Slashdot Mirror
Corporations Face Problems with Employee Emails
TwistedOne151 writes "Law.com has an article outlining how the casual attitude of many employees toward work e-mails has resulted in some thorny problems for corporate in-house counsel. 'It has now become routine even in civil investigations for computers to be subpoenaed so lawyers can look at e-mails and hard drives. And one thing always leads to another. "We have forensic software that shows multiple levels of deletions. It shows thought processes. We can learn far more than from just a document alone," said [Scott] Sorrels. "E-mails have taken over the world."'"
Well, in that case, I welcome you, our new overlords.
said [Scott] Sorrels. "E-mails have taken over the world."
Better E-mails than lawyers.
I thought we just had a slew of articles around the internet telling us that email is dead and it's all about myspace and instant messaging?
Anyway, if you have truly devious intentions, simply use the telephone or speak in person. It works for the president and it has worked for the mafia (at least, it did in GoodFellas).
"We have forensic software that shows multiple levels of deletions. It shows thought processes. We can learn far more than from just a document alone," said [Scott] Sorrels. "E-mails have taken over the world."
Can this be done in real time?
Every time I try to use a piece of file recovery software these days, the estimated time for scanning will be on the order of 8 or 10 hours, and that's with rather small disks [no more than about 20GB NTFS, with no more than 10's of thousands of files].
So invariably, I just say, "Aw, to heck with it," and shut the thing down after a couple of minutes.
I've heard that some of the big disks [500GB, 1TB, etc] can take hours and hours just to format - so it seems like running file recovery software on them would take literally days at a time.
Which is not to say that it can't be done, but wow - it would have to be something really important to devote that amount of time just to recreating the file nodes [not to mention trying to recreate the file itself after you had recovered all of the deleted nodes].
THe one thing that can never really be dealt with in terms of keeping email private is the fact that no matter how much you encrypt, use tor etc. youcan't escape the fact the person at the other end can always make a backup copy. The lesson here? If you really don't want something to get out into the world in one way or another DONT SEND IT.
Sigs are too short to say anything truly profound so read the above post instead.
You do not become a street whore simply by agreeing to work for someone. Companies don't understand this. If allowed, they would claim every last cell of your body as their property.
Shall I shed a tear because you have more trouble hiding things from the public?
My personal favorite is the few times I've had to voice concern over the possible legal implications of a particular action. I've had people IM or call me instead of replying to emails because they don't want to be "on the record". To which I have said in the past: "oh, don't you know the IM is logged?" or "You know, if you don't reply to my email and clear this up than all that will be 'on the record' is my concerns and none of your explanations."
Of course, there are people who think its okay to break the law, just so long as no-one finds out about it. To those people I don't send email - I send it direct to the CEO.
How we know is more important than what we know.
My reaction as well, so corpoprations now have a new problem: they can no longer hide their illegal practices from the legal system. Shock! Horror! What injustice!
Am I the stupid one here or is this in fact a good thing for corporations? Maybe now corrupt practices will become so dangerous that the people that remain employed might actually be the honest people (gasp).
You are wrong about one thing though, corporations were never invented to serve the public, they have no other purpose than to make money for their owners (which in a lot of cases are stock holders). That's it. They can have statutes and whatnot that say that they should give back to the community and serve the countries they work in or whatever but that's just dressing on top of the one basic tenet: make money for your owners.
I say, when big companies break the law, people should go to jail, preferably the responsible people, so going through e-mails to find out who instigated what and why is a Good Thing(TM).
Badgers, we don't need no stinking badgers! - UHF
- catty comments or frankly inappropriate language
- They call people names
- They make inappropriate comments
- "can you believe that [expletive] is complaining about this?"
- "I can't believe she's pregnant at such an inconvenient time at work."
I was like Oh My God, can you imagine the billions and billions of dollars that must be pumped into lawsuits regarding these comments?Nope, me neither.
8 of 13 people found this answer helpful. Did you?
You know, if the saying is good enough for taking away the public's privacy and civil liberties, it's surely good enough to apply to corporations:
If you aren't doing anything wrong, you've got nothing to hide.
