Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Data Storage Communications Spam Your Rights Online

Deleting E-mail Could Get You In Trouble 205

Posted by timothy from the not-yet-mandatory-for-your-own-email dept.
Sterling D. Allan writes "A story in the Deseret News cautions governments and corporations from deleting legitimate email. Expensive measures are being called into place to archive the mail for future subpoena purposes. Think Enron on one hand. Think Monicagate on the other. Next they'll ask us to keep recordings of all our phone conversations? Big brother gets bigger -- with good reasons, as always. What about all those business propositions I get from Nigeria. Do I have to keep those too? "Get rich from home" (to pay for the purchase of a new hard drive to contain all your spam). One man's junk is another man's treasure. You never know what an IRS agent might find lucky."
This discussion has been archived. No new comments can be posted.

Deleting E-mail Could Get You In Trouble More

Deleting E-mail Could Get You In Trouble

Comments Filter:

  • I'm not that bothered (Score:3, Insightful)

    by Ckwop ( 707653 ) * on Sunday August 08, 2004 @04:24PM (#9914968) Homepage

    I have no real problem with companies being subject to tighter restrictions. However, these restrictions shouldn't be too sweeping. If I send an e-mail to my friend using my Work's e-mail address the government should not be allowed to view that e-mail without a warrant.

    Moreover, there should be a legal definition of what to keep and what can be tossed. I could imagine something like:

    "a message that amounts to an instruction to an employee or specifying of company policy.." etc.

    I don't want to store twenty thousand pieces of spam that every user might collect over two years. That makes e-mail quite an expensive tool if you have to do that.

    There is one question I do have. Did the government have the power to collect so much information in the past? How many years worth of company paper memo's were stored? I suspect the ability was much reduced so in which case so why do they need so much more data?

    Simon.

    • Re:I'm not that bothered (Score:5, Insightful)

      by Tim C ( 15259 ) on Sunday August 08, 2004 @04:29PM (#9915005)
      If I send an e-mail to my friend using my Work's e-mail address the government should not be allowed to view that e-mail without a warrant.

      But how do they know that what you sent was a personal email, without reading it? When you send an email from your work account, you are effectively speaking on behalf of your company. If you want to send a personal email, you should use a personal email account.

      How many years worth of company paper memo's were stored? I suspect the ability was much reduced so in which case so why do they need so much more data?

      I suspect that if paper records were as easy to store as electronic ones, they would have required just as much to be retained. A couple of SAN-type things the size of an office filing cabinet would no doubt be capable of storing all the records your company is likely to ever create; the actual filing cabinets may only be sufficient for a couple of years' worth of paper records.

      • Re:I'm not that bothered (Score:5, Insightful)

        by moonbender ( 547943 ) <moonbenderNO@SPAMgmail.com> on Sunday August 08, 2004 @04:52PM (#9915157)
        I suspect that if paper records were as easy to store as electronic ones, they would have required just as much to be retained.

        Interestingly enough, although electronic records are easier to store than paper ones, they are also far more easily deleted. Deleting email is easier than throwing away a paper letter. And what's more important, deleting a thousand or ten thousand emails isn't a lot more difficult than deleting just one. It's psychologically easier, as well, since paper documents have a more significant, official feel to them.

        • Re:I'm not that bothered (Score:4, Insightful)

          by sql*kitten ( 1359 ) * on Sunday August 08, 2004 @05:22PM (#9915312)
          Interestingly enough, although electronic records are easier to store than paper ones, they are also far more easily deleted. Deleting email is easier than throwing away a paper letter.

          Except that's not actually true. If you have a paper letter, you tear it up, it's gone. Of course it can be photocopied, but still, those copies can (relatively) easily be found.

          Delete and email - what if it's still in your mail folder? Many clients mark deleted emails as such then only carry out the purge when they "compress" the mail store. Maybe there's a copy still on the server, the delete instruction hasn't reached the other half of the cluster yet. Maybe there's a copy on the backup tape. Maybe the system is configured so that mail is logged on delivery, and deleting it from your client doesn't touch the master log.

          Deleting email is actually far, far harder than destroying a letter.
          • Except that's not actually true. If you have a paper letter, you tear it up, it's gone. Of course it can be photocopied, but still, those copies can (relatively) easily be found.

            Well, for one thing, I think you underestimate the paper trail a document can have in any modern burocracy. :) But you're still right, one peculiarity of electronic documents is that they are often retrievable even after they have been deleted. And as you say it's very difficult to make sure something has actually physically been
      • "But how do they know that what you sent was a personal email, without reading it?"

        It's encrypted. Best possible way of marking your emails as "private", imho, closely followed by interspersing your personal emails with ones containing malicious javascript that your boss' computer is vulnerable to...

