Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
The Courts Government Data Storage United States Businesses News Your Rights Online

Proposed Federal Rules On E-Document Destruction 147

Posted by timothy from the see-also-microsoft-corp.-v-burst.com dept.
runner345 writes "The Federal Advisory Committee on Civil Procedure is evaluating a series of 'e-discovery' rules that will change the way litigation handles electronically stored information for the federal courts. Included in this is proposed Fed. R. Civ. P. 37 which would exempt parties from sanctions for electronic evidence destroyed in a 'routine operation of the party's electronic information system.' Microsoft and other technology heavy-hitters have strongly backed this safe harbor because it judicially validates electronic document retention policies (perhaps the most effective Orwellian misnomer for outright document destruction). If you thought it was hard to get incriminating documents from the tech industry now, think about what this rule will do to a plaintiff's chances. You can get the proposed rule here (when their site works) and read what Microsoft and Intel have to say about it here. You can also read my law school thesis on the topic (still only in draft)."
This discussion has been archived. No new comments can be posted.

Proposed Federal Rules On E-Document Destruction More

Proposed Federal Rules On E-Document Destruction

Comments Filter:

  • Simple! (Score:4, Funny)

    by sandstorming ( 850026 ) <<moc.gnimrotsdnas> <ta> <eesnhoj>> on Monday April 04, 2005 @08:31AM (#12132562)
    Destroying E Documents for dummies... Place on Hard Drive Give Hard Drive to 3 year olds with knives Tell then there is candy inside.

    • Re:Simple! (Score:5, Funny)

      by deutschemonte ( 764566 ) <lane.montgomery @ g mail.com> on Monday April 04, 2005 @08:34AM (#12132580) Homepage
      Or...
      Install Windows, place on hard drive, give an open internet connection three days to install candy inside.
    • No, there's an easier way.

      Give machine to any typical clueless user. Tell them to go on the Internet without protection (just IE, no firewall, et cetera). Watch the fun begin.
    • ...or buy one of those Fujitsu or deathstar hard drives from a while back... that should easily define your data retention policy.

      Click-of-death zip disks work well too.

      • Re:Simple! (Score:1, Funny)

        by Anonymous Coward
        I have one of the death star disks. It has gone click-click-click quite a few times now. The first time, I was about to throw out the disk, when I read somewhere that the disc is made to withstand 90 G (that's a lot).

        Well, it was already defective, can't hurt to try... WHACK... I slammed it down from about 4 inch / 10 cm above the table. Not dropped, but with my hand accelerating the drive towards the table.

        Now the drive works fine. I don't use it for anything critical, because I don't trust it, and who k
    • Or, if you're the UK Government, tell staff to delete email more than three months old [theregister.co.uk] .
    • Defrag it. [datadocktorn.nu] Works every time :)
    • If you thought it was hard to get incriminating documents from the tech industry now, think about what this rule will do to a plaintiff's chances.

      Keep in mind that this works both ways. Websites that want to protect user data from subpoenas could have a very limited document retention policy that allows them to delete logs daily and not get in trouble. Of course they should document this policy in the event of a subpoena.
  • It gives you an excuse to tell people to delete their mess of shit that is all over your server. Be it mail inbox with dozens of 10mb DOC files or their home directory that is constantly pushing quota.
  • This sounds a lot like regular document destruction rules.
    • Exactly what's the big fucking deal. If you're a software comany, or hell any company now days you've got gigs upon gigs of data and backups. If you had to save it for X number of years it could easily become a burden. For example, one of my companies stores patient related data subject to HIPAA laws. If I have to store the data for 10 years who knows how much space that could end up taking, not to mention the greater likelihood of something getting lost in the shuffle.

      As long as a company has a policy abo
      • Every health care provider in the country is worried about this...not because they want to hide stuff, but because it is a huge burden on SANs and tape robots, especially when we are talking about huge files that may be included in an Electronic Medical Record. Also it makes it nearly impossible to have a reasonable "system" lifecycle because a provider cannot simply "retire" a system. Providers often have to go to outrageous lengths to migrate old data in old formats to old data in new formats. Since HIP

  • document rentention policies (Score:5, Insightful)

    by alatesystems ( 51331 ) <chris AT chrisbenard DOT net> on Monday April 04, 2005 @08:35AM (#12132584) Homepage Journal
    We already have electronic document retention policies, and we do get rid of things on a regular basis. I don't really understand what this rule would be for, except to validate practices already in place at almost every major company.

