Slashdot Mirror
Deleting Emails Costs Morgan Stanley $1.45B
DoubleWhopper writes "The financial giant Morgan Stanley lost a $1.45 billion judgement yesterday due, in part, to their failure to retain old email. The judge in the case, 'frustrated at Morgan Stanley's repeated failure to provide [the plaintiff's] attorneys with e-mails, handed down a pretrial ruling that effectively found the bank had conspired to defraud' their former client. The CEO of a record retention software company noted, 'Morgan Stanley is going to be a harbinger'."
and just didn't serch them after their primary servers were destroyed. I think the problem was in not turing over what they had. Or to but it in lawyer terms the e-mails were "discoverable" (that is avilable in some form and relevant) and were not "produced" (turned over to the other side) http://litsupportguy.typepad.com/litigation_suppor t_guy/2005/05/the_woodshed_re.html
I freely admit I haven't RTFA, but I read some excellent coverage of this story on wsj.com.
Apparently, Morgan Stanley came forward, said they had produced all the emails. (time passes) They find some more emails and turn them over. (time passes) The find a closet stuffed with backup tapes and turn them over. (Time passes) Morgan Stanley files a document certifying that they turned everything over. (Time passes) Morgan finds even more emails and turns them over. This causes the judge to get annoyed.
One of the earlier problems was that Morgan had built a database to house old emails and the first time they were told to turnover emails, a sysadmin who was not in a clueful state just searched the database without finding out how much had already been imported into the DB. (Turned out the DB had only had a small percentage of old emails put into it.)
Never confuse feeling with thinking.
"What do you mean we don't have them archived??? You just cost us 1.45 billion dollars!"
Knowing the financial industry as well as I do, I wouldn't be at all surprised to heat that the executives that failed to create a defensible email retention policy really will end up hanging all of the blame on some poor system-administrating underling who had just done exactly what he had been told to do.
That is the question. The answer is keep it, for a while.
Email records can be subpoenaed just like anything else. If it benefits your case, it would be nice to have, if it hurts our case, it would not be so nice to have.
When I write computer use policies, I recommend keeping it for 1 to 2 years. Depending on the type of business that might get extended out much longer. A start-up company might want to keep it 10 or more years to cover any possible arguments with their VCs over who owns the IP.
So why not keep it forever? Unless you want to have the lady sueing you for sexual harassment making your companies email part of the public record, you might want to set some limits.
The key is to document, in writing, what that limit should be. For example, maybe put it in your companies Computer Use policy. You have one...right?
EMC and Veritas have both bought companies(Legato and KVS) that provide not only this type of service, but also single instance storage. If someone sends out an attachement to 50 people, only one is actually put into storage. There are other vendors that have similar products, but these are the only two I have first hand knowledge of. The best practice if you are not legally required to keep e-mail(as financial institutions are by SEC requirements) seems to be a short retention policy. If you do not keep the e-mail then it cannot be used against you. It is also best to enforce the policy because if it is discovered that you have the e-mail then you are required to produce it. Financial industries however are required to keep all electronic communications for atleast 3 years, but that extrends to 7 if the data in question is in litigation.
The real "Libtards" are the Libertarians!
I worked at a large broker, and they had to be able to come up with a two-week old email immediately, a year old email within two weeks, etc., back to like seven years I think.
The revolution will NOT be televised.
I have also read the coverage prior. It was more than a closet of additional tapes. They found 1000 tapes in off site storage.
n : an indication of the approach of something or someone [syn: forerunner, herald, precursor] v : foreshadow or presage [syn: announce, annunciate, foretell, herald]
I think Cheney is the No.1 poster child for corporate corruption. A few years of government "service", then he goes to Haliburton and rakes in the big bucks, then goes back to politics and starts an unnecessary war that "purely coincidentally" throws billions of dollars back to his old company--which is STILL paying him deferred compensation.
I hate to defend Dick Cheney, but saying he only has a few years of government service under his belt is flat-out false.
==
His career in public service began in 1969 when he joined the Nixon Administration, serving in a number of positions at the Cost of Living Council, at the Office of Economic Opportunity, and within the White House.
When Gerald Ford assumed the Presidency in August 1974, Mr. Cheney served on the transition team and later as Deputy Assistant to the President. In November 1975, he was named Assistant to the President and White House Chief of Staff, a position he held throughout the remainder of the Ford Administration.
After he returned to his home state of Wyoming in 1977, Mr. Cheney was elected to serve as the state's sole Congressman in the U.S. House of Representatives. He was re-elected five times and elected by his colleagues to serve as Chairman of the Republican Policy Committee from 1981 to 1987. He was elected Chairman of the House Republican Conference in 1987 and elected House Minority Whip in 1988.
==
From Whitehouse.gov
It's "no one," not "noone." Who the hell is noone anyway?
The Sarbanes-Oxley Act requires all public companies to maintain records for three years. Six months is a problem. What happened to Morgan Stanley, however, is not simply that it failed to keep the records. Rather, it kept on saying that it could not find the files. There is a rather reasonable rule of evidence that says failure to produce evidence in your possession without a reasonable excuse for that failure (like there was a non-suspicious fire, or 9/11) can lead to the presumption that that evidence would have vindicated the position of the opposing party. For instance, pretend a supermarket has a security camera that I claim recorded the store clerk beating me. I want the tape to prove the unprovoked attack. If the store says it lost the tape and the judge believes that this was a pretext for destroying evidence, he may make a pre-trial ruling that the tape would show an unprovoked attack against me by the clerk.
