There’s a terror running through the Clinton White House that’s bigger than Microsoft and Monica Lewinsky put together. And it contains lessons for all of us, even here in Canada.
According to reliable reports (e.g. “White House Lives in Fear of E-mail,” National Post, April 8, 2000,) the inhabitants of the offices around the Oval Office are scared witless that what they type in e-mail messages may come back to haunt them. They have good reason to fear. Apparently every time they click Send, they are reminded that a copy of their missive is headed for the records management department, who presumably archive it for posterity. So what the president is having for lunch, or how major policy decisions were made, will be available for curious minds in the future.
The fear, of course, is that some future historian or special prosecutor will turn up something juicy in the White House e-mails, landing the writer in trouble or in jail.
Archiving is nothing new. Type in your own name at www.dejanews.com and, if you’ve been active in Usenet newsgroups, you’ll find yourself there.
What’s worse, some of the things you uncover may really embarrass you. That stupid question you posted. That angry remark you wish you hadn’t made, now that you know who was on the other end. I once demonstrated this search capability in front of a class, and selected, to my chagrin, the name of my teaching assistant. Her surname was fairly unusual and I turned up a number of postings showing that she had been involved in “native power” groups around the time of the Oka crisis.
When she regained her composure, she pointed out that she was in a sociology class at the time and, to get information for a paper, she had “infiltrated” some of the activists’ newsgroups. Too bad she wasn’t smart enough to use an assumed name, because those postings are there to stay.
A much more serious risk is that, one way or another, corporate e-mail systems can often be compromised and confidential information sucked out. Some company managers and directors have had the sickening feeling of having something they just said in a confidential e-mail turn up on the stock traders’ bulletin boards within hours. (If you’re new to these, go to www.raginingbull.com and type in your favourite company name or ticker symbol.) Could be a leak from an insider, but also could be somebody who has cracked the corporate e-mail server or is listening on a port that’s not properly secured.
Suffice it to say that some level of encryption is probably needed nowadays to avoid being charged with “e-mail malpractice.” There’s a range of options from simple encryption products (e.g. PGP – Pretty Good Privacy) up to whole corporate security infrastructures. The main thing is to assess the risks and use the appropriate level of protection.
One interesting decision is how long e-mail should be kept around. Sometimes the law will dictate this, if, for example, the e-mail is evidence in a court case. But usually it’s up to a company to set its own retention policies.
A San Francisco based start-up, Disappearing Inc. (www.disppearing.com), may have a hot technology here. Their software encrypts messages with a key that will only work for a preset period of time, from seconds to years. After that, the e-mail is unreadable, even by the intended recipient or someone with a court order. The as-yet-unnamed product, which is in beta testing and due out imminently, is expected to cost around UA$4 per user per month. It has been called a “virtual shredder” with the added advantage that all copies of the message, wherever they are stored, are also rendered unreadable when the key expires. Too bad Bill Gates didn’t have this a few years ago. It would have saved him a lot of embarrassment at the Microsoft trial when copies of his old e-mail were dredged up.
Saving money in legal proceedings is one of the major advantages of the Disappearing Inc. approach. Right now, a company that’s sued can be forced into an expensive and time-consuming discovery process, dredging through desktop computers, laptops and archive files looking for relevant e-mail. If an expiry policy was set and enforced, the company could just say it didn’t retain those messages, just as it doesn’t tape record employee’s phone calls. Is that legal? It’s certainly something for the lawyers to chew on, and you can bet they will.
You don’t have to wait for Disappearing’s software to do something about e-mail in your company. Work out a reasonable policy about e-mail and tell employees about it.
Many companies take the view that messages on the corporate systems are company property and can be read by others for legitimate work reasons. This makes a lot of sense. For example, if an employee leaves the company with “work in progress.” However, because electronic communication can also be used to trade stocks and write love letters, there should be some way to flag messages like this as “personal” and off limits, except in special circumstances like sexual harassment. Failing to establish and publish a reasonable e-mail policy leaves a company open to the worst of both worlds, dissatisfied employees and angry lawyers. We certainly don’t need any more of those.
Dr. Keenan, ISP, is dean of the Faculty of Continuing Education at the University of Calgary and an adjunct professor of computer science there and at the Asian Institute of Technology.