Slashdot Mirror
Deleting Emails Costs Morgan Stanley $1.45B
DoubleWhopper writes "The financial giant Morgan Stanley lost a $1.45 billion judgement yesterday due, in part, to their failure to retain old email. The judge in the case, 'frustrated at Morgan Stanley's repeated failure to provide [the plaintiff's] attorneys with e-mails, handed down a pretrial ruling that effectively found the bank had conspired to defraud' their former client. The CEO of a record retention software company noted, 'Morgan Stanley is going to be a harbinger'."
From TFS:
I'd sure hate to be the system administrator who dropped the ball there...
"What do you mean we don't have them archived??? You just cost us 1.45 billion dollars!"
"Don't worry though...you can pay it back....we'll just dock your paychecks by...say...$1000 per pay period. At that rate you can have it all paid back in a little over 55,769 YEARS!!!
^_^
____
~ |rip/\/\aster /\/\onkey
Only another $39 billion in the bank.
Big investment firms like Morgan Stanley are obligated by law to retain lots of records. This is more of an "Almighty Buck" type of story, IMO.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
I deleted an e-mail that gave me $10 off at tigerdirect...dont think I will ever recover.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
Does this mean that if we want to sell a company a larger mass storage device all we have to do is deluge them with pertinant email with large attachments? How long would it take before they would be forced to upgrade?
Afterall the best way to drum up more business is with deceptive or dishonest tactics.
Like arts? Like cheesy little Indie mags? Check out www.artwerkmag.com, and don't laugh at the bad coding please.
Wow. I can delete mine for free.
I know that where I work there is a basic 6 month email retention policy, which states that all email will be deleted if it is 6 months old. I have always wondered if and when this will change.
There is probably an opportunity here for a company to come up with an extension to an email system which will manage keeping old emails. Something which will allow for the catagorizing of unstructured data. That way the system can trash the not to serious emails and keep the 'important' ones.
Ted Tschopp
Fantasy remains a human right; we make in our measure and in our derivative mode... -- JRR Tolkien
and just didn't serch them after their primary servers were destroyed. I think the problem was in not turing over what they had. Or to but it in lawyer terms the e-mails were "discoverable" (that is avilable in some form and relevant) and were not "produced" (turned over to the other side) http://litsupportguy.typepad.com/litigation_suppor t_guy/2005/05/the_woodshed_re.html
Even in a "third world" country I visited recently, they had emails dated 1997, stored on a Slackware box!
This time, I agree with the US justice system. They deserved it...I am sorry to say.
My old company did not back up email by design. That way if the company was sued, there was no endless searching through back up tapes for something possibly incriminating. When we had a legal dispute, the company lawyers would tell us all to search the email on our PC's for certain works and forward any hits to them.
Crow T. Trollbot
(I work at a Bank) Since Sarbaines kicked in, we have to keep a backup of every single file you use for work purposes, not just email. This means archiving every word doc, spreadsheet, database...etc. Starting January 1, they also blocked our access to all external sources of email and external instant messaging clients as well. After seeing this judgement, now I understand why.
ok being serious (no more shinyfeet plugs), I used to work as an admin where the retention policy was 1 year. however, that just meant you rotated the tapes for 1 year. the email growth rate was very small (even though there was 1,000s each day), it was the files that grew beyond the retention. even the attachments and email boxes with 1+GB were safe, as 20 years of email fit onto a single DLT4.
granted, MS, er Morgan Stanley is a much bigger company, but I find it very hard to believe that any retention policy would include email, that has got to be their smallest backup.
do you have shinyfeet?
A government entity sends out an all-staff e-mail saying that in order to conserve space, we are to clean out our e-mail. Trash bin should be cleared out, important documents are to be printed out, filed, and then deleted off the system.
:)
I've always thought that storage was cheap nowadays and that clearing out e-mail boxes was moot. I suppose there's some merit to it as there's definitely space to be reclaimed from the activity...but is it really worth that much considering a couple of hundred bucks would get you another 200GB or so?
Conspiracy theory, anyone?
