score: 3, Insightful

      Interestingly enough, although electronic records are easier to store than paper ones, they are also far more easily deleted. Deleting email is easier than throwing away a paper letter.

      Except that's not actually true. If you have a paper letter, you tear it up, it's gone. Of course it can be photocopied, but still, those copies can (relatively) easily be found.

      Delete and email - what if it's still in your mail folder? Many clients mark deleted emails as such then only carry out the purge when they "compress" the mail store. Maybe there's a copy still on the server, the delete instruction hasn't reached the other half of the cluster yet. Maybe there's a copy on the backup tape. Maybe the system is configured so that mail is logged on delivery, and deleting it from your client doesn't touch the master log.

      Deleting email is actually far, far harder than destroying a letter.

    6. Re:I'm not that bothered by Sad+Loser · · Score: 5, Interesting

      This is a good point, but I go further: I am a doctor and we say 'never write something in the notes that you would not want them to see'.

      Similarly we only use our 'official' work emails for the most anodyne correspondence. Anything of interest is between our home email accounts, which are much less likely to get subpoened.

      (we are not involved in widespread criminal activity, well not yet anyway - we just don't want our admins to read all our mail too easily. I suppose encryption would be good as well).

      --
      Humorous signatures are over-rated.
  2. Treasure, eh? by justkarl · · Score: 5, Funny

    One man's junk is another man's treasure. You never know what an IRS agent might find lucky.

    Wait, what? Are you saying that IRS agents have small penises, and want to get rich from home, and want to gain a full cup size, and save Nigerian people from occupation?

  3. Keeping Documents by Tiberius_Fel · · Score: 3, Interesting

    Seems they consider e-mail to be somewhat akin to the paper way... everything must be documented in x y and z ways. My father's a lawyer, so I have some understanding of what it's like to document _every single thing_ that comes across your desk that's relevant...

    I guess the idea is that if ever it came down to a court case, the e-mail records could be easily retrieved and used in the case. And destroying the records would be a crime, I suppose, which would also have it fall in line with what would happen if you were to destroy the paper records.

    --
    Join the Empire! http://www.empirereborn.net/
  4. Re:I think someone need Gmail! by jomas1 · · Score: 5, Interesting

    This is actually something the people who run googlewatch.org are worried about. They feel google's suggestion to archive and never delete will cause lots of privacy problems. Here's a quote from http://gmail-is-too-creepy.com/

    "After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record. This means that a subpoena instead of a warrant is all that's needed to force Google to produce a copy. Other countries may even lack this basic protection, and Google's databases are distributed all over the world. Since the Patriot Act was passed, it's unclear whether this ECPA protection is worth much anymore in the U.S., or whether it even applies to email that originates from non-citizens in other countries."

    --
    http://nyamenation.org/
  5. It's RTFA time... by kirun · · Score: 5, Informative

    Salt Lake County is looking at a system whereby employees would decide whether the e-mail is a "non-record" (spam or personal; delete whenever you want);

    So, no, we don't have to keep spam.

    --
    I'm scared of numbers that can't be written as a fraction. It's an irrational fear.
    1. Re:It's RTFA time... by zors · · Score: 4, Funny

      Wow, a new low for slashdot. even the original submitter didnt read the article. Well, more low than new really.

  6. actually... by Ignignot · · Score: 5, Informative

    Next they'll ask us to keep recordings of all our phone conversations?

    Actually trading corporations (like Bear Sterns or Bloomburg) are required to record all conversations relating to market orders. That means that some phone lines are always being recorded at all times. This is required by the SEC. You'd be suprised what restrictions are already in place to prevent things like insider trading from happening.

    --
    I submitted this story last night, and it didn't get posted.
  7. Company policy requires email deletion by britneys+9th+husband · · Score: 5, Informative

    Some companies have "document retention" policies that require employees to delete email after a certain period of time. It's not to free up space on the servers, it's to make sure the stuff can't be subpoenaed. Many respected companies have policies like this. Many even have tools that make the email deletion automatic, and require management approval to disable the tool.

