Slashdot Mirror
Psystar Case Reveals Poor Email Archiving At Apple
Ian Lamont writes "Buried in the court filings of the recently concluded Psystar antitrust suit against Apple is a document that discussed Apple's corporate policy regarding employee email. Apparently, Apple has no company-wide policy for archiving, saving, or deleting email. This could potentially run afoul of e-discovery requirements, which have tripped up other companies that have been unable to produce emails and other electronic files in court. A lawyer quoted in the article (but not involved in the case) called Apple's retention policy 'negligent.' However, the issue did not help Psystar's lawsuit against Apple — a judge dismissed the case earlier this week."
From TFA:
The thing here is that litigation is always anticipated at Apple - if they're not currently suing someone, its because they're getting ready to sue. (or the legal team are on holiday [legal team pictured on the right hand side of that photo])
The other point worth noting here is that an electronic document retention policy is only a good thing to have if you're confident your employees are acting ethically (or at least unaware of any breaches).
There are shills on slashdot. Apparently, I'm one of them.
email? apple is to hip for that. its social networking, far as the eye can see...
On the Oregon Cost born and raised, On the beach is where I spent most of my days
This may be very bad for Intel in the intel vs amd case. As Intel may of give apple a unfair deal to keep amd off of apple systems.
The fear of fines and other legal sanctions has resulted in many companies instituting strict "e-discovery" retention policies, and has helped give rise to a new class of enterprise-class storage and indexing tools.
I think "iDiscovery" is a much catchier name...
Joking aside, I kind of wonder about the practicality of requiring companies to retain their own documents in case of possible litigation against them. Won't this simply encourage people to use alternate means for any sort of confidential communications? Also, what proof is there of a lack of tampering? I'm not saying Apple is guilty of this, but it does cross my mind in a general sense. It seems only natural that executives will be more cautious of saying anything even remotely incriminating via e-mail. More face-to-face meetings in the future, I guess.
Irony: Agile development has too much intertia to be abandoned now.
I tell this to users all the time. Email is for communicating... not storing documents and information. Do we require companies to record all phone conversations? What about documenting meetings and informal conversations (where the real magic happens)? Why is email different? Yes I know the laymans answer - because it is already half way retained. But that doesn't equate to legal requirements for a company to retain ALL email. That is actually quite a burdon. The intranet, CMS, ERP, $software_solution, and paper copies are all that should be REQUIRED for legal proceedings.
Now, some IANAL (or IAAL) tell me why I am completely wrong.
No comprende? Let me type that a little slower for you...
Retention policy is simple: Delete anything that shows it's your fault. Save anything that shows it's somebody else's fault. Forward anything that makes your boss look good. If you're asked for copies of anything give them something that looks similar but isn't it. If you're called into court, you have a bad memory unless your lawyer says you don't. And under no circumstances should you ever, ever
.
#fuckbeta #iamslashdot #dicemustdie
Just because a massive company doesn't have a "company-wide" policy on email does not mean it does not effectively archive it.
I record my sleeptalking
Yes Exchange is all fine and dandy when its up. Ever I work(a major tech company and one of Microsoft's top partners) Exchange goes down constantly. Its so bad people in my department just use gTalk at this point and only use e-mail/Communicator when we really really have to. Plus it sux when your job is Linux development.
We live in an era where ensuring plausable deniability is somehow considered a good reason not to do email. Who's surprised?
expandfairuse.org
It's generally in the best interest of a company to just give up everything and follow the rules procedure in the USA.
If a judge finds out that a company is taking evasive action or has put in a policy in place to deliberately hide information from the court, then that company is going to get banged and banged hard. And if a you are judge, you can bang a company for a long, long time.
There are just some judges who will just look at a company, sigh, and say "what are you guys in trouble for now?" The lawyers for the company bring changes of underwear.
This is my sig.
Apple? No way. This is just a simplistic legal defense IMO.
Man, if only Apple had access to some sort of technology that would automatically back up their emails. Something that indexed the back-ups too. Something that Just Works.
I thought that since Apple is a publicly traded company they are required to retain ALL corporate e-mails as a result of Sarbanes-Oxley legislation. What am I missing here? (IANAL, so I'm genuinely curious.)
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
I'm kind of in the middle of developing a policy for my department (1500 employees/800 Exchange users) of a large County (105,000 employees) where we currently have zero policy.
I've already been part of an e-discovery action for a lawsuit - which we eventually won - and can't imagine what might happen next.
