Deleting E-mail Could Get You In Trouble 205
Sterling D. Allan writes "A story in the Deseret News cautions governments and corporations from deleting legitimate email. Expensive measures are being called into place to archive the mail for future subpoena purposes. Think Enron on one hand. Think Monicagate on the other. Next they'll ask us to keep recordings of all our phone conversations? Big brother gets bigger -- with good reasons, as always. What about all those business propositions I get from Nigeria. Do I have to keep those too? "Get rich from home" (to pay for the purchase of a new hard drive to contain all your spam). One man's junk is another man's treasure. You never know what an IRS agent might find lucky."
I'm not that bothered (Score:3, Insightful)
I have no real problem with companies being subject to tighter restrictions. However, these restrictions shouldn't be too sweeping. If I send an e-mail to my friend using my Work's e-mail address the government should not be allowed to view that e-mail without a warrant.
Moreover, there should be a legal definition of what to keep and what can be tossed. I could imagine something like:
"a message that amounts to an instruction to an employee or specifying of company policy.." etc.
I don't want to store twenty thousand pieces of spam that every user might collect over two years. That makes e-mail quite an expensive tool if you have to do that.
There is one question I do have. Did the government have the power to collect so much information in the past? How many years worth of company paper memo's were stored? I suspect the ability was much reduced so in which case so why do they need so much more data?
Simon.
Re:I'm not that bothered (Score:5, Insightful)
But how do they know that what you sent was a personal email, without reading it? When you send an email from your work account, you are effectively speaking on behalf of your company. If you want to send a personal email, you should use a personal email account.
How many years worth of company paper memo's were stored? I suspect the ability was much reduced so in which case so why do they need so much more data?
I suspect that if paper records were as easy to store as electronic ones, they would have required just as much to be retained. A couple of SAN-type things the size of an office filing cabinet would no doubt be capable of storing all the records your company is likely to ever create; the actual filing cabinets may only be sufficient for a couple of years' worth of paper records.
Re:I'm not that bothered (Score:5, Insightful)
Interestingly enough, although electronic records are easier to store than paper ones, they are also far more easily deleted. Deleting email is easier than throwing away a paper letter. And what's more important, deleting a thousand or ten thousand emails isn't a lot more difficult than deleting just one. It's psychologically easier, as well, since paper documents have a more significant, official feel to them.
Re:I'm not that bothered (Score:4, Insightful)
Except that's not actually true. If you have a paper letter, you tear it up, it's gone. Of course it can be photocopied, but still, those copies can (relatively) easily be found.
Delete and email - what if it's still in your mail folder? Many clients mark deleted emails as such then only carry out the purge when they "compress" the mail store. Maybe there's a copy still on the server, the delete instruction hasn't reached the other half of the cluster yet. Maybe there's a copy on the backup tape. Maybe the system is configured so that mail is logged on delivery, and deleting it from your client doesn't touch the master log.
Deleting email is actually far, far harder than destroying a letter.
Re:I'm not that bothered (Score:3, Insightful)
Well, for one thing, I think you underestimate the paper trail a document can have in any modern burocracy.
Re:I'm not that bothered (Score:3, Funny)
It's encrypted. Best possible way of marking your emails as "private", imho, closely followed by interspersing your personal emails with ones containing malicious javascript that your boss' computer is vulnerable to...
Re:I'm not that bothered (Score:3, Informative)
Yes government had the power. And it's not uncommon for companies to keep a lot of paperwork until long after it was useful, occasionally purging all the really old stuff.
Re:I'm not that bothered (Score:5, Interesting)
Similarly we only use our 'official' work emails for the most anodyne correspondence. Anything of interest is between our home email accounts, which are much less likely to get subpoened.
(we are not involved in widespread criminal activity, well not yet anyway - we just don't want our admins to read all our mail too easily. I suppose encryption would be good as well).
Re:I'm not that bothered (Score:3, Interesting)
I am a doctor and we say 'never write something in the notes that you would not want them to see'.
Sad that we live in a society with such huge legal awards taken from medical providers that they are forced to wear false masks to get by.
Similarly we only use our 'official' work emails for the most anodyne correspondence. Anything of interest is between our home email accounts, which are much less likely to get subpoened.
Good incentive for company firewalls *not* to block out
Re:I'm not that bothered (Score:2, Interesting)
Re:I'm not that bothered (Score:2, Informative)
the logs
Re:I'm not that bothered (Score:2)
Re:I'm not that bothered (Score:2)
The Sendmail log file?