    So maybe this story is really just focused on banning policies like this.

    --
    Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
  8. Does this make spam filters illegal? by G4from128k · · Score: 4, Interesting

    With so many people using so many spam filters, I'd bet that a fair amount of "legitimate " email is automatically deleted by service providers and automated email filters. How can one prove to a judge that SpamCop had a given domain on its blacklist on a given date or that the sent email did not accidentally contain some filter-triggering word on that date? It seems that either spam filters create a legal risk or that the legal system has a naive view of the legal standing of email.

    I reality, email is no better than a slip of paper tossed an the front yard of the recipient. It has a greater chance of being thrown in the trash than read.

    --
    Two wrongs don't make a right, but three lefts do.
  9. on the other hand.. by plasm4 · · Score: 3, Funny

    While "Deleting E-mail Could Get You In Trouble," not deleting it. will make you blind.

  10. What a lawyer told me. by MisanthropicProgram · · Score: 5, Interesting

    I asked about how long to save emails and any other type of documents. He said to have a policy and follow it. In other words, if your company's policy is to delete your emails after two years, then there's nothing to worry about. On the other hand, if you're getting sued, having a gov't agency investigate, or think one of those things are about to happen, and you still delete the docs (even with the policy), you will have a problem.
    BTW, I asked this a year ago, so I don't think that much has changed in the last year.

  11. How can they tell? by Anonymous Coward · · Score: 3, Insightful

    Do they mandate that you use an email system that keeps track of deletions? If not, there seems to be a bit of a hole there...

  12. company policy is the opposite by prockcore · · Score: 3, Interesting

    I'm a little concerned about our company policy. I work for a newspaper and our policy is that all reporters should delete their notes after a story has run. This policy was created specifically so that reporters notes cannot be subpoenaed.

  13. Doesn't the government do that for me? by cockroach2 · · Score: 5, Funny

    I think it's called echelon...

  14. Tightening the noose by Dr_Marvin_Monroe · · Score: 3, Insightful

    I'm not really opposed to this, and it does seem to be in direct opposition to a lot of "company e-mail policies" as it's written too.

    I dont think that companies should get a pass on these types of written correspondences. These days, it's just too easy to hatch a "dominate the globe" policy at the corp. level and then eliminate the evidence through a "document destruction policy" like those at Arthur Anderson/Enron/MS/etc.... I've seen a clear policy of "destroy everything" with regard to e-mail and written transactions at almost every company I've been at. Seems more like the policy is geared towards eliminating any incriminating evidence rather than simply keeping space on the server to a manageable level. That's too bad, because I've seen some smoking guns that SHOULD be loosed on the world.

    On the other hand, these types of policies are instituted because it's just too easy for lawyers to get ahold of those records for the purposes of "fishing expeditions," think SCO and their associated scum. Lawyers can just come in with the vague outline of some scheme and get all of a company's e-mails to help create a real case where none existed before. The cost of handing off an entire archive isn't trivial, and discovery is just too easy to do.

    Whatever the outcome, it just seems like you and I (read the little guys) will have ALL of their e-mails "go down on our permanent records" while the big guys will always seem to have a good excuse why the mail server suddenly destroyed all the records for that pending lawsuit. I can just hear the lawyers now...."..yeah, it's funny how only the VP's e-mails dissapeared, and only for a 3 month period, but we've got him on a special server that's set to explode in flames every 90 days."

    I think that this type of national policy will ultimately hurt the little guys/companies more than the real targets of such legislation. The big guys will just start having oral meetings without taking notes or some such method of non-trackable information sharing.

    As with all government intervention, the "quick-fix" is never really that quick, and the problem is almost never fixed.

  15. I find it interesting... by bigattichouse · · Score: 3, Insightful

    that its not that big brother is recording our emails - they realize they can't.. so they make it law that we have to spy on ourselves by saving emails. So, If I delete my own emails - can I plead the 5th amendment? But, forcing my employer to spy on me, now that is an interesting work-around to the 5th. Not one I like, just interesting.

