The Importance of Deleting Old Stuff

An anonymous reader writes: Bruce Schneier has codified another lesson from the Sony Pictures hack: companies should know what data they can safely delete. He says, "One of the social trends of the computerization of our business and social communications tools is the loss of the ephemeral. Things we used to say in person or on the phone we now say in e-mail, by text message, or on social networking platforms. ... Everything is now digital, and storage is cheap — why not save it all?

Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company. They published old e-mails by employees that caused less-newsworthy personal embarrassment to those employees, and these messages are resulting in class-action lawsuits against the company. They published old documents. They published everything they got their hands on."

Schneier recommends organizations immediately prepare a retention/deletion policy so in the likely event their security is breached, they can at least reduce the amount of harm done. What kind of retention policy does your organization enforce? Do you have any personal limits on storing old data?

Dear Nazis

Official Nazi Memo

Please do not keep documents about Concentration-Camp details more than 3 Months.
If the gold in the inmates' teeth have been molten and the lamp-shades with their skin have been shipped all data about it can be shredded and burnt.
Once the Jews, the intellectuals and the gipsies have all been cremated, the documents about it can be safely destroyed.
We don't have to keep statistical data about the efficiency of the Zyklon B showers more than 1 month either, it's cheap enough.
Immediately dismantle showers and crematorium after use, we wouldn't want the public getting a bad impression.

PS. Do not make jokes about Leni Riefenstahl in your official communications.
No jokes about Sonja Henie as well.
Also, do not propose Jesse Owens as the next James Bond.

PPS. Don't talk to Goebbels about Company secrets, he keeps a diary.

PPPS. If anybody asks, Treblinka was a summer camp. //For the sarcasm-detector: this is a test

Re:Dear Nazis

[turbidostato]

"Please do not keep documents about Concentration-Camp details more than 3 Months."

Wow! Godwin law acomplished in the very first comment. That's a feat!

But then, I think you have a point: It seems to me that Sony's problems don't come from retaining old emails but from these emails being embarrasing to start with.

Schneier's position seems to be "don't worry about your poor ethics, just cover your tracks".

Re:Dear Nazis

[gstoddart]

Schneier's position seems to be "don't worry about your poor ethics, just cover your tracks".

In fairness to him, that's pretty much the industry position on data retention, and what the lawyers will tell you.

See, you are legally obligated to hold onto some things for a given period. Deleting it before then can get you into legal trouble if you suddenly find it needed.

Similarly, if you are under litigation and things have been requested, you are legally obligated to hold onto it because you're not allowed to delete stuff which is relevant to an on-going court case.

And, finally, once the base retention period has happened, and once your legal team confirms this stuff is legal to delete -- you want to get rid of it as soon as you possibly can, so that it's not lingering about to bite you in the ass.

This has been true of the legal landscape for document/records retention for at least a decade, because older information which should have been deleted can be a liability to your company.

The problem can be that employees hold onto stuff for their records, either as a CYA or a record of things they've worked on. And if that stuff pops up in discovery, even if the corporate version has been purged, it's legally admissible. But it's much harder to convince your employees they need to delete their copies of something, because their own personal interest means they care less about your corporate needs -- because who wants some ass of a manager coming back and blaming you for something you objected to?

I think this is pretty much standard records keeping since SOX came into play.

But don't think for a minute that it's just him saying essentially this same thing. This has been pretty standard stuff for quite some time, even if most people are clueless about it.

Re:Dear Nazis

[BarbaraHudson]

If you have nothing good to say,
You might want to keep your mouth shut
You never know if there'll come a day
'Cuz the backups never go away
You'll regret calling your boss a real slut.

Burma Shave

Re:Dear Nazis

[luis_a_espinal]

"Please do not keep documents about Concentration-Camp details more than 3 Months."

Wow! Godwin law acomplished in the very first comment. That's a feat!

But then, I think you have a point: It seems to me that Sony's problems don't come from retaining old emails but from these emails being embarrasing to start with.

Schneier's position seems to be "don't worry about your poor ethics, just cover your tracks".

That'd be his job as a security professional. Corporate ethics is another role that is obviously necessary, but that is not the subject of IT/enterprise security. It would be a stretch (and a very disingenuous one) to make inferences about Schneie's ethics from his professional position in the matter (in the context of security) alone.

Re:Dear Nazis

See, you are legally obligated to hold onto some things for a given period. Deleting it before then can get you into legal trouble if you suddenly find it needed.

Similarly, if you are under litigation and things have been requested, you are legally obligated to hold onto it because you're not allowed to delete stuff which is relevant to an on-going court case.

There's a difference in holding on to for legal (or whatever) reasons and keeping online. The former doesn't necessitate the latter.
It's quite a bit easier to remotely hack an Exchange server than a bunch of offline tapes or drives stuffed in a safe ...

Re:Dear Nazis

Fuck Godwin's law. That applied in the 1990's and 2000's when we lived in "end of history" times and Seinfeld nonchalance was a national attitude.

It's 2015. We've got religious fanatics abroad, corporations looting at home, western democracies in practical paralysis, and some kind of identity-political, fascism 2.0 popping up like mold all over the web.

The Nazi's were a lesson from history. Time to brush off the textbooks.

Re:Dear Nazis

Don't worry. The NSA has already captured all that data and keeping it safe for future use, including blackmail...

Re:Dear Nazis

[DarkOx]

Schneier's position seems to be "don't worry about your poor ethics, just cover your tracks".

I think you know we now live in a world where you can make a fairly benign statement and their exists a very real possibility someone with an axe to grind may strip it of its context and use it against you. I think you also know that behavior is normative. What is appropriate conversation with say all male company over beers after work, may not be appropriate while still in the office, might not be appropriate if a female colleague has joined you for those beers etc. That stuff might still land on the corporate backup server etc, if someone decides to use their corporate smart phone to video some of your night out. While none of it was ever said while on the clock, or in any official communication never the less through stupidity its found its way onto company assets; suddenly its discoverable etc.

So now that innocent comment between to men who were meeting not as employees of Innertrode, but just to buddies having drinks about how the waitress had a nice ass, can be used to demonstrait a pattern of hostile culture or whatever in some unrelated lawsuit. That is the world we live in. It could work the other way around too, your corporate stuff might get tied up in legal proceedings involving them personally that did not need to involve the company. This alone is why BYOD should be strangled in its cradle anytime someone brings it up. You don't want peoples personal lives tied to corporate assets. You don't want your file/e-mail/backup/messaging server to be evidence in their divorce proceedings, drug trafficking trial, etc.

Essentially my mothers advice is still the best, if you don't want someone to read don't write it down. Don't write it down, don't record it, don't photograph it. Do not keep in your diary under lock and key, do not keep it on your file server protected with AES-256, just don't record it. Also its not destruction of evidence you can't be guilty of deleting something that never existed.

So my advice is NO BYOD period, people putting personal assets on corporate networks should be escorted to HR to receive their pink slip and then out of the building; that should be the policy. As to data retention, yes a good data retention policy is important, but even more important is education on how corporate IT assets should be used, what type of language is never appropriate, not used for personal stuff, etc.

Re:Dear Nazis

[war4peace]

I keep all my e-mails in an offline folder. 13 GB and counting.
Saved my arse more times I am willing to count. After the first 15 or so occurrences, people generally leave me alone when I tell them "I could dig into my old e-mails for that information".

Deleting old stuff is definitely worse than keeping it secure, preferably encrypted using a separate tool and password.

Re:Dear Nazis

While I'm certain there are some people who were not aware of this, I think most /. users have at least a high-level understanding of the legal implications of data retention policies. We KNOW it's standard practice. We KNOW Bruce isn't the first one to make this statement. But there are lots of slimy corporate policies in place. If you get hacked and you can keep it under wraps, then don't tell your customers because it makes you look bad. If you can pay Chinese workers pennies an hour, then don't go asking too many questions because if you don't know they're working 80 hours a week in 90 degree tin warehouses, then hey, you can't be expected to do anything about it. Just because it's policy doesn't mean we can't point out that it's crap and ask Bruce why he's buying into the bullshit.

Re:Dear Nazis

[war4peace]

To summarize: NO personal calls while at work, no personal IMs, no website browsing, no contact with the outside world except purely for business reasons.
You're describing a company I would never want to work for. Ever.

Disclaimer: I access Slashdot from work right now and nobody gives a shit.

Re:Dear Nazis

[turbidostato]

"It would be a stretch (and a very disingenuous one) to make inferences about Schneie's ethics from his professional position in the matter (in the context of security) alone."

I don't think so. The man is the slave of his words and the master of his silence. Schneier is completly free to give whatever advice he deems appropriate and of course everything somebody says (given it has not been put out of context) reveals his ethos, specially if, as it is the case, it is full of behaviour indications:

"[in regards to the attack against Sony Pictures] there's another equally important but much less discussed lesson here: companies should have an aggressive deletion policy.
[...]
Everything is now digital, and storage is cheap -why not save it all?
[...]
Saving data, especially e-mail and informal chats, is a liability.
[...]
If Sony had had an aggressive data deletion policy, much of what was leaked couldn't have been stolen and wouldn't have been published."

Schneier could said just as easily something like this instead:

"[in regards to the attack against Sony Pictures] there's another equally important but much less discussed lesson here: companies should have an aggressive policy enforcing high ethical standards.
[...]
Everything is now digital, and storage is cheap -why not save it all?
[...]
Allowing psycopaths in your company, is a liability.
[...]
If Sony had had an aggressive ethos policy, much of what was leaked wouldn't have been published or, if so, it would just showed what a high standards company it is."

See? Still Schenier pointed the former, not the later.

Re:Dear Nazis

[Zeio]

Exactly right. Dont make things secure, dont keep the bad guys out. Dont make all this information searchable for future use.

Delete and change history? That's what we've come to? Delete evidence and history like this is some sort of Enron shredding party.

Meanwhile people who are directly damaged by Google-NSA by not being able to have the right to be forgotten cant escape, but companies can erase their past?

Re:Dear Nazis

[bzipitidoo]

What's that saying that's used to justify spying on everyone? "If you have nothing to hide then you have nothing to fear".

