Corporations Face Problems with Employee Emails

TwistedOne151 writes "Law.com has an article outlining how the casual attitude of many employees toward work e-mails has resulted in some thorny problems for corporate in-house counsel. 'It has now become routine even in civil investigations for computers to be subpoenaed so lawyers can look at e-mails and hard drives. And one thing always leads to another. "We have forensic software that shows multiple levels of deletions. It shows thought processes. We can learn far more than from just a document alone," said [Scott] Sorrels. "E-mails have taken over the world."'"

"E-mails have taken over the world"

Well, in that case, I welcome you, our new overlords.

Re:"E-mails have taken over the world"

Well, they're be more accountable and easier to trace than the current lot..

Wait, emails have taken over the world?!

I thought we just had a slew of articles around the internet telling us that email is dead and it's all about myspace and instant messaging?

Anyway, if you have truly devious intentions, simply use the telephone or speak in person. It works for the president and it has worked for the mafia (at least, it did in GoodFellas).

Re:Wait, emails have taken over the world?!

Old people use email.

I guess 23 is the new old then.

I'm surprised all the people that use webmail, even compsci students at my college. I think people would not be so swift to abandon it if they used an email client program. Emails in thunderbird are much quicker then using the mess that is facebook. It'll never rival IM but it's pretty darn close.

Re:Wait, emails have taken over the world?!

A maffia boss in Italy was caught in 2006, he used small paper notes with (sloppily) encrypted messages [theregister.co.uk] on it to send out orders. Apparently it worked for a long time, and would still have worked if he had used better encryption.

surprise

THe one thing that can never really be dealt with in terms of keeping email private is the fact that no matter how much you encrypt, use tor etc. youcan't escape the fact the person at the other end can always make a backup copy. The lesson here? If you really don't want something to get out into the world in one way or another DONT SEND IT.

Re:surprise

I hear this sort of advice on Slashdot a lot. "If you don't take [insert privacy procedure here], you're ASKING to get caught!" "Don't say anything over email you wouldn't shout in a crowded room!" And so on.

It's kind of dispiriting to me that so many people consider this an acceptable status quo. That you're not allowed to use the Internet, the DOMINANT new form of communication, the one that was supposed to "free" us somehow, without the expectation that everyone from Big Brother to your kid sister is watching over your shoulder.

Re:surprise

I think you missed the point-

The "take privacy procedure" and "dont email anything you dont want to get in trouble for" advice in this case is not being applied to the general public - its for emails at WORK.

The internet was not made so you could say things that make you liable at your job and get away with it. Read the article - it effectively equates interoffice emails to official business. You are "allowed" to use the internet, and you can use it to communicate freely and easily; however, you can neither use company email anonymously nor without consequence, because it creates a permanent record.

I think that its reasonable to say "dont write anything in a COMPANY email that could get you fired/ be used in a lawsuit" just like you wouldnt write those kinds of things in an office-wide memo. Your work email is not private, it belongs to the company, which makes you and the company both responsible for it.

Re:surprise

This message will self destruct in 5 seconds. And will neuralyse you. Don't know why we bothered to send it.

That's only half the story

Now I didn't RTFA, but even the summary seems to say a bit more. For a start, that they can look through deleted drafts on your hard drive and see what the email looked like before you actually edited and sent it. Or even if you don't send it at all.

Plus, screw email, we've already seen this kind of thing happen with edited Word documents, Excel files, or PDFs. Stuff that was never actually sent or published in any way is dug out of the document and used against you.

E.g., I remember a somewhat recent story on The Register where a politician was under fire over a donation she originally said she knew nothing about, but a some looking through the document history later, it looked like she or maybe her husband had a note in the document at some point to check if that's ok.

And now I'm all for accountability in politics, but there's nothing to say that it can't apply to your joke mailing list just the same.

E.g., basically, if your client sues your company about bad support, any emails where you told a coleague that that client is an asshat and shouldn't be taken seriously, can get dug out and used against you. That much was probably clear to you too. But here's the more important part: even if you _didn't_ actually send that email, if at some point you saved a draft, that too can be dug out and used as hint about your thought processes.