A NYC lawyer blogs. http://www.chuangblog.com/
And hey, at least we don't burn out like a lightbulb after a few years.
True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
Actually, I've come to the opposite conclusion. I don't know every e-mail system, and I don't know what Morgan Stanley was using, but I have administered serious e-mail systems for about 15 years, and I can tell you that in many, it is in fact very difficult to insert a fake message into the message store in the right place, with the right semantic context. Don't forget that in all these cases the recovery is from (presumably) dated and logged backup tapes, possibly under the observation of opposing counsel's expert, and under penalty of perjury. So go ahead, tell me how you insert (or even alter) a message into a multi-gigabyte message store coming off a tape that's been archived and logged at Iron Mountain for the last five years. Will it have the right SMTP transit headers? The correct "In-Reply-To:"? What about the context of the message? Are you replying to someone? Do they later reply to you? Does it all fit together? This is a distinctly non-trivial exercise. Possible, yes, but maybe only theoretically so. And the grunt doing the recovery is *very unlikely* to want to risk going to jail to cover up some fraud he was probably never associated with.
The Sarbanes-Oxley Act requires all public companies to maintain records for three years. Six months is a problem.
Unless the GP's employer is in the financial/accounting field I do not believe this Act applies.
As long as the retention policy is documented and enforced you can pretty much go as short as you want (unless of course there is a requirement from an outside agency ).
I maintain the ISO 9000 and environmental compliance documents and records at work so I know a little...
FYI, the banking and securities industry is governed by a set of rules that are implemented in various ways. The NASD and SEC regulations essentially boil down to two things:
1) Firms must retain all email and IM communication for at least 3 years, one year in a "readily accessible" location. This is all so that if Mom & Pop Investor lose money, then sue and claim their order execution was botched, the truth should be readily evident. Most places block external email (yahoo, et. al.), block IM, and log everything else. Propriety and compliance takes some sacrifice. Legal compliance divisions are growing every year, while IT is stable/shrinks. Consider that at Career Day!
2) All broker/dealer voice conversations must be recorded for similar time periods. Some places record ALL conversations (including the mail room clerks, support staff, everyone) just to be sure. Watch what you say on the phone at work kids.
[and, maybe relevant, SOX is a financial process compliance law, that extends criminal culpability to officers certifying records (see recent Enron, WCOM, etc. financial scandals for cause), and extends to IT in even more mysterious ways.]
Basically, not much has changed since 1995; most places that want to stay in business for a while err on the side of caution. Back then I sat in on SEC meetings with our legal team and watched them struggle to put the Internet in perspective. Later, our CTO told us to archive all the data going over (at the time) T1s for three years. Yes, ALL the data, which we had to do some basic math to explain that given available technology it would be insanely expensive. Never did happen; we did archive all email though. There are rumors some places still use WORM drives to comply with the old regulations, just to be safe. Probably the only new change is now Facetime, Akonix, and IMLogic make a financial killing with logged IM servers for the places that enable/rely on IM technology.
Summary, the technical requirements are easy but business is not...profit where possible, but try to play by the rules, don't piss off a judge, or you get massive fines and/or sued by Spitzer. That said, this one will likely be reduced on appeal. MS is suing their lead council for malpractice, has plenty of grounds to appeal (not to mention that the applied default-culpability judgement in this case is very, very rare). Business will go on.
Uh, actually, I am.
I know I'm a moron for replying to an AC, but here goes. Picture this scenario: you get a subpoena or a discovery request for e-mail from the CFO from five years ago. You retrieve a tape from your archival storage company, and there's an audit trail showing it's been there for four years 11 months. Either the FBI agent or opposing counsel's expert looks over your shoulder while you restore from that tape onto a lab system, unconnected to anything else, running just your MTA of choice under your OS of choice. Let's say it's Notes. File date/time stamps are verified by you and the FBI guy. You then connect one other (verified and trusted) system to your message store, running the MUA of choice. You open the CFO's mailbox and retrieve the requested e-mails. At what point were you able to insert something into the message store?
Sure, I know how to telnet to port 25 and run the appropriate SMTP commands. So what? How do I modify that old message store? Say it's a Notes or GroupWise database?
Sounds to me like you are not very conversant with enterprise-scale e-mail systems, but just learned how to spoof SMTP.
Care to read 35 other books that say the same thing? Here's a review of them, and 3 movies: Unprecedented Corruption: A guide to conflict of interest in the U.S. government.
Specifically EMC has a "Compliance Edition" Centera that is designed for just such compliance requirements. One of the softwares mentioned and the Centera would allow you to archive a copy of every e-mail as it is sent or recieved. That way it doesn't matter what the end user does with thier e-mail. Both products also allow you to archive end user mail as well. What I mean by this is that the user will see all the mail in their inbox, but anything over a certain age will actually be stored on the SAN and not on the e-mail server. Many in these threads do not understand why you wouldn't just throw extra harddrive space to it. That then requires additional tape for a tape backup and makes for a much longer restore in a diaster situation. Also it makes it take longer for offline defragmentation. Plus opening a mailbox that has hundreds of thousands of e-mail in it can impact the server and not just the client. Also if you are talking about a Microsoft Exchange server the smaller the information store the more stable the server is.