You can't divorce security from ethics, because so much of security does not make everyone safer, it often makes a small group safer from the public, and that may not be in the public interest. Security against viruses is good for everyone but the few who want to use viruses to the detriment of the infected. Security against "pirates" is much more controversial, as "pirates" too often means everyone else. MS tried propaganda and strong arm tactics to pass off Windows Genuine Advantage as security for users. That was an insult to our intelligence, and a lie. Worse were Sony's music CDs with the root kit. I wonder if any of the leaked info has details about that, perhaps puts names to the people who decided make Sony's own CDs help spread viruses, including their own? With tax season around the corner, and Turbo Tax in the news again for anti-social behavior, the stunt they pulled a decade ago is worth mentioning again. Their "security" measures in their software screwed with the boot sector of their users' hard drives, risking the loss of all their users' data, in order to "protect" their software from piracy with, once again, DRM that does not work.

If you're a security expert, what do you do when you're asked to help cover something up, something that may be criminal and/or dangerous? Or, you're asked to use your knowledge to help make everyone less secure, by, for example, designing a root kit for music CDs? Blow the whistle, or follow orders? Whichever way you go could be trouble. Lose your career because no one wants to hire a whistleblower, and the government does a bad job of protecting whistleblowers, or lose your freedom when you are implicated in the cover up and sent to prison for it? Maybe you can blow the whistle without blowing your cover. No one was sure who Deep Throat was until long after Watergate. For the example of the root kit on the music CDs, you might make a judgment call. You would understand that this is a variation of DRM that will still be ineffective, the root kit is a clumsy idea, and therefore is unlikely to do much damage to the public. The outcome can only be what actually did happen, which is that the root kit was soon noticed and the only harm of significance was self inflicted harm when Sony lost much trust and was forced to recall all the infected CDs. So, your best course of action was likely some form of CYA, documents that you warned management that the root kit was a very bad idea, and that you were going ahead with it only under protest. You could still be blamed and fired of course. Maybe management will believe the root kit would have worked if not for your "treachery" in deliberately doing an incompetent job, despite any words anyone else tells them to the contrary.

Re:Dear Nazis

[ShanghaiBill]

I keep all my e-mails in an offline folder. 13 GB and counting.

I do the same, except I auto-delete obvious spam, so mine is less than 1GB.
I don't see any real harm to Sony from the e-mail disclosures. Was anyone really surprised that the Sony execs thought Angelina Jolie was a spoiled brat? Who cares?

Re:Dear Nazis

[turbidostato]

"their exists a very real possibility someone with an axe to grind may strip it of its context and use it against you."

And then, having full records showing both that the issue has been taken out of context and what a scumbag was the one doing so, is an asset, not a liability.

"What is appropriate conversation with say all male company over beers after work, may not be appropriate while still in the office"

Or is it that while a common behaviour it was not appropriate over the beers either? And then, even if what you say is the case, do you think are you serving well your company if you don't know the difference, nor enforce knowing the difference, between your corporate resources and an informal meeting over some beers after work?

"You don't want peoples personal lives tied to corporate assets."

If by "you" you mean "the company", then you are wrong: the company is perfectly happy having their employees' lives tied to corporate assets, which is part of the evil ethics culture that ends up bitting companies like Sony. It is the employees that should know better and not allowing their lives to be tied to the company. We are workers, not serfs or slaves.

Re:Dear Nazis

[bkr1_2k]

What world do you work in where so much goes wrong so often that you've had 15+ occurrences where you had to "check my old email" to keep from being in a bad situation? Wherever it is, I'll stay the hell away.

I keep all my old emails, for the same reason, but I've used them once or twice in nearly 20 years.

Re:Dear Nazis

[houghi]

See, you are legally obligated to hold onto some things for a given period. Deleting it before then can get you into legal trouble if you suddenly find it needed.

In some countries keeping data, especially customer data, longer then needed can cause legal problems as well.

I for one am for "If you do not need it, trow it away." I do this at home and at the office. If I haven't touched it in a year, I don't need it and I trow it away. (Excluding music, records, photos and things of sentimental value)

You could do the same with data as well. The advantage is that looking for something will be much, much faster. Even now seaching for some codesnippet will be faster with google then on my own machine looking for something that I might have had.

That said, I don't do with data as I do with other things. Why not? Because it is easier to keep it then to throw away what I might not need anymore. Hoarding data does not give me a financial gain. So what that I did not read these mails in 10 years? In comparison it does not contain a lot of space, so no real gain.

Official papers need to be kept for 5, 10 or even 30 years and they take up place. There is a rent cost to be payed for by companies (e.g. in Belgium all contracts still need to be signed and the original must be kept for X years).
So if they reduce that from 30 to 20 years, you pay X amount less.

Keeping data is, for now, cheaper then deleting it. Just add some HDs and the issue is solved. I believe that is the real reason. And if you have done something wrong, somebody somewhere will have either a copy or will testify without a copy. It just makes it a bit harder, but in the end it is security through obscurity, so you can't rely on it.

Re:Dear Nazis

You must be regretting this then BarbaraHudson http://slashdot.org/comments.p...

Re:Dear Nazis

[ArmoredDragon]

Nonsense. The lamp shades were a myth and Zyklon B was actually gift gas!

https://en.wikipedia.org/wiki/...

Re:Dear Nazis

Not the op but keep away from corporate security. While it seems like most of us are assholes, its because you get used to looking past the smiles of the assassin's coming for you that week.
I find I need to go pull something out of a mail archive 3-4 times a year, when someone tries to blame me for something being insecure, and in my notes I have details of how I tested it, found it bad, highlighted same and some manager overrode my concerns because there was a business need to do so taking a decision they were not qualified to take. When the shit starts to fly, you need to produce these or a baying mob of all the people you've ever disrupted their cosy plan for timescales with the utterance "don't do that, its a *really* bad idea" will form and lynch you irrespective if you were right or wrong. It usually comes out in the wash when you produce the mail documenting this, the hysteria is being whipped up by someone connected to that very decision trying to bury the traces of the source of the braindead decision.
I've also noticed the more clued up people send suspect things in encrypted mail, because they know damn well our corporate IT will balls up the certs on our corporate machine every year and we'll have to get new ones with no access to the old.

Delete my mailbox every 3 months? not a chance. I have stuff going back 6 years for some of the rasher decisions.

Re:Dear Nazis

Indeed. I once had to testify in court about an old email, which had no body text, and only contained the subject 'hmm'. "What was the significance of that email?" I was asked. Well, the significance was that I was using email in place of IM. No, I don't recall what was going on when I wrote that five years ago. "Didn't you mean 'hmm is doing something [presumably nefarious]'!?". Well, no, and thank you for trying to construct an entertaining story around a single word presented with no context.

Up to that point, I'd played digital pack rat since old emails contain useful stuff.

My current employer's policy is, I think, retain for the legally-minimum required time, then delete. Initially I thought that was beyond annoying. Now I think it's incredibly astute, as lawyers are paid to make implications of anything and everything. Your sneeze implies an allergy to cats, which you obviously must have developed skulking through the kitten farm in the middle of the night while trying to kidnap one for your depraved entertainment. You disgusting kitten harmer, you. I bet you hack computers in your spare time too. And why not mail fraud, since everyone probably does that, and we need to nail you with something...

Re:Dear Nazis

I'd say you're blissfully naive if you think that, in the interim between that attack and your presentation of exonerating context (months to years in our legal system), your life won't be living hell. Why accept that open-ended exposure? "I didn't do anything" unfortunately isn't a universal defense.

Re:Dear Nazis

[ultranova]

That'd be his job as a security professional. Corporate ethics is another role that is obviously necessary, but that is not the subject of IT/enterprise security. It would be a stretch (and a very disingenuous one) to make inferences about Schneie's ethics from his professional position in the matter (in the context of security) alone.

tl;dr He's only following orders.

Ethics, either for organizations or individuals, isn't something that can be slapped on as an afterthought. It's either part of every role, every process, every decision, or it's non-existent. Trying to make corporate ethics the responsibility of an "ethics department" simply makes that department an obstacle everyone and their dog will do their best to sidestep, avoid, and keep in the dark at every turn. It might make for fine black comedy, but it's not even remotely related to ethics.

So yes, we can absolutely make inferences about Schneier's ethics based on how he conducts his job.

Re:Dear Nazis

[skids]

In some countries keeping data, especially customer data, longer then needed can cause legal problems as well.

Just about anywhere where a discovery motion can compell you to spend your own staff's time and effort answering questions about whether or not you have data X and please give data X to the lawyers, you want a data retention policy so that when you get that letter, you can just say "it's our policy to delete stuff older than Y, so X is long gone." Otherwise your techs are fumbling around in desk drawers and tape archives for old backups so you can say "yep, we looked."

Re:Dear Nazis

[Jawnn]

Insightful? Really? For a post that truly did miss Bruce's point? That point was, BTW, that if you don't have a good reason for keeping something, don't. Make that a policy and enforce it. Anything, not just evidence of corporate sleaze, can become a liability. Only a fool would keep potentially dangerous garbage when she didn't have to.

Re:Dear Nazis

[turbidostato]

"Only a fool would keep potentially dangerous garbage when she didn't have to."

Only a fool would throw away potentially valuable information when she didn't have to.

So, back to square one, right?

Re:Dear Nazis

[war4peace]

It's all about corporate culture. When the majority of your colleagues and management chain don't read their e-mails and forget a phone conversation immediately after hanging up, there will be many occasions when they come back to you after a couple months and ask "why wasn't I told about this???". So you show them they were told, but their incompetence stood in the way. They're mostly looking for scapegoats and I show them I can't be one.

You might be lucky by working for a company with proper employees. Me, not so much. But salary is good and the company overall is successful (although hated here on /.). Meh, it's just a job. Keeps me and my family fed.

Re:Dear Nazis

[war4peace]

Pretty much this.

Re: Dear Nazis

[BellyJelly]

Can't you just have a hard drive failure? Works for the IRS........ A rolling program of scheduled hard drive failures should minimise the amount of embarrasment.

Re:Dear Nazis

[kanuac]

I think s/he was being meta; it was you who did the Godwin stuff.