    The submitter makes it sound like it's horrible for the plaintiff, but would we really want to live in a world where we have to keep every single file forever? I think not.
    • Maybe if we all got subsidized hard drives? How does 200Gb HD for $20 sound?
      Think of all the lawsuits that would result ;-)

    • Re:document rentention policies (Score:5, Interesting)

      by natrius ( 642724 ) * <niran&niran,org> on Monday April 04, 2005 @08:46AM (#12132650) Homepage
      The submitter makes it sound like it's horrible for the plaintiff, but would we really want to live in a world where we have to keep every single file forever? I think not.

      Do we really want to live in a world where there is no such thing as electronic evidence, since anyone can just say, "oops, it got deleted in the routine operations of my business... last night." I think not. See Burst v. Microsoft.
      • burst got $60 MM. What's your point?

        What this says is that if a firm has a document retention policy for carrying some documents three years, some five, some seven, etc., it's likely to be legitimized and companies don't need to spend inordinate amounts of money keeping, say, automated notices forever. This says nothing to the effect that companies can't be punished for poor document retention policies, such as one in which executive communications are deleted monthly.
        • burst got $60 MM. What's your point?

          The point is that Microsoft claimed they didn't keep the files and messages for the Burst case (a strange 18-month "black hole" in their email records) after claiming in another case that they kept everything. This self-incrimination is the only thing that managed to help Burst.

      • Re:document rentention policies (Score:4, Insightful)

        by Spad ( 470073 ) <slashdot.spad@co@uk> on Monday April 04, 2005 @10:07AM (#12133340) Homepage
        As it stands, there's nothing to stop a company from doing exeactly the same with paper documentation; "Oops, it got shredded in the routine operations of my business...last night".
      • Do we really want to live in a world where there is no such thing as electronic evidence, since anyone can just say, "oops, it got deleted in the routine operations of my business... last night." I think not. See Burst v. Microsoft.

        Sure they can say that, but will the courts believe them? Judges are not all stupid.
      • Corporations absolutely hate the Sarbanes-Oxley
        law, particularly those portions that require
        them to retain electronic evidence that can be
        used against them later. Between MSFT's legal
        shennanigans in their lawsuit with Burst, this
        new regulation, as well as the new DRM initiatives
        from MSFT (Palladium & patented XML), corporations
        (and their legislative stooges) will effectively
        have eliminated this threat to their malfeasance.
        A whistleblower cannot "blow the whistle" if he
        or she will not have the capabilit

    • Re:document rentention policies (Score:5, Interesting)

      by corporatemutantninja ( 533295 ) on Monday April 04, 2005 @09:02AM (#12132752)
      Actually, I do see a change. And this applies to rules about paper, email, and now IM retention as well.

      All that currently happens is that companies avoid putting anything potentially incriminating in writing. "Call me about this," the email says. So companies spend huge amounts of money ensuring "compliance" with retention laws, plus they are unable to get all the efficiency out of communications technologies that are possible because they still end up having the important conversations in person, and we still can't prove anything in court. What's next? Require companies to record and save all phone calls? The ultimate step will be when we don't allow people to have off-record conversations:

      CEO: "What do you think, Phil?"
      CFO: "I don't think the [FLUUUUUUUSSSSSHHHHH] shareholders will suspect a [ZIIIIP!] thing."

      Retention requirements are a huge ball-and-chain for companies without fully addressing the problem they are intended to solve.

      • Guess what?

        Voicemail is discoverable. And because of the way it's stored, it's an "electronic document" within most definitions.

        Saner preservation plans/orders are specifying that voicemail need not be preserved. Less sane plaintiffs are trying to force people to save (and review and produce) voicemails. And yes, it costs a heck of a lot of money to do.
    • would we really want to live in a world where we have to keep every single file forever?

      I already do, more or less. I have email dating back a decade, and archived backups and as many things as possible kept under CVS to give acess to old versions.

      So far as I can see, given the current cost of storage, keeping things is all win. The only reason that wouldn't be so would be if someone knows they have something to hide.

