Slashdot Mirror

← Back to Stories (view on slashdot.org)

Psystar Case Reveals Poor Email Archiving At Apple

Posted by timothy on from the let-me-check-the-round-file dept.

Ian Lamont writes "Buried in the court filings of the recently concluded Psystar antitrust suit against Apple is a document that discussed Apple's corporate policy regarding employee email. Apparently, Apple has no company-wide policy for archiving, saving, or deleting email. This could potentially run afoul of e-discovery requirements, which have tripped up other companies that have been unable to produce emails and other electronic files in court. A lawyer quoted in the article (but not involved in the case) called Apple's retention policy 'negligent.' However, the issue did not help Psystar's lawsuit against Apple — a judge dismissed the case earlier this week."

33 of 123 comments (clear)

  1. If Litigation is required. by Whiney+Mac+Fanboy · · Score: 5, Funny

    From TFA:

    ...the basic legal requirements surrounding email and document retention to The Standard. "If litigation is anticipated, the party has a duty to preserve potentially relevant documents"

    The thing here is that litigation is always anticipated at Apple - if they're not currently suing someone, its because they're getting ready to sue. (or the legal team are on holiday [legal team pictured on the right hand side of that photo])

    The other point worth noting here is that an electronic document retention policy is only a good thing to have if you're confident your employees are acting ethically (or at least unaware of any breaches).

    --
    There are shills on slashdot. Apparently, I'm one of them.
    1. Re:If Litigation is required. by aliquis · · Score: 3, Insightful

      It's probably more to say "if you think you will get busted you're not allowed to start removing things", not "you can't remove anything because some day in a time far far away someone may want to look you up."

    2. Re:If Litigation is required. by Whiney+Mac+Fanboy · · Score: 4, Informative

      Erm? Really? You cannot be serious?

      You don't recall Apple suing one of its fanbase (a student & lifelong fan), a web design school (who mostly used Apple's products), New York (for daring to use an apple in a environmental awareness campaign) and of course Psystar (attempting to resell OS X).

      I could go on & on. Sure. Plenty of people sue Apple (just like any other big tech corp), but Apple's penchant for pulling out the legal guns against small operators (and its fanbase) makes it stand alone in the tech crowd.

      --
      There are shills on slashdot. Apparently, I'm one of them.
    3. Re:If Litigation is required. by TheRaven64 · · Score: 2, Funny

      See? Another example of Apple not innovating. Spending vast amounts on lawsuits was a strategy first pioneered by IBM and later adopted by Microsoft.

      --
      I am TheRaven on Soylent News
    4. Re:If Litigation is required. by dubbreak · · Score: 2, Informative

      In the case of the web design school it was a pretty clear case of trademark infringement. The fact that they used Apple equipment made it even more likely.

      They have a logo that is very similar to apple's trademarked logo, they deal with computer related tasks/services/education, they use apple hardware... it is quite likely someone may mistake that the company is somehow tied to apple (an official apple web design school or something of the sort). Whether it is "morally" wrong for them to sue this company is a side issue (and debateable) as Apple must protect it's trademark in all cases they are aware of or risk losing it. Plus, gimme a break.. they couldn't find something a little more unique for a logo?! They were obviously "inspired" by the apple logo.

      BTW, I am from the city where the school exists. Pretty much all the news coverage was inflamatory and in the mindset of "big guy against the little guy". One news article even made the mistake of stating apple was suing over copyright infringement in the title but goes on to talk about TM infrigement in the article(again too many people don't get copyright != trademark). In reality it is really quite simple. Their logo is too damn close and they are in a similar field. Plain and simple that is a prime case for trademark infringement and not one story I read covered that. I'm surprised no one recognized that while designing the logo ,"Ummm don't you think this is a little close to the apple logo?" They use apple products so they obviously know what the trademarked apple symbol looks like.

      --
      "If you are going through hell, keep going." - Winston Churchill
  2. in the year 2000 by negRo_slim · · Score: 2, Funny

    email? apple is to hip for that. its social networking, far as the eye can see...