Re:Dear Nazis

[radarskiy]

'Schneier's position seems to be "don't worry about your poor ethics, just cover your tracks".'

-1, self-refuting

This is an example of why you would want to expire a perfectly ethical message, since while you can control what you preserve you cannot control how much context someone else must use.

Re:Dear Nazis

[turbidostato]

"This is an example of why you would want to expire a perfectly ethical message, since while you can control what you preserve you cannot control how much context someone else must use."

Ok, you win. I already deleted my own copy.

Oh! by the way, you put the message above out of context, I'll take my original copy out and I'll demonstrate...

Oh, wait!

Re:Dear Nazis

[rtb61]

One thing to keep in mind about the cost of deleting data versus the cost of keeping data. You only have to delete it once and when it comes to keeping it, you will have to do that an infinite number of times until you finally admit hoarding defeat and delete it. So the comparison deleting once versus keeping once is false, it delete once versus keeping it many times. Deleting on the fly is far easier than trying to shrink massive data bloat much like the human body, keeping slim is far easier than trying work off a huge build up of bloat.

Re:Dear Nazis

Schneier's position seems to be "don't worry about your poor ethics, just cover your tracks".

Ethics hardly falls in the domain of security. From a security standpoint, regardless of one's ethics, one is better off retaining less old data. What you're saying is quite similar to that old chestnut "you don't need privacy if you have nothing to hide." Do you see the problem?

Re:Dear Nazis

>> Sony's problems...come...from these emails being embarrassing to start with.

No, Sony's problems come from its being run by assholes. That's the source of most organizations' problems.

Air-gap.

[ledow]

Retain everything.

Just make sure that anything past your legal retention limit is only retained offline.

How hard is that? Standard practice as far as I'm concerned - when you hit the limit on what you need to store, archive it to get your space back but keep the archives around just in case you need them later (e.g. lawsuits, etc.). There's nothing stopping you putting your old tapes, or old NAS disks, into storage because by the time the data is about to retire, so are the old units that stored it.

Not saying keep them around forever, but just keep what you don't NEED to keep offline. Otherwise you're just chewing disk space for no good reason anyway.

Then when you do come across your (encrypted) backup tapes in the archives in a few years time, you know you can safely ditch anything there should you be short of space, and that you can probably restore anything that might be there if the lawyers send you in. And nobody can access it but you. Hell you could store it live, but encrypted, and just archive the encryption key for each year that you don't need.

Air gap and encryption, people. Seems like it should be pretty basic stuff to a company as HUGE as Sony.

Re:Air-gap.

[Drethon]

I work for a contracting company, our data retention limit is the end of time. Though knowing that all of our e-mails are kept stored for possible contract issues also means I try not to send highly embarrassing e-mails on work e-mail...

Re:Air-gap.

[twitnutttt]

It's called digital hoarding, and I've got the bug too. =)
Keep it all! Create a git repository in the root of your documents folder and keep every version of every file you've ever saved, or use a remote cloud backup with versioning. Either way use a remote cloud backup plus external hard drive backup!
Only this way can you be sure to never lose any thought you ever had.
I jest, but not really.

Re:Air-gap.

[Shakrai]

I have every file from every computer system from every OS upgrade/re-install. In Windows the heirarchy looks like this: C:\old c\old c\old c\old c\old c

Oh, I need that file from 1996? Well duh, it's under C:\old c\old c\old c\old c\old c\old c\old c\old c\old c\stuff\
2001? C:\old c\old c\old c\documents and settings\shakrai\my documents\

Works in Linux too, where it's just /oldroot/oldroot/oldroot/

Re:Air-gap.

[jellomizer]

There are Legal Reasons to keep everything. If something goes wrong, you better be able to show up evidence or you may be in trouble for appearing to hide data.

There are political reasons too. Where I work can be very political, with a lot of finger pointing. If you can dig up data to prove that someone did it. You can stop all the nonsense and get back to work. If you delete your record that you have done something years ago, something that you may have disagreed with but was told to do it anyways. Chances are you (especially the IT Guys) will be blamed for the mistake.

Re:Air-gap.

[jbmartin6]

You aren't going to appear to hide data if it is part of your data retention practice. If you can say that you were deleting everything over five years old long before any issues came to light, that isn't going to be a problem. Now if you start deleting it the day before you get the subpoena, you've got a problem.

Re:Air-gap.

[kent_eh]

my old emails (especially) are kept in the "CYA" file heirarchy.
It has served my intrerests a few times. "why didn't anyone warn us?"..."I did in this e-mail from 6 years ago (attached)".

Re:Air-gap.

[rgmoore]

Just make sure that anything past your legal retention limit is only retained offline.

That won't help much against an attack by an insider, who will have access to the off-line repositories. Of course doing that would reveal that it was an insider attack rather than an outside hack, but the damage would still be done.

Re:Air-gap.

[ledow]

For personal stuff? Yes, I have the same.

"Old laptop files" etc. feature heavily on any new disk I buy.

Similarly, for email, I can query nearly 15 years worth of email from the narrow-down search in my mail browser. You don't even notice - given how quickly it can do it - but, damn it's useful when you've forgotten the login to that website you signed up to years ago and never thought you'd need ever again.

But at work, disk space is always tight because hundreds of users try to do the same on one network. So I keep to the official retention periods, then have a bunch of encrypted disks in the basement should the extraordinary be required. Never been asked for it (have been asked if I can ditch some of it, to which the answer is "throw out what you want from that room, just start with the oldest first").

Hell, first job of making a new personal RAID array? Copy all the old one onto it, then retire the old one and file the disks somewhere safe.

Re:Air-gap.

Whenever advice contains a statement that ends with the clause, "..., people" it immediately becomes preaching and is ignored.

Re:Air-gap.

Air-gapping doesn't prevent:

viruses that hop across your memory sticks, hard drives and such.
insiders leaking information.

The former, you can protect against that by making a hardware copying device.
Slap memory storage in, it copies only the difference, it never executes anything, keep it simple too, none of this advanced shit.
Better if you DIY it as well instead of using standard hardware since that will likely eventually be hacked and it will be added to [insert next big thing] hacking libraries for future targets. Believe it or not, despite many retards saying it isn't a good thing, security through obscurity CAN work in your favour if you do it right. If more obscure your hardware is, the harder it will be for a hacker to get at it since it will mean an ever-increasing payload that needs to be used to try hack devices, which starts to become easier to detect and eventually downright impossible to do when it goes over the logic board memory limits.
Admittedly you could flash a virus on to a drive and get the board to read it off there. Only solution there is to reflash your logic board every time.
This is why I despise hard drives and would have preferred if things like zip or floppy just got expanded on. Fuck hard drives.

The latter? Stricter security checks than even the NSA, who appeared to have none when Snowden was able to leak such a stupid amount of data.

Re:Air-gap.

[OneSmartFellow]

I have every file from every computer system from every OS upgrade/re-install. In Windows the heirarchy looks like this: C:\old c\old c\old c\old c\old c

Oh, I need that file from 1996? Well duh, it's under C:\old c\old c\old c\old c\old c\old c\old c\old c\old c\stuff\ 2001? C:\old c\old c\old c\documents and settings\shakrai\my documents\

Works in Linux too, where it's just /oldroot/oldroot/oldroot/

How idiotic is that.
Why not give them year names or anything/something to help you navigate quickly.
Why struggle with trying to figure out the relative 'old' path. That's just plain dumb.

Re:Air-gap.

[putaro]

This is very true. Another issue is not that there's anything embarrassing or bad, but the sheer work of producing documents for a lawsuit can be be very expensive. If you do keep emails or other records beyond the legal retention limits they can still be subpoenaed, but if you destroy them on a regular schedule, well, can't produce what you don't have.

Re:Air-gap.

I have worked for companies where they had only one retention policy... end of time. This was just plain fscking stupid. Of course, when an auditor realized that everything was stored since the time Vanilla Ice was rapping about his 5.0, they actually asked for a dump of all 4mm media still tucked away in the antidiluvan autochangers in the cast-off ProLiants that were stashed in some disused elephant graveyard. Of course, finding the parts (all tucked away, thankfully), making sure the Windows NT version was good enough, installing the backup software, then building a Linux box whose only goal was to take the stuff coming back from full height 5.25" tape autochangers... took a damn long time.

Of course, when all was said and done, the auditors feasted on E-mails from a decade earlier, making findings of all kinds of criminal misconduct. Only reason why people didn't get arrested was due to the statute of limitations, but civil cases of copyright/IP violations flew.

My recommendation:

Expire your fscking data. If it doesn't have to be retained for 50 years (FAA regs), 7 years (financial regs) or 6-12 months (Sarbox regs), have a date where it gets archived and expired. The only exception to this are criticial financial documents, and software install images. Not E-mails (if they are critical, the E-mails should be copied to PDF and the PDF cryptographically signed.) Trust me... if the data is there, there are bevies of lawyers who would love to go through it, if given a chance, and they will find criminal/civil stuff to file on.

Re:Air-gap.

[mrchaotica]

Because if the number of times you need something times the time it takes for you to search for it is less than the time it takes to organize it carefully, then it's not worth organizing.

Part of my "filing" system is literally a pile of papers in a box, stacked in roughly-chronological order. Insertion is O(1); retrieval is O(n) (maybe faster if I know how old the thing I'm looking for is). I insert much more often than I retrieve, so it works just fine.

Re:Air-gap.

[houghi]

but just keep what you don't NEED to keep offline

OK, tell me what you don't need and we will take it offline.

When I look at the shared directories at the various companies I worked and work at, it would not only be a great idea. In a small company I moved anything that I saw and that was older then 2 years to a directory "Backup". In several years nobody complained and asked where the data was.

In companies where I proposed it, the answer was always: "We might still need it." Just look at what people have in their cabinet. They are unable to throw away the presentation you have in 2005, because reason.

And now you want to throw away data that might have been useful? Perhaps you are different, but the majority of people don't do this with their own data.

Re:Air-gap.

[rssrss]

IAAL: I always told clients that it is far better not to have a written record of what you said and did. It is always to your advantage to have to rely on your self serving memories than to have your memory contradicted by written evidence.

