08/ 15/ 2005
by Reid Goldsborough
Certain things about the Internet are common sense:
If you want to communicate something sensitive, instead of posting it to a public online discussion forum, send a private message through e-mail to your recipient alone. If you want to avoid potential problems down the road with sensitive matters communicated through e-mail, delete the message after reading it or ask your recipient to do so.
In both of these cases, what’s common sense is wrong.
E-mail is as private as a postcard. Though it happens relatively rarely, e-mail can be intercepted and read by others en route.
E-mail encryption
E-mail encryption utility programs prevent this from happening by ensuring that only your intended recipients can read your messages, and that it’s you who sent them. For some time now, the standard has been Pretty Good Privacy, a program from PGP Corporation that provides excellent privacy for sensitive e-mail.
The paid version automatically encrypts e-mail and instant messages and lets you send “self-decrypting” messages to those who don’t have the program. The free version, available for personal, non-commercial use, lets you manually encrypt and decrypt messages. You can try the paid version for free for 30 days.
E-mail also endures. As with hard drive files, when you delete an e-mail message, it’s not really gone. It can be retrieved, among other ways, from tape backups months or even years later. Sometimes, a court will require this when the e-mail relates to a criminal matter or a civil lawsuit.
What the courts say
In the past, some companies used the argument in court that they don’t keep e-mail for longer than a certain time. The courts, in general, no longer buy this argument and may, in fact, assume that if you don’t produce e-mail as requested, you’re trying to hide something.
This changing attitude was dramatically exemplified in May 2005 by the Morgan Stanley case brought by businessman Ronald Perelman, in which a circuit court judge ruled against the Wall Street firm, in part, because of its repeated failure to provide requested e-mail.
Other court cases have also underscored the importance of e-mail retention. In June 2005, computer chip maker AMD delivered subpoenas to nearly 40 PC makers, seeking past e-mails to help prove its contention that rival chip maker, Intel, is trying to monopolize the market.
Regulators are also getting in on the e-mail retention act. Under the Sarbanes-Oxley corporate reform law, public companies will be required to retain e-mail. If you deliberately delete e-mail with the intention of obstructing a federal investigation, you may get hit with a fine of up to $1 million and a prison term of up to 20 years.
An open market
A changing legal and regulatory milieu creates new market opportunities. Eager to cash in, software makers and computer consultants have been announcing products and services to help companies create and implement e-mail retention policies.
“Most organizations don’t have a handle on e-mail,” says Tom Politowski, president of
Waterford Technologies Inc., the maker of one such software program. With its well-regarded MailMeter Archive, Waterford targets small to mid-size businesses having from 50 to 5,000 e-mail in-boxes, though Politowski says that organizations with as few as five employees use it as well.
MailMeter Archive captures all e-mail that employees send or receive and archives messages in a database. Along with making retrieval easy and inexpensive if it’s needed later, the program also lets you analyze e-mail to detect patterns, Politowski says.
This can help you, for example, determine who’s sending too many e-mail messages or too few; who’s e-mailing an important client; or who might be using e-mail inappropriately for sending jokes, music, porn or your customer list.
E-mail policies
As do many others, Politowski suggests that any large or small organization create an e-mail policy that spells out appropriate company use. If you send an e-mail to policy@mailmeter.com, his company will e-mail you back a sample e-mail policy that you’re free to copy.
Waterford Technologies sells other e-mail archiving programs along with MailMeter Archive. E-mail archiving programs from other companies that also warrant consideration include those from Zantaz Inc. and EMC Corp.
E-mail has great utility, whether for business or home use. But it’s no panacea. Like any communications medium, it has its strengths and weaknesses. Sometimes, it makes more sense to pick up the phone or mail a letter.
And if you want to communicate sensitive information at very low risk, meet late at night in an underground parking garage. It worked for Deep Throat.
Reid Goldsborough is a syndicated columnist and author of the book Straight Talk About the Information Superhighway. He can be reached at reidgold@netaxs.com or www. members.home.net/reidgold.