    --
    On the Oregon Cost born and raised, On the beach is where I spent most of my days
    1. Re:in the year 2000 by lysergic.acid · · Score: 5, Funny

      ::HackintoshDood signs in to Myspace::
      MySpace: you received a friend request from AplLawyrBabe81
      ::looks at profile pic::
      HackintoshDood: sweet, she looks pretty hot.
      ::approves friend request::
      MySpace: you have a chat request from AplLawyrBabe81.
      HackintoshDood: awesome!
      ::clicks::
      AplLawyrBabe81: a/s/l?
      HackintoshDood: 21/m/san jose, u?
      AplLawyrBabe81: kekeke
      HackintoshDood: i rly like ur pics. you're hot. ;-)
      AplLawyrBabe81: kekeke, thanks. ;-)
      AplLawyrBabe81: ur profile says u r Matt Anderson. is that rly ur name?
      HackintoshDood: yep, that's me =P
      AplLawyrBabe81: oh, good. then consider yourself served.
      AplLawyrBabe81: ur being sued by Apple for copyright infringement.
      AplLawyrBabe81: c u in court. k bye!

  3. e-dicovery? by Dutch+Gun · · Score: 5, Interesting

    The fear of fines and other legal sanctions has resulted in many companies instituting strict "e-discovery" retention policies, and has helped give rise to a new class of enterprise-class storage and indexing tools.

    I think "iDiscovery" is a much catchier name...

    Joking aside, I kind of wonder about the practicality of requiring companies to retain their own documents in case of possible litigation against them. Won't this simply encourage people to use alternate means for any sort of confidential communications? Also, what proof is there of a lack of tampering? I'm not saying Apple is guilty of this, but it does cross my mind in a general sense. It seems only natural that executives will be more cautious of saying anything even remotely incriminating via e-mail. More face-to-face meetings in the future, I guess.

    --
    Irony: Agile development has too much intertia to be abandoned now.
    1. Re:e-dicovery? by the+eric+conspiracy · · Score: 4, Interesting

      I kind of wonder about the practicality of requiring companies to retain their own documents in case of possible litigation against them.

      There is no general requirement. Many companies have document destruction policies - for my company we automatically delete all email older than 90 days.

      Some records have to be kept - financial records, taxation, etc. Invention records for patents, and so on. If you are in the financial industry the SEC requires 5 years for everything. If you are in a lawsuit the judge might order you to stop destroying stuff - I think Prudential got hit with a fine because nobody told their IT department to turn off their automating pruning process.

    2. Re:e-dicovery? by Dutch+Gun · · Score: 2, Insightful

      Bah, don't worry about the executives. They already have a entire language of obfusciation and everybody else just posts the dirt to their MySpace blog.

      It's not that I'm worried about executives. It just feels both pointless and overly intrusive to me, which is a bad sign for any government policy. From there, it seems a small step to require Internet providers or search engines to start logging the same sort of data. It doesn't really seem all that far-fetched.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    3. Re:e-dicovery? by hairyfeet · · Score: 4, Insightful

      Yes but IMHO it should be the same as taxes, that is 7 years. If the excrement hasn't hit the bladed cooling device in that time then chunk away. But if there isn't at least SOME kind of retention policy required of corporations you'll see every Enron style ripoff artist simply switch everything to email so they won't have to worry about having any paper trails. You have to balance the needs of the public and the shareholders with the needs of the company. But since we are rapidly switching(and some could argue we already have) to a paperless society then we really should have a set number of years for electronic records like email and IM. After all, look at what has come out against MSFT over the Vista Capable scam thanks to email.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    4. Re:e-dicovery? by Degrees · · Score: 3, Interesting

      Actually, there is a general requirement - although it's a special case, kind of. It's called FRCP - Federal Rules of Civil Procedure. So, it's a special case in that it only applies when you show up in Federal court. But it's a general requirement in that any case that gets ruled against can be appealed, and after enough appeals, you end up in Federal court. The Cornell link also points out that a lot of state courts are accepting the FRCP rules as reasonable for their proceedings.