There are some documents that you must retain by law. You should work with your counsel and accountants to identify those categories of documents and to retain them. But not one day longer than necessary.

That said. notes and drafts are very seldom subject to legal retention guidelines. Once a document is finalized, notes and drafts should be destroyed.

Finally, the easiest document to deal with is one that was not created. Business processes should be engineered to avoid document creation to the extent possible.

Re:Air-gap.

[TemporalBeing]

Just make sure that anything past your legal retention limit is only retained offline.

That won't help much against an attack by an insider, who will have access to the off-line repositories. Of course doing that would reveal that it was an insider attack rather than an outside hack, but the damage would still be done.

It will also fairly quickly point out who the attacker is since the offline copies are usually locked up securely that only a very few people have access to, access that is logged.

Re:Air-gap.

[TemporalBeing]

IAAL: I always told clients that it is far better not to have a written record of what you said and did. It is always to your advantage to have to rely on your self serving memories than to have your memory contradicted by written evidence.

There are some documents that you must retain by law. You should work with your counsel and accountants to identify those categories of documents and to retain them. But not one day longer than necessary.

That said. notes and drafts are very seldom subject to legal retention guidelines. Once a document is finalized, notes and drafts should be destroyed.

Finally, the easiest document to deal with is one that was not created. Business processes should be engineered to avoid document creation to the extent possible.

Very true. It has bitten people more often than not having the written record.

Though you're final drafts should also have a note about their taking precedence over any previous versions, drafts, notes, etc so as to establish their finality on the matter to prevent issues like with SCOG v Novell where SCOG claimed that the drafters knew the intentions that were suppose to be reflected yet the document clearly stated that it was the final work as intended.

Re:Air-gap.

This is exactly right...

captcha: "blunders" how apropos...

Re:Air-gap.

I think he was talking about offline in the old-school vernacular, where offline storage meant a meat-bag had to physically place the tape or disk pack into the drive; now-a-days it would be like a thumb-drive or a DVD-R disk kept in a locked fire-safe. The repository would require both knowledge of it existence and authority to access, often C-levels are kept ignorant of it's existence for plausible deniability purposes

Re:Air-gap.

There is a balance between keeping everything to the beginning of time, with a duration to the end of time, versus no retention whatsoever.

My answer: It depends on the company, the work environment, and other items. Personal E-mail retention is a different beast from how long E-mail sits on an Exchange server.

If a company has a firmly set data retention policy and there is no other law, regulation, contract stipulation, or other item requiring retention, then if backups expire after 30 days, the e-discovery lawyers can raise a ruckus... but for most points, they don't have a leg to stand on, since data is expired as a matter of corporate policy. Not destroyed willy-nilly [1].

Here is a simple of what I've done in the past, using a backup system that slurped from Exchange and could restore not just mailboxes, but items, as well as database backups and files:

The "if this data disappears, people will go to jail" tier: Data goes to a SSD landing zone, then pushed to disk and two sets of tape. One set stays in the silo (or gets plopped into a nearby tape safe [2]), another set gets packaged up and ready to be moved offsite. This way, there are at least three sets of data at minimum. Since this data is critical, it doesn't expire. Needless to say, not much gets stuffed into this tier relatively.

The "keep for seven years" tier. Data goes to disk, immediately migrated to tape, winds up with a copy offsite and a copy on premises. Every quarter, I run a "validate all locally accessible data" to catch any possible bad blocks. I use this tier with some database backups and filesystems. This tier is just data, not applications or OS images.

The "keep for two years" tier. Data goes to disk, migrated to tape when the disk pool gets near full, and a second copy is kept offsite. I use this for documents, home directories, and other items. Long enough so a user can fetch a disused document, but not too long. I also use it for production critical machines for the entire machine for bare metal.

The "keep for six months" tier. Data goes to disk, a copy is made to tape to go offsite, and if the high water mark on disks gets hit, move it to tape. I use this tier on whole machines for bare metal restores.

The "keep for 30 days" tier. Data goes to disk, doesn't get offsited, as this is mainly for non-production machines so they can bare metal restored with specific data getting kept for longer as need be.

Finally, the "archive it to tape and forget it" tier, with no data expiration time, and data winds up going to disk as a landing zone, then immediately migrated to a single set of tapes. Since tape is cheap (ball park $10 a terabyte for just the media), this tier winds up getting used for imaging decommissioned machines before wiping them, images of build trees before major changes, vendor ISO images, and other stuff that winds up cruft, but can be important later on. This tier should never be used for home directories, messaging applications, or Exchange, but there always needs to be a place to stash Windows NT ISO images or special software that may only get installed once and never again.

Of course, one last thing. When backing up or archiving, it is very simple to set a password on LTO-4 and newer drives via SPIN/SPOUT. Log onto the silo, turn on AES encryption, set your PW of choice (correct horse battery staple), and other than saving the PW somewhere recoverable, all tapes are now secure and if media gets lost, there isn't a need for panic. One can use more sophisticated solutions, setting each tape to have an individual key, but for most purposes, why bother.

[1]: For example, if one has a NAS with snapshotting capability, having it pop snapshots with 30-90 days of retention is good enough. The snapshots expire as per corporate policy, not actively removed.

[2]: The main reason for the safe is media fire resistance, as well as being able to give an auditor a chain of custody list (either the media is in a safe, on my desk being pack

Re:Air-gap.

[neurovish]

Seems like it should be pretty basic stuff to a company as HUGE as Sony.

You're not thinking evil enough...this is advice for businesses. A subpoena can bridge an air gap.

Re:Air-gap.

[antdude]

Basically, prove it when needed. ;)

Re:Air-gap.

[Aqualung812]

Just make sure that anything past your legal retention limit is only retained offline.

Do you think that because it is no longer required for you to keep certain documents, that it will prevent a subpoena from demanding them if they exist?

So, every time there is a lawsuit, you have to re-plug all of those air gaps archives to search for whatever documents the opposition deems relevant. There went February's IT productivity.

NO. As soon as you don't need it, delete it automatically. Make it a written policy. After X years, everything is deleted unless it is placed in a certain archive manually. That archive will be small and certain to only be used to your company's advantage.

Screw data retention policies

My company deletes emails after 90 days unless you jump through burning hoops to save a limited number of them. And has IM logging forced to disabled. This REALLY sucks when you want to go back to refer to something. And is so transparently a CYA move.

How about instead of deleting everything people just are not a-holes? And if they can't help themselves maybe they should be exposed. Instead they make us all work in circles as we forget our past.

Re:Screw data retention policies

Totally agree. We have a similar policy, and so much context and useful background has been lost to the auto delete monster.

Yes ideally we should all be using better ways of managing information, but here in reality email chains are one of the main ways information moves around this company.

Re:Screw data retention policies

May I ask why does your company delete emails after 90 days? Are you in some illegal business? Storage is cheap and many of us keep everything just to be able to prove things if some PHB tries to blame others for their mistakes.

Re:Screw data retention policies

[nospam007]

"My company deletes emails after 90 days unless you jump through burning hoops to save a limited number of them. And has IM logging forced to disabled. This REALLY sucks when you want to go back to refer to something. "

Is sending a BCC to a personal account and a filter to forward incoming mails to the same account also forbidden?

Huey Long's Philosophy applies here....

[Shakrai]

Things we used to say in person or on the phone we now say in e-mail, by text message, or on social networking platforms. ... Everything is now digital, and storage is cheap — why not save it all?

Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company. They published old e-mails by employees that caused less-newsworthy personal embarrassment to those employees, and these messages are resulting in class-action lawsuits against the company.

Never Write what you can Phone;
Never Phone what you can Say;
Never Say what you can Whisper;
Never Whisper what you can Nod;
Never Nod what you can Wink.

Re:Huey Long's Philosophy applies here....

[ripvlan]

hah. I worked at a place where that actually was the policy.

When dealing with lawsuits...
Talk in person - in closed rooms
If you do Phone - never leave voicemail messages.
Do not use email - if you must....
Email should not hint at the topic of conversation.
Email should stick to the facts and not contain strategy or speculation.

So the whole world is now like my Mom?

[retroworks]

She never forgets anything I say. ever.

Re:So the whole world is now like my Mom?

That sounds like my wife.

She recalls perfectly every word I have ever said in her presence, including all nuances. I know this because after we have left a group of people and are on the way home she wants to dissect and tease every little bit of meaning out of every word I said to anyone for the whole time we were with the group. Example: "EXACTLY what did you mean when you said "happy birthday" to Sarah?" "Um, I meant what people normally mean when they tell someone "happy birthday." "But they way you said it..."

There was a Black Mirror episode that was very hard for me to watch because it was almost exactly like this. In that show everyone had an implanted memory chip that allowed perfect recall of everything, just like my wife.

Someday I'll die and my nightmare will end...

Re:So the whole world is now like my Mom?

Wait until your married. Your SO will remember everything you say, and many things you'll swear you didn't say.

.

Re:So the whole world is now like my Mom?

[meta-monkey]

Sounds like your wife is a bitch.

You chose...poorly.

Re:So the whole world is now like my Mom?

[OneSmartFellow]

I know, now, that my ex-wife used to make up shit that she would then claim that I said.
I used to think I was insane because I could never remember saying stuff she would claim that I said. Lots of it wouldn't even sound like something I would say, yet she would -supposedly- quote me verbatim.

Bitch !


You have been warned.

Re:So the whole world is now like my Mom?

[amalcolm]

Like the Indiana Jones quote - Kudos!

Re:So the whole world is now like my Mom?

"I know, now, that my ex-wife used to make up shit that she would then claim that I said.
I used to think I was insane because I could never remember saying stuff she would claim that I said. Lots of it wouldn't even sound like something I would say, yet she would -supposedly- quote me verbatim. "
Yeah. Same here. But mine would also just outright deny some things she said. I'm not that easily persuaded, but she was so good at that so I started to doubt my memory. I'm glad it's over.

Do things really get deleted?