    • Re:I'm not that bothered (Score:3, Informative)

      by Anonymous Coward
      It's not just your e-mail. The infrastructure belongs to the company. I'd be careful about using my work e-mail to converse with friends. Web based email, pocket PC's, laptops, phones and t9 on a break work just fine.

      Yes government had the power. And it's not uncommon for companies to keep a lot of paperwork until long after it was useful, occasionally purging all the really old stuff.

      • Re:I'm not that bothered (Score:5, Interesting)

        by Sad Loser ( 625938 ) * on Sunday August 08, 2004 @05:24PM (#9915318)
        This is a good point, but I go further: I am a doctor and we say 'never write something in the notes that you would not want them to see'.

        Similarly we only use our 'official' work emails for the most anodyne correspondence. Anything of interest is between our home email accounts, which are much less likely to get subpoened.

        (we are not involved in widespread criminal activity, well not yet anyway - we just don't want our admins to read all our mail too easily. I suppose encryption would be good as well).
        • Lots of good points here:

          I am a doctor and we say 'never write something in the notes that you would not want them to see'.

          Sad that we live in a society with such huge legal awards taken from medical providers that they are forced to wear false masks to get by.

          Similarly we only use our 'official' work emails for the most anodyne correspondence. Anything of interest is between our home email accounts, which are much less likely to get subpoened.

          Good incentive for company firewalls *not* to block out
    • I don't keep anything that I don't read. If I happen to come accross a piece of spam and I'm dumb enough to open it, it gets kept. Granted this happens once or twice a week it's not so bad. If I don't read it, it gets deleted--Who's to say I ever got it? Email isn't a reliable communication source. Enough said.

      • Re:I'm not that bothered (Score:2, Informative)

        by kv9 ( 697238 )
        > Who's to say I ever got it?

        the logs
      • Who's to say I ever got it?

        The Sendmail log file? :)

    • Re:I'm not that bothered (Score:5, Informative)

      by JackAsh ( 80274 ) on Sunday August 08, 2004 @04:37PM (#9915060)
      Actually, I think the regulations are a bit more industry specific. The company I work at is in the Financial Services area, and we are regulated by NASD and the SEC. I believe both have rules for various different forms of communication. 3 years for electronic communications. 7 years for paper xyz forms. 6 years for TPS reports. You get the picture. I've actually seen a huge, 30-page grid of the various regulations that apply to different items - and these were small, 2-line items on each cell of the grid - the number of regulations is staggering.

      Other questions come to mind, like what is an electronic communication? E-mail? Instant Messaging? Video Conference systems? VoIP? Regular phone calls? The general answer you will find these days is "yes".

      It used to be prior to Enron and Worldcom that most people believed what you don't have can't hurt you, so they'd ignore these regs or at best take a very limited view of their coverage (Joe, you work in the XYZ critical department, so you need to copy all your business email to this mailbox). These days they go for "the whole company gets journaled to an external service provider" type of approach. And apps like Instant Messaging are not allowed unless we have a server to capture all the traffic from the app.

      So yeah, if you're a company, big brother can come and get you - or at least one of his smaller, more industry-specific siblings. It really depends on where you are.

      -Jack Ash
      • Actually, I think the regulations are a bit more industry specific. The company I work at is in the Financial Services area, and we are regulated by NASD and the SEC. I believe both have rules for various different forms of communication. 3 years for electronic communications. 7 years for paper xyz forms. 6 years for TPS reports. You get the picture.

        I work in a branch of health care. We took over a small office about a year ago. I just got around to retiring outdated records. What I saw being saved shocke
    • Well it says cautions against deleting legitimate email so I doubt that those viagra e-mails count as legitimate. Yes the government had these requirements before, several industries, for instance Financial Institutions, are required to hold on to every piece of correspondence to document what was going on, this is more of a reminder that just because its an electronic message doesn't change anything. Not everything is a conspiracy.
    • so in which case so why do they need so much more data?

      Same reason that dogs lick their balls.
    • "How many years worth of company paper memo's were stored?"

      Quite a lot actually, 5 or more years worth in some cases. One of my fathers co-workers quit a fairly decent job to pursue his archival storage bussiness full time as he was making A LOT of money storing back records for various companies to keep them in line with various regulations. We're talking acres of storage space for some storage companies.
      Exactly what is kept and for how long varies from industry to industry, and a lot of it is 'liabi
    • If I send an e-mail to my friend using my Work's e-mail address the government should not be allowed to view that e-mail without a warrant.

      Encrypt your mail.
  • Seeing as their policy is "Archive, not delete", sounds like the perfect thing for Gmail.