Nevertheless - I follow the GTG philosophy. If it takes less than 60 seconds to do, I delete it. I also delete my deleted files every time I close for the day.
The Kai's Semi-Updated Website Thingy
Ok, I propose the following: We take up a collection to establish a prize pool to be paid to the (estate of) the first person to approach Steve Jobs and, with a completely straight face, suggest that he "Really ought to consider an enterprise grade hosted-Exchange Solution; since, after all, Exchange and Microsoft Workgroup Technologies(tm) are the heart of the dynamic enterprise."
Just remember, Steve has eye lasers, and they are powered by pure disgust.
I think that "shooting the messenger" wouldn't really do justice to the carnage that would ensue.
Anyway, Apple products aren't meant for that environment, really. Are they? I don't think they're going after tech support cubicle-dwellers.
Although, Apple does like to keep a little bit of a messiah complex about itself.
I've been thinking about this for awhile and would like to save a copy of all staff email 'just in case'. Rather than sticking it all in spool files and it not being that useful i'd like to allow 'admin' staff to be able to browse/search mail boxes. I'm not really interesting in I remember a program called 'lurker' (http://lurker.sourceforge.com) from a few years back that would be perfect for this but it seems the development for this has ended (last updated in 2006). Can anyone here recommend something that could be able to cope with a hell of alot of email?
So many companies have been hung out to dry based on emails one wonders why officers and above in the organization are even allowed to use email. They should go back to voice only, and have someone else write a memo if it is really important.
An e-discovery lawyer, who asked not to be named because his employer (a firm you probably have heard of) doesn't want him speaking to the press, explained the basic legal requirements surrounding email and document retention to The Standard. "If litigation is anticipated, the party has a duty to preserve potentially relevant documents," he said.
Playing safe does indeed indicate good record-keeping. I'm still not a lawyer, but that seems like reasonable enough legal advice. However, he has more to say.
"An employee retention program with no organization or coordination is effectively incapable of compliance," he continued, "barring an act of God, or luck akin to picking every game right in an NCAA pool. Apple's retention policy is negligent."
Do you mean "negligent" in the legal sense, or the colloquial? Because, you know, now that you're being cited as an e-discovery lawyer, the inclination will be to assume that everything you say is your legal opinion or best counsel based on the sum of relevant statute and precedent.
Consider this scenario: Employees could have emails from five years ago that become "potentially relevant", but because there was no policy in place regarding e-documents, those records could easily become destroyed -- making it potentially impossible for a plaintiff to make a case from internal documents.
That could only be a problem under an ex post facto law, in my opinion. I am still not a lawyer, so if I'm right [meaning his advice is not so hot], we now have a good idea why "his employer (a firm you probably have heard of) doesn't want him speaking to the press."
However, Apple claims in the Psystar document that its policy is fine because once the company anticipated litigation:
[Apple] identified a group of employees who could potentially have documents relevant to the issues reasonably evident in this action. Apple then provided those individuals with a document retention notice which included a request for the retention of any relevant documents.
Psystar's antitrust claim has been dismissed, but Apple is currently involved in many other cases. Apple's weak e-discovery practices could very well come back to haunt the company.
That is of course possible, but "could very well" normally implies high probability, and that is not supported by the facts given in this article. Obviously, he has a product to sell, but I would have come away with a more favorable impression of e-discovery software if he had said something more like, "if the evidence against you is as weak as the evidence against Apple in this case, you don't need a data retention policy any better than Apple's. However," I would continue if I was trying to sell some e-discovery software, "in case of better-organized litigation against you than this case, a more comprehensive data retention policy might be in your best interest." See, instead of making my sales pitch on a case that, taken on its own, indicates that my product is unimportant, I would acknowledge that my product was not important in this case, but suggest that it is not wise to assume that every case will be so easy. I think my approach appeals less to the customer's fear, and more to the careful consideration that will need to be evident in an approved purchase request.
"I can't imagine how things could get any worse!" (some guy) "That could just be failure of imaginatioÂn on your p
Our legal people won't respond to IT requests such as 'how long should we keep backups' The problem being that if they give an answer it can be used against the company.
Not having a guideline at all is the best way to circumvent that. Of course they do have a guideline for employees to delete all emails that are no longer pertinent to their jobs, but those guidelines are there for the same reason. It's all about deniability.
So I'd call this smart, not negligent.
Why would Apple bother to keep emails when they already know that the risk of the email being used against them is far worse than the penalty for not keeping them.
Poor education is the cause of this.