I was a client of MS/DW. I kept trying to let my financial advisor know about this wonderful pill that would make his penis bigger, and I get the feeling that MY emails were deleted as well!
-- sometimes AND gates turn me on.
I think the issue is "selective memory loss" - Microsoft plays this card all the time in court. Emails from a relevant time period are "deleted" when convenient, while older or newer or even contemporaneous mail is saved... the judge in this case was simply smart enough to call shenanigans.
You can delete old email if you're that hard up for space, just have a rock-solid deletion policy you can prove you adhered to in a court of law.
It also helps to audit your archives and backups regularly, and document what data was lost when. 'Cuz face it, every admin at some point or other loses some data to corruption, hardware failure, bookeeping mixups or user error. Knowing what you forgot and when you forgot it can help in situations where not having the data on hand can cost a billion bucks or so.
SoupIsGood Food
where are my moderator points when I need them.
Most companies purposefully choose short retention policies, in an attempt to avoid these kinds of settlements... it isn't a sysadmin's fault.
The theory was that this would let them discard old emails without having it be intentional obstruction of justice. I guess that theory will be out the window now.
That is the question. The answer is keep it, for a while.
Email records can be subpoenaed just like anything else. If it benefits your case, it would be nice to have, if it hurts our case, it would not be so nice to have.
When I write computer use policies, I recommend keeping it for 1 to 2 years. Depending on the type of business that might get extended out much longer. A start-up company might want to keep it 10 or more years to cover any possible arguments with their VCs over who owns the IP.
So why not keep it forever? Unless you want to have the lady sueing you for sexual harassment making your companies email part of the public record, you might want to set some limits.
The key is to document, in writing, what that limit should be. For example, maybe put it in your companies Computer Use policy. You have one...right?
This came out during a trial where MS appeared to partner with a software company on smartphones, and then terminated the agreement after seeing the technology. Shortly afterwards they announced their own product that had suspiciously similar features to the technology of the cut-out company.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
2 months ago I was in a tech presentation meeting where there was company promoting their email retention software(sat between the world and the email host, saving all the emails that went through in a read only state). It was specifically aimed at recovery for just this sort of investigation.
The problem wasn't the sys admins, they all saw the need for it, the road block is convincing these companies to buy the needed systems.
I worked at a large broker, and they had to be able to come up with a two-week old email immediately, a year old email within two weeks, etc., back to like seven years I think.
The revolution will NOT be televised.
Aha! Maybe they aren't so innocent, and the email tends to reveal their real intentions and actions.
Point one: You can't make a lot of money by being completely and absolutely honest. Just how much a "lot" means is subject to debate. The original quote was $1 million, if I recall correctly, but that isn't so much money these days, so I think it would sound better with $1 billion.
Point two: I don't really blame them for going along with the modern trend. Look at the political leaders we have these days--and their popular support. I think Cheney is the No.1 poster child for corporate corruption. A few years of government "service", then he goes to Haliburton and rakes in the big bucks, then goes back to politics and starts an unnecessary war that "purely coincidentally" throws billions of dollars back to his old company--which is STILL paying him deferred compensation. However, he'll be back in business before the government has to try and pay the piper. If he lives so long, I'll have to count it as evidence against the existence of a just God. I really think a just God would have thoroughly smitten Cheney a good while ago.
You'll note that BushCo is also very eager to control their little secrets, and I'd bet they'd be delighted to erase all of their email, too. The next interesting question is whether or not they can do it, given the state of modern technology. How can they make sure someone hasn't burned a CD that contains the truth?
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Can someone with more legal understanding than myself please explain why emails can be considered as hard evidence?
1) They can't be authenticated: There's no way to prove if the email was written by the person on record.
2) The contents can not be validated: There's no way to prove that the contents were not altered in transit.
To me, email is so easy to spoof that I would take anything I got from such "evidence" with a huge proverbial bucket of salt. Furthermore, I know that institutions such as Morgan Stanley are required to keep certain records on hand but considering the fragile nature of email I find it quite odd that companies would be required to keep it around. Do IM conversations fall into the same category?
