Slashdot Mirror
Corporations Face Problems with Employee Emails
TwistedOne151 writes "Law.com has an article outlining how the casual attitude of many employees toward work e-mails has resulted in some thorny problems for corporate in-house counsel. 'It has now become routine even in civil investigations for computers to be subpoenaed so lawyers can look at e-mails and hard drives. And one thing always leads to another. "We have forensic software that shows multiple levels of deletions. It shows thought processes. We can learn far more than from just a document alone," said [Scott] Sorrels. "E-mails have taken over the world."'"
Well, in that case, I welcome you, our new overlords.
I thought we just had a slew of articles around the internet telling us that email is dead and it's all about myspace and instant messaging?
Anyway, if you have truly devious intentions, simply use the telephone or speak in person. It works for the president and it has worked for the mafia (at least, it did in GoodFellas).
But...but...if lawyers can subpoena e-mails...and emails control the world....
THe one thing that can never really be dealt with in terms of keeping email private is the fact that no matter how much you encrypt, use tor etc. youcan't escape the fact the person at the other end can always make a backup copy. The lesson here? If you really don't want something to get out into the world in one way or another DONT SEND IT.
Sigs are too short to say anything truly profound so read the above post instead.
Shall I shed a tear because you have more trouble hiding things from the public?
Certainly it can be done in real time.. by your standard everyday keylogger. Of course, installing keyloggers on ALL your employees machines, and having complete access to everything they write does raise some thorny questions.. Not to mention that someone has to actually assess the data.
This really doesn't look like it's going to take corporate email security to a new level.. individual profiling, however, might be a different story.
http://www.xkcd.com/354/
My personal favorite is the few times I've had to voice concern over the possible legal implications of a particular action. I've had people IM or call me instead of replying to emails because they don't want to be "on the record". To which I have said in the past: "oh, don't you know the IM is logged?" or "You know, if you don't reply to my email and clear this up than all that will be 'on the record' is my concerns and none of your explanations."
Of course, there are people who think its okay to break the law, just so long as no-one finds out about it. To those people I don't send email - I send it direct to the CEO.
How we know is more important than what we know.
My reaction as well, so corpoprations now have a new problem: they can no longer hide their illegal practices from the legal system. Shock! Horror! What injustice!
Am I the stupid one here or is this in fact a good thing for corporations? Maybe now corrupt practices will become so dangerous that the people that remain employed might actually be the honest people (gasp).
You are wrong about one thing though, corporations were never invented to serve the public, they have no other purpose than to make money for their owners (which in a lot of cases are stock holders). That's it. They can have statutes and whatnot that say that they should give back to the community and serve the countries they work in or whatever but that's just dressing on top of the one basic tenet: make money for your owners.
I say, when big companies break the law, people should go to jail, preferably the responsible people, so going through e-mails to find out who instigated what and why is a Good Thing(TM).
Badgers, we don't need no stinking badgers! - UHF
- catty comments or frankly inappropriate language
- They call people names
- They make inappropriate comments
- "can you believe that [expletive] is complaining about this?"
- "I can't believe she's pregnant at such an inconvenient time at work."
I was like Oh My God, can you imagine the billions and billions of dollars that must be pumped into lawsuits regarding these comments?Nope, me neither.
8 of 13 people found this answer helpful. Did you?
Encryption is more about making it impossible (or at least computationally expensive) to scan your email for 'flagged' stuff, and making it hard for people to accidentally forward confidential information. For example, if I forward a 'Company Confidential' encrypted email to someone outside of the company, they cannot get a decryption license because my company's AD doesn't recognize them, so it prevents me from shooting myself in the foot and brining my company down with me.
Now having said that, if there is a court case as a result of which a subpoena has been issued on my computer/email, it's quite feasible that my company can also be ordered to hand over the decryption keys. So encryption (at least for corporate/personal email) isn't meant to keep secret stuff irrevocably secret. It's merely intended to be protection against leaks and malicious attackers (but not the law). So if you ever have an email that starts with 'we should probably discuss this over the phone but...', well, do it over the phone.
Never say over the phone what you can say in person The preferred mode of communication in the modern world is E-mail, the two modes of communication you suggested are actually considered rude these days. I fully understand people's right to have a paper or E-mail trail to cover their ass, but it still gives me a kick to break the unwritten rule that all communication must be by E-mail'. People get so deliciously annoyed because they know they can't go and justify their objections to direct contact, to their bosses, without admitting that most of their insistence on E-mail only communication is mostly just an excuse to make it easier to procrastinate.
While I agree with the second paragraph, I take issue with the first. If you are using company email servers and equipment, they do own the email. You don't get a free ride just because you work for the company. Everything you do on their systems has to follow their acceptable use policy, if they have one.
-Mike
I'm sorry; I don't know what I was thinking!