So I think somehow stuff that used to get deleted now remains because their is no clear reason to do so. I remember when storage drives were much smaller and people cleaned up unwanted files and programs. It became a necessity for some. Now we have small local drives in smartphones and tablets. Even some notebooks. But we have also adopted a cloud storage system to store files, folders and content. Sometimes that stuff get's built up because its not in front of us
all the time begging for deletion. Reminds me of the lawsuit of iPhone users who complain IOS 8 is stealing space away from them. Did they ever think they were just hoarders? Another trend Gmail does is too never delete all messages. Yes, you make them go into a sort of trash bin. But they basically sit there unless you specifically delete them. I think the Sony hacking just proves that sometimes deleting stuff is good, or at least direct those messages into a non public accessed encrypted folder. Like a bad Tweet or a Facebook post. Once its out there, its out there.

Research data

[Enry]

Research data usually needs to be kept for 7-10 years after the conclusion of the grant, then usually stored much later after since the people involved have left and nobody knows what to do with it. In our research of a 2PB file server, over 1/2 of the data hadn't been touched in over a year. The desire there is to move the data to cheaper tape backup and free up spinning disk. The problem with that is it's cheaper to buy more spinning disk than it is to buy a brand new tape array that will last for 10-15 years and be able to store a few PB of data. Think of it as initial vs. incremental cost.

But the part about employees leaving and not knowing what to do with their data is a big one. I'm sure there's leftover data from when I parted ways with my previous employer - I was there for 11 years and did a lot of work for them during that time, with data scattered all over the place. But since I'm gone there's no way they can ask me to come back and help, so all they have is what's left and if they delete any of that they have no idea what they're going to lose.

Re:Research data

[mrchaotica]

Research data really ought to just get published with the paper. Then (A) it's easier to peer-review / reproduce / verify the research, and (B) storing it becomes somebody else's problem. As Linus said, "Only wimps use tape backup: real men just upload their important stuff on ftp, and let the rest of the world mirror it ;)"

Re:Research data

I more or less openly destroyed dozens of boxes of tapes and drives and terabytes of online data when I left my company. They would have never said yes if I asked about any dataset specifically. So I told them it was a datacenter modernization project, no hardware over a few years old, space and power savings. They bought it :)

Re:Research data

Research data really ought to just get published with the paper. Then (A) it's easier to peer-review / reproduce / verify the research, and (B) storing it becomes somebody else's problem. As Linus said, "Only wimps use tape backup: real men just upload their important stuff on ftp, and let the rest of the world mirror it ;)"

I think you don't realize the scale of the post you responded to. He said PB. You just can't "publish" that. We collect about 10 TB per year of raw data. Nobody wants to house that for free. The data center we work with insists on files no bigger than 100 MB, in case some starving scientist in Africa wants access. Processed down data can be small, much smaller, but keeping the middle steps is important, because people continue to pull other products out.

This is a seriously difficult problem and your solution is drastically out of touch.

Re:Research data

It might be worth looking into something like Amazon Glacier or other on-line backup systems. It's usually pretty cheap.

Always delete

[smooth+wombat]

This is why I kept telling people to delete emails. Don't save everything, get rid of it. Set Outlook to auto delete on exit and don't give people the option to delete.

But no, they whine and whine that they need to keep stuff even though they haven't looked at it in five years and the project it referred to is gone.

Delete, delete, delete.

Re:Always delete

[bill_mcgonigle]

Cute. Meanwhile, if they live under any kind of fascist government regime, they usually have minimum seven-year retention policies on many kinds of data, or risk facing prison sentences.

I know, if she didn't want her emails stolen, she shouldn't have been using such a cute ad-dress.

Re:Always delete

[nospam007]

"This is why I kept telling people to delete emails. Don't save everything, get rid of it. Set Outlook to auto delete on exit and don't give people the option to delete."

Exactly! There is no philosophical wisdom in there that could benefit mankind.
Only dickpics.

Re:Always delete

[Russ1642]

I keep personal emails. However, I've worked at companies where they had a strict email deletion policy at 3 months. If the emails don't exist they can't be used in investigations against them. And it makes sense. After 3 months most people forget what they were conversing about anyway and can't provide the necessary context for emails, so they can be highly misleading and are a significant liability for the company.

Re:Always delete

[pla]

After 3 months most people forget what they were conversing about anyway

Yes, they do, except I draw a different conclusion from that than do you.

I get questions literally on a weekly basis along the lines of "Why the hell did you do it that way?"

I find it somewhat satisfying to answer by simply forwarding the asker an email, usually their own, in which they insisted I do it that way, typically over my objections that it wouldn't work correctly "that way."

I have a simpler policy

[0123456]

I don't do or email anything that would "cause enormous public embarrassment" to the company if it got out.

Re:I have a simpler policy

I don't do or email anything that would "cause enormous public embarrassment" to the company if it got out.

I'd go with the first option.
If it is a problem if it became public what you do then you should probably not do it.

It similar to the situation where you check with the legal department if it is OK to do a certain thing.
It wouldn't have occurred to you to check if a thing is legal if you didn't know that it was unethical, otherwise you would have just thought that it was obvious that it was OK.

Re:I have a simpler policy

[davidwr]

It wouldn't have occurred to you to check if a thing is legal if you didn't know that it was unethical, otherwise you would have just thought that it was obvious that it was OK.

Um. Nope.

There are plenty of things that are ethical and even commendable on their face but due to a law, contract, or some other thing that you, the employee or manager, don't know about, it may be illegal or violate a contract if you do it.

In a well-run company, upper management will tell everyone the broad areas that must be run through legal/finance/upper management for approval, and make sure the approving departments/managers have all the information they need to make quick, correct decisions on almost all cases. In a very-well-run company there may even be do-it-yourself pre-screening checklists, so if the "broad area" is "doing business with a foreign country or foreign national who isn't also a US citizen or permanent resident" the checklist can give the employee a quick "it's okay/it's not okay/ask legal" answer.

Re:I have a simpler policy

[bws111]

So you never give an honest negative opinion about a product under development, for instance? You would never report any suspicion of wrong-doing? You would never give an opinion of a fellow employee if asked?

Re:I have a simpler policy

So you've never ever, not even once, wrote something that, in retrospect, would have reflected poorly upon yourself or your company 5, 10 years later? I'm generally careful about what I write, but I can't say it's always been 100% wise after returning to look at it. Sometimes I was too emotional. Other times simply misinformed. I'm thankful for our retention policy.

I worked for a corp with a 30 day retention policy

[laird]

I worked for one corporation with a 30 day email retention policy, and the servers were configured that way. After that, anything of importance was supposed to be printed and filed for future reference. And this was in the 90s. Of course, people still had email on their desktops, etc., but I'd guess it let them respond to lawsuits' discovery in a more limited manner than trawling through all email ever sent by anyone about anything, limiting risk of embarassment. I follow the logic, but pragmatically speaking it's convenient to have past emails easily searchable.

Sony could have archived

[Karmashock]

You don't need to keep everything on line. That was the thing that was so stupid. They had everything online with a common key to access everything.

First, Sony knew they had a problem over a year ago. They're refusing to admit it but everyone knows.

Second, they way Sony laid out their network was dumb. They should have compartmentalized and archived.

Third, when you know you are getting hacked don't just sit there with your thumb up your ass. Do something about it.

Re:Sony could have archived

Sony have had problems in 2008 via SQL injection attacks. 2011, same thing, but this one resulted in the PSN going down for a month. 2014, oops, another SQL injection attack, but this one was covered up, Sony have managed to get the marge media outlets to remove items mentioning.

Re:Sony could have archived

[Karmashock]

I've noticed. It is sort of sad how corrupt the media has become. They don't even realize it themselves. You talk to them, and I do talk to newspaper people on occasion... and they just don't see it.

Re:Sony could have archived

First, Sony knew they had a problem over a year ago. They're refusing to admit it but everyone knows.

One problem with that is that, with a company that size, it is hard to actually fix a systemic security issue in less than a year. I know of a company that recently found out about a big bad bug, but fixing it has met with an enormous amount of resistance. It isn't easy to add security to an old system, once people have their methods of access ingrained.

Re:Sony could have archived

[Karmashock]

I could have personally put a tourniquet on it in under a week.

And I say this as someone that manages a large network at a major corporation. It is really not that hard.

You might have to get drastic but when your house is on fire, I don't want to hear whining about people skuffing up your carpet.

A really quick example of something that would work instantly:

Terminal servers. First, isolate the servers getting pilfered. And then plot a few terminal servers down in that network and then give everyone that needs access to that information a login credential to the terminal servers. No file sharing between the system. If you want to access the data... then do so. No file transfers. No executable code transfers. No script transfers. You can still print from the terminal to the remote user's workstation.

That is an EXTREME solution. But anyone that tells me these things are hard or take a long time is either trying to avoid mussing up someone's hair or they're not aware that there are always drastic solutions. You do not let an on going hack continue for a year like that. It is indefensible incompetence.

Re:Sony could have archived

[rainer_d]

Someone needs to make a wiki-page about all those times Sony has been hacked.
They're already too many to keep track of in your head

Re:Dear Nazis (Scöre 5: Redundant)

Frosty godwin

I have another idea...

[Floyd-ATC]

If huge corporations started following some basic legal and ethical guidelines, they wouldn't have to worry so much about old documents getting leaked. If your business strategy is to f##k your customers and/or your partners, sooner or later you will pay for it, documents or no documents.

Re:I have another idea...

[UnknownSoldier]

What, Sony respect their customers?

BWAHAHAHA

That's a good one!

Corporations only care about short-term profit; they forget their long term reputation because it can't be written down in the books.

Re:I have another idea...

Who's Sonny? Never heard of 'em..

Last think I remember is expensive and poor memorystick in the 90s.. Good riddance!

I don't really care what legal loopholes can be abused to avoid responsibility. I just stop being a customer.

Captcha: legality

Re:I have another idea...

like amazon? like tesla?

Re:I have another idea...

[swillden]

If huge corporations started following some basic legal and ethical guidelines, they wouldn't have to worry so much about old documents getting leaked. If your business strategy is to f##k your customers and/or your partners, sooner or later you will pay for it, documents or no documents.

This is an appealing idea, but it's just not true in the world we live in. People make mistakes, say things they shouldn't, joke about things they shouldn't. Worse, attorneys are masters at finding evil implications and subtexts even where they don't exist. It's very easy for companies who are really trying to be good corporate citizens, serve their customers well, treat partners fairly and generally behave well to end up shafted by something that turned up in discovery in a malicious lawsuit.