So it seems to me like the danger is even more insidious. Even if you think thrice before thinking an email, well, computers got us trained that all sort of transient information can be stored there for later. Even stuff you never intended to send, or notes to self for later, or whatever. Even trivial stuff that people used to just hold in their head, is now somewhere on the computer because it's easy to do so. And stuff that people would first roll around in their head before writing on paper, now gets written anyway and edited later, because it's easy to do so.

And then used as some kind of proof of how your train of thought went. Which was a rather private thing before.

Worse yet, it's now all in one place. So even if previously you'd keep your private thoughts in a diary, chances are it wouldn't get shown in court unless your character makes any difference (e.g., if you pleaded entrapment.) Or they might want to see your letters to your accountant, but not your letters to your mistress. Nowadays that hard drive is one big pot with _everything_. (Again, even transient stuff you deleted long ago and forgot that it was ever on that computer.) Once you got ordered to hand it over, someone _will_ poke his/her nose through everything on it. From business stuff, to your reminders in Outlook to go to Alcoholics Anonymous, to joke lists you're on, to God knows what else.

Sure, most of it probably won't be allowed in court or even presented. But you never know what might anyway. E.g., if you were hit with a sexual harassment or discrimination lawsuit, your porn browsing history or subscription to some dumb blondes jokes list might be interesting after all.

At any rate, _someone_ out there might end up knowing more about you than you thought possible. Even if you think twice before hitting the Send button.

Aww, poor corporations.

Shall I shed a tear because you have more trouble hiding things from the public?

Lawyer's advice: be two faced

If it's off the record, don't write it. Pick up the phone or better yet, walk over. Don't hit the send button in the heat of anger.

Or here's an idea.. don't be a backstabbing two faced liar. Office politics is one of the many reasons why I am happy to work from home more often than not. If you're getting angry about someone go have it out with them. If you're getting all steamed up about decisions made by others, remember your place, get over it, or stop being so serious - it's just a job.

My personal favorite is the few times I've had to voice concern over the possible legal implications of a particular action. I've had people IM or call me instead of replying to emails because they don't want to be "on the record". To which I have said in the past: "oh, don't you know the IM is logged?" or "You know, if you don't reply to my email and clear this up than all that will be 'on the record' is my concerns and none of your explanations."

Of course, there are people who think its okay to break the law, just so long as no-one finds out about it. To those people I don't send email - I send it direct to the CEO.

Re:Lawyer's advice: be two faced

Of course, there are people who think its okay to break the law, just so long as no-one finds out about it. To those people I don't send email - I send it direct to the CEO.

In most companies such people typically are the CEO.

Article reads like a 'cry wolf'

If you read the article, it talks about the thorny problems that legal people have with e-mail. The following absolutely shocking examples are given:

• catty comments or frankly inappropriate language
• They call people names
• They make inappropriate comments
• "can you believe that [expletive] is complaining about this?"
• "I can't believe she's pregnant at such an inconvenient time at work."

I was like Oh My God, can you imagine the billions and billions of dollars that must be pumped into lawsuits regarding these comments?

Nope, me neither.

Simple Solution

You know, if the saying is good enough for taking away the public's privacy and civil liberties, it's surely good enough to apply to corporations:

If you aren't doing anything wrong, you've got nothing to hide.

If companies would just STOP COMMITTING CRIMES, it wouldn't matter that all their e-mails are on disk.

Are we supposed to feel bad that e-mail is allowing companies to be caught red handed, and forcing them to answer for their crimes?

Re:Simple Solution

Cardinal Richelieu said, "Give me six lines written by the most honest man, and I will find something in them to hang him."

As true now as it was then.

Not really something else has.

"'"E-mails have taken over the world."'" No god damned Lawyers have.

Compare/contrast the corporate and public arenas

If a government wanted to stop people sending embarrasing e-mails (Hey, they are using OUR telecoms infrastructure!) then you would call them tyrannical. But hey, if a government ran eveyr aspect of life on its territory through an autocratic, undemocratic heiracrhy you would probably cry foul too. Apparantly theres two sets of rules.

And before you inevitably say that people are free to leave a corporation - the fact is that in a world of massive debt and no safety net, your only other option is jumping to another, identically evil environment.

accountability

I know why they hate email so much, because it's a verifible record of their dealings.

I had clients back in the day that never wanted to use email, and i couldn't work out why until i figured out they were saying one thing in phone conferences and changing their tune down the track to suit themselves, and they couldn't do that when i had our conversations via email.

