Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Email Rules Effective Friday

Posted by Zonk on from the kiss-your-conversations-goodbye dept.

An anonymous reader writes "As of today [Friday], certain U.S. companies will need to keep track of all the e-mails, instant messages and other electronic documents generated by their employees, in accordance with new federal rules. In April the Supreme Court began requiring companies and other entities involved in federal litigation to produce 'electronically stored information' as part of the discovery process of a trial." From the article: "Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing the equivalent of 'virtual shredding,' said Alvin F. Lindsay, a partner at Hogan & Hartson LLP and expert on technology and litigation. 'There are hundreds of "e-discovery vendors" and these businesses raked in approximately $1.6 billion in 2006, [James Wright, director of electronic discovery at Halliburton Co.] said. .'"

12 of 193 comments (clear)

  1. What's next? by Salvance · · Score: 4, Informative

    What happens for companies that don't host their own e-mail, particularly smaller companies?

    In order to save money, my company hosts our website and e-mail on a shared server. E-mails are downloaded via POP3 and immediately deleted from the server (each account can only hold 20MB online at one time). Most people then delete their e-mails after reading, so we have absolutely no way to retrieve this data.

    This doesn't seem to impact my company, but at some point I fear regulators will start requiring more stringent data retention processes (among other IT tech processes). SOX has already hurt large companies, hopefully they don't start pushing some its fundamentals down to the little (non-public) folks.

    --
    Crack - Free with every butt and set of boobs
    1. Re:What's next? by MoralHazard · · Score: 4, Informative

      companies that don't host their own e-mail, particularly smaller companies

      This is a no-brainer, right? If you're the kind of company that is subject to these retention rules, having a shared email server that immediately deletes DL'd messages, with no user policy
      at the local level, either, is illegal. You'd have to immediately move your email in-house and implement appropriate policies, or find a 3rd-party that can handle it, or some mixture.

      If you're not the kind of company that is subject to these rules, who the fuck cares?

      If you don't already know that your company is subject to these rules, and it turns out you do need to follow them, fire your in-house counsel because they're incompetent.

    2. Re:What's next? by archen · · Score: 5, Insightful

      I'm an admin in a smaller company as you - shared hosted email. If you really want to play it safe, I would say make the responsibility of saving email the responsibility of each user.

      Really this is a bunch of crap anyway. What about companies that don't even CONTROL their employee's accounts and just expect them to use personal hotmail accounts. Catalog all instant messaging traffic? How about clients that might IM that are installed aside from what the company keeps track of. Yeah, let me just start logging ALL network traffic on that 20 trillion terabyte tape I rotate every day.

      Besides which how about tracking stuff that's encrypted? What if the messages are IMed through some http system? Now I have to do man in the middle attacks to sniff HTTP connections, then I have to store that information. Because we also do credit card transactions via HTTP I am storing credit card information this goes against Visa's policy for businesses allowd to do credit card transactions. I wouldn't be surprised if it were against the law either.

      The Supreme Court can say whatever they want, but I can't do what they're telling me, nor can I raise the dead like Jesus if they required that either. The law is irrelevant unless you PURPOSELY shred / delete documents - and that's against the law already during litigation.

  2. Misleading by calbanese · · Score: 5, Informative
    Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing the equivalent of 'virtual shredding.

    This is a bit misleading. Its only "virtual shredding" if you don't keep the records around for a reasonable period (either by statutory requirements or insutry standards) or if you have notice of litigation in which the evidence is relevant, and you continue to shred.

    Thats why there is a document retention policy safe harbor in the rules themselves.

    As amended, Rule 37 creates a "safe harbor," protecting a party from sanctions for failure to produce electronically stored information as long as it took reasonable steps to preserve electronically stored information when it knew or should have known such information was discoverable, or the failure results from loss of information during routine operation of such party's electronic information system.
    FWIW, lawyers, even the "technology experts" don't seem to understand technology as well as someone who came through IT before becoming a lawyer.

    (disclaimer: IT guy-turned-lawyer, so I always think I know more than "pure lawyers" when it comes to tech).
  3. The amendments by jwaters · · Score: 5, Informative

    Since the linked article is light on information, I found the actual amendments (note: PDF)

  4. Massive Pretty Good Privacy by Doc+Ruby · · Score: 4, Insightful

    Practically everyone can scramble our email, like with "Pretty Good Privacy" (PGP). If many of us do it, they might be able to crack it or force our password after due legal process, but private parties won't be able to snoop through all of us on any possible budgets.