Re:I'm not that bothered (Score:2)
No, it also potentially tells it was received. Received as in transmitted to your email account. After that it's your responsibility to do whatever you want with it. No, nobody can determine whether you've read it or not, but that's true for anything including real letters (including registred mail), but I never claimed that, I replied to the question: "Who's to say I ever got it?"
Re:I'm not that bothered (Score:5, Informative)
Other questions come to mind, like what is an electronic communication? E-mail? Instant Messaging? Video Conference systems? VoIP? Regular phone calls? The general answer you will find these days is "yes".
It used to be prior to Enron and Worldcom that most people believed what you don't have can't hurt you, so they'd ignore these regs or at best take a very limited view of their coverage (Joe, you work in the XYZ critical department, so you need to copy all your business email to this mailbox). These days they go for "the whole company gets journaled to an external service provider" type of approach. And apps like Instant Messaging are not allowed unless we have a server to capture all the traffic from the app.
So yeah, if you're a company, big brother can come and get you - or at least one of his smaller, more industry-specific siblings. It really depends on where you are.
-Jack Ash
Re:I'm not that bothered (Score:2)
I work in a branch of health care. We took over a small office about a year ago. I just got around to retiring outdated records. What I saw being saved shocke
Re:I'm not that bothered (Score:3, Interesting)
Re:I'm not that bothered (Score:2)
Same reason that dogs lick their balls.
Re:I'm not that bothered (Score:2)
Re:I'm not that bothered (Score:2)
Re:I'm not that bothered (Score:3, Informative)
Quite a lot actually, 5 or more years worth in some cases. One of my fathers co-workers quit a fairly decent job to pursue his archival storage bussiness full time as he was making A LOT of money storing back records for various companies to keep them in line with various regulations. We're talking acres of storage space for some storage companies.
Exactly what is kept and for how long varies from industry to industry, and a lot of it is 'liabi
Re:I'm not that bothered (Score:2)
Encrypt your mail.
I think someone need Gmail! (Score:2, Interesting)
Re:I think someone need Gmail! (Score:5, Interesting)
"After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record. This means that a subpoena instead of a warrant is all that's needed to force Google to produce a copy. Other countries may even lack this basic protection, and Google's databases are distributed all over the world. Since the Patriot Act was passed, it's unclear whether this ECPA protection is worth much anymore in the U.S., or whether it even applies to email that originates from non-citizens in other countries."
Re:I think someone need Gmail! (Score:2, Insightful)
If they would like to see that I'm going to visit my friend in October or call my sister then let them. Important information should be encrypted anyway.
What annoys me are all of the people who want to stop a company from providing a valuable service. The reason why google offers the service that lets you just archive
Re:I think someone need Gmail! (Score:2)
Personally, I don't have anything to hide. But I certainly respect others that do, which is why I always encourage stego, strong crypto, and Freenet. If you really care, just PGP everything and you'll be OK. Don't trust PGP? Write your own crypto routines (they're pretty simple) OR use a 1-time-pad that you keep with
Re:I think someone need Gmail! (Score:2)
Man, that is some crappy legislation.
Re:I think someone need Gmail! (Score:2)
Reminds me of something a friend told me in college: "Why is it when someone has an incident with Alcohol+X+Vomiting they never eat X again? Why don't they stop drinking alcohol?"
In other news... (Score:2, Insightful)
Comment removed (Score:5, Funny)
Re:Treasure, eh? (Score:2)
Keeping Documents (Score:4, Interesting)
I guess the idea is that if ever it came down to a court case, the e-mail records could be easily retrieved and used in the case. And destroying the records would be a crime, I suppose, which would also have it fall in line with what would happen if you were to destroy the paper records.
Re:Keeping Documents (Score:3, Informative)
However general purging of records (electronic or not) that do not fall under those regulations is definately NOT a crime.
However, the second you become aware they might (reasonably might) be used in a court case, you are no longer allowed to destroy them.
I purge the old stuff regularly until told to do otherwise for a specific reason. Of course, there is no way in hell I'd be given a budget to keep the stuff... so bit-bucket it goes!
reasonable (Score:2)
Re:reasonable (Score:3, Insightful)
It's like any other "suggestion". Eventually, they'll have to specify some sort of standard, and then the lawyers will find a way around it, like usual, for their clients.
Re:reasonable (Score:2)
I know that "back when" (read 10-11 years ago, I was working for an insurance company. There are/were VERY specific rules on keeping paperwork. I was involved with a project to keep claims letters - they had to be retrevable for 7 years from the date they were sent. Fun job, and until that point, they had NOT trusted computers. We kept a comple
Re:reasonable (Score:2)
I was hoping someone else would get into the spirit of things and post something about "you have punch tape, you insensitive clod! I have to use stone tablets!"