      • Thats fine for one person, but when we talk huge companies this keeping everything is a huge problem and storage that big isn't that cheap. Yes, some industries have requirements (Drug Testing), but keeping every e-mail by every employee is a nightmare.

        Also, is a POP3 equipped mail server that deletes mail off the main server even legal?

        • Thats fine for one person, but when we talk huge companies this keeping everything is a huge problem and storage that big isn't that cheap.

          But, surely, it simply scales linearly. One person doesn't create exponentially more data just because they work in a company with 10,000 others rather than 10. They still only have 10 fingers and the same typing speed.

          The cost of storage for the email and report etc. output of one person for a year is trivial compared to their sallary, tax, benefits, providing them

          • Sorry, but you simply don't know what you are talking about. In a little system, you can keep things forever, no problem. But in massive systems, it really isn't the space that is a problem, it is the bandwidth. Moving 600 terebytes of data around all of the time becomes impractial at today's data rates. What is one to do, keep everything spinning? Put it to tape? Go nearline? Think about it. Little mail servers are one thing, but the computers that really run things, like RS/6000's, Suns, and Mainfram
            • Moving 600 terebytes of data around all of the time becomes impractial at today's data rates.

              Well, as the doctor in the joke says, don't do that then. The issue was retention, not copying everything across your network every night. Leave it where it is. Don't even need to back it up, if it gets eliminated by a disk crash after 5 years, ho-hum, no one gets put in jail when their paper records are destroyed by fire, unless they are holding the match.

              In any case, by definition you are already shipping all

              • Except: What are you going to do with the new data that is created? Move the old stuff? Buy new stuff to hold the new stuff? This is what people aren't understanding. When you have a *SHITLOAD* of data, both being created and being retained, things start to change significantly. At some point, you must choose to destroy it and have a rock solid data retension policy on what it is you keep and what it is you destroy. Till now, there have been *no* standards on this and it was usually left up to corpora
                • When you have a *SHITLOAD* of data, both being created and being retained, things start to change significantly.

                  But when you have a shitload of data being created, you are clearly a big operation with a shitload of resources.

                  Aren't we talking about the same volume of data per day as would be added to the backups? Tapping that off into an archive isn't going to involve a volume of data which isn't already being handled. So it comes down to cost of the actual archive storage, which is going to be cheaper

          • But, surely, it simply scales linearly.

            No, you gotta count the number of connections. Businesses have a lot more e-mail then your average person. Not to mention the automatic stuff sent by programs and systems. Throw in the attachments and other fun things and you get a nightmare. The cost isn't trivial and it adds to the administrative overhead. Adding a sudden need to do proper backup (and offsite storage) of what should be transient.

            I understand it for certain industries (I used to work in Clinic

      • You know, somebody needs to post the response to the "only the guilty have something to hide" argument on a webpage so we can just post a link when this fallacy rears its ugly head.

        Nothing personal against you Caley, but any type of intrusive laws such as what we're discussing here are the opposite of freedom, and need to be called out as such whenever they're seen.

        If you want to keep everything, that's your business. However, you should evaluate your motives. Keeping everything for the express pu
        • ``only the guilty have something to hide''

          If you read what I wrote, rather than what you would like to read to have a straw man to shoot at, you'll se I said nothing like that.

          What I said was, in paraphrase ``only the guilty are subject to a significant cost in keeping everything''. Nothing about hiding anything. There are indeed perfectly good reasons for hiding things, consider the story last week about the anarchist site whose brain-dead admin had his logs confiscated when half a brain cell would hav

    • some of us do, you insensitive clod! (Score:5, Informative)

      by RMH101 ( 636144 ) on Monday April 04, 2005 @09:52AM (#12133193)
      i work in big pharma, and for a lot of our systems we *do* have to do this. legally, we've got to keep data for clinical trials for *twenty five years* after the patentable lifetime of a drug. not only that, but we've got to figure out a way of archiving complete systems for that long. suffice to say, it's really, *really* expensive...
      • Uh, I think I'd like to see a reg quoted on that one. I'm not aware of any regulations that require holding any kind of data for 25+ years.