      I've been told by our legal counsel the same thing mentioned in TFA: "If litigation is anticipated, the party has a duty to preserve potentially relevant documents". The obvious case is when someone's death (due to negligence) is involved. The less obvious case is when the boss starts an affair with one of the administrative assistants. Do you keep the love letters? Is litigation anticipated? What if the boss has authority over job promotions?

      Problem 1 is that the automated "we delete after 90 days" system may not have a provision for "well, delete all except foo and bar". (And, BTW, foo might take five years to get to court, and bar might never). Problem 2 is that it's probably not reasonable to expect end users to be able to classify keepers from trash. If they weren't love letters, but rather evidence of sexual harassment, should the victim have been allowed to keep them? If corporate policy says no....

      I don't know if this was the same case you were thinking of, but Morgan Stanley agreed to pay $15 million in fines for its failure to retain e-mail messages.

      --
      "The most sensible request of government we make is not, "Do something!" But "Quit it!"
    5. Re:e-dicovery? by Lord+Kano · · Score: 5, Interesting

      Won't this simply encourage people to use alternate means for any sort of confidential communications?

      YES.

      Two weeks ago, where I work, there was a new training module that we had to complete. One of the topics was email and discovery. We are specifically prohibited from speculating about anything in email because it can be a part of discovery. If we have concerns, we are to walk to the person's office and discuss it with them in person.

      LK

      --
      "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
  4. email is for communication... not documentation by iamhigh · · Score: 4, Interesting

    I tell this to users all the time. Email is for communicating... not storing documents and information. Do we require companies to record all phone conversations? What about documenting meetings and informal conversations (where the real magic happens)? Why is email different? Yes I know the laymans answer - because it is already half way retained. But that doesn't equate to legal requirements for a company to retain ALL email. That is actually quite a burdon. The intranet, CMS, ERP, $software_solution, and paper copies are all that should be REQUIRED for legal proceedings.

    Now, some IANAL (or IAAL) tell me why I am completely wrong.

    --
    No comprende? Let me type that a little slower for you...
    1. Re:email is for communication... not documentation by chill · · Score: 3, Interesting

      The financial industry requires all that. Where I work (broker/dealer and investment management firm) EVERYTHING is recorded. E-mail, phone calls, meetings, etc. IM and the like are forbidden. We even get copies of every fax sent/received and paper letter sent by investment advisers. All of it. Yes, it is a royal pain.

      --
      Learning HOW to think is more important than learning WHAT to think.
    2. Re:email is for communication... not documentation by truesaer · · Score: 4, Insightful

      But that doesn't equate to legal requirements for a company to retain ALL email.

      No it doesn't. But there are two issues with email. First is that if you don't have a standard policy for retention/destruction of email (or network share backups or whatever), it opens you up to allegations that you destroyed evidence after a lawsuit was filed. If people can delete things at any time, it makes it hard to show if it was coincidence that your VP just happened to delete all that relevant stuff after a suit was filed or not. With a standard policy, if everyone complies, then this matter is much more cut and dry.

      Second is Sarbanes-Oxley compliance. I know a lot of companies have banned external instant messenging because of retention concerns related to Sarbanes-Oxley (since you can't easily log AIM and other IM discussions). I'm a bit surprised that Apple hasn't got policies in place given their issues with improper options in the past. Similar laws, I guess they didn't take the scandal very seriously.

    3. Re:email is for communication... not documentation by libkarl2 · · Score: 2, Insightful

      Typical e-mail systems treat messages as messages, and not documents. Its made evident by the email address itself: someone@domain.net -- not alot of meta-data in there. Just a person at a place.

      what blows me away is when companies that do make an effort to archive e-mail messages, insist that the operation be performed at the client, via CC or message forwarding (the cost savings technique). Sounds ripe for abuse if you ask me.

      Lets face it: e-mail is too big to fail! Therefore (Satan get behind me) we must force it to do all the things it may or may not be suitable for.

      --
      You are where you are at the time you are there.
    4. Re:email is for communication... not documentation by Anonymous Coward · · Score: 4, Informative

      Let me put it this way - I know of a largeish piece of corporate litigation that turned almost entirely on a Christmas card.