    • Re:I think someone need Gmail! (Score:5, Interesting)

      by jomas1 ( 696853 ) on Sunday August 08, 2004 @04:30PM (#9915012) Homepage
      This is actually something the people who run googlewatch.org are worried about. They feel google's suggestion to archive and never delete will cause lots of privacy problems. Here's a quote from http://gmail-is-too-creepy.com/ [gmail-is-too-creepy.com]

      "After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record. This means that a subpoena instead of a warrant is all that's needed to force Google to produce a copy. Other countries may even lack this basic protection, and Google's databases are distributed all over the world. Since the Patriot Act was passed, it's unclear whether this ECPA protection is worth much anymore in the U.S., or whether it even applies to email that originates from non-citizens in other countries."
      • Well, in view of that information, the problem isn't google, but the law. Personally, I don't care if people read my e-mail. It's quite boring, and I doubt anyone would ever find it useful.

        If they would like to see that I'm going to visit my friend in October or call my sister then let them. Important information should be encrypted anyway.

        What annoys me are all of the people who want to stop a company from providing a valuable service. The reason why google offers the service that lets you just archive
      • Gmail is a classic tradeoff. Do you want the convenience of having your email easily searchable and always available? Or do you want it encrypted stored on a DVD in your safe deposit box?

        Personally, I don't have anything to hide. But I certainly respect others that do, which is why I always encourage stego, strong crypto, and Freenet. If you really care, just PGP everything and you'll be OK. Don't trust PGP? Write your own crypto routines (they're pretty simple) OR use a 1-time-pad that you keep with
      • After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record. This means that a subpoena instead of a warrant is all that's needed to force Google to produce a copy.

        Man, that is some crappy legislation.
      • Gmail is too creepy, because militant religio-fascist police states might read the email? Why don't we point the finger at the actual problem: militant religio-fascist police states are creepy.

        Reminds me of something a friend told me in college: "Why is it when someone has an incident with Alcohol+X+Vomiting they never eat X again? Why don't they stop drinking alcohol?"

  • In other news... (Score:2, Insightful)

    by Anonymous Coward
    Companies keep official correspondance.

  • Comment removed (Score:5, Funny)

    by account_deleted ( 4530225 ) on Sunday August 08, 2004 @04:26PM (#9914987)
    Comment removed based on user account deletion

  • Keeping Documents (Score:4, Interesting)

    by Tiberius_Fel ( 770739 ) <fel AT empirereborn DOT net> on Sunday August 08, 2004 @04:28PM (#9914994)
    Seems they consider e-mail to be somewhat akin to the paper way... everything must be documented in x y and z ways. My father's a lawyer, so I have some understanding of what it's like to document _every single thing_ that comes across your desk that's relevant...

    I guess the idea is that if ever it came down to a court case, the e-mail records could be easily retrieved and used in the case. And destroying the records would be a crime, I suppose, which would also have it fall in line with what would happen if you were to destroy the paper records.

    • Re:Keeping Documents (Score:3, Informative)

      by jafiwam ( 310805 )
      There's regulations for certain industries.

      However general purging of records (electronic or not) that do not fall under those regulations is definately NOT a crime.

      However, the second you become aware they might (reasonably might) be used in a court case, you are no longer allowed to destroy them.

      I purge the old stuff regularly until told to do otherwise for a specific reason. Of course, there is no way in hell I'd be given a budget to keep the stuff... so bit-bucket it goes!
  • first of all this isn't a law or something, its an article discussing it. or does the poster suggest that the government being allowed to subpeona email is a violation of our civil rights?

    • Re:reasonable (Score:3, Insightful)

      by tomhudson ( 43916 )
      Good point. Besides, you can always archive it all on an old Maxtor if it has incriminating^H^H^H^H^H^H^H^H^H^Hinteresting stuff on it. Or even to a cheap DVD, and let bit rot take care of it. Or include cover-your-ass emails with forged headers.

      It's like any other "suggestion". Eventually, they'll have to specify some sort of standard, and then the lawyers will find a way around it, like usual, for their clients.

      • And the sec or someone gets one or two of those, they get a court ruling that you were not in the spirit of the law, and away we go. Or they get the law changed

        I know that "back when" (read 10-11 years ago, I was working for an insurance company. There are/were VERY specific rules on keeping paperwork. I was involved with a project to keep claims letters - they had to be retrevable for 7 years from the date they were sent. Fun job, and until that point, they had NOT trusted computers. We kept a comple

        • And the sec or someone gets one or two of those, they get a court ruling that you were not in the spirit of the law, and away we go. Or they get the law changed

          I was hoping someone else would get into the spirit of things and post something about "you have punch tape, you insensitive clod! I have to use stone tablets!"