If companies would just STOP COMMITTING CRIMES, it wouldn't matter that all their e-mails are on disk.
Are we supposed to feel bad that e-mail is allowing companies to be caught red handed, and forcing them to answer for their crimes?
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Encryption is more about making it impossible (or at least computationally expensive) to scan your email for 'flagged' stuff, and making it hard for people to accidentally forward confidential information. For example, if I forward a 'Company Confidential' encrypted email to someone outside of the company, they cannot get a decryption license because my company's AD doesn't recognize them, so it prevents me from shooting myself in the foot and brining my company down with me.
Now having said that, if there is a court case as a result of which a subpoena has been issued on my computer/email, it's quite feasible that my company can also be ordered to hand over the decryption keys. So encryption (at least for corporate/personal email) isn't meant to keep secret stuff irrevocably secret. It's merely intended to be protection against leaks and malicious attackers (but not the law). So if you ever have an email that starts with 'we should probably discuss this over the phone but...', well, do it over the phone.
Never say over the phone what you can say in person The preferred mode of communication in the modern world is E-mail, the two modes of communication you suggested are actually considered rude these days. I fully understand people's right to have a paper or E-mail trail to cover their ass, but it still gives me a kick to break the unwritten rule that all communication must be by E-mail'. People get so deliciously annoyed because they know they can't go and justify their objections to direct contact, to their bosses, without admitting that most of their insistence on E-mail only communication is mostly just an excuse to make it easier to procrastinate.
You are correct in that there is a special case. I stand corrected. However, this hardly nullifies the rest of my argument, but thank you for pointing this out. I hadn't thought of that.
Badgers, we don't need no stinking badgers! - UHF
"'"E-mails have taken over the world."'" No god damned Lawyers have.
If you don't like what I write don't be a CS and mod it down. Refute it.
Yea I can't spell. So what is your point?
Now I didn't RTFA, but even the summary seems to say a bit more. For a start, that they can look through deleted drafts on your hard drive and see what the email looked like before you actually edited and sent it. Or even if you don't send it at all.
Plus, screw email, we've already seen this kind of thing happen with edited Word documents, Excel files, or PDFs. Stuff that was never actually sent or published in any way is dug out of the document and used against you.
E.g., I remember a somewhat recent story on The Register where a politician was under fire over a donation she originally said she knew nothing about, but a some looking through the document history later, it looked like she or maybe her husband had a note in the document at some point to check if that's ok.
And now I'm all for accountability in politics, but there's nothing to say that it can't apply to your joke mailing list just the same.
E.g., basically, if your client sues your company about bad support, any emails where you told a coleague that that client is an asshat and shouldn't be taken seriously, can get dug out and used against you. That much was probably clear to you too. But here's the more important part: even if you _didn't_ actually send that email, if at some point you saved a draft, that too can be dug out and used as hint about your thought processes.
So it seems to me like the danger is even more insidious. Even if you think thrice before thinking an email, well, computers got us trained that all sort of transient information can be stored there for later. Even stuff you never intended to send, or notes to self for later, or whatever. Even trivial stuff that people used to just hold in their head, is now somewhere on the computer because it's easy to do so. And stuff that people would first roll around in their head before writing on paper, now gets written anyway and edited later, because it's easy to do so.
And then used as some kind of proof of how your train of thought went. Which was a rather private thing before.
Worse yet, it's now all in one place. So even if previously you'd keep your private thoughts in a diary, chances are it wouldn't get shown in court unless your character makes any difference (e.g., if you pleaded entrapment.) Or they might want to see your letters to your accountant, but not your letters to your mistress. Nowadays that hard drive is one big pot with _everything_. (Again, even transient stuff you deleted long ago and forgot that it was ever on that computer.) Once you got ordered to hand it over, someone _will_ poke his/her nose through everything on it. From business stuff, to your reminders in Outlook to go to Alcoholics Anonymous, to joke lists you're on, to God knows what else.
Sure, most of it probably won't be allowed in court or even presented. But you never know what might anyway. E.g., if you were hit with a sexual harassment or discrimination lawsuit, your porn browsing history or subscription to some dumb blondes jokes list might be interesting after all.