    --
    meh
  16. not practicle by JDizzy · · Score: 4, Interesting

    When I worked as a Unix guy at Computer Associates, who fired me for reporting them to the BSA, I fondly remember being told that CA policy was to delete all email off the servers after a period of 90 days, and that no email server was to *EVER* participate in the enterprise backups. In other words, if any email server had a failure which resulted in data loss, that data was gone, and the hundres of affected users were down shit creak with no paddle. I was informed that this policy was enacted several years previous when the SEC busted down the doors and seized the emails servers looking for some evidence against the company. So CA simply made it so no email is ever kept on any archive, less it be the users own personal archive on their computer terminals. Even then, most users would have to delete emails in their own archives to cope with space issues. So enacting laws that requires companies to retain an archive si a bit silly in my experience. Also, what would happen if a company retained an archive of email, but encrypted the mail data-base, and keyed it on the users password? Would that violate the letter of the law, or the spirt, to retain the emails in a cipher-text format. Certainly you could get a court order to force somebody to provide the password, right?

    Just thinking outloud here...

    Thanks.

    --
    It isn't a lie if you belive it.
  17. Wait a moment... by lesv · · Score: 3, Funny
    What about all those business propositions I get from Nigeria. Do I have to keep those too?

    You should probably delete them, so that when they turn out to be true, you can't be sued for corporate malfeasance for not having responded appropriatly. :)

  18. E-mail Archiving by ardinos · · Score: 5, Interesting

    I own a small company that among other things helps implement e-mail archiving systems for compliance. Some information:

    1. The archiving of e-mail applies only to company e-mail. ALL e-mail inside a company is considered to be owned by the company and is NOT private! (If you check your AOL account at work and it's not blocked this isn't company mail.) If you're using your work e-mail you have no privacy. As to spam, not spam etc. If it's caught by a spam filter at the firewall and the user doesn't see it it's spam and doesn't need to be kept. IF it makes it to the user, it isn't spam, (even if it really is;)

    2. There are specific regulations applying to trading firms, (such as SEC 17a-4 and NASD blah,) but more general legislation such as Sarbanes Oxley can also be interpreted to apply to archiving and making searchable electronic records such as e-mail. This really isn't any different than keeping memos or other paper records that have been generated in companies and kept in archives for years.

    3. Having a policy for what to keep for how long as far as electronic records is good, but it's not the whole battle. You need to document why you choose a given amount of time to keep a record, how you kept it, (can it be altered? Can it be eraseed without anyone knowing it?) How you're auditing those records. (E-mail was deleted after 7 years, prove it!) And how you can prove nothing was lost. It's just doing your homework.

    4. This is all actually an opportunity for companies to save money, right now, most companies keep everything the employee doesn't delete until they leave and the account is deleted. Why keep potentially damaging information that's taking up space and costing money for storage if you don't have to? Also if a company is sued and an employee is for instance accused of sexual harassment through e-mail, it's an easy matter to check isn't it? It'll stand up in court, something e-mail wouldn't do if it isn't really being turned into a record.

  19. Not in the state of Washington... by Eric+Damron · · Score: 4, Informative

    "Expensive measures are being called into place to archive the mail for future subpoena purposes."

    I work for the State of Washington. In this state's government there is no problem deleting email as long as your department has a written policy defining the retention time for email.

    Email is covered by the freedom of information act which means that it is not hard for an average citizen to request copies of email sent and received by the department. There is a procedure, fee and waiting period that discourages someone from coming in and requesting all mail during the retention period. It could be done but it would be very expensive. Not really worth it for someone on a wild fishing expedition but doable for a citizen that wants specific information..

    If we receive a subpoena for email that was sent or received within out written email retention policy we had better be able to produce it. If we can't the requesting party could conceivably compel us to hire a very expensive data retrieval company to come in and reconstruct our data in order to comply. And of course if the courts believe that we deleted email prior to the retention date in an attempt to destroy evidence there is a chance that someone could be spending some quality time as Bubba's new love toy. If you know what I mean...

    --
    The race isn't always to the swift... but that's the way to bet!