        Now, many companies do hold onto their data for that long and longer for a variety of business reasons, but they do not have to do so. Some reasons for voluntarily holding onto their data might be:

        1. The ability to use the data in R&D for other compounds.

        2. The ability to use the data as a basis for comparison for other compounds.

        3. The ability to use the da
        • sorry, but you're wrong. i do this for a living. the point is not that it's unlikely the data will ever be called on again, the point is that the FDA *could* ask for it and the potential cost to the business should that happen and you weren't able to present it is huge. the FDA is, almost literally, a law unto itself: you *have* to gain their confidence in your methods right down to being able to, for example, prove that during the original phase 1 trial where you tested a candidate drug that became one
          • I'm not sure I saw a reference in there.

            That computer systems need to be validated is a clear requirement of the Barr decision and 21CFR11 - no argument there. That they need to have audit trails is also reasonable based on Part 11 as well as comparable standards for paper-based data.

            All I really want to know is where the retention period is specified for this data. I won't claim to be an expert on the GCP side of the business, but there is certainly no requirement in the GMP side to hold data for decad
    • Get into finance industry IT -- the banks -- and there's a very clear code as to not just how long you need to keep the data (in Australia it's 7 years except for registry, which is 5 years) but also at what point you must destroy it.

      Incidentally the 7 year rule was because that's how long a 9-track tape reel was supposed to last before magnetic print-through would manifest on the old media. Anyone looking for an update on this, or will this be another business standard that lasts forever based on obsole

  • How long (Score:3, Interesting)

    by Invalid Character ( 788952 ) on Monday April 04, 2005 @08:38AM (#12132605) Journal
    If i understand this right then how much of a time buffer would one get before destroying data is considered "destroying evidence"?
    What if your regular clean up procedures begin just after you've gotten wind of a warrent or other legal issue?

    Im sure there are provisions and details about these situations ( IANAL and i dont speak legalese) Can anyone with more knowledge elaborate on exactly what this all means?

    • Re:How long (Score:3, Insightful)

      by ReggaeFire ( 683207 )
      As pointed out above, this is no different then the rules governing retention policies for paper documents. For records management people this is a basic function of their job. What this means is that you have a regular cycle (a document "lifecycle") where a document is no longer needed for business use, and it is legal to destroy it. You cannot simply invent a lifecycle and destroy at will once a discovery process has begun (this is what Enron did, and a big reason we now have Sarbanes-Oaxley), but if you

    • Re:How long (Score:1, Informative)

      by Anonymous Coward
      At least with paper documents if you get information about a warrant or other legal issue you are supposed to halt destruction until the issue is resolved. I don't see why electronic documents would be any different. Most (all?) electronic document retention (destruction) managment software has the capability to halt all destruction of data if a warrant or something comes up.

  • Sorry IBM (Score:2, Redundant)

    by FidelCatsro ( 861135 )
    SCO apear to have lost every bit of evidence you were looking for during some "routine mantience" work
  • ...for electronic evidence destroyed in a 'routine operation of the party's electronic information system.'

    What is a routine operation - how do you define this? I assume we're talking about scheduled backups but could this be a possible loophole or is it defined in some cunning way in the actual proposal?
    • Would it still count as routine if it was scheduled every day, but you could just postpone it if you were using the computer, like chkdsk at windows startup? If you don't postpone, it could be defined as routine because the schedule was in place before the request for documents. It would only be lack of user action to save the documents that leads to their destruction. Legally, this could be a very different case, though practically it is identical.

  • I agree with this legislation (Score:5, Interesting)

    by Anonymous Coward on Monday April 04, 2005 @08:43AM (#12132627)
    Broadly, my company "EvilCorp" has a document retention policy, that simply states

    "Don't retain anything incriminating".

    I'm glad to see, government is catching up, with trends set by industry leaders like myself !!

    God Bless America.
    God Bless Corporate Malfesence.
    Death to document retaining, Commie Linux Users!

    Also, it's worth noting.

    We've always been at war, with East Asia !

    [Seriously folks]

    Am I the only one who thinks that government should be requiring companies to move the *other* way?

    Ie, retain, *everything*... absolutely *everything*, why should email/*doc* be an acceptable domain, where, one can simply erase data under dubious circumstances ?

    Because corporation (x) wants it that way ?

    [Aside]

    Corporations are too powerful now.
    Increasingly, law is coming to reflect the interests of Corporations, instead of the interests of countries citizens.

    It's not so absurd to suggest, that.. eventually, the little guy will revolt.