Anyway, as a prior poster points out, this is not the law, this is just a position paper.
Even if it were to become law next week, it cannot be applied retroactively. (Not where I live, w
Re:reasonable (Score:2)
Make the rules the same as for paper mail (Score:2)
It's RTFA time... (Score:5, Informative)
So, no, we don't have to keep spam.
Re:It's RTFA time... (Score:5, Funny)
Re:It's RTFA time... (Score:2)
actually... (Score:5, Informative)
Actually trading corporations (like Bear Sterns or Bloomburg) are required to record all conversations relating to market orders. That means that some phone lines are always being recorded at all times. This is required by the SEC. You'd be suprised what restrictions are already in place to prevent things like insider trading from happening.
Re:actually... (Score:2)
I have no problem with this. (Score:3, Funny)
Company policy requires email deletion (Score:5, Informative)
So maybe this story is really just focused on banning policies like this.
Re:Company policy requires email deletion (Score:3, Funny)
So how can I retain my email while staying under the cap? For a while, I archived everything to my network directory. Then I got slapped for using too much space on the server, we're not supposed to keep large amoun
Re:Company policy requires email deletion (Score:2)
I always laugh. I bought a really nice 60GB HD a few months back for about $70-80 or so. My company thinks that about 7-8 cents worth of disk space is unaffordable...
Nobody follows the official retention policy. Not with PHBs constantly denying that they authorized a project or made a decision or whatever...
Re:Company policy requires email deletion (Score:2)
Re:Company policy requires email deletion (Score:3, Insightful)
If I had a single server with a single 10GB hard drive and I paid one guy to maintain it I might have to claim costs of $80/MB - but that doesn't mean that it would cost me that much to add more space...
Does this make spam filters illegal? (Score:5, Interesting)
I reality, email is no better than a slip of paper tossed an the front yard of the recipient. It has a greater chance of being thrown in the trash than read.
Re:Does this make spam filters illegal? (Score:2)
Quite true. I'm receiving about 25 Megabytes of mail a day, about 10% of that makes it past spam/virus/slashdot-troll filters.
It won't be long before "that message must have been deleted by the spam filter" is used as a defense.
on the other hand.. (Score:3, Funny)
What a lawyer told me. (Score:5, Interesting)
BTW, I asked this a year ago, so I don't think that much has changed in the last year.
*sigh* who let the government in... (Score:2)
Now we have the government telling me what I can and can't delete. Wonderful.
Re:*sigh* who let the government in... (Score:3, Informative)
Re:*sigh* who let the REGULATORS in... (Score:2)
ease off the panic button there, Buck Rodgers (Score:3, Insightful)
...and nobody used it to conduct business, especially financial matters.
Now we have the government telling me what I can and can't delete.
The government has always told certain categories of businesses that certain things must be saved. My friend who is a private, fee-based financial planner/advisor, has to keep all emails and a call log (don't remember with notes or not) when it concerns a client.
VERY misleading summary.. (Score:2, Insightful)
This is simply talking about measures to force companys (and only them) to retain their internal emails. This way its hopefully harder for the CEO to say 'what funds? i don't know any embezzeled funds' after emailing his coherts about their plans.
Slashdot of all places should appreciate the fact that without a paper trail, corp
No surprise. (Score:3, Informative)
This is hardly a surprise; the rules have applied to paper documents since forever.
If you've ever worked for company with a clue you surely encountered their "records retention policy", which is actually a "records destruction policy", since the general rule is that you are expected to delete everything as soon as the law allows you to. At places I've worked the managers made no bones about the fact that it was to keep damaging documents from coming out during lawsuits.
An tech support is the loser. (Score:2)
How can they tell? (Score:3, Insightful)
ISP filters (Score:2)
Recent poll tie-in? (Score:2)
company policy is the opposite (Score:4, Interesting)
Re:company policy is the opposite (Score:2)
Doesn't the government do that for me? (Score:5, Funny)
Just the contrary (Score:2)
Not to mention, I want to see, what kind of standards are applied by the courts to verify the validity of email -- most of it is not cryptographically signed, and mail storage is almost never handled in a tamper-proof way even if it is somehow possible to verify the origin of the message.