To reduce the chance of that, the company's lawyers need to go through all of the retained data with a fine-toothed comb, checking every item to see if it needs to be turned over, and if some of it should be redacted. This process gets insanely expensive when retained data is measured in terabytes.

This is why good companies with competent legal counsel define and implement retention and destruction policies. Having a standard policy that you always follow means that data destroyed per policy is not destruction of evidence, but just housekeeping. Setting that policy to be relatively aggressive about destruction reduces the quantity of material available for discovery, so the attorneys don't have to wade through all of it. Even better, there is NO chance that something in deleted data can be twisted or taken out of context, or that some employee's joke or fit of anger could cost the company a huge settlement.

Of course, unethical companies are generally really aggressive about destroying old data, for exactly the reason that per-policy destruction of evidence is not, legally, destruction of evidence. One way to tell the difference is to look at the policy. Most companies retain data for six months to a year, and recommend to employees that they be careful what they say in stored communications. Shady companies often have policies mandating destruction in as little as 30 days, as well as a strong corporate culture of never putting anything important in storable form.

Re:I have another idea...

[Floyd-ATC]

Here's a thought. What if you accidently keep one bit of information that could be turned against you when out of context, and you diligently deleted the very documents that would have shown the redeeming context? If one of your employees step out of line and produces something that could be turned against you, then act on it. If the paper trail shows you did, then you have nothing to fear from sensible people. Never trust a company which goes to great length to cover up their past. Lawyers and media? Those will attack you anyway, with or without evidence. Stop feeding them.

Re:I have another idea...

[swillden]

Here's a thought. What if you accidently keep one bit of information that could be turned against you when out of context, and you diligently deleted the very documents that would have shown the redeeming context?

Then you explain the context, and have the relevant people testify about their recollection of it. With no documentation to trip them up, and with the benefit of hindsight. This actually happens a lot, when some of the documentation still exists while other documentation has already been deleted.

If one of your employees step out of line and produces something that could be turned against you, then act on it. If the paper trail shows you did, then you have nothing to fear from sensible people.

That assumes you recognize it before it becomes a problem. Which, besides being difficult on its own, raises the question of who the "you" is. An e-mail communication between two employees, neither of whom sees a problem, won't ever come to the attention of management, much less the legal staff. Not until a discovery search, at which point it's far too late. Acting at that point could actually make things worse.

Perhaps you want management and legal to be responsible for reading every e-mail, chat and document sent or received by any employee? That would be even more insanely expensive than trawling through terabytes of old data because in the discovery case the searchers at least have some notion of what they're looking for and can ignore much irrelevant documentation. Not to mention the chilling effect on employee productivity and/or morale.

Never trust a company which goes to great length to cover up their past.

Agreed. But having a reasonable retention policy is not going to "great length".

Those will attack you anyway, with or without evidence.

Without evidence, suits get dismissed and media gets bored and moves on.

Stop feeding them.

Yes, that's exactly the point of a retention policy, to eliminate litigious lawyer-feed.

Risk Management

[jbmartin6]

This is the most effective form of security, and often the hardest. If you have nothing of value, there is no risk. Of course that ideal state is impossible but that doesn't mean opportunities to reduce risk by reducing the impact are overlooked.

Best place ever for records retention policies

[kilodelta]

Was when I worked for the RI Secretary of State's office. The Archives divisions prepared all sorts of data retention schedules and we used them.

Re:Best place ever for records retention policies

[davidwr]

Were they sensible or was there a lot of "this seems stupid, but it's policy so we'll follow it" going on?

Wrong lesson

The lesson is always assume whatever you put in a computer will eventually become public.

Some things really just should not be done.
But if you must, at least have some discretion in what you type.

Ideally, not doing bad stuff could eliminate a whole set of professions (every one has their fun favorite for this list)
And of course give us world peace.
Wait, make that universal (as in the Universe) peace, assuming the world is the center of things is just too presumptive on our part.

On second thought, just delete the dam'n stuff and pass the beer.

Re:Wrong lesson

[davidwr]

The lesson is always assume whatever you put in a computer will eventually become public.

I think it will be quite useful if my entire life, from birth to death, became public 100 generations (or 2000 years, whichever comes later) after I die. Apply that to a representative sample of every culture that ever lived or will live and it would be a boon to anthropologists 2000 years from now.

However, once you start talking about making my life public within a few generations of living memory, or worse, within living memory, that could get dicey and cause real harm to specific people who are still alive ("your great-great-great-great-great-great-grandfather screwed my ancestor out of a plot of land, I'm going to kill you and all of your relatives" kind of thing).

In cases where knowing my life 2000 years from now is likely to cause or inflame ancient-but-still-living hatreds (think: some of the conflicts in and around the location of the modern state of Israel), push the date back further until this is no longer an issue. In other words, 2000 years/100 generations may be too short of a time before my life can be made public without hurting people.

Finally!

[Applehu+Akbar]

A philosophical argument for those cheap Western Digital external disks.

Never say anything in email

Never say anything in email that you wouldn't want published in the national news. It really is that simple.

Schools

[ncmathsadist]

I work in a school. When a term or a year closes, I do a big deletion of email that becomes moot at the end of that term or school year. A year-end cleanout often ends up with my inbox being chopped about 75%. If you have frequent senders who send mails with temporary topicality, you can sort by sender and get rid of their older mails.

Many have the policy, what's the practice?

[frooddude]

Every company I worked for had a specific retention policy. What they didn't have is any automated means of enforcement.

While a central server hack will get the stuff that's most easily handled automatically, lawsuits get to dig into the ugly bits that are still hanging out on the laptops of the employees waiting to be discovered.

Risk management?

[mark_reh]

I think a lot of company communication retention policies are based on risk management. They are afraid to delete anything in case they get sued. Depending on the industry they may be required to retain data by law.

It seems this can work equally in their favor or against them.

I have worked for a lot of big companies and realized from day one of email that there is literally zero privacy. Once you hit the send button you have no idea who is going to read what you wrote. I have always refrained from putting anything in a company email (or in a personal email accessed via company networks) that could come back and bite me in the ass. No jokes, no comments about coworkers, the boss, or management in general, no comments about the futility of the project I'm assigned to, etc. Keep it strictly business. Likewise for telephone conversations where one or both ends are in the company phone network. Likewise for web browsing and searches.

Anyone who thinks any form of communication at their place of employment is private is an idiot. Always assume every word said, written, or typed will be heard/read by someone who was not intended to be part of the communication, either now or in the future.

Re:Risk management?

Anyone who thinks any form of communication at their place of employment is private is an idiot. Always assume every word said, written, or typed will be heard/read by someone who was not intended to be part of the communication, either now or in the future.

Or lives in a country where privacy laws can be applied even at work. Imagine that!

Re:Risk management?

[mark_reh]

You apparently have not been reading the news in the last couple years.

There is no such thing as privacy, anywhere. All computer and phone communications are being vacuumed up and can eventually be used to justify doing anything they want to you, from stealing your girl to having you assassinated.

Don't be a fool!

Delete after one year, unless flagged

[gurps_npc]

My company has a policy - anything left in your inbox more than a year gets deleted.

If you think it is necessary to save it, create another folder and move it there.

My personal emails I just keep forever, but work stuff get's deleted.

The question was asked a very long time ago

[fustakrakich]

Why didn't you burn the tapes?

He says because he was under medication...

Wheatons Law

[milgner]

Don't be a dick. Should be easier to manage than a complicated document-deletion-strategy.

Sarbanes-Oxley Act says only delete within policy

[stiggle]

The Sarbanes-Oxley Act says you should retain company/corporate documents, and emails are company documents despite the triviality on the comments within.

So by all means delete the emails, and then when the SEC comes knocking and asks about the deleted emails you've got to convince them they were only pics of cute kittens off the internet and not insider dealing. So to cover yourself you backup and retain everything for a period as designated in company policy.

So ensure you have a short retention policy.

You'd think they would have learned by now

[Virtucon]

After all the e-mails that were flouted around in the Microsoft Antitrust case, you would have thought that businesses would have caught on by now. Having an active retention policy and following it does provide some collective amnesia because in any litigation situation if the information still exists it's discoverable. Personally I don't want someone delving around my e-mails from 20 years ago but unfortunately it has happened to me. The last thing you want is to be sitting in a deposition while opposing council tries to dissect your intonations and try and determine the definition of what "is" is. If you don't need it, delete it.

Re:You'd think they would have learned by now

[davidwr]

The last thing you want is to be sitting in a deposition while opposing council tries to dissect your intonations and try and determine the definition of what "is" is

The flip-side is that you don't want opposing council to have copies of cherry-picked email that their client kept that makes you look bad and not be able to produce the emails that put those cherry-picked emails in the proper context, one that proves the complaint against you is bogus.

The bottom line: If you retain stuff, you may be screwed, if you don't, you may be screwed.

Re:You'd think they would have learned by now

but your flip side is what *will* happen during a deposition. you don't get to present your exculpatory evidence to opposing counsel. and from personal experience, sitting in a deposition answering questions about random emails from years and years prior, well, it sucks. the only goal is to say as little as possible, and aside from answering the minimum truthfully, you STFU.

by the time you get in front of a judge, many many months later, well, it hardly matters that you have documents that provide context to the other side's "exhibits A-Z". by that point, the suck has already happened.

in our justice system, justice doesn't always prevail. protect yourself...

Don't be an asshole in the first place

Store what you want for as long as you need to..... Is this really that hard?

The economics are against it

[Espen]

The big problem with this is that storage is too cheap. ie. it's cheaper to keep buying more storage than to spend the time deciding on what to retain and what to delete.

And this was a point made 5 years ago, not by me, but a senior exec from storage division of a technology giant developing new ways of increasing hard disk capacity!

Retain docs they win, destroy them you lose :(

[davidwr]

As others have already alluded to, you are screwed if you retain and screwed if you don't.

If you retain data "forever" then you can be subpoenaed "forever."