Call me ignorant (I am), but this issue really confuses me. It's not like Morgan Stanly destroyed a bunch of notorized documents.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
And have what, 20% unemployment rate? No thanks, I'd rather work 20% more then not at all.
Think about it...
If it can cost Morgan-Stanley $1.5 billion for not storing email. And 90% of email is SPAM. The risk of deleting/filtering SPAM and losing valid email is going to be too risky.
Therefore, it will become extremely cost effective for Morgan-Stanley (and other large firms) to hire lobbyists to make unsolicited SPAM (with no valid return email addresses) illegal, criminal, and enforced.
I wonder what would be the long term costs of keeping every piece of e-mail that is sent and received at a large financial organization like Morgan Stanley? To be useful in the context of an unknown future legal case, the e-mail would not only have to be backed up but also needs to be organized in some fashion. And it will accumulate over years. What happens if some piece of e-mail that is crucial to a case happened to be classified as junk? Does this mean that the company will have to keep every piece of junk mail received just in case?
A couple of companies I worked for lately had an ever increasing emphasis on cutting expenses in areas like manufacturing and R&D, but the expenses associated with trying to "look good" in reference to new legislation like the Sarbanes-Oxley act was virtually uncapped. According to the company Legal Counsel, if they have to go to court, showing that the company hired $1000/hr consultants to decide the record retention policy would be important. Apparently, what the company did nor did not do is not nearly as important as the company to be able to show that best effort along with the prevalent industry practice at the time was put in.
I think Cheney is the No.1 poster child for corporate corruption. A few years of government "service", then he goes to Haliburton and rakes in the big bucks, then goes back to politics and starts an unnecessary war that "purely coincidentally" throws billions of dollars back to his old company--which is STILL paying him deferred compensation.
I hate to defend Dick Cheney, but saying he only has a few years of government service under his belt is flat-out false.
==
His career in public service began in 1969 when he joined the Nixon Administration, serving in a number of positions at the Cost of Living Council, at the Office of Economic Opportunity, and within the White House.
When Gerald Ford assumed the Presidency in August 1974, Mr. Cheney served on the transition team and later as Deputy Assistant to the President. In November 1975, he was named Assistant to the President and White House Chief of Staff, a position he held throughout the remainder of the Ford Administration.
After he returned to his home state of Wyoming in 1977, Mr. Cheney was elected to serve as the state's sole Congressman in the U.S. House of Representatives. He was re-elected five times and elected by his colleagues to serve as Chairman of the Republican Policy Committee from 1981 to 1987. He was elected Chairman of the House Republican Conference in 1987 and elected House Minority Whip in 1988.
==
From Whitehouse.gov
It's "no one," not "noone." Who the hell is noone anyway?
Disk space is cheap.
But having the email program dig through years and years and years of email just to get the stuff you received today pisses a lot of people off.
The issue isn't really about disk storage. The issue is that many mail systems are not setup with "live" data disks and "archived" data disks. Everything goes on the live drives unless the user archives it off to a safe location.
But then how do you make sure you have a backup of that archived data?
Currently, we're taking the approach of copying all the email that comes in or goes out to DVD.
It's not a great solution, but the users can do whatever they want with their emails and I'll still have a copy in case any legal issues pop up.
I suspect that, very soon, email systems will be designed to accomodate the concept of archives as a near-line storage system or even a different storage box. Adding space to a storage box probably won't have the same issues as adding space to a live mail system.
And having a system that archives email to a different box after a set time since last access or something would definately improve the speed.
Someone has to tell them :
:)
2213.404838 megabytes (and counting) of FREE storage so you'll never need to delete another message.
Well to all of us nerds we know that email is not so reliable but it's still evidence. The trial is where you argue those points. Look at any case where evidence gets thrown out because of of validity. But it is still discovered. And many times discovery is enough to make someone settle. "I'll settle/pay/plead guity so I won't embarrass myself"
Simple, this administration has a policy not to use e-mail. No e-mail, no records. No records, no scandals.
Python
And why shouldn't they? Are you required to keep every piece of paper that ever goes through your hands, or every email that might pass through your inbox, because someday you might violate some law and be prosecuted for it?