Re:Just the contrary (Score:3, Interesting)
A few years ago I took my former employer to court for late payment of wages. Against his claims that I had agreed to being paid late I produced printouts of emails I had sent over a period of two years complaining about this. So it would have been a good company policy, but not necessarily in the interests of the staff when they are in any dispute with the company, or are being set up to be the scape
if you want to use email.. (Score:2)
of course, there's these people that seem to think that just because something is 'electronic' none of the earlier made laws or rules apply..
some institutions just have to keep records of what they communicated with others or what was submitted to them, it being a formal phone call inquiry, a fax(which is not that far from email anyways), email or an email printed on a piece of paper and mailed through ups courier
Tightening the noose (Score:4, Insightful)
I dont think that companies should get a pass on these types of written correspondences. These days, it's just too easy to hatch a "dominate the globe" policy at the corp. level and then eliminate the evidence through a "document destruction policy" like those at Arthur Anderson/Enron/MS/etc.... I've seen a clear policy of "destroy everything" with regard to e-mail and written transactions at almost every company I've been at. Seems more like the policy is geared towards eliminating any incriminating evidence rather than simply keeping space on the server to a manageable level. That's too bad, because I've seen some smoking guns that SHOULD be loosed on the world.
On the other hand, these types of policies are instituted because it's just too easy for lawyers to get ahold of those records for the purposes of "fishing expeditions," think SCO and their associated scum. Lawyers can just come in with the vague outline of some scheme and get all of a company's e-mails to help create a real case where none existed before. The cost of handing off an entire archive isn't trivial, and discovery is just too easy to do.
Whatever the outcome, it just seems like you and I (read the little guys) will have ALL of their e-mails "go down on our permanent records" while the big guys will always seem to have a good excuse why the mail server suddenly destroyed all the records for that pending lawsuit. I can just hear the lawyers now...."..yeah, it's funny how only the VP's e-mails dissapeared, and only for a 3 month period, but we've got him on a special server that's set to explode in flames every 90 days."
I think that this type of national policy will ultimately hurt the little guys/companies more than the real targets of such legislation. The big guys will just start having oral meetings without taking notes or some such method of non-trackable information sharing.
As with all government intervention, the "quick-fix" is never really that quick, and the problem is almost never fixed.
My company *requires* me to age out email (Score:2, Interesting)
I find it interesting... (Score:4, Insightful)
screw 'em & the camel that rode in on them (Score:2, Insightful)
Not only that, but what the hell has happened to our basic 1st amendment rights. Or the rest of the Bill of Rights for that matter.
I think
not practicle (Score:5, Interesting)
Just thinking outloud here...
Thanks.
Whistleblowers are our friends (Score:3, Insightful)
Actually, I'd say he is. If you define "nice" as "willing to take personal cost to benefit others (in this case society)", I'd say that he pretty much falls exactly into that category.
If "nobody likes a snitch" then perhaps everybody should stop breaking the law at their company. Frankly, I think it's too bad that we can't reward whistleblowers even more.
periodic file review & document retention poli (Score:2)
Just have a retention policy... (Score:3, Interesting)
For emails, ours is "relevent life". Upon becoming irrlevent, it gets whacked.
If someone later orders you to produce email, you'll probably not have it. If you can show that you didn't delete it as a result of the order, or in an effort to destroy evidence, you cannot be prosecuted for not having it. A retention policy is key to this, because it eliminates any arbitration regarding when (or why) something was whacked.
Wait a moment... (Score:3, Funny)
You should probably delete them, so that when they turn out to be true, you can't be sued for corporate malfeasance for not having responded appropriatly. :)
so? (Score:2, Informative)
I have every email I received over the past 5 years in my mailbox (with the exception of some spam, though I have a lot of that too since it's automaticly put in my Spam folder)
My maildir only uses 650 MB (150 MB compressed), so it's not like space is a reason to delete email... People just need to make folders and use them.
How about PGP encrypted mail? (Score:3, Interesting)
Re:How about PGP encrypted mail? (Score:3, Informative)
Jon.
Re:How about PGP encrypted mail? (Score:2)
jon
Forget regulations, it's a good idea anyway (Score:2)
This is very common (Score:2)
Parties may obtain discovery regarding any matter, not privileged, that is relevant to the claim or defense of any party, including the existence, description, nature, custody, condition, and location of any books, documents, or other tangible things and the identity and location of persons having knowledge of any discoverable matter.