If you destroy documents or entire categories of documents on a regular schedule and you are sued or prosecuted for crimes that have very-long statutes of limitations (certain tax frauds, for example), you won't have documents that exonerate you.

If you cherry-pick which documents to destroy, or destroy them (other than on a longstanding destruction schedule) shortly before a prosecution or lawsuit, you'll be accused of deliberately destroying evidence.

Re:Retain docs they win, destroy them you lose :(

Since the burden of proof is on the accuser (generally), lacking documents to exonerate is probably less of an issue than possessing documents which could implicate. And rest assured, implications can be built upon pretty flimsy evidence, especially in a civil case where the burden is preponderance of evidence. A few hundred emails with a coworker? You're probably having an affair, aren't you...? They're all about technical topics? Well, you obviously had a code... Maybe just the act of sending an email was a prompt to get together at the local motel that evening. Wow, you two got busy...

Re:Retain docs they win, destroy them you lose :(

They're all about technical topics? Well, you obviously had a code...

Honey, show me again how to do an "inner join" in that Sexy Quiet Language that you are so good with....

Re:I worked for a corp with a 30 day retention pol

[aaarrrgggh]

I get about 10GB of email a year, and do my best to purge what I can up front, but also try hard to save everything. Most of the girth is due to file attachments... And yes they really should have been saved to the file server, but sometimes it is missed. Little obscure pieces of information often come up as being useful years later-- one recent example was trying to figure out how certain financial information was derived 5 years ago.

But the bottom line is 99% of the information stored will never be used again after 6 months. Automatic expiry assignments would be cool, but wow that would be tough to track.

90-day data destruction? Blame the lawyers

[davidwr]

A common answer to the question "why do you/your company do something that seems so utterly stupid" is "because our insurance company/contracts/applicable laws make us do it and/or our lawyers tell us that it's better if we do it that way."

I've worked for companies that had short data-retention policies. I'm going to go out on a limb and say that most rank-and-file employees whose productivity depended on holding on to old data probably found some way to do so. Maybe they printed out all emails except the obviously ephemeral. Maybe they exported them. Maybe they bulk-forwarded them to themselves every 89 days. Maybe they [insert other easy solution that worked for them]. You get the idea.

Re:90-day data destruction? Blame the lawyers

All it takes is one employee to innocently and naively speculate that some technology might infringe some patents... And now your company is in for a nasty fight once that comes up in discovery. And it likely will, companies (and individuals) sue each other all the time. Even if the comment was innocuous, why have it around? The opposing lawyer will cherry-pick those gems, present them out-of-context, and your company looks like scum. Not worth the liability exposure.

Or ya know...you could just be decent human beings

I don't know who would think it would be ok to write any of those sorts of things in emails. The general counsel for a company i've worked for explained it like this, "Anything you put in an email, should only include things that you'd be comfortable explaining in court in front of your mother, grandmother, and pastor. If you need to discuss something sensitive do it over the phone or in person." This is basic corporate legal liability mitigation.

Document Retention Rules.

[mschiller]

Rules:
1) Don't delete other people's stuff. IT workers / Lawyers I'm looking at you. You should never delete something without a specific verbal or written OK from the document owner. When you automatically delete my stuff I find ways around your scripts.. It does no good, because I WILL retain my records indefinitely. So just stop wasting my time and leave my stuff alone.... The only justifiable reason to delete my files is: the Server harddrive is full. But it costs less to buy a freaking hard drive, than to decide what documents can be deleted...
2) Document Retention Policy: Min: Legally required length of time Max: FOREVER. See Rule #1. You should NEVER touch my inbox, Network Drive, or any other place I store documents with an automated script, deletion of files should only occur by hand by the document owner...
3) Don't do unethical things. You don't have to worry about what's in the document if you did the right thing in the first place... You should fire any employee who is unethical and as a corporation take responsibility if those unethical things embarrass the company. This is what reviews (code, business, technical etc) are for, you're supposed to check that your employees are following good practices... Then that circumspect code, business practice etc, would've never seen the light of day in the first place. When a corporation fails that they shouldn't hide it, they should admit it and take their licking...

My email contains important technical information that I may need for years after I composed that email. When you delete it for me. You waste valuable company time as I recreate the exact same information I already "knew" which may have never made it into a formal document.

JUST STOP IT. There is nothing illegal about keep business documents forever. There is something highly unethical (and possibly illegal!) about a practice that stems from the idea of destroying evidence. So stop it. The ethical, right, and more reasonable thing to do is enforce from the IT perspective the minimum retention policy. After that, (ie when you delete) should be based on business need: 1) I really will never need this again and 2) The storage costs don't justify the (low) possible future return. Since storage is CHEAP, #2 should pretty much never come into play...

Re:Document Retention Rules.

Says the guy not paying for the hard drives, the backup tapes, or the effort that it takes to get a good backup when backing up Terabytes of data not touched in years.

Re:Document Retention Rules.

[mschiller]

Effort??? *blink* *blink* *blink*. I suppose the IT person does backups 100% manually??? Sheesh the effort should be marginal, and if the file isn't changing it's not like you need to re-back it up every week or whatever. So let's see:

For each TB of *stale* documents:

1) ~$250 for Tapes (1 local + 1 offsite)
2) $100 for hard drives (1 local online + 1 offline backup)
3) 20 minutes of IT person support (multi-tasking, since all he has to do is plug in hard drive or insert tape and press go) = $40 (assumes $120/hr effective rate)

This assumes you have a small shop, without automated tape loading etc....

So It'll cost a whopping $400 to have 3 backups of the data and have a hard drive ready to spin up if the data is needed...

Yes it might be more complicated in an enterprise level house. But seriously, the price seems reasonable for what you get. I've generated well less than 1TB of documents/emails/etc in 12 years of engineering... Yet I've lost at least a week of accumulated engineering time due to retention policies deleting my email..... 1 week of Engineering time (~$100/hr effective rate) is $4000. Seems like $400 is a good investment to me!

[Note this assumes that DATASETS are treated differently. Transitory data such as: Compilation runs, Recorded Engineering data, etc should never be backed up in the same way as a document. I've probably generated ~1PB of datasets But who needs 1000's compilation runs most of which ended in errors or failed miserably when ran through testing. With the exception of released code, these are useless after a few months because I probably won't be able to figure out what the heck I was debugging anyway. But transitory datasets of this nature rarely fall victim to the data retention policy anyway, precisely because they are transitory... I don't keep the builds. I use a revision control system to allow me to recreate the builds if I needed them for some reason....]

Re:Document Retention Rules.

[MozeeToby]

My email contains important technical information that I may need for years after I composed that email.

Why the hell are you storing important technical information on an email server? That's a much bigger wtf than IT and legal doing their jobs.

Re:Document Retention Rules.

[mschiller]

Simple...

Email = Memo or Engineering Notebook from yesteryear

Let's say your in the early design phase for an engineering program

You've come up with 5 different ways to approach a problem. You prepare some thoughts about how to solve the problem in those 5 ways. You type them up (say 1 page per an idea) and send them to your colleague for their thoughts. They aren't formal documents and you aren't holding a meeting over it (so theres no powerpoint slides). But you've done some calculations, thought about pro/cons of each potential approach...

The project eventually goes done path 2, so you discard the other 4 ideas and generate formal documentation for path 2. 5 years later, a new derivative project with different requirements comes along. You realize the idea you had 5 years earlier is a perfect fit for the new problem. So you do a 5 minute Email search, and BAM you just reminded yourself of your thoughts from 5 years earlier

It's good company policy to RETAIN my email. For the sole purpose that my emails contain useful tidbits like this....

Sure I could put them in documents on the server... But the retention policy would still delete them because these sorta things aren't tied to a released formal document.

Re:Document Retention Rules.

[neurovish]

Sorry, if it is on the company's servers, then it is the company's data and not yours. You are not as important to the company as you think you are. If you *actually* are, then they will put you in an exception list. If the policy is causing the company to lose a lot of money from all the "waste of valuable company time", then it will either change the policy or go out of business.

Re:Document Retention Rules.

[Alan+Shutko]

My email contains important technical information that I may need for years after I composed that email. When you delete it for me. You waste valuable company time as I recreate the exact same information I already "knew" which may have never made it into a formal document.

The counterargument is that it's cheaper for you or someone else to reinvent that wheel than it would be for lawyers to pour over terabytes or petabytes of data that have been stored forever in the event of a lawsuit discovery.

This is a good opportunity!

[MagickalMyst]

What I see is the opportunity for evidence of wrong doing to be leaked to the public.

Sony is "embarrassed"? Sony is a corporation, not a human. As such it cannot be embarrassed.

But it can be found guilty of it's crimes, as can any other corporation.

Let the madness begin!

heh

when you have a bitch that thinks she needs things from 1992 calling the shots... you'll never get rid of anything.

Re:BarbaraHudson's b.s. answer

What's good for the goose is good for the gander. Reverse psychology. Turn about's fair play. Fight fire with fire. BarbaraHudson's getting burnt by it. Serves her right.

BarbaraHudson: "Eat your words"... apk

"I tore apart your stupid hosts file crapola." - by BarbaraHudson (3785311) on Tuesday August 19, 2014 @10:46AM (#47703255)

Where? You RAN from trying recently -> http://slashdot.org/comments.p... & you're FAIRLY given the opportunity to make good on those words of yours - you downmodded (via your many sockpuppets) & ran, lol, after your wise-ass comment on hosts here JUST before that challenge -> http://tech.slashdot.org/comme... quoted next below:

---

"scans multiple forums repeatedly to troll his crappy HOSTS file " - by BarbaraHudson (3785311) on Sunday January 04, 2015 @11:58AM (#48730581) from http://tech.slashdot.org/comme...

I only post on them where they apply (or confronting naysayers like you). Prove otherwise!

(Oh, that's right - you're NOT BIG ON PROOF, are you? See below next...)

---

"His only "legend in his own mind" was that he claimed that "his" hosts file could completely secure a windows computer. " - by tomhudson (43916) on Saturday February 12, @11:19AM (#35186644)

Where did I even *once* claim hosts completely secure a computer?

Putting words in my mouth I never stated != truth, or a good argument on YOUR part. You RAN from that too!