You aren't required to tie your own noose, and there are even provisions to assume you are innocent until found guilty/liable and Morgan Stanley is being found liable for behavior after the suit was filed, which changes the rules.
Certainly you are required to retain some records for legal purposes, but they all also have an expiration date for that legal requirement.
In the not too distant future that legal requirement for business email will be three years, at which point you'd have to be an idiot not to just delete it all.
Even Microsoft has legal rights in this country, and any right you deny to them you simply deny to yourself. Beware of the emotional response.
KFG
And hey, at least we don't burn out like a lightbulb after a few years.
True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
Actually, I've come to the opposite conclusion. I don't know every e-mail system, and I don't know what Morgan Stanley was using, but I have administered serious e-mail systems for about 15 years, and I can tell you that in many, it is in fact very difficult to insert a fake message into the message store in the right place, with the right semantic context. Don't forget that in all these cases the recovery is from (presumably) dated and logged backup tapes, possibly under the observation of opposing counsel's expert, and under penalty of perjury. So go ahead, tell me how you insert (or even alter) a message into a multi-gigabyte message store coming off a tape that's been archived and logged at Iron Mountain for the last five years. Will it have the right SMTP transit headers? The correct "In-Reply-To:"? What about the context of the message? Are you replying to someone? Do they later reply to you? Does it all fit together? This is a distinctly non-trivial exercise. Possible, yes, but maybe only theoretically so. And the grunt doing the recovery is *very unlikely* to want to risk going to jail to cover up some fraud he was probably never associated with.
For a large business knowing all the places something might be backed up and how the servers connect to one another requires a great deal of institutional knowledge. Even knowing how to find this sort of thing out requires institutional knowledge and time. Which is to say an experienced system's analyst with the time necessary to do this project and lots of other expert system admins, network admins, etc... for him to talk to.
This is exactly the kind of "fat" that Morgan Stanley and other companies got rid of 4 years ago. They couldn't answer the question because they no longer understand their email system because they fired everybody who had the broad and deep knowledge. They no longer have people on staff who have the experience in doing this sort of research and they don't have the other kinds of experts available to do it in reasonable time.
But they would much rather pay the fine than admit this under oath.
"You can't make a lot of money by being completely and absolutely honest."
Then you shouldn't make a lot of money. The end does not justify the means.
Why yes, I AM a rocket scientist!
What opposition party? There is none. What opposition there is amounts to no more than one percent. And you're sure not going to see any kind of "opposition" from the democrats since they feed from the same trough. The real opposition is doing what it can, but until they get some votes, it will be business as ususal. Bush's boys just learned the lesson from Nixon..."Burn the tapes!"
What?
A few years of government "service", then he goes to Haliburton and rakes in the big bucks
I hate to defend Dick Cheney, but saying he only has a few years of government service under his belt is flat-out false.
Exactly, if you dislike him because you think he just coasted or something you are completely missing the point. The scary part about him is that he has worked so hard to get all these connections that he is basically selling to the highest bidder.
In Watergate, the documents were destroyed and the tapes edited after the break in was discovered and pointed to the White House. This administration is destroying documents proactively. He's correct.
Large quantities. Presidents destroying a file or two is not unusual at all.
Just because Cheney was faster to the trough doesn't make him less of a corrupt pig.
I notice you didn't touch the thorny issue of Cheney's continuing compensation from Haliburton, but I'll add another bit that really annoys me. When Cheney returned to government "service", Haliburton was so sorry to see him go that they gave him a special bonus. My recollection is that it was around $40 million. <sarcasm> Purely coincidental that Haliburton received so much government money under Cheney's watch.</sarcasm>
And no, I am not defending that book as a reliable source, though it's quite interesting in many ways. Actually, it's more of liar's clinic, with an amazing mix of truth, lies, self-contradictions, tautologies, propaganda, and just plain silliness. I plan to write an extensive review this weekend.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
FYI, the banking and securities industry is governed by a set of rules that are implemented in various ways. The NASD and SEC regulations essentially boil down to two things:
1) Firms must retain all email and IM communication for at least 3 years, one year in a "readily accessible" location. This is all so that if Mom & Pop Investor lose money, then sue and claim their order execution was botched, the truth should be readily evident. Most places block external email (yahoo, et. al.), block IM, and log everything else. Propriety and compliance takes some sacrifice. Legal compliance divisions are growing every year, while IT is stable/shrinks. Consider that at Career Day!