      Broadly speaking, anything that is recorded and is able to be read/interpreted/played back/whatever is a "document" for legal purposes and is discoverable if it is relevant to the issues in the case (or whatever your local rules are).

      A conversation isn't a document as there is no persistent record of it. That is why you have "pens up" meetings and why some people will never put anything more informative in an email than "come see me".

      However, if you do make any record of that conversation - be it five words on a napkin, a detailed minute of the meeting or an audio recording, then that becomes discoverable (provided it is relevant). If you are given a handout of powerpoint slides at a meeting and you make notes on it then that handout becomes a wholly distinct, individually discoverable "document" from a blank printout of the slides.

      In most places it is considered contempt of court to destroy a document that is discoverable in actual or reasonably anticipated litigation.

      And yes, IAAL.

    5. Re:email is for communication... not documentation by fermion · · Score: 3, Insightful

      From what I can tell, this is old news and the protocol has been set. Destroy documents every so often. Do it consistently. Do not wait until there is a budget. Continuously go through everything and destroy everything that older than a cutoff. If you are told to stop, stop, and don't start trying to catch up on the destruction. This has been SOP since the Enron mess.he legal requirement is to follow protocol and not destroy stuff after you are told not to. This is nothing new, and if Apple does not have a consistent policy, then that is bad for them. The fact is that the paper trail is there. If you don't want a paper trail, have an undocumented face to face meeting.

      --
      "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
    6. Re:email is for communication... not documentation by truesaer · · Score: 2, Insightful

      "Should" be used? That may be the best policy for limiting discovery in lawsuits, but it would seriously damage the operation of the business. I can't immediately resolve an issue emailed to me most of the time, and I rely on saving emails with important information for later use. I'd say these are pretty common ways that people use email.

      You want to mitigate legal risk, not necessarily eliminate it.

  5. Retention policy? by girlintraining · · Score: 5, Funny

    Retention policy is simple: Delete anything that shows it's your fault. Save anything that shows it's somebody else's fault. Forward anything that makes your boss look good. If you're asked for copies of anything give them something that looks similar but isn't it. If you're called into court, you have a bad memory unless your lawyer says you don't. And under no circumstances should you ever, ever






    .

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Retention policy? by lucas+teh+geek · · Score: 2, Funny

      The first rule of retention policy club is do not talk about retention policy club!

      --
      TIAEAE!
  6. Time Machine? by xZgf6xHx2uhoAj9D · · Score: 5, Funny

    Man, if only Apple had access to some sort of technology that would automatically back up their emails. Something that indexed the back-ups too. Something that Just Works.

    1. Re:Time Machine? by GMonkeyLouie · · Score: 2, Informative

      That's actually hilarious that you mention that, as I am storing about a half-decade's worth of e-mails using apple products and hardware. Wouldn't call it especially secure or safe, but it's there and it's intuitive to use.

      Why wouldn't they at least use the office as a place to field test the product?

    2. Re:Time Machine? by bill_mcgonigle · · Score: 3, Funny

      Something that Just Works.

      Perhaps you've heard of Mobile Me? It's a wonder they have any e-mail.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  7. Re:Yeah.. by sleeponthemic · · Score: 2, Funny

    I know what you mean, if it weren't for that rape policy at work..

    --
    I record my sleeptalking
  8. Sarbanes-Oxley by BitterOak · · Score: 2, Interesting

    I thought that since Apple is a publicly traded company they are required to retain ALL corporate e-mails as a result of Sarbanes-Oxley legislation. What am I missing here? (IANAL, so I'm genuinely curious.)

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:Sarbanes-Oxley by vvaduva · · Score: 3, Interesting

      Yes, SOX section 802 can bring criminal penalties if audit records (which can include email messages) are not maintained. It sounds like Apple may not be SOX compliant.