Solution?: Use DRAM SSD for email storage

What about the option of using an (albeit more expensive) (Volatile) DRAM-based SSD for your email servers?
If *someone* subpoenas it, kindly provide it (unplugged) with the any passwords and a full set of encryption keys...
(Assuming there are not already laws prohibiting a corporation from using a faster (700-1400MB/s @ 3s), more reliable (protected with both ECC and RAID), higher I/O preforming (3 million random IOPS), volatile DRAM SSD array for their email storage?)
"Here is my untouched email server storage device all boxed up and sealed as required per your subpoena order..."

504GB of DRAM would make a *nice* email storage device... (Violin 1010) http://www.violin-memory.com/products/violin1010.html [violin-memory.com]

corporations are the problem

The closed and criminal nature of most corporations is the core problem. If they were open about what value they were providing and how then there would be no problem with remarks about corporate processes and performance being written in e-mail or any other medium prone to sharing and archival.

Thats why everyone should encrypt!

Use PGP, GPG, WebmailSafety (www.gwebs.com), etc! Dont let your email go out plain text, and tell people "dont put this in writing"! ARG HOW DUMB CAN YOU BE... silly blabbermouth, plaintext is for kids!

Multiple levels of deletion??

He must be talking about filesystem metatdata. For modern HDDs, you cannot see how often something was deleted, or hwat was there before....

Hello 1998

...I think your missing article is here.

WTF is this? Shouldn't this article be about Facebook or some other latest and greatest technology?

How have any of these email issues changed in the past 10 years?

As Engineer, I love this

As an Engineer, the moment I notice anything that could lead to a safety or other concern, I would put it in an email and say something like, "I think we need to look at this...". If management doesn't follow through with my recommendation, and something hits the fan later on, at least they can't pass the buck back to me.

A Story Of One Of The Idiots Here

I didn't RTFA since it looked like something most people already know. Within the past few months the antics of one idividual has forced us remind the userbase that the corporate network is owned by the company and anything that is done is logged. One of the last things this sales rep did caused the CTO to fly up to the sales office to have a chit chat with all of the staff. This sales rep was using Craigslist to solicit sex, among other things, and using his corporate e-mail to do it. Supposedly he was posing as a female prostitue as a joke and forwarding some of the jucier replies to one of his colleagues he was hazing.

This is a bad thing?

And this is a bad thing.... why? Because it's easier to catch crooked companies (all of them) breaking the law?

The article literally consists of corporate lawyers whining about how email makes it harder to conceal criminal actions because they can be found in discovery. Contrary to what the article seems to imply, very few court cases involving email discovery are based on harassment claims. Mostly they're about companies try to screw each other on business deals. For the most part, it's perfectly LEGALLY safe to tell off-color jokes and distribute porn through the company email.

Re:Who's your overlord?

But...but...if lawyers can subpoena e-mails...and emails control the world....

Re:Can this be done in real time?

Certainly it can be done in real time.. by your standard everyday keylogger. Of course, installing keyloggers on ALL your employees machines, and having complete access to everything they write does raise some thorny questions.. Not to mention that someone has to actually assess the data.

This really doesn't look like it's going to take corporate email security to a new level.. individual profiling, however, might be a different story.

Re:A few rights

My company owns my email like they own the oxygen I breath while I am working. In other words- they don't.

You do not become a street whore simply by agreeing to work for someone. Companies don't understand this. If allowed, they would claim every last cell of your body as their property.

While I agree with the second paragraph, I take issue with the first. If you are using company email servers and equipment, they do own the email. You don't get a free ride just because you work for the company. Everything you do on their systems has to follow their acceptable use policy, if they have one.

-Mike

Re:A few rights

Companies don't understand this.

Neither does the law ;)

Emails you send and receive using your work email account are your company's property by law.

Re:A few rights

if you farted (break wind) at work, your employer would own the chemical formula. You can bet that if farts had useful chemical properties, you'd be plumbed in the moment you arrived at work!

Re:Can this be done in real time?

It's machine time you're devoting and machine time is cheap. It takes the human a few minutes to start it going and the machine does the rest. I fairly recently had my NSLU2 (a tiny Linux box with a 266mHz ARM processor and 32 MiB of RAM) unzip a 57 GiB file. It took it five days. It took me less than 30 seconds.