    Your government can probably crack any nonsymmetric crypto (with help from the US), but might not have the resources to crack everyone's all the time. You can try a tinfoil hat, YMMV.

    The real problem is webmail, which can't use any installed crypto on either end (with possible rare exceptions, but the rarity and/or nonintegration makes them useless at only one end of the comms).

    If GMail let me upload a PGP applet I signed myself (which I could validate in the pages when I hit them), which they embedded into their pages in Javascript the public could audit for holes, they might actually become by far the best email system for the masses. And win the webmail wars. And really piss off the government(s) that have been trying to pry into their transactions for years.

    --

    --
    make install -not war

    1. Re:Massive Pretty Good Privacy by Beetle+B. · · Score: 4, Insightful

      If GMail let me upload a PGP applet I signed myself (which I could validate in the pages when I hit them), which they embedded into their pages in Javascript the public could audit for holes, they might actually become by far the best email system for the masses.

      Don't ever use "PGP" and "the masses" in the same sentence. There's a reason people don't use it unless they really need to. It's the hassle of exchanging keys and building a trust database, and getting people to use it as it should.

      It's a very minor hassle for those who use it well, but getting the masses to follow protocol is next to impossible.

      --
      Beetle B.
    2. Re:Massive Pretty Good Privacy by Doc+Ruby · · Score: 4, Insightful

      Ah, but building demand by promoting the existing tool will encourage new developers to make it more useable.

      --

      --
      make install -not war

  5. Standard Conversation by Silver+Sloth · · Score: 5, Insightful

    Techie:- We need to keep more backups of our e-mail database
    Bean Counter:- How much do the tapes cost
    Techie:- Lots - we need at least one DLT per backup
    Bean Counter:- We can't afford it.
    Techie:- We have to afford it
    Bean Counter:- Just leave the requisition in my intray


    Months Pass

    Bean Counter:- The courts are on to us. Where are the e-mail backups for the 1st December 2006
    Techie:- I had to overwrite them so as to keep a reasonabley current backup
    Judge:- Techie, you shredded evidence - now you're for it

    --
    init 11 - for when you need that edge.
    1. Re:Standard Conversation by itlurksbeneath · · Score: 4, Insightful

      I've actually had that conversation with the bean counters, but it went like this:

      Techie: We need $5,000 to buy another 100 DLT tapes to comply with this no-rewrite order.
      Bean Counter: Again! We don't have any money in the budget to buy any more tapes
      Techie: Ok, no problem. Send me an email and CC your boss and my boss and tell them that we can not comply to this federal ruling because we don't have any money in the budget.
      Bean Counter: Erm.. Uh.. Oh! Here's some money for tapes you can have.

      As long as the gun is pointing at them, they are very cooperative.

      --
      Have you ever considered piracy? You'd make a wonderful Dread Pirate Roberts.
  6. Links to the rules by davidwr · · Score: 4, Informative

    This link goes into a bit more detail than the article in the main /. story.

    The pertinent rules appear to be the Federal Rules of Civil Procedure, specifically Rule 16 dealing with pretrial scheduling and Rule 26(f) relating to discovery and disclosure.

    Cornell University has these rules online. They might be outdated already.
    Rule 16
    Rule 26

    Wikipedia also has a writeup on the Federal Rules of Civil Procedure.

    Do a search for rules on electronic discovery for more commentary.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  7. As the summary says... by jpellino · · Score: 5, Funny

    "companies and other entities involved in federal litigation"

    Odds are you already know if you're one of these.

    (Use your best Jeff Foxworthy voice for this next part)

    "If your CFO has been escorted out of the building on the national news by people with big yellow letters on their backs..."
    "If the new guy in the office spends all his spare time chatting up his sleeve instead of the secretary..."
    "If your office phone system now says Press 1 for Customer Service, Press 2 for Public Defenders..."
    "If they show Dennis Kozlowski on Biography and your boss snorts "Huh. Pikers..."
    "if you check your email and a cheery voice announces "You've got bail!"

    --
    "Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."