          Anyway, as a prior poster points out, this is not the law, this is just a position paper.

          Even if it were to become law next week, it cannot be applied retroactively. (Not where I live, w

  • You aren't required to keep all the dead tree spam for pizzas, kebabs, credit cards, personal loans, Readers Digest and so on, only that which relates to your business. So it should be pretty easy to make the rules the same for email.

  • It's RTFA time... (Score:5, Informative)

    by kirun ( 658684 ) on Sunday August 08, 2004 @04:31PM (#9915022) Homepage Journal
    Salt Lake County is looking at a system whereby employees would decide whether the e-mail is a "non-record" (spam or personal; delete whenever you want);

    So, no, we don't have to keep spam.

  • actually... (Score:5, Informative)

    by Ignignot ( 782335 ) on Sunday August 08, 2004 @04:32PM (#9915033) Journal
    Next they'll ask us to keep recordings of all our phone conversations?

    Actually trading corporations (like Bear Sterns or Bloomburg) are required to record all conversations relating to market orders. That means that some phone lines are always being recorded at all times. This is required by the SEC. You'd be suprised what restrictions are already in place to prevent things like insider trading from happening.

  • I have no problem with this. (Score:3, Funny)

    by teamhasnoi ( 554944 ) <teamhasnoi AT yahoo DOT com> on Sunday August 08, 2004 @04:34PM (#9915045) Journal
    I will forward all my work and home spam to the IRS for safekeeping.

  • Company policy requires email deletion (Score:5, Informative)

    by britneys 9th husband ( 741556 ) on Sunday August 08, 2004 @04:35PM (#9915053) Homepage Journal
    Some companies have "document retention" policies that require employees to delete email after a certain period of time. It's not to free up space on the servers, it's to make sure the stuff can't be subpoenaed. Many respected companies have policies like this. Many even have tools that make the email deletion automatic, and require management approval to disable the tool.

    So maybe this story is really just focused on banning policies like this.
    • Unfortunately, document retention policies often conflict with other policies. At my company, all employees have a 100MB limit on their inboxes - it's a soft limit, but the warnings get nastier the longer you linger over 100MB, until an admin will eventually come and make you clean things up.

      So how can I retain my email while staying under the cap? For a while, I archived everything to my network directory. Then I got slapped for using too much space on the server, we're not supposed to keep large amoun
      • My company sets a limit at around 80MB.

        I always laugh. I bought a really nice 60GB HD a few months back for about $70-80 or so. My company thinks that about 7-8 cents worth of disk space is unaffordable...

        Nobody follows the official retention policy. Not with PHBs constantly denying that they authorized a project or made a decision or whatever...
        • Going with an insanly complex and redundent SAN can cost up to $0.30/mb, as opposed to $0.0013/mb consumer grade stuff costs. But yes, that is a rather insanely small quota for a work account.
          • The company sent out an email claiming costs in the tens of dollars per MB, which to me just suggests that they are either really inept, or they're including all kinds of non-marginal costs that they'd have to pay anyway.

            If I had a single server with a single 10GB hard drive and I paid one guy to maintain it I might have to claim costs of $80/MB - but that doesn't mean that it would cost me that much to add more space...

  • Does this make spam filters illegal? (Score:5, Interesting)

    by G4from128k ( 686170 ) on Sunday August 08, 2004 @04:36PM (#9915054)
    With so many people using so many spam filters, I'd bet that a fair amount of "legitimate " email is automatically deleted by service providers and automated email filters. How can one prove to a judge that SpamCop had a given domain on its blacklist on a given date or that the sent email did not accidentally contain some filter-triggering word on that date? It seems that either spam filters create a legal risk or that the legal system has a naive view of the legal standing of email.

    I reality, email is no better than a slip of paper tossed an the front yard of the recipient. It has a greater chance of being thrown in the trash than read.
    • I reality, email is no better than a slip of paper tossed an the front yard of the recipient. It has a greater chance of being thrown in the trash than read.

      Quite true. I'm receiving about 25 Megabytes of mail a day, about 10% of that makes it past spam/virus/slashdot-troll filters.

      It won't be long before "that message must have been deleted by the spam filter" is used as a defense.

  • on the other hand.. (Score:3, Funny)

    by plasm4 ( 533422 ) on Sunday August 08, 2004 @04:36PM (#9915057) Journal
    While "Deleting E-mail Could Get You In Trouble," not deleting it. will make you blind.