You are correct in that there is a special case. I stand corrected. However, this hardly nullifies the rest of my argument, but thank you for pointing this out. I hadn't thought of that.
Badgers, we don't need no stinking badgers! - UHF
Emails you send and receive using your work email account are your company's property by law.
To be more precise, the problem is that the company you work for wants to read your email. The problem reference in TFA is that somebody else wants to read your email. The usual scenario is that somebody is suing the company you work for and has demanded all the company's email as part of discovery; your employer is going to fight hard to stop your email from being disclosed, but the other side might still get it.
So it's not a Big Brother problem in the sense that your own boss is watching you, it's a Big Uncle problem in that some plaintiff some number of years down the road gets to read all of the company's email as part of their lawsuit. Then they might take something you say casually in email--"man, big party last night, I'll be Jimbo's out of it today"--and use it as proof that Jimbo was acting negligently the next day.
Your privacy in the emails you send gets lost somewhere along the way. In theory, only the lawyers see the emails, but we all know that every single Enron email got posted to the Internet, which included a lot of personal stuff that has nothing to do with the sins of the bigwigs there.
Insert "not" in the first sentence, to read:
To be more precise, the problem is not that the company you work for wants to read your email.
A tag broke, I apologize for not hitting "preview."
"'"E-mails have taken over the world."'" No god damned Lawyers have.
If you don't like what I write don't be a CS and mod it down. Refute it.
Yea I can't spell. So what is your point?
I couldent disagree more.
~Dan
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
Two points...
First, there are so many obscure laws, sometimes it all boils down to a simple case of willpower. If some government official has a hard-on against you or your company, they will find SOMETHING they can charge you with. There are various laws per state (especially California), that a company could easily overlook without a massive legal department looking into all possiblities. And frankly that is beyond the scope and financial ability of most companies. At my own company, we spend a substantial amount towards legal fees to try to keep up with various state laws as they apply to our business, and stay compliant, but it simply isn't possible to be 100% legal, 100% of the time.
Second, the notion that "only wrongdoers have something to hide" is on the slippery slope of fascism. Privacy has value to both private citizens, and companies. While I don't think companies should have the same legal and privacy rights as people, I do feel that some level of privacy and expectation of privacy fosters business growth and is a useful thing.
Of course it is, after all, it's "on a computer", so it has different rules than all of the other forms of correspondence that came before it.
Now I didn't RTFA, but even the summary seems to say a bit more. For a start, that they can look through deleted drafts on your hard drive and see what the email looked like before you actually edited and sent it. Or even if you don't send it at all.
Plus, screw email, we've already seen this kind of thing happen with edited Word documents, Excel files, or PDFs. Stuff that was never actually sent or published in any way is dug out of the document and used against you.
E.g., I remember a somewhat recent story on The Register where a politician was under fire over a donation she originally said she knew nothing about, but a some looking through the document history later, it looked like she or maybe her husband had a note in the document at some point to check if that's ok.
And now I'm all for accountability in politics, but there's nothing to say that it can't apply to your joke mailing list just the same.
E.g., basically, if your client sues your company about bad support, any emails where you told a coleague that that client is an asshat and shouldn't be taken seriously, can get dug out and used against you. That much was probably clear to you too. But here's the more important part: even if you _didn't_ actually send that email, if at some point you saved a draft, that too can be dug out and used as hint about your thought processes.
So it seems to me like the danger is even more insidious. Even if you think thrice before thinking an email, well, computers got us trained that all sort of transient information can be stored there for later. Even stuff you never intended to send, or notes to self for later, or whatever. Even trivial stuff that people used to just hold in their head, is now somewhere on the computer because it's easy to do so. And stuff that people would first roll around in their head before writing on paper, now gets written anyway and edited later, because it's easy to do so.
And then used as some kind of proof of how your train of thought went. Which was a rather private thing before.
Worse yet, it's now all in one place. So even if previously you'd keep your private thoughts in a diary, chances are it wouldn't get shown in court unless your character makes any difference (e.g., if you pleaded entrapment.) Or they might want to see your letters to your accountant, but not your letters to your mistress. Nowadays that hard drive is one big pot with _everything_. (Again, even transient stuff you deleted long ago and forgot that it was ever on that computer.) Once you got ordered to hand it over, someone _will_ poke his/her nose through everything on it. From business stuff, to your reminders in Outlook to go to Alcoholics Anonymous, to joke lists you're on, to God knows what else.
Sure, most of it probably won't be allowed in court or even presented. But you never know what might anyway. E.g., if you were hit with a sexual harassment or discrimination lawsuit, your porn browsing history or subscription to some dumb blondes jokes list might be interesting after all.
At any rate, _someone_ out there might end up knowing more about you than you thought possible. Even if you think twice before hitting the Send button.