When you typed "may of give", the phrasing you were thinking of should have been "may have given". Also, your second sentence is really a sentence fragment.
Thank you for reminding us that MS invented e-mail, LDAP, and centralized administration. Because those of us with non-MS systems have no capability to copy e-mail, centralize contacts, or enforce administrative policies on end users.
/ MS shills -- pretending that MS invented UNIX concepts since they first sold Windows 2000.
// Seriously, bash Apple if you want, but a good troll would at least put Apple bashing and MS praising in separate posts
Do you work at a company that uses e-mail/IM/other form of electronic communication as much as a company like apple would?
What about video conferencing? Telephone conversations? Face-to-face meetings? Why does e-mail/IM warrant this special attention?
Automatic archiving and retention is a real advantage of Exchange (or Notes) servers. In corporatations with good implementation of Exchange email is automatically stored and can be easily retrieved with appropriate security.
So you say. I've recently been commiserating with a fellow who's in the process of trying to take the mess of non-standard crap that Notes calls email and convert it back to the original format it was received from the Internet in response to a legal request. Neither Notes nor Exchange retain the original documents including full headers. For the future he's sticking a regular UNIX SMTP transport in front and archiving what goes through THAT.
And, well, I've had to actually work with the corporate managed IT. Often the real work goes on behind the IT department's back, on user-run wikis and jabber servers, because the Microsoft and Lotus "solutions" are too cumbersome to get any real work done.
Why? There is no law that says a company HAS to put potentially incriminating information into email format. It's certainly legal to establish a policy that any information or speculation that could be used against a company not be put in email.
Oh yay! Props to UNIX for having the CONCEPTS! Microsoft integrated and improved them to form a set of popular technologies like Active Directory, Group Policy and Exchange. I'm glad you can do all those things on UNIX I really learned something!
WTF - I've seen this over and over...
LOOK up the word HAVE.
Intel may HAVE not OF.
Retards everywhere.
Crap, you know the same thing happened to me from AplLawyrBabe80?
Just like blood ninja, You better start writing down their names ;)
n/t
They're pointless.
Why is it that we task a company with producing information which may incriminate it? Isn't that sort of like asking a murder suspect to hold on to the weapon until his court date, just so the court can save money on evidence facilities?
If the court wants it, then it should be notarized and stored by the court, just like other contracts we expect the court to enforce (title deeds, etc).
If they are the private documents of a business (or of anyone), then how is it, owing to the 5th, that the court has any authority to demand production? Investigators most certainly have authority to tap, surveil, and record, given a warrant. But demanding you produce potentially incriminating evidence is another matter.
How is demanding document production a) constitutional, and b) anything other than a dumb idea?
I used to work at a law firm. I never would have, but I could have forged whatever I wanted, or omitted documents from production. Pay someone well enough and there are many people who will be more than happy to do that. So the only thing stopping it is needing a small enough group of people in the conspiracy that can be controlled. That sounds about as secure as 'security through obscurity'.
If courts want access to private communications on demand, then they need to pony up and use their own servers and bandwidth for it. Oh wait, that would be a gross invasion of privacy, wouldn't it? Exactly. Which is a pretty good sign that the policy is flawed.
Billy Brown rides on. Yolanda Green bypasses Gary White.
E-mail causes problems. If you don't archive anything, they say you were "destroying documents", but if you archive everything, all of your company's internal communication is discoverable via a supoena.
In other words, use telephones.
In Apple's case, I think they'd rather pay any fines in court for "forgetting" to archive everything rather than have all their internal communication available to anyone with a lawsuit/beef against them. Archiving their mail would be a strategic fuck-up of grand proportions. And they probably know it.
Here on Slashdot where people regularly talk about ways to safeguard their entire laptop's data from prying eyes via whole-disk encryption, there are actually a few real-world PGP users lurking around, and privacy is important... why is everyone arguing that Apple should have to let anyone read their mail?
That's retarded. Make it easy for the government to ask for copies of corporate mail, and it's a guarantee that they'll also want individual mail. Duh.
Archive nothing. Delete, delete, delete. It's not a "document", it's a damn e-mail. It's non-real-time PRIVATE communication within the company. The only difference between the e-mail and the phone on the desk is that one only works when both parties are sitting at the desks. That world is long-gone, we're often not at the desk, or we're not in the same time zone.
Corporate e-mail doesn't need to be read by anyone. It needs to be considered private communication, just like we'd all like to THINK our personal mail is... but it really isn't... so I guess we give up on personal AND corporate privacy? Sad and dumb.
+++OK ATH