  • What a lawyer told me. (Score:5, Interesting)

    by MisanthropicProgram ( 763655 ) on Sunday August 08, 2004 @04:39PM (#9915074)
    I asked about how long to save emails and any other type of documents. He said to have a policy and follow it. In other words, if your company's policy is to delete your emails after two years, then there's nothing to worry about. On the other hand, if you're getting sued, having a gov't agency investigate, or think one of those things are about to happen, and you still delete the docs (even with the policy), you will have a problem.
    BTW, I asked this a year ago, so I don't think that much has changed in the last year.
  • I remember the good ol' days of the internet when it was a playtoy for scientists and computer people. Nobody knew what email was. Nobody knew what IRC was. I could send all the email I wanted and not get spam. I could even have my email address on my website!!!! I could trade files on IRC and nobody cared... it was normal.

    Now we have the government telling me what I can and can't delete. Wonderful. /me thinks it's time to check out Freenet running over Internet 2 :)
    • Well, technically, it's not "Who let the government in," it's "Who let the public in" since the government created the Internet (ARPAnet).
    • I remember the good ol' days of the internet when it was a playtoy for scientists and computer people.

      ...and nobody used it to conduct business, especially financial matters.

      Now we have the government telling me what I can and can't delete.

      The government has always told certain categories of businesses that certain things must be saved. My friend who is a private, fee-based financial planner/advisor, has to keep all emails and a call log (don't remember with notes or not) when it concerns a client.

  • VERY misleading summary.. (Score:2, Insightful)

    by Anonymous Coward
    The summary here seems to be implying that this has something to do with the government trying to get peopel to keep their PERSONAL emails. Read the article. That isn't the case.

    This is simply talking about measures to force companys (and only them) to retain their internal emails. This way its hopefully harder for the CEO to say 'what funds? i don't know any embezzeled funds' after emailing his coherts about their plans.

    Slashdot of all places should appreciate the fact that without a paper trail, corp

  • No surprise. (Score:3, Informative)

    by Black Parrot ( 19622 ) on Sunday August 08, 2004 @04:42PM (#9915081)


    This is hardly a surprise; the rules have applied to paper documents since forever.

    If you've ever worked for company with a clue you surely encountered their "records retention policy", which is actually a "records destruction policy", since the general rule is that you are expected to delete everything as soon as the law allows you to. At places I've worked the managers made no bones about the fact that it was to keep damaging documents from coming out during lawsuits.

    • I've already run into situations where I couldn't get documentation or software for devices only 4 or 5 years old because it had all been trashed according to the vendor's records retention policy.

  • How can they tell? (Score:3, Insightful)

    by Anonymous Coward on Sunday August 08, 2004 @04:42PM (#9915086)
    Do they mandate that you use an email system that keeps track of deletions? If not, there seems to be a bit of a hole there...
  • My ISP filters out spam, as well as the Mail application in OS X, which automatically deletes junk mail after a specified amount of time. I never actually see the stuff. I suppose corporate email systems can do the same thing. Only real emails would normally appear in inboxes in this case, so those would be the ones that this article warns about deleting. However, if anyone wants to go through your emails and you don't want them to, flooding them with all the spam you get would be a way to hinder their effo
  • This reminds me of this recent poll [slashdot.org]. Was this some sort of trick to get Slashdotters to admit they were doing something wrong? Did /. record the IPs of everyone who said they didn't save all their e-mails and delay this story until after that poll was off the main page?

  • company policy is the opposite (Score:4, Interesting)

    by prockcore ( 543967 ) on Sunday August 08, 2004 @04:43PM (#9915095)
    I'm a little concerned about our company policy. I work for a newspaper and our policy is that all reporters should delete their notes after a story has run. This policy was created specifically so that reporters notes cannot be subpoenaed.
    • Well, that depends doesn't it? From what I understand about libel law (IANAL) in the USA, the party claiming libel has to PROVE the libel. In Great Britan, the party who is accused has to prove their statement

  • Doesn't the government do that for me? (Score:5, Funny)

    by cockroach2 ( 117475 ) on Sunday August 08, 2004 @04:45PM (#9915107)
    I think it's called echelon...
  • If anything, this is a good reason to have a policy of ALWAYS deleting email after a short amount of time.

    Not to mention, I want to see, what kind of standards are applied by the courts to verify the validity of email -- most of it is not cryptographically signed, and mail storage is almost never handled in a tamper-proof way even if it is somehow possible to verify the origin of the message.

    • Re:Just the contrary (Score:3, Interesting)

      by 1u3hr ( 530656 )
      If anything, this is a good reason to have a policy of ALWAYS deleting email after a short amount of time.