A polar bear is a cartesian bear after a coordinate transform.
if you farted (break wind) at work, your employer would own the chemical formula. You can bet that if farts had useful chemical properties, you'd be plumbed in the moment you arrived at work!
If a government wanted to stop people sending embarrasing e-mails (Hey, they are using OUR telecoms infrastructure!) then you would call them tyrannical. But hey, if a government ran eveyr aspect of life on its territory through an autocratic, undemocratic heiracrhy you would probably cry foul too. Apparantly theres two sets of rules.
And before you inevitably say that people are free to leave a corporation - the fact is that in a world of massive debt and no safety net, your only other option is jumping to another, identically evil environment.
If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
I had clients back in the day that never wanted to use email, and i couldn't work out why until i figured out they were saying one thing in phone conferences and changing their tune down the track to suit themselves, and they couldn't do that when i had our conversations via email.
If you mod me down, I will become more powerful than you can imagine....
If you aren't doing anything wrong, you've got nothing to hide.
The problem with this is that you're saying everyone with access to these records is trustworthy. Which they aren't. The same argument and reply goes to ISPs logging emails and the government wiretapping without a warrant.
"The article is about corporate email."
The article is about why people are so incredibly concerned that their firm might be exposed to major legal liability and loss of public trust due to unintended disclosure of dirty little secrets via corporate email.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
What about the option of using an (albeit more expensive) (Volatile) DRAM-based SSD for your email servers?
If *someone* subpoenas it, kindly provide it (unplugged) with the any passwords and a full set of encryption keys...
(Assuming there are not already laws prohibiting a corporation from using a faster (700-1400MB/s @ 3s), more reliable (protected with both ECC and RAID), higher I/O preforming (3 million random IOPS), volatile DRAM SSD array for their email storage?)
"Here is my untouched email server storage device all boxed up and sealed as required per your subpoena order..."
504GB of DRAM would make a *nice* email storage device... (Violin 1010) http://www.violin-memory.com/products/violin1010.html
Not really -- if you used a typewriter a physical letter on company letterhead and sent it inter-office then it'd be just as discoverable in litigation as an email. The question here isn't who "owns" the document, it's whether a party to litigation can get access to it. Your employer is likely going to try to protect your privacy by preventing the document from being discovered.
It's not a question of ownership at all, it's a question of access and the discovery process in litigation. The whole point of discovery is that Party A gets to go through Party B's files. For the purposes of discovery, it doesn't matter much who owns the contents of Party B's files, it just matters that Party B is holding them right now and they might (emphasis on "might") contain something relevant to the litigation.
You can argue until you're blue in the face about whether that's a good or bad arrangement, but it's a long-standing part of our civil litigation system. Plaintiffs who have been wronged think it's important to find the "smoking gun" email in company records, and there's no way to do that without going through all of the files. Companies often think that plaintiffs are just going on a "fishing expedition" by searching through documents until they find something that looks incriminating when taken out of context. And employees feel like their privacy is being violated when a third-party gets to read their email. There are a lot of moving parts here.
The closed and criminal nature of most corporations is the core problem. If they were open about what value they were providing and how then there would be no problem with remarks about corporate processes and performance being written in e-mail or any other medium prone to sharing and archival.
May contain traces of nut.
Made from the freshest electrons.
THOUGHT PROCESSES?!?!?
Cardinal Richelieu said, "Give me six lines written by the most honest man, and I will find something in them to hang him."
As true now as it was then.
Not to mention the fact that the air you breath also comes from their AC units.
Use PGP, GPG, WebmailSafety (www.gwebs.com), etc! Dont let your email go out plain text, and tell people "dont put this in writing"! ARG HOW DUMB CAN YOU BE... silly blabbermouth, plaintext is for kids!
He must be talking about filesystem metatdata. For modern HDDs, you cannot see how often something was deleted, or hwat was there before....
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You are not asked for the hardware, you are asked for the information.
That means that you are to provide a non-volatile copy. If you try to pull this stunt you're IMHO most likely ending up with a charge for destroying evidence, and you can ask "Oops I shredded Enron docs again" Anderson what happens next..
In the UK you can make their life a bit more difficult by storing part of your recovery (backdoor) crypto key abroad. It's not unreasonable to be slow at that point because you have to recover the key part first (plausible defence for delay), but don't expect to STOP anyone gaining access. The best you can hope for is delay.
Insert
>If you are using company email servers and equipment, they do own the email.
This is much dependent on your location and may be quite true in the US. However, there are quite civilized countries in the world where this is not true. For example, in Finland, your e-mail box on the corporate servers is protected by privacy laws to be your personal area.
In practice this means that if anyone else wants to access your e-mail, you must be asked consent. If you get hit by a car and end up comatose and thus incapable of giving consent, there must be a clear policy in the organization who can give an order to open your e-mail. If you happen to recover from your coma and return to work, a log of who opened your e-mail and why and what was done, has to be given to you.
