Slashdot Mirror
Deleting Emails Costs Morgan Stanley $1.45B
DoubleWhopper writes "The financial giant Morgan Stanley lost a $1.45 billion judgement yesterday due, in part, to their failure to retain old email. The judge in the case, 'frustrated at Morgan Stanley's repeated failure to provide [the plaintiff's] attorneys with e-mails, handed down a pretrial ruling that effectively found the bank had conspired to defraud' their former client. The CEO of a record retention software company noted, 'Morgan Stanley is going to be a harbinger'."
From TFS:
I'd sure hate to be the system administrator who dropped the ball there...
"What do you mean we don't have them archived??? You just cost us 1.45 billion dollars!"
"Don't worry though...you can pay it back....we'll just dock your paychecks by...say...$1000 per pay period. At that rate you can have it all paid back in a little over 55,769 YEARS!!!
^_^
____
~ |rip/\/\aster /\/\onkey
Only another $39 billion in the bank.
Big investment firms like Morgan Stanley are obligated by law to retain lots of records. This is more of an "Almighty Buck" type of story, IMO.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
I deleted an e-mail that gave me $10 off at tigerdirect...dont think I will ever recover.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
Wow. I can delete mine for free.
I know that where I work there is a basic 6 month email retention policy, which states that all email will be deleted if it is 6 months old. I have always wondered if and when this will change.
There is probably an opportunity here for a company to come up with an extension to an email system which will manage keeping old emails. Something which will allow for the catagorizing of unstructured data. That way the system can trash the not to serious emails and keep the 'important' ones.
Ted Tschopp
Fantasy remains a human right; we make in our measure and in our derivative mode... -- JRR Tolkien
Even in a "third world" country I visited recently, they had emails dated 1997, stored on a Slackware box!
This time, I agree with the US justice system. They deserved it...I am sorry to say.
Crow T. Trollbot
(I work at a Bank) Since Sarbaines kicked in, we have to keep a backup of every single file you use for work purposes, not just email. This means archiving every word doc, spreadsheet, database...etc. Starting January 1, they also blocked our access to all external sources of email and external instant messaging clients as well. After seeing this judgement, now I understand why.
ok being serious (no more shinyfeet plugs), I used to work as an admin where the retention policy was 1 year. however, that just meant you rotated the tapes for 1 year. the email growth rate was very small (even though there was 1,000s each day), it was the files that grew beyond the retention. even the attachments and email boxes with 1+GB were safe, as 20 years of email fit onto a single DLT4.
granted, MS, er Morgan Stanley is a much bigger company, but I find it very hard to believe that any retention policy would include email, that has got to be their smallest backup.
do you have shinyfeet?
I was a client of MS/DW. I kept trying to let my financial advisor know about this wonderful pill that would make his penis bigger, and I get the feeling that MY emails were deleted as well!
-- sometimes AND gates turn me on.
I think the issue is "selective memory loss" - Microsoft plays this card all the time in court. Emails from a relevant time period are "deleted" when convenient, while older or newer or even contemporaneous mail is saved... the judge in this case was simply smart enough to call shenanigans.
You can delete old email if you're that hard up for space, just have a rock-solid deletion policy you can prove you adhered to in a court of law.
It also helps to audit your archives and backups regularly, and document what data was lost when. 'Cuz face it, every admin at some point or other loses some data to corruption, hardware failure, bookeeping mixups or user error. Knowing what you forgot and when you forgot it can help in situations where not having the data on hand can cost a billion bucks or so.
SoupIsGood Food
where are my moderator points when I need them.
Most companies purposefully choose short retention policies, in an attempt to avoid these kinds of settlements... it isn't a sysadmin's fault.
The theory was that this would let them discard old emails without having it be intentional obstruction of justice. I guess that theory will be out the window now.
That is the question. The answer is keep it, for a while.
Email records can be subpoenaed just like anything else. If it benefits your case, it would be nice to have, if it hurts our case, it would not be so nice to have.
When I write computer use policies, I recommend keeping it for 1 to 2 years. Depending on the type of business that might get extended out much longer. A start-up company might want to keep it 10 or more years to cover any possible arguments with their VCs over who owns the IP.
So why not keep it forever? Unless you want to have the lady sueing you for sexual harassment making your companies email part of the public record, you might want to set some limits.
The key is to document, in writing, what that limit should be. For example, maybe put it in your companies Computer Use policy. You have one...right?
Aha! Maybe they aren't so innocent, and the email tends to reveal their real intentions and actions.
Point one: You can't make a lot of money by being completely and absolutely honest. Just how much a "lot" means is subject to debate. The original quote was $1 million, if I recall correctly, but that isn't so much money these days, so I think it would sound better with $1 billion.
Point two: I don't really blame them for going along with the modern trend. Look at the political leaders we have these days--and their popular support. I think Cheney is the No.1 poster child for corporate corruption. A few years of government "service", then he goes to Haliburton and rakes in the big bucks, then goes back to politics and starts an unnecessary war that "purely coincidentally" throws billions of dollars back to his old company--which is STILL paying him deferred compensation. However, he'll be back in business before the government has to try and pay the piper. If he lives so long, I'll have to count it as evidence against the existence of a just God. I really think a just God would have thoroughly smitten Cheney a good while ago.
You'll note that BushCo is also very eager to control their little secrets, and I'd bet they'd be delighted to erase all of their email, too. The next interesting question is whether or not they can do it, given the state of modern technology. How can they make sure someone hasn't burned a CD that contains the truth?