---

"Who has independently vetted it?" - by BarbaraHudson (3785311) on Tuesday August 19, 2014 @10:46AM (#47703255)

You tried to say it's malware/spyware too - guess what:

Answer = The BEST in the security antimalware & antispyware business currently, http://www.av-test.org/en/news... per that VERY recent test's results, who also host & RECOMMEND my program for hosts, is who -> http://hosts-file.net/?s=Downl... (Malwarebytes' hpHosts)

* You've done better? No... lol!

APK

P.S.=> You fail: "Eat your words, Forrest" & you told others to stalk/harass me by ac posts as YOU YOURSELF do, unceasingly, for years http://slashdot.org/comments.p...

... apk

BarbaraHudson b.s. answer... apk

BarbaraHudson stalks me by ac posts & that's quoted in her words http://slashdot.org/comments.p... & her "points" vs. hosts = b.s. (in a 'journal' - not publicly since she KNOWS they're bullshit):

"We don't need to use a hosts file to block ads (adblock does it better)" - by BarbaraHudson (3785311) on Sunday September 21, 2014 @02:09PM

FROM-> http://slashdot.org/comments.p...

To THAT b.s. I point out how NOT BETTER it is, tearing up 4++gb of RAM & flooring CPU too -> https://blog.mozilla.org/nneth...

+

By default (since advertisers KNOW most folks using "Almost ALL Ads Blocked" won't change that) adblock's PAID OFF NOT TO DO ITS JOB FULLY -> http://techcrunch.com/2013/07/...

ClarityRay's also DESTROYING AdBlock but it's NOT ABLE TO DO THAT to custom hosts files.

Barb's *trying* to tell us that Adblock's vastly inferior in abilities + chews up resources LIKE MAD is "superior" to hosts that do all of what adblock does, and FAR more - with less? Please... lol!

* I'm confronting BarbaraHudson directly (despite her constant trollings of myself often behind my back that I do *NOT* start 1st, until she pulls her crap on me like usual: That's all!) for closure of this publicly so BarbaraHudson can "eat her words" in front of us all!

APK

P.S.=> Facts above vs. BarbaraHudson's fictions & the FACT BarbaraHudson CANNOT DISPROVE that hosts do more w/ LESS, & far, Far, FAR MORE for added speed, security, reliability, + even anonymity (to an extent) vs. adblock & that hosts fix DNS security issues in DNS amplification attacks, DNS being downed, DNS being redirect poisoned etc. - et al as well: NO SINGLE SOLUTION does more & w/ less, period/fact, for all those points of mine here Barb sockpuppet downmodded & RAN from -> http://slashdot.org/comments.p... like the troll & multiple account using sockpuppeteer she is... apk

Double Edged Sword

So on one hand, I need to delete my emails in the event that the company is hacked and things get out that they don't want to get out. On the other hand, there is likely a lot of stuff in there that I should probably keep.

My last company did this years ago for a completely different reason. They wanted to limit the amount of information available in the event of a lawsuit. You can't provide data that you don't have. And if you have a policy that states all email is deleted after 2 years, the amount of data in the event of a lawsuit is greatly diminished.

Of course, everyone started to save their emails into PSTs that they hid away from prying eyes. For the same reason the company wanted you to delete an email, you were liable to want to keep them. So then they started looking into ways of banning PSTs. It grew more ludicrous as it progressed.

You keep using that word

Hear talk about cyber bogeymen, and you can more or less safely ignore it. Even from big name luminaries. Yes, I know, that gefingerpointing wasn't the point he was trying to make. But why harp on nebulous threats when we have realised concrete threats to illustrate with instead?

Expensive storage would hardly change anything

The most embarrassing files are not the biggest ones. A 1 KB e-mail can bankrupt your company. This is not the cost of the storage that should drive you when keeping or deleting data, but the cost of the potential embarrassment.

Cardinal De Richelieu on six lines

[Paul+Fernhout]

"I think you know we now live in a world where you can make a fairly benign statement and their exists a very real possibility someone with an axe to grind may strip it of its context and use it against you. "

Nothing new; see Cardinal De Richelieu (1585 -- 1642): "Give me six lines written by the most honorable person alive, and I shall find enough in them to condemn them to the gallows."

As a socially-minded countess who lived through WWII told me once somewhat tounge-in-cheek yet also very seriously (paraphrasing, and she probably got it from elsewhere in those times):
"If you think, don't talk;
If you talk, don't write;
If you write, don't publish;
If you publish, don't sign."

So, again, this is not a new issue. That is one reason for the protections in the US constitution against "fishing expeditions" in people's lives. "Selective enforcement" of the law or "selective scrutiny" of political adversaries is a corrosive thing in a democracy.

But the problem is, in order to make social change on a broad scale, such as Martin Luther King was involved with regarding civil rights, is that you have to think, talk, write, publish, and sign. And as I've said before, that is the problem with an emphasis on security through "encryption" as opposed to community if you are interested in social change, because in order to make social change you need to spread a message generally in a very public and committed way. Related comments by me:
http://slashdot.org/comments.p...
http://p2pfoundation.net/backu...

Re:Cardinal De Richelieu on six lines

[turbidostato]

"Nothing new; see Cardinal De Richelieu (1585 -- 1642): "Give me six lines written by the most honorable person alive, and I shall find enough in them to condemn them to the gallows.""

Yes. And the best defense here is:
1) Don't allow for Richelieu-level authority (aka dictators) to rise.
2) When confronted with this six line text, be ready to offer the jury the other 594 lines of text that were deleted so they can see them in context.

Regarding point 2, remember that even if you have in place an "aggressive data deletion policy" as per Schneier words, this doesn't mean your foe will play by the same rules, and then you will have private yourself of your best line of defense against him.

Martin Lomasney had it right

[paiute]

Perhaps people will now be more circumspect in what they put in emails. As Martin Lomasney allegedly said, ""Never write if you can speak; never speak if you can nod; never nod if you can wink."

Mod parent up insightful!

[Paul+Fernhout]

Well said, turbidostato, well said!

See also a book by a founder of MasterCard which even included a section on the importance of "open books [for accounting]" that can be inspected by all employees and customers:
"Honest Business" By Michael Phillips
http://www.amazon.com/Honest-B...
"An inspirational guide to ethical business practice explains how to create and manage a small business that emphasizes openness, personal integrity, and community involvement as the keys to success."

Another related thing is Dee Hock's (founder of Visa) work on the Chaordic Commons as value, purpose, and principles-driven fractally-organized organizations:
http://en.wikipedia.org/wiki/C...
http://www.griequity.com/resou...

That said, I have a lot of respect for Bruce Schneier, especially for writing stuff like this:
"The War on the Unexpected"
https://www.schneier.com/blog/...
"We've opened up a new front on the war on terror. It's an attack on the unique, the unorthodox, the unexpected; it's a war on different. If you act different, you might find yourself investigated, questioned, and even arrested -- even if you did nothing wrong, and had no intention of doing anything wrong. The problem is a combination of citizen informants and a CYA attitude among police that results in a knee-jerk escalation of reported threats...."

Re:Mod parent up insightful!

[turbidostato]

Curious that Schneier sees that "The problem is a [...] CYA attitude among police that results in a knee-jerk escalation of reported threats...." but still sees no problem in the same CYA attitude when it is the corporations the ones supporting it.

Re:Mod parent up insightful!

false equivalence... not every "CYA" instance is contextually the same, nor are they morally equivalent. you're inferring something that Schneier never said. so here, let me try: curious that Schneier sees no issue with CYA pants... that reveals much. see what i did there...?

"Netscape engineers are weenies!"

I work for a company that has very strict data retention policies. As a matter of fact one of the things you sign when hired is an explanation of these policies and that you both understand them and will adhere to them.

After the legal mumbo jumbo there is a paragraph that basically says "since we retain this stuff for years never put something in an email or code comment that may embarrass you in the future."

At the time it made me think of the MS engineers who used "Netscape engineers are weenies!" as a decoding phrase in a .dll I am sure it was good for a laugh in the lab but they looked pretty stupid when it got exposed.

Anytime I warn someone about something they have written that they shouldn't have - that incident always comes to mind.

Dear Nazis

The nazis did not need to hide stuff for legal reasons. It was all legal under their own twisted laws. They only had public opinion to worry about - but they also exploited public fears. So a camp should not be "too visible", or people might find it revolting enough to revolt. But on the other hand - it is useful that they see troublemakers disappearing. It may be useful that people occationally find burnt teeth in bags of fertilizer. It keeps rumors and fear going, it keeps the rest firmly in line.

None of those documents are owned by you.

None of those documents are owned by you. You are not "the owner." Get over it.

They are company property. Work for hire. (Unless you are in a very special contractual relationship where you retain copyright and ownership, which is exceedingly rare and becoming rarer. Even authors and academics are losing the leverage to require such contracts.)

They are owned by the company. Follow company policy, or be prepared to be berated, punished, suspended, ostracized, demoted, and terminated at will. The company's policies, business practices, legal opinions and ethics are not yours, and never will be.

Does this suck? Yes. It is one of the many reasons I can't work for a corporation or almost any company - the legal framework is so at odds with practicality and ethical frameworks as to make any honest, thoughtful person a liability in the workplace.

There is no sure way to delete

[Tony+Isaac]

Once you type words into a computer, whether as email text or documents, you have to assume they will be retrievable by someone at any point in the future. Even if your company has automated retention policies, somebody could easily forward or save whatever you write, an email server somewhere could retain what you sent, a backup system could archive it.

Document retention policies are like school zero-tolerance rules. They are stupid to begin with, and they don't achieve the desired result.

NVIDIA and its 45-day retention policy

I remember when I worked at NVIDIA, they had a 45-day retention policy for all emails.

Re:NVIDIA and its 45-day retention policy

So... you're saying they've got a competent and savvy in-house legal team? Or are you trying to imply something unsavory? If the latter, do you have evidence? No? Well then... I guess either way you're saying the former. Pretty neat how that works...

Re:BarbaraHudson's b.s. answer

I'm on BarbaraHudson's side here. The fact she's got APK's panties in a twist means she's doing something right.

-APK

P.S. => Go eat a bowl of cock.