The reason for this restrictive ruling is simple. Even if the organization has forbidden you from using the company e-mail for personal matters, nobody can actually prevent your buddies sending you personal e-mail to the company e-mail address. This theoretical possibility of personal contents taints your e-mail box as private area in the Finnish system. I know Finland is pretty unique in this view and is causing major problems when global organizations must navigate the global legal jungle.
...I think your missing article is here.
WTF is this? Shouldn't this article be about Facebook or some other latest and greatest technology?
How have any of these email issues changed in the past 10 years?
I've never been involved in crime per se, but I've done stuff I didn't want broadcast (to my parents, employer, then-wife, etc) and the most galling truth is that people can't keep their mouths shut about things they don't really need to talk about.
>> If some government official has a hard-on against you or your company, they will find SOMETHING they can charge you with.
I view monitoring logs, and other tracking data, as going to make it much harder for some official with a hard-on against me to make up false charges against me.
My argument to this (and any other surveillance methods) is that if they are out to get me I want all the technical evidence I can get. I don't want it to be a he said/she said argument. Yes they can doctor the evidence, but it is much easier for them to just lie about me.
That's a very naive view. (The rant about corporate criminality diminishes you and makes you sound like a commie.)
But, to the point, a lot of this has little to do with breaking laws or justice. Often times it has to do with one person's view of right and wrong versus another's and can somebody convince a jury to award them cash. If you follow political processes at all, you can see how easy it is to demonize any individual or group for innocent actions.
Then there is also the classic tactic of "you might beat the rap but you won't beat the ride".
On a far lesser scale, there are a lot of things one party doesn't want the other to know just to avoid hassles and save hard feelings. You need to go into business for yourself sometime and see what the reality is. It isn't as cut-n-dry as your average desk job.
As an Engineer, the moment I notice anything that could lead to a safety or other concern, I would put it in an email and say something like, "I think we need to look at this...". If management doesn't follow through with my recommendation, and something hits the fan later on, at least they can't pass the buck back to me.
Except this isn't always about "committing crimes" but civil issues. He said she said crap that is used in courts to civilly damage a company for some perceived grievance about "fair employment" practices.
People can't take responsibility for being the douchebags they are so they want someone to blame when they get fired. Instead of changing their behavior they point the finger and say "he fired me because he thought I was a douchebag. That's not fair" And other idiots eat it up and award ridiculous winnings in "wrongful termination" cases.
There are some legitimate wrongful termination cases. Actually a lot of them, but there are far more where people simply want to take the easy road.
"Growing old is inevitable; growing up is optional."
I didn't RTFA since it looked like something most people already know. Within the past few months the antics of one idividual has forced us remind the userbase that the corporate network is owned by the company and anything that is done is logged. One of the last things this sales rep did caused the CTO to fly up to the sales office to have a chit chat with all of the staff. This sales rep was using Craigslist to solicit sex, among other things, and using his corporate e-mail to do it. Supposedly he was posing as a female prostitue as a joke and forwarding some of the jucier replies to one of his colleagues he was hazing.
How about this: I work at a big dotcom. In our team we found some open-source software we wanted to use in a project. That piece of software also happened to have a commercial "full-featured" version. The documentation wasn't really good, so I sign up with my company email to the product's forum to look around, post some questions, etc. Guess what? After a few days I get a mail from a sales guy at that product (having seen my @bigfamousdotcom.com email address) if there is any way they can help me, etc, etc. Of course, I was not in the position to decide if we buy their stuff or not, so I forwarded it to my boss right away.
So the bottom line is, you work for them, your work email is theirs. The sales guy obviously didn't want to talk to me... he wanted to talk to bigfamousdotcom.com...
.sig: No such file or directory
It's machine time you're devoting and machine time is cheap. It takes the human a few minutes to start it going and the machine does the rest. I fairly recently had my NSLU2 (a tiny Linux box with a 266mHz ARM processor and 32 MiB of RAM) unzip a 57 GiB file. It took it five days. It took me less than 30 seconds.
Chernobyl 'not a wildlife haven' - BBC News
I don't understand why anyone who was forced to turn over their computer wouldn't securely format it before doing so. Better to beg forgiveness than ask for permission... "Sorry Judge, I was in the middle of re-installing the OS when I was told to turn my computer over...what's that you say? Formatting the computer is suspicious behavior? I do it every few months because otherwise Windows XP starts slowing down and acting funny."
And this is a bad thing.... why? Because it's easier to catch crooked companies (all of them) breaking the law?
The article literally consists of corporate lawyers whining about how email makes it harder to conceal criminal actions because they can be found in discovery. Contrary to what the article seems to imply, very few court cases involving email discovery are based on harassment claims. Mostly they're about companies try to screw each other on business deals. For the most part, it's perfectly LEGALLY safe to tell off-color jokes and distribute porn through the company email.