    Think the French revolution, think the American revolution...

    Eventually, when the little guy gets done taking enough crap from those on top... the little guy gives the other the boot.

    In this light, Bill Gates is the King of France.

    "Let them eat Patent-Cake".. etc.
    • Ie, retain, *everything*... absolutely *everything*, why should email/*doc* be an acceptable domain, where, one can simply erase data under dubious circumstances ?

      *Everything* is a lot. Do you want every revision of your swap file to be backed up?

      On the other hand, every email you send does seem like a reasonable requirement. But what if your email contains a URL. Should you be required to back up that version of the web page?
      • But what if your email contains a URL. Should you be required to back up that version of the web page?

        No, silly person.

        That's why we have Google.

      • If your email contains a URL, and the URL is a link to a website on a server outside of your possession, custody or control, then of course you're not going to have a duty to preserve the web page.

        If it's YOUR OWN web server, though, it's a different analysis.

        Also, if you have cached a copy of the web page (say in your individual browser cache, or if your company has a caching proxy server), there is arguably a duty to preserve that cached copy.

        Oops, you overwrote your cache through routine web browsing?
        • Also, if you have cached a copy of the web page (say in your individual browser cache, or if your company has a caching proxy server), there is arguably a duty to preserve that cached copy.

          This doesn't sound very practical to me. The people who know what's in the cache won't know which items in it are mentioned in email messages like this one: "Hey, you see what Enron did in that story on news.com.com today? We did the same thing!" So should they back up everything in the whole cache?
    • "Am I the only one who thinks that government should be requiring companies to move the *other* way?"

      Um, have you ever heard of a little piece of legislation called Sarbanes-Oxley? Yeah, you might want to check that out before you start assuming you're on a one-man crusade. Corporate ecords retention requirements have only increased over the past 10 years.

      "Ie, retain, *everything*... absolutely *everything*, why should email/*doc* be an acceptable domain, where, one can simply erase data under dubious c

      • Re:I agree with this legislation (Score:1, Insightful)

        by Anonymous Coward
        Oh noes, anticorporate ranting!

        Maybe if corporations would climb out of the gutter for a few years, people would stop ranting about things like this, but no, Enron, Worldcom, KBR... and these are just the recent ones, its not like corporate scum is a new invention. It just never stops, does it? An endless cycle of greed and taking advantage of everyone within arm's reach for the almighty holy dollar.

        Maybe if apologists like you would shut up and think about the image corporations have for about 3 second
        • And the alternative is... what? Government provision of goods/services, i.e. socialism (government ownership of all economic output, i.e., 100% taxation)?

          And don't governments fail to "pretend to be good, they flagrantly disobey laws and get away with it" too? They do, and in part for that reason, socialism failed; the Berlin Wall fell, Soviet Russia collapsed, and every significant genuinely-socialist nation (former Soviet Russia, China, India, Vietnam, Nazi Germany) is no longer fully-socialist, havin
        • Okay, I've read my share of Milton Friedman and Hayek and Mises and all that, and I won't argue the damn philosophy or economics like the other reply poster. I WILL, however, point out a couple of things for your edification that are pretty simple facts:

          1) There are tens of thousands of incorporated companies in the USA. If you include sole-proprietor LLCs, which share certain liability features of corporations but not the management structre (they're essentially traditional small business with a liabili
    • Don't you have a World Bank protest to get to? ;P

  • Thesis (Score:3, Funny)

    by Cruithne ( 658153 ) on Monday April 04, 2005 @08:45AM (#12132643)
    There's a good idea.

    1. Post unfinished thesis on slashdot for us to review
    2. Incorporate feedback from users who read it
    3. Profit!!!

    Only problem is.... I dont think anyone is going to want to read it, especially not on a monday morning :D

  • Excellent (Score:3, Insightful)

    by Anonymous Coward on Monday April 04, 2005 @08:48AM (#12132666)
    Every cloud has a silver lining [slashdot.org].
  • use encrypted volumes... when the feds come knocking forget the passwords... there's no law against being stupid... and if there was, i wouldn't know... i'm stupid!

  • routine, huh? (Score:5, Funny)

    by sugapablo ( 600023 ) on Monday April 04, 2005 @08:51AM (#12132687) Homepage
    "...which would exempt parties from sanctions for electronic evidence destroyed in a 'routine operation of the party's electronic information system.'"