2) All broker/dealer voice conversations must be recorded for similar time periods. Some places record ALL conversations (including the mail room clerks, support staff, everyone) just to be sure. Watch what you say on the phone at work kids.
[and, maybe relevant, SOX is a financial process compliance law, that extends criminal culpability to officers certifying records (see recent Enron, WCOM, etc. financial scandals for cause), and extends to IT in even more mysterious ways.]
Basically, not much has changed since 1995; most places that want to stay in business for a while err on the side of caution. Back then I sat in on SEC meetings with our legal team and watched them struggle to put the Internet in perspective. Later, our CTO told us to archive all the data going over (at the time) T1s for three years. Yes, ALL the data, which we had to do some basic math to explain that given available technology it would be insanely expensive. Never did happen; we did archive all email though. There are rumors some places still use WORM drives to comply with the old regulations, just to be safe. Probably the only new change is now Facetime, Akonix, and IMLogic make a financial killing with logged IM servers for the places that enable/rely on IM technology.
Summary, the technical requirements are easy but business is not...profit where possible, but try to play by the rules, don't piss off a judge, or you get massive fines and/or sued by Spitzer. That said, this one will likely be reduced on appeal. MS is suing their lead council for malpractice, has plenty of grounds to appeal (not to mention that the applied default-culpability judgement in this case is very, very rare). Business will go on.
Uh, actually, I am.
I know I'm a moron for replying to an AC, but here goes. Picture this scenario: you get a subpoena or a discovery request for e-mail from the CFO from five years ago. You retrieve a tape from your archival storage company, and there's an audit trail showing it's been there for four years 11 months. Either the FBI agent or opposing counsel's expert looks over your shoulder while you restore from that tape onto a lab system, unconnected to anything else, running just your MTA of choice under your OS of choice. Let's say it's Notes. File date/time stamps are verified by you and the FBI guy. You then connect one other (verified and trusted) system to your message store, running the MUA of choice. You open the CFO's mailbox and retrieve the requested e-mails. At what point were you able to insert something into the message store?
Sure, I know how to telnet to port 25 and run the appropriate SMTP commands. So what? How do I modify that old message store? Say it's a Notes or GroupWise database?
Sounds to me like you are not very conversant with enterprise-scale e-mail systems, but just learned how to spoof SMTP.
Care to read 35 other books that say the same thing? Here's a review of them, and 3 movies: Unprecedented Corruption: A guide to conflict of interest in the U.S. government.
" How do I get to call you a moron?
/.er
The judge reckoned that given their stonewalling that they would lose the case, knew it, so therefore started hiding emails, then when that didn't work, deleted some.
Now, given that deleting information when under investigation is a serious criminal offense, that seems to have been reduced to "you fail it"."
How do I get to call you a moron? You think people should be convicted based on a judges hypothesis? What ever happened to evidence, and the burden of proof on the prosecutor.
Your anti-corporate bias has blinded you. If this was a person being sued by the RIAA, your opinion would be different, if you're like the average
Vote for Pedro
Which is totally irrelevant because he gets deferred compensation whether he does them favors or tells them to stick a large object in a small orifice.
GWB doesn't email (for record-retention reasons discussed), and iirc Condi doesn't email too much either. Powell was a big emailer, and Karl Rove is too.
All companies large and small, and virutally all individuals in their private lives, have done illegal things of all sorts of magnitudes. Ever mow somebody's lawn for $20 and not reported it on your 1040? Tax evader! Ever download Metallica? Copyright infringer!
Now, I'm sure you're a complete angel and have never done anything even remotely illegal, but would you want every email you ever sent subject to court review?
And while we're playing conspiracy theorist and talking about cover-ups, let's talk about Vince Foster...