      A few years ago I took my former employer to court for late payment of wages. Against his claims that I had agreed to being paid late I produced printouts of emails I had sent over a period of two years complaining about this. So it would have been a good company policy, but not necessarily in the interests of the staff when they are in any dispute with the company, or are being set up to be the scape

  • like real MAIL(equivalent), then it's a no brainer that the same restrictions/rules apply...

    of course, there's these people that seem to think that just because something is 'electronic' none of the earlier made laws or rules apply..

    some institutions just have to keep records of what they communicated with others or what was submitted to them, it being a formal phone call inquiry, a fax(which is not that far from email anyways), email or an email printed on a piece of paper and mailed through ups courier

  • Tightening the noose (Score:4, Insightful)

    by Dr_Marvin_Monroe ( 550052 ) on Sunday August 08, 2004 @04:56PM (#9915181)
    I'm not really opposed to this, and it does seem to be in direct opposition to a lot of "company e-mail policies" as it's written too.

    I dont think that companies should get a pass on these types of written correspondences. These days, it's just too easy to hatch a "dominate the globe" policy at the corp. level and then eliminate the evidence through a "document destruction policy" like those at Arthur Anderson/Enron/MS/etc.... I've seen a clear policy of "destroy everything" with regard to e-mail and written transactions at almost every company I've been at. Seems more like the policy is geared towards eliminating any incriminating evidence rather than simply keeping space on the server to a manageable level. That's too bad, because I've seen some smoking guns that SHOULD be loosed on the world.

    On the other hand, these types of policies are instituted because it's just too easy for lawyers to get ahold of those records for the purposes of "fishing expeditions," think SCO and their associated scum. Lawyers can just come in with the vague outline of some scheme and get all of a company's e-mails to help create a real case where none existed before. The cost of handing off an entire archive isn't trivial, and discovery is just too easy to do.

    Whatever the outcome, it just seems like you and I (read the little guys) will have ALL of their e-mails "go down on our permanent records" while the big guys will always seem to have a good excuse why the mail server suddenly destroyed all the records for that pending lawsuit. I can just hear the lawyers now...."..yeah, it's funny how only the VP's e-mails dissapeared, and only for a 3 month period, but we've got him on a special server that's set to explode in flames every 90 days."

    I think that this type of national policy will ultimately hurt the little guys/companies more than the real targets of such legislation. The big guys will just start having oral meetings without taking notes or some such method of non-trackable information sharing.

    As with all government intervention, the "quick-fix" is never really that quick, and the problem is almost never fixed.
  • Seems apropos. My company, who I can't name for reprisal purposes, is a fortune 10 company. We have a policy that any email must be deleted after 30 days. No backup of any electronic means. However, *paper* archive is fine, and is the only approved method of maintaining email over 30 days. It's insane. What my colleages do is zip up our outlook folders, encript, rename, and save to "safe" backup folder to let our system save it on tape/dlt. If I ever need an important "pearl harbor" file, then I can r

  • I find it interesting... (Score:4, Insightful)

    by bigattichouse ( 527527 ) on Sunday August 08, 2004 @05:02PM (#9915215) Homepage
    that its not that big brother is recording our emails - they realize they can't.. so they make it law that we have to spy on ourselves by saving emails. So, If I delete my own emails - can I plead the 5th amendment? But, forcing my employer to spy on me, now that is an interesting work-around to the 5th. Not one I like, just interesting.
  • As a now private, more or less un-employed and semi-retired person, most of my mailing list activitys are recorded in the various folders my email agent maintains. But, part of that maintainance in most cases is an expire date. I keep mailng list messages only for a couple of months, then they are automaticly gone as basicly their contents are no longer valid anyway.

    Not only that, but what the hell has happened to our basic 1st amendment rights. Or the rest of the Bill of Rights for that matter.

    I think

  • not practicle (Score:5, Interesting)

    by JDizzy ( 85499 ) on Sunday August 08, 2004 @05:16PM (#9915288) Homepage Journal
    When I worked as a Unix guy at Computer Associates, who fired me for reporting them to the BSA, I fondly remember being told that CA policy was to delete all email off the servers after a period of 90 days, and that no email server was to *EVER* participate in the enterprise backups. In other words, if any email server had a failure which resulted in data loss, that data was gone, and the hundres of affected users were down shit creak with no paddle. I was informed that this policy was enacted several years previous when the SEC busted down the doors and seized the emails servers looking for some evidence against the company. So CA simply made it so no email is ever kept on any archive, less it be the users own personal archive on their computer terminals. Even then, most users would have to delete emails in their own archives to cope with space issues. So enacting laws that requires companies to retain an archive si a bit silly in my experience. Also, what would happen if a company retained an archive of email, but encrypted the mail data-base, and keyed it on the users password? Would that violate the letter of the law, or the spirt, to retain the emails in a cipher-text format. Certainly you could get a court order to force somebody to provide the password, right?