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Can someone with more legal understanding than myself please explain why emails can be considered as hard evidence?
1) They can't be authenticated: There's no way to prove if the email was written by the person on record.
2) The contents can not be validated: There's no way to prove that the contents were not altered in transit.
To me, email is so easy to spoof that I would take anything I got from such "evidence" with a huge proverbial bucket of salt. Furthermore, I know that institutions such as Morgan Stanley are required to keep certain records on hand but considering the fragile nature of email I find it quite odd that companies would be required to keep it around. Do IM conversations fall into the same category?
Call me ignorant (I am), but this issue really confuses me. It's not like Morgan Stanly destroyed a bunch of notorized documents.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
Think about it...
If it can cost Morgan-Stanley $1.5 billion for not storing email. And 90% of email is SPAM. The risk of deleting/filtering SPAM and losing valid email is going to be too risky.
Therefore, it will become extremely cost effective for Morgan-Stanley (and other large firms) to hire lobbyists to make unsolicited SPAM (with no valid return email addresses) illegal, criminal, and enforced.
I wonder what would be the long term costs of keeping every piece of e-mail that is sent and received at a large financial organization like Morgan Stanley? To be useful in the context of an unknown future legal case, the e-mail would not only have to be backed up but also needs to be organized in some fashion. And it will accumulate over years. What happens if some piece of e-mail that is crucial to a case happened to be classified as junk? Does this mean that the company will have to keep every piece of junk mail received just in case?
A couple of companies I worked for lately had an ever increasing emphasis on cutting expenses in areas like manufacturing and R&D, but the expenses associated with trying to "look good" in reference to new legislation like the Sarbanes-Oxley act was virtually uncapped. According to the company Legal Counsel, if they have to go to court, showing that the company hired $1000/hr consultants to decide the record retention policy would be important. Apparently, what the company did nor did not do is not nearly as important as the company to be able to show that best effort along with the prevalent industry practice at the time was put in.
I think Cheney is the No.1 poster child for corporate corruption. A few years of government "service", then he goes to Haliburton and rakes in the big bucks, then goes back to politics and starts an unnecessary war that "purely coincidentally" throws billions of dollars back to his old company--which is STILL paying him deferred compensation.
I hate to defend Dick Cheney, but saying he only has a few years of government service under his belt is flat-out false.
==
His career in public service began in 1969 when he joined the Nixon Administration, serving in a number of positions at the Cost of Living Council, at the Office of Economic Opportunity, and within the White House.
When Gerald Ford assumed the Presidency in August 1974, Mr. Cheney served on the transition team and later as Deputy Assistant to the President. In November 1975, he was named Assistant to the President and White House Chief of Staff, a position he held throughout the remainder of the Ford Administration.
After he returned to his home state of Wyoming in 1977, Mr. Cheney was elected to serve as the state's sole Congressman in the U.S. House of Representatives. He was re-elected five times and elected by his colleagues to serve as Chairman of the Republican Policy Committee from 1981 to 1987. He was elected Chairman of the House Republican Conference in 1987 and elected House Minority Whip in 1988.
==
From Whitehouse.gov
It's "no one," not "noone." Who the hell is noone anyway?
Simple, this administration has a policy not to use e-mail. No e-mail, no records. No records, no scandals.
Python
And why shouldn't they? Are you required to keep every piece of paper that ever goes through your hands, or every email that might pass through your inbox, because someday you might violate some law and be prosecuted for it?
You aren't required to tie your own noose, and there are even provisions to assume you are innocent until found guilty/liable and Morgan Stanley is being found liable for behavior after the suit was filed, which changes the rules.
Certainly you are required to retain some records for legal purposes, but they all also have an expiration date for that legal requirement.
In the not too distant future that legal requirement for business email will be three years, at which point you'd have to be an idiot not to just delete it all.
Even Microsoft has legal rights in this country, and any right you deny to them you simply deny to yourself. Beware of the emotional response.
KFG
And hey, at least we don't burn out like a lightbulb after a few years.
True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
Actually, I've come to the opposite conclusion. I don't know every e-mail system, and I don't know what Morgan Stanley was using, but I have administered serious e-mail systems for about 15 years, and I can tell you that in many, it is in fact very difficult to insert a fake message into the message store in the right place, with the right semantic context. Don't forget that in all these cases the recovery is from (presumably) dated and logged backup tapes, possibly under the observation of opposing counsel's expert, and under penalty of perjury. So go ahead, tell me how you insert (or even alter) a message into a multi-gigabyte message store coming off a tape that's been archived and logged at Iron Mountain for the last five years. Will it have the right SMTP transit headers? The correct "In-Reply-To:"? What about the context of the message? Are you replying to someone? Do they later reply to you? Does it all fit together? This is a distinctly non-trivial exercise. Possible, yes, but maybe only theoretically so. And the grunt doing the recovery is *very unlikely* to want to risk going to jail to cover up some fraud he was probably never associated with.
For a large business knowing all the places something might be backed up and how the servers connect to one another requires a great deal of institutional knowledge. Even knowing how to find this sort of thing out requires institutional knowledge and time. Which is to say an experienced system's analyst with the time necessary to do this project and lots of other expert system admins, network admins, etc... for him to talk to.
This is exactly the kind of "fat" that Morgan Stanley and other companies got rid of 4 years ago. They couldn't answer the question because they no longer understand their email system because they fired everybody who had the broad and deep knowledge. They no longer have people on staff who have the experience in doing this sort of research and they don't have the other kinds of experts available to do it in reasonable time.
But they would much rather pay the fine than admit this under oath.