    So I suppose the following is perfectly acceptable:

    30 0 * * * rm -rf /var/log/incriminating/*

  • i see nothing wrong with this proposed rule (Score:5, Insightful)

    by awb131 ( 159522 ) on Monday April 04, 2005 @08:56AM (#12132712)
    For instance, under HIPAA and other state insurance regulatory laws, my company is required to maintain all documentation related to a customer file for 7 years. Right now this constitutes about 2 million pieces of paper weighing approximately 14 tons and taking up about 1500 square feet of floor space in my office for filing cabinets. We go through things once a year and toss anything that's older than 7 years.

    When we move to an electronic imaging system, everything will probably fit on to a couple of high-capacity disks. In 7 years, the cost of that amount of storage is probably going to be negligible, so there's no technical reason we couldn't keep things forever. But I'm still going to configure the document management system to toss anything older than 7 years. Why? Because 7 year old information is not useful. The only reason it's there is because of state/federal rules of evidence that require me to keep it around. It's only useful to someone who's suing me, and when those 7 years are up I'm glad to get rid of it.

    One of the things that keeps people from modernizing their filing systems is the fear of losing this "protection," of being able to throw away old information. There's a fear that if you go electronic, it's always going to be "out there" somewhere and potentially a legal threat to you, even if you've done nothing (intentionally) wrong.

    I for one support this rule. And if it seems like a good idea for our small company, imagine how it would seem if you're, say, Citibank.

    This rule is obviously not designed to support policies of "oh, we're getting sued, so I'm going to throw out this particular subset of information related to the lawsuit and try to claim it's a standard practice," because any attorney worth the price of his suit would get me thrown in jail for destroying evidence.

    • 7 Years vs 45 Days (Score:1, Interesting)

      by Anonymous Coward
      I've done some work with a software company where document retention rules are set and enforced by lawyers. They have two jobs: 1) Making sure that the company does not lose any suits; 2) Repeatedly informing the employees that the document retention period is 45 days -- get caught keeping anything more than 45 days without a good reason and you are out of there. The desks have a few drawers, but they don't have filing cabinets for paper documents. The code being maintained is over 100k lines of uncommen
    • Part of the reason it's easy is that you have a set area where you put all your patient information, and that's the only thing you put there.

      Reading some of the actuall testamony put out there, some good points show up. If a company can say "you have automated backup tapes from 2000, and one one of them you may have *whatever* piece of information, so I want it." You have no idea which tape it may be on, so you go through your massive pile trying to find it. If you're a small, but data intense, company
      • Our bank doesn't even use tape anymore. We just buy another whacking great cheap storage array when we need one. We've done the sums, and tape is gone. Yes, we do buy a lot of bandwidth. Yes, we are heavy into compliance and massively parallel remote storage. Look at MAID storage (massive arrays of inactive disks) and EMC's Centara -- if you add up every cost, right down the the little rubber feet, it's cheaper to keep it on disk. YMMV, but when you have to archive each and every transaction and provid

  • Establish retention/destruction policies first... (Score:3, Interesting)

    by sczimme ( 603413 ) on Monday April 04, 2005 @09:02AM (#12132750)

    [IANAL but have researched this issue to some extent. No statements I make should be construed as legal advice.]

    Organizations should establish data retention and destruction policies and follow them consistently.

    Suppose an organization has a policy that states that a) all email older than N days will be purged from the server and b) all email must remain on the server (i.e. no local storage of messages). Another party initiates legal action based on an email sent on $DATE and the discovery process begins. If the order comes through on the (N+1) day for the organization to produce its email, the organization will be in the clear because it followed its own already-established policy. However, if the order comes in on the (N-1) day and the organization purges older email early, it [the org.] will be in hot water.

    However, the organization must be sure that it includes all sources of this information. Does the site backup/restore policy parallel the 90-day destruction rule? Many sites pull a set of tapes/media from the rotation once a month or so and put it aside for archival purposes. If the site policy is to destroy email but the backup tapes are available...

    IIRC this was a serious mistake on the parts of Enron and Arthur Andersen: they had no such destruction policies in place and began deleting sensitive items only after they knew proceedings were about to begin.