    Just thinking outloud here...

    Thanks.
  • I can't imagine a business that has to deal with lawsuits, legislation, and government regulations not already having some sort of periodic file review in conjuction with document retention policies. Business-related documents should kept for a period. At the time of periodic file review the company should provide a list of document retention orders so that relevent documents are not destroyed if associated with legal actions, financial records, etc. I don't see it as Big Brother. I see it as keeping shizni

  • Just have a retention policy... (Score:3, Interesting)

    by SmurfButcher Bob ( 313810 ) on Sunday August 08, 2004 @05:34PM (#9915388) Journal
    ...and follow it.

    For emails, ours is "relevent life". Upon becoming irrlevent, it gets whacked.

    If someone later orders you to produce email, you'll probably not have it. If you can show that you didn't delete it as a result of the order, or in an effort to destroy evidence, you cannot be prosecuted for not having it. A retention policy is key to this, because it eliminates any arbitration regarding when (or why) something was whacked.

  • Wait a moment... (Score:3, Funny)

    by lesv ( 258710 ) on Sunday August 08, 2004 @05:39PM (#9915435) Homepage
    What about all those business propositions I get from Nigeria. Do I have to keep those too?

    You should probably delete them, so that when they turn out to be true, you can't be sued for corporate malfeasance for not having responded appropriatly. :)

  • so? (Score:2, Informative)

    by Luke-Jr ( 574047 )
    I complain when people delete emails anyway...
    I have every email I received over the past 5 years in my mailbox (with the exception of some spam, though I have a lot of that too since it's automaticly put in my Spam folder)
    My maildir only uses 650 MB (150 MB compressed), so it's not like space is a reason to delete email... People just need to make folders and use them. :)

  • How about PGP encrypted mail? (Score:3, Interesting)

    by bigberk ( 547360 ) <bigberk@users.pc9.org> on Sunday August 08, 2004 @05:50PM (#9915504)
    Let's say you receive an OpenPGP [openpgp.org] (PGP, GPG) encrypted email which requires your public key to decrypt. Once your key expires you're going to switch to a new key. Even if you're good at keeping old legacy expired keys around, eventually the message will become unreadable (forgot passphrase etc.) I don't know where I'm going with this mind you
  • There's enough backstabbing and blame-shifting in modern business that it makes sense to keep emails around anyway. I frequently delete the ones that say "ok, thanks" or something equally as insignificant, but I also keep a "CYA" folder for things I may need to throw back in a customer's face later on when they claim they asked for something different, and I also never empty my "Sent" folder so when the boss comes storming in with a "Why didn't you..." rant, I can pull up the relevant email and say "See, I
  • A big part of a lawsuit is discovery. FRCP 26(b)(1) [cornell.edu] provides that:

    Parties may obtain discovery regarding any matter, not privileged, that is relevant to the claim or defense of any party, including the existence, description, nature, custody, condition, and location of any books, documents, or other tangible things and the identity and location of persons having knowledge of any discoverable matter.

    In other words, lots of stuff in emails is considered fair game for discovery. Failure to produce it, or
  • I would like to point out that it is not only "big brother" (aka the government) who is driving the data retention policies... it's the litigation brought on against private industries, in order to determine fault for civil cases.

    When it comes to Enron or Big Tobacco, we'll embarrass them, put their statistics in commercials, their phone coversations on the evening news, just so another group can turn around and start civil suits against them. Our society seems to have this drive to find out exactly who w

  • Meta-data costs more to save? (Score:3, Insightful)

    by Todd Knarr ( 15451 ) on Sunday August 08, 2004 @06:46PM (#9915877) Homepage

    I think Mr. Ellis needs to go get an independent consultant to double-check the software contractor's results. If users are just filing e-mail, then saving meta-data should be automatic. All the e-mail programs I use commonly that let me file messages in folders (Pine, Evolution, Mozilla Mail, Thunderbird) save the complete SMTP headers with the meta-data in question automatically. If the company Mr. Ellis is getting his "solution" from charges extra for saving what's commonly saved automatically, they're probably gouging him on more than just that.

  • a question would be (Score:3, Interesting)

    by forgoil ( 104808 ) on Sunday August 08, 2004 @06:47PM (#9915886) Homepage
    When will it be illegal to not have a valid email address?