In other words, lots of stuff in emails is considered fair game for discovery. Failure to produce it, or
This is not only a case of big brother... (Score:2)
When it comes to Enron or Big Tobacco, we'll embarrass them, put their statistics in commercials, their phone coversations on the evening news, just so another group can turn around and start civil suits against them. Our society seems to have this drive to find out exactly who w
Meta-data costs more to save? (Score:3, Insightful)
I think Mr. Ellis needs to go get an independent consultant to double-check the software contractor's results. If users are just filing e-mail, then saving meta-data should be automatic. All the e-mail programs I use commonly that let me file messages in folders (Pine, Evolution, Mozilla Mail, Thunderbird) save the complete SMTP headers with the meta-data in question automatically. If the company Mr. Ellis is getting his "solution" from charges extra for saving what's commonly saved automatically, they're probably gouging him on more than just that.
a question would be (Score:3, Interesting)
E-mail Archiving (Score:5, Interesting)
1. The archiving of e-mail applies only to company e-mail. ALL e-mail inside a company is considered to be owned by the company and is NOT private! (If you check your AOL account at work and it's not blocked this isn't company mail.) If you're using your work e-mail you have no privacy. As to spam, not spam etc. If it's caught by a spam filter at the firewall and the user doesn't see it it's spam and doesn't need to be kept. IF it makes it to the user, it isn't spam, (even if it really is;)
2. There are specific regulations applying to trading firms, (such as SEC 17a-4 and NASD blah,) but more general legislation such as Sarbanes Oxley can also be interpreted to apply to archiving and making searchable electronic records such as e-mail. This really isn't any different than keeping memos or other paper records that have been generated in companies and kept in archives for years.
3. Having a policy for what to keep for how long as far as electronic records is good, but it's not the whole battle. You need to document why you choose a given amount of time to keep a record, how you kept it, (can it be altered? Can it be eraseed without anyone knowing it?) How you're auditing those records. (E-mail was deleted after 7 years, prove it!) And how you can prove nothing was lost. It's just doing your homework.
4. This is all actually an opportunity for companies to save money, right now, most companies keep everything the employee doesn't delete until they leave and the account is deleted. Why keep potentially damaging information that's taking up space and costing money for storage if you don't have to? Also if a company is sued and an employee is for instance accused of sexual harassment through e-mail, it's an easy matter to check isn't it? It'll stand up in court, something e-mail wouldn't do if it isn't really being turned into a record.
Not in the state of Washington... (Score:4, Informative)
I work for the State of Washington. In this state's government there is no problem deleting email as long as your department has a written policy defining the retention time for email.
Email is covered by the freedom of information act which means that it is not hard for an average citizen to request copies of email sent and received by the department. There is a procedure, fee and waiting period that discourages someone from coming in and requesting all mail during the retention period. It could be done but it would be very expensive. Not really worth it for someone on a wild fishing expedition but doable for a citizen that wants specific information..
If we receive a subpoena for email that was sent or received within out written email retention policy we had better be able to produce it. If we can't the requesting party could conceivably compel us to hire a very expensive data retrieval company to come in and reconstruct our data in order to comply. And of course if the courts believe that we deleted email prior to the retention date in an attempt to destroy evidence there is a chance that someone could be spending some quality time as Bubba's new love toy. If you know what I mean...
Not Monicagate, Iran-Contra (Score:2)
Expensive measures are being called into place to archive the mail for future subpoena purposes. Think Enron on one hand. Think Monicagate on the other.
The Lewinsky thing centered on a soild dress; that was the smoking gun, so to speak. The presidential scandal in which archived email played an important part was Iran-Contra (think of Ollie North shredding all those files, only to have his email correspondence with Poindexter used against him).
For future subpeona purposes? (Score:3, Funny)
Re:For future subpeona purposes? (Score:2)
Lawyers should not be allowed to run for any legislative body, it's a conflict of interest. They go to Congress and write laws in language so convoluted that it guarantees themselves and their peers perpetual employment translating that crap into English.
Punitive damages and class-action bloat! (Score:3, Interesting)
The problem is that the US has punitive damages, and generally no caps on said damages. It also has class action lawsuits with no caps on attorney fees (there should be *flat caps*). The initial point of this was to rein in out-of-control companies, but it has horrendously backfired. Now, a huge amount of our business overhead results from attempts to compensate for ridiculous legal concerns. My disposable coffee cup each day h
The IRS (Score:2)
Someone who fills out their income tax return perfectly?
Where did the e-mail in my inbox come from? (Score:2, Interesting)
Re:Learn from google... (Score:2, Interesting)
Sorta like Internet based Outlook outservice.
Re:Does this mean.... (Score:3, Funny)
Re:quota (Score:2)
Yours,
J.A.
Re:Oh great (Score:2)