  • Too Much STUFF! (Score:5, Insightful)

    by Hasai ( 131313 ) on Monday April 04, 2005 @09:02AM (#12132751)
    Y'know, judging from the submitter's slant on this, I would guess he's never had to maintain multi-gigabyte document repositories bursting at the seams with obsolete documents. Nor, I suspect, had to restore and rebuild five years worth of old email databases just to satisfy some little ambulance-chaser's fishing expedition.

    Bah.
    • Y'know, judging from the submitter's slant on this, I would guess he's never had to maintain multi-gigabyte document repositories bursting at the seams with obsolete documents. Nor, I suspect, had to restore and rebuild five years worth of old email databases just to satisfy some little ambulance-chaser's fishing expedition.

      "Multi-gigabyte" sounds like a lot, but it's only a couple of DVDs.

      Instead of deleting, you could just as easily back it up and file the DVD, hard disk, or whatever. Should be able to

      • Let's see here, we've got ~3TB of data that we back up weekly, and differentials during the week. So that's going to be 654 DVDs to burn and archive each week. At 16x speeds it will take about 71 hours just to burn. And then there are a lot of documents that get created and deleted durring the week so they never make it to our full backups, and even stuff that doesn't make it to backups because the documents don't even last a day! I know, you want us to put key loggers on everyone's computers and archive th
        • Let's see here, we've got ~3TB of data that we back up weekly, and differentials during the week. So that's going to be 654 DVDs to burn and archive each week.

          You're not creating 3 TB of data a week. (Not of email, anyway.) As I said, archive what you'd delete. I know, you want us to put key loggers on everyone's computers and archive those forever.

          Calm down.

          we have mailboxes in excess of 13GB, and that's just the stuff they wanted to keep!

          How long did it take them to accumulate this? I didn't say

        • I've got to ask - how do you run your mailbox up to 16GB worth of stuff? I mean, combining all the emails I've EVER received, including spam (which really ought to be deleted PDQ and no archiving necessary), I've maybe used a few gigs. Are your employees receiving 30MB attachments with most e-mails or something?
      • I wish I had backed up my old e-mails. Every now and then (many many many years ago) I had to go through and delete old crap because of hotmail's crummy 2MB limit.

        Yea I know, I should have done xyz. But I've lost soooo many CD's, floppy disks, zip disks, jazz disks... the occassional dead hard drive, and then there were those two times I accidentally deleted the wrong partition. Oh how I cried. (admit it, you've been there too)

        Anyway, back ontopic: Do you realize just how much volume a cubic meter is?
        ~187,5

  • Industries that have governing bodies already have policies. I know the insurance industry is required to store documents (electronic, microfiche, microfilm, paper, etc) for the amount of time each state insurance department requires. Do we really need more government regulation or maybe just some clarification for certain industries and types of documents? How long do we have to keep everyone's e-mail attachment of the dancing baby?

  • Submitter has no idea what he's talking about (Score:4, Insightful)

    by jizmonkey ( 594430 ) on Monday April 04, 2005 @09:19AM (#12132891)
    Clearly this "law student" has never worked at a firm involved in litigation. He's going to need a lot of luck getting that paper published.

    Abuse of American electronic discovery rules is getting worse every year. Defragment your disk? That's a sanction. Copy files from an old computer to a new one? That's a sanction.

    Seriously, the legal rules need to realize that asking for documents not normally accessible is extremely expensive and opens up possibilities for extortion. ("Looks like it will cost you three million dollars to restore and examine these tapes... Why don't we just settle the case for two?") Everything the Microsoft attorney said is true.

    The judges know this, the attorneys know this, the companies know this. The submitter needs to get out in the real world and get his head out of his ass. There's not even an ideological basis for thinking the way he does. It's not like poor people benefit from these rules (who Democrats like to protect) or self-made rich people (who Republicans like to protect).

    • Actually I've worked for over a year at a corporate litigation firm. We do corporate defense and I don't really think documents should be saved forever. I just think it's interesting.

  • Notice from Legal (Score:5, Funny)

    by ajp ( 192328 ) on Monday April 04, 2005 @09:29AM (#12132977)
    Please save every business-related e-mail you receive. And you shouldn't be using work e-mail for personal purposes so please save every e-mail you receive. Thank you.