  • E-mail Archiving (Score:5, Interesting)

    by ardinos ( 85301 ) <chris.weisz@NosPaM.gmail.com> on Sunday August 08, 2004 @07:17PM (#9916051)
    I own a small company that among other things helps implement e-mail archiving systems for compliance. Some information:

    1. The archiving of e-mail applies only to company e-mail. ALL e-mail inside a company is considered to be owned by the company and is NOT private! (If you check your AOL account at work and it's not blocked this isn't company mail.) If you're using your work e-mail you have no privacy. As to spam, not spam etc. If it's caught by a spam filter at the firewall and the user doesn't see it it's spam and doesn't need to be kept. IF it makes it to the user, it isn't spam, (even if it really is;)

    2. There are specific regulations applying to trading firms, (such as SEC 17a-4 and NASD blah,) but more general legislation such as Sarbanes Oxley can also be interpreted to apply to archiving and making searchable electronic records such as e-mail. This really isn't any different than keeping memos or other paper records that have been generated in companies and kept in archives for years.

    3. Having a policy for what to keep for how long as far as electronic records is good, but it's not the whole battle. You need to document why you choose a given amount of time to keep a record, how you kept it, (can it be altered? Can it be eraseed without anyone knowing it?) How you're auditing those records. (E-mail was deleted after 7 years, prove it!) And how you can prove nothing was lost. It's just doing your homework.

    4. This is all actually an opportunity for companies to save money, right now, most companies keep everything the employee doesn't delete until they leave and the account is deleted. Why keep potentially damaging information that's taking up space and costing money for storage if you don't have to? Also if a company is sued and an employee is for instance accused of sexual harassment through e-mail, it's an easy matter to check isn't it? It'll stand up in court, something e-mail wouldn't do if it isn't really being turned into a record.

  • Not in the state of Washington... (Score:4, Informative)

    by Eric Damron ( 553630 ) on Sunday August 08, 2004 @07:32PM (#9916159)
    "Expensive measures are being called into place to archive the mail for future subpoena purposes."

    I work for the State of Washington. In this state's government there is no problem deleting email as long as your department has a written policy defining the retention time for email.

    Email is covered by the freedom of information act which means that it is not hard for an average citizen to request copies of email sent and received by the department. There is a procedure, fee and waiting period that discourages someone from coming in and requesting all mail during the retention period. It could be done but it would be very expensive. Not really worth it for someone on a wild fishing expedition but doable for a citizen that wants specific information..

    If we receive a subpoena for email that was sent or received within out written email retention policy we had better be able to produce it. If we can't the requesting party could conceivably compel us to hire a very expensive data retrieval company to come in and reconstruct our data in order to comply. And of course if the courts believe that we deleted email prior to the retention date in an attempt to destroy evidence there is a chance that someone could be spending some quality time as Bubba's new love toy. If you know what I mean...

  • Expensive measures are being called into place to archive the mail for future subpoena purposes. Think Enron on one hand. Think Monicagate on the other.

    The Lewinsky thing centered on a soild dress; that was the smoking gun, so to speak. The presidential scandal in which archived email played an important part was Iran-Contra (think of Ollie North shredding all those files, only to have his email correspondence with Poindexter used against him).

  • For future subpeona purposes? (Score:3, Funny)

    by istewart ( 463887 ) on Sunday August 08, 2004 @08:23PM (#9916445)
    You've got to be kidding me. Are we all supposed to live under the threat of legal action? I don't give a shit about some lawyer or overpaid legal advisor telling me that it's to protect myself from liability... My business practices should not be centered around litigation. What the hell has this country become, and when is it going to change back? I better be careful, this message expressing subversive opinions may someday be used against me.
    • Sad but true. Just one more truth that the shysters have too much power.

      Lawyers should not be allowed to run for any legislative body, it's a conflict of interest. They go to Congress and write laws in language so convoluted that it guarantees themselves and their peers perpetual employment translating that crap into English.
    • What the hell has this country become, and when is it going to change back?

      The problem is that the US has punitive damages, and generally no caps on said damages. It also has class action lawsuits with no caps on attorney fees (there should be *flat caps*). The initial point of this was to rein in out-of-control companies, but it has horrendously backfired. Now, a huge amount of our business overhead results from attempts to compensate for ridiculous legal concerns. My disposable coffee cup each day h
  • You never know what an IRS agent might find lucky

    Someone who fills out their income tax return perfectly?
  • So if we save all our e-mails for future legal purposes, the e-mail probably would not be valid evidence anyways. I mean think about it. I get dozens of e-mails per day that come from a phony or 'borrowed' e-mail source address. How would the e-mail be verified as ligitimitate, and not a fake? Come on, If you can't track down all the spammers (or virii) from the hundreds of messages per day in everyone's inbox how can you expect to tell me that CompanyX actually set me that message in my inbox offering

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close