At any rate, _someone_ out there might end up knowing more about you than you thought possible. Even if you think twice before hitting the Send button.
A polar bear is a cartesian bear after a coordinate transform.
If a government wanted to stop people sending embarrasing e-mails (Hey, they are using OUR telecoms infrastructure!) then you would call them tyrannical. But hey, if a government ran eveyr aspect of life on its territory through an autocratic, undemocratic heiracrhy you would probably cry foul too. Apparantly theres two sets of rules.
And before you inevitably say that people are free to leave a corporation - the fact is that in a world of massive debt and no safety net, your only other option is jumping to another, identically evil environment.
If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
I had clients back in the day that never wanted to use email, and i couldn't work out why until i figured out they were saying one thing in phone conferences and changing their tune down the track to suit themselves, and they couldn't do that when i had our conversations via email.
If you mod me down, I will become more powerful than you can imagine....
"The article is about corporate email."
The article is about why people are so incredibly concerned that their firm might be exposed to major legal liability and loss of public trust due to unintended disclosure of dirty little secrets via corporate email.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
What about the option of using an (albeit more expensive) (Volatile) DRAM-based SSD for your email servers?
If *someone* subpoenas it, kindly provide it (unplugged) with the any passwords and a full set of encryption keys...
(Assuming there are not already laws prohibiting a corporation from using a faster (700-1400MB/s @ 3s), more reliable (protected with both ECC and RAID), higher I/O preforming (3 million random IOPS), volatile DRAM SSD array for their email storage?)
"Here is my untouched email server storage device all boxed up and sealed as required per your subpoena order..."
504GB of DRAM would make a *nice* email storage device... (Violin 1010) http://www.violin-memory.com/products/violin1010.html
The closed and criminal nature of most corporations is the core problem. If they were open about what value they were providing and how then there would be no problem with remarks about corporate processes and performance being written in e-mail or any other medium prone to sharing and archival.
Why is it seen as bad that there's evidence of what happened internally by email? Subpoena'd computers only happen when there's some evidence of wrongdoing to begin with, so unless you know or suspect your company undertakes "black ops", you shouldn't mind that there are emails around documenting the right and proper execution of your employees duties.
If there had been no email, would Microsoft not have been set on "knifing the baby" with Netscape?
If there had been no email, would HP not have been tapping their employees?
etc.
Unlike individuals who HAVE a private life, corporations exist because we as a society want them to and they only have a public life. So saying if they have nothing to hide, they have nothing to fear IS CORRECT. They HAVE no private life and all that they do should at least be known in principle by the owners (shareholders). Real people have a private life and even their wife/husband/other should have no more right to this privacy because they belong only to themselves.
I once had a boss (CFO) who had discovered the miracle of renention policies. One of the board memebers was touting his company's 90-day retention policy. Anything over 90 days old was automatically deleted. The policy was such that no employee could be held responsible for losing an old e-mail because there weren't any. So of course the CFO wanted to implement this golfware concept.
:-)
My counterpoint was this: "More often than not, we operate within our code of ethics. In most cases, the existance of an e-mail message will protect us from damage rather than cause it. In many cases, we rely on what a client told us when we started a project. Later on, the client forgets we were told not to test certain conditions, etc., and it all changes when the product gets recalled. Searching for those helpful messages will not be easy if we have deleted them. Meanwhile, our opposition will be able to selectively recall whatever they want from their own server, including the messages we deleted from ours. Somebody has a clear advantage here, and it isn't us." Of course, we had archive backups that made the whole thing a moot point. No need to trouble the PHBs with that one.
The company is haunted to this day by an incriminating e-mail that was posted by an employee who admitted that he crafted a travel policy that ignored federal labor laws. It pops up every so often
The article makes a great point. Assume anything you place in e-mail can be retrieved and held against you. The phone is ideal, as wiretapping is (a) unusual and (b) often illegal.
Use PGP, GPG, WebmailSafety (www.gwebs.com), etc! Dont let your email go out plain text, and tell people "dont put this in writing"! ARG HOW DUMB CAN YOU BE... silly blabbermouth, plaintext is for kids!
He must be talking about filesystem metatdata. For modern HDDs, you cannot see how often something was deleted, or hwat was there before....