  9. I double dog dare you... by fuzzyfuzzyfungus · · Score: 4, Funny

    Ok, I propose the following: We take up a collection to establish a prize pool to be paid to the (estate of) the first person to approach Steve Jobs and, with a completely straight face, suggest that he "Really ought to consider an enterprise grade hosted-Exchange Solution; since, after all, Exchange and Microsoft Workgroup Technologies(tm) are the heart of the dynamic enterprise."

    Just remember, Steve has eye lasers, and they are powered by pure disgust.

  10. Good reason not to even use email by blitz487 · · Score: 2, Insightful

    So many companies have been hung out to dry based on emails one wonders why officers and above in the organization are even allowed to use email. They should go back to voice only, and have someone else write a memo if it is really important.

  11. LOL! Step 1 = read article, Step 2 = comment by ReedYoung · · Score: 5, Interesting
    It was not a statute at all, it was just Anonymous Coward's (TM) sales pitch in the guise of legal counsel. From the first article:

    An e-discovery lawyer, who asked not to be named because his employer (a firm you probably have heard of) doesn't want him speaking to the press, explained the basic legal requirements surrounding email and document retention to The Standard. "If litigation is anticipated, the party has a duty to preserve potentially relevant documents," he said.

    Playing safe does indeed indicate good record-keeping. I'm still not a lawyer, but that seems like reasonable enough legal advice. However, he has more to say.

    "An employee retention program with no organization or coordination is effectively incapable of compliance," he continued, "barring an act of God, or luck akin to picking every game right in an NCAA pool. Apple's retention policy is negligent."

    Do you mean "negligent" in the legal sense, or the colloquial? Because, you know, now that you're being cited as an e-discovery lawyer, the inclination will be to assume that everything you say is your legal opinion or best counsel based on the sum of relevant statute and precedent.

    Consider this scenario: Employees could have emails from five years ago that become "potentially relevant", but because there was no policy in place regarding e-documents, those records could easily become destroyed -- making it potentially impossible for a plaintiff to make a case from internal documents.

    That could only be a problem under an ex post facto law, in my opinion. I am still not a lawyer, so if I'm right [meaning his advice is not so hot], we now have a good idea why "his employer (a firm you probably have heard of) doesn't want him speaking to the press."

    However, Apple claims in the Psystar document that its policy is fine because once the company anticipated litigation:

    [Apple] identified a group of employees who could potentially have documents relevant to the issues reasonably evident in this action. Apple then provided those individuals with a document retention notice which included a request for the retention of any relevant documents.

    Psystar's antitrust claim has been dismissed, but Apple is currently involved in many other cases. Apple's weak e-discovery practices could very well come back to haunt the company.

    That is of course possible, but "could very well" normally implies high probability, and that is not supported by the facts given in this article. Obviously, he has a product to sell, but I would have come away with a more favorable impression of e-discovery software if he had said something more like, "if the evidence against you is as weak as the evidence against Apple in this case, you don't need a data retention policy any better than Apple's. However," I would continue if I was trying to sell some e-discovery software, "in case of better-organized litigation against you than this case, a more comprehensive data retention policy might be in your best interest." See, instead of making my sales pitch on a case that, taken on its own, indicates that my product is unimportant, I would acknowledge that my product was not important in this case, but suggest that it is not wise to assume that every case will be so easy. I think my approach appeals less to the customer's fear, and more to the careful consideration that will need to be evident in an approved purchase request.

    --
    "I can't imagine how things could get any worse!" (some guy) "That could just be failure of imaginatioÂn on your p
  12. Vague guidelines are good by Anonymous Coward · · Score: 2, Interesting

    Our legal people won't respond to IT requests such as 'how long should we keep backups' The problem being that if they give an answer it can be used against the company.

    Not having a guideline at all is the best way to circumvent that. Of course they do have a guideline for employees to delete all emails that are no longer pertinent to their jobs, but those guidelines are there for the same reason. It's all about deniability.

    So I'd call this smart, not negligent.

  13. Why keep emails? by Anonymous Coward · · Score: 3, Insightful

    Why would Apple bother to keep emails when they already know that the risk of the email being used against them is far worse than the penalty for not keeping them.