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You are not asked for the hardware, you are asked for the information.
That means that you are to provide a non-volatile copy. If you try to pull this stunt you're IMHO most likely ending up with a charge for destroying evidence, and you can ask "Oops I shredded Enron docs again" Anderson what happens next..
In the UK you can make their life a bit more difficult by storing part of your recovery (backdoor) crypto key abroad. It's not unreasonable to be slow at that point because you have to recover the key part first (plausible defence for delay), but don't expect to STOP anyone gaining access. The best you can hope for is delay.
Insert
...I think your missing article is here.
WTF is this? Shouldn't this article be about Facebook or some other latest and greatest technology?
How have any of these email issues changed in the past 10 years?
This kind of article just make people paranoid. Browsing through comments, I could see the signs ...
I prefere to find the company which won't kick you out for saying something not politically correct.
People relations have always been the same. And yes, somebody may be pissed off that a very important person just entered into maternity leave and let the co-workers with a lot of stuff to do. What's new under the sun? Well, the new correctitude. There is just an excess of correctitude. And the new sense of morality, too. Money based. Isn't it sad ?
Any one of the examples listed would potentially be relevant in a matter involving employment law. Google "Zubulake" for an idea of the kind of numbers that might be involved. Hell, Google "electronic discovery" and "Morgan Stanley". Electronic Discovery is big business, and it's big business for a reason. In-house Counsel are rightly shitting themselves about how employees use email.
I've never been involved in crime per se, but I've done stuff I didn't want broadcast (to my parents, employer, then-wife, etc) and the most galling truth is that people can't keep their mouths shut about things they don't really need to talk about.
This is only a beginning: http://www.wired.com/wired/archive/4.12/fftransparent.html?topic=&topic_set= (article written 10 years ago)
asked for input. AC for the obvious reasons.
A remarkably large retailer (think Dept. store with plates and clothes and perfume and...) is involved in something, I know not what. Emails are being attempted to be retrieved. The time line for this is 2002.
Deposition by the head corporate IT guy says: Unless message saved local, our server rolls them off after 7 days.
My thoughts: Seems typical.
My response: What about server backups (weekly, monthly, yearly...)? No mention at all in the dep. I told the lawyer(s) who asked for my input that the chances of recovering any locally saved emails (notebook/desktop) would really depend on the chances, aside from whether they saved the messages locally or not, on whether that actual hardware was still lingering about and not scrapped/surplused/disappeared. Ditto with recovering from teh actual server hardware (same reasons plus a couple years of sector overwrite)
Am I missing anything?
As an Engineer, the moment I notice anything that could lead to a safety or other concern, I would put it in an email and say something like, "I think we need to look at this...". If management doesn't follow through with my recommendation, and something hits the fan later on, at least they can't pass the buck back to me.
I didn't RTFA since it looked like something most people already know. Within the past few months the antics of one idividual has forced us remind the userbase that the corporate network is owned by the company and anything that is done is logged. One of the last things this sales rep did caused the CTO to fly up to the sales office to have a chit chat with all of the staff. This sales rep was using Craigslist to solicit sex, among other things, and using his corporate e-mail to do it. Supposedly he was posing as a female prostitue as a joke and forwarding some of the jucier replies to one of his colleagues he was hazing.
I don't understand why anyone who was forced to turn over their computer wouldn't securely format it before doing so. Better to beg forgiveness than ask for permission... "Sorry Judge, I was in the middle of re-installing the OS when I was told to turn my computer over...what's that you say? Formatting the computer is suspicious behavior? I do it every few months because otherwise Windows XP starts slowing down and acting funny."
And this is a bad thing.... why? Because it's easier to catch crooked companies (all of them) breaking the law?
The article literally consists of corporate lawyers whining about how email makes it harder to conceal criminal actions because they can be found in discovery. Contrary to what the article seems to imply, very few court cases involving email discovery are based on harassment claims. Mostly they're about companies try to screw each other on business deals. For the most part, it's perfectly LEGALLY safe to tell off-color jokes and distribute porn through the company email.
Could just use a disk eraser in the logoff script. Burn a lot of energy, but WTF.