    Inbox: 41559 messages (41551 read, 8 unread)
    Saved-messages: 4154854884569842455 messages
    You are usuing 12090% of storage capacity.

  • Discovery in federal suits (Score:1, Insightful)

    by Anonymous Coward
    In a real federal-jurisdiction case, when you're into discovery you can't just say "give me everything you have" and mean it to include every file on every computer system in your organization, everywhere. First, they can't practically give that to you. Secondly, you can't practically use it. Even just the paper documents can be overwhelming in a complex case.

    This rule change simply means that: if a party in a lawsuit doesn't disclose something electronic, because it was erased, because that's normally ho

  • The idea that one must keep email forever, to make it easier to later be sued, is horrible. The burden of proof (and cost, if applicable) should be borne by the plaintiff. We should not enslave the people to the American Bar Association. It should be the other way around.
    • We should not enslave the people to the American Bar Association.

      These aren't people, they're corporations. And if they expect to continue being corporations, they'll abide by the minimum civil standards imposed by the nation-state that recognizes them as such.

  • If their Digital Restrictions Management server becomes a standard and recognized platform for legally circumventing discovery of incriminating electronic documents, sales of the Office platform among the future Worldcoms and Enrons of this world will explode.
  • Just what are "routine operations of an EIS?" The only one I can think of is recovery and reuse of deleted diskspace. Even the cycling of backup tapes should stop once there is a Documents Preservation Order.

    Deleteing anything under human control (rather than as part of an automated sweep) is obviously not routine and sanctionable. Said sanctions to increase to the level of criminal with Sarbannes-Oxley. I fully expect SOx prosecutions from civil discovery. Who else is going to look?

  • I think some of this discussion is lacking in context.

    First, if you destroy evidence after the lawsuit gets filed (or when you enter the grey zone of when you "reasonably anticipate litigation"), you have just committed spoliation of evidence. While this makes intuitive sense - the rule prohibits a defendant from having a "shredding party" the day after a lawsuit gets filed - it becomes problematic as definitions of what constitutes "evidence" expand.

    Active emails? Check. Files on network servers? Check.

    Backup tapes from last night's cycle? OOPS. Yes, several court decisions /orders have taken parties to task for failing to suspend routine overwriting of backup tapes. Taken to the extreme, this means that once you get sued, you can't overwrite any of your backup tapes.

    Updating databases that might result in some data (i.e., last accessed, last modified) being modified? Uhoh, better take a snapshot of that database.

    Are your server logs at issue? Uhoh, better suspend rotation of your server logs.

    Hey, when you TURN ON your desktop, aren't you overwriting some cache space and slack space, that might make recovery of deleted files impossible? Guess what? If the other side wants to do a forensic examination of your machines, you can't even continue using them without taking a bit-by-bit image.

    And by the way -- if you miss any bit of this data, you get sanctioned. Monetary sanctions, or an adverse inference ("we don't know what was on that tape that was destroyed, but you can ASSUME it was bad!"), or even a default judgment. Yes, electronic discovery can turn into a game of "gotcha".

    Think how expensive this is for a small shop with just a handful of machines. And then think what's involved for a nationwide company with, say, 80 far-flung locations and company databases.

    See the problem?

    The "safe harbor" to Rule 37 says that you don't sanctioned for failure to preserve information lost from ROUTINE operation of a system UNLESS THE LOSS WAS INTENTIONAL OR RECKLESS. The "reckless" hole is very large, admittedly. But the rule attempts to bring some sanity to some of the broad-reaching data preservation games being played today.

    Also, note that a court can order a party to take steps above and beyond what the proposed Rule 37 requires.

  • I am from tech industry (Score:3, Interesting)

    by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Monday April 04, 2005 @11:10AM (#12133943) Homepage Journal
    And I'm damn glad, it will become harder for litigious bastards to blackmail me into giving them access to my data...
  • (IANAL, but I spent a few years writing software for a legal company.)

    Found in the Microsoft testimony:

    "One of the better comments I think that was submitted to you was from somebody who does a lot of employment class action litigation. And she expressed that very concern. She also cited a few statutes, like Title 7 and maybe the Wage and Hours Act in the employment area, that very specifically tell companies what they must keep and what they must not.
    And I bet those statutes also provide penalties if the
  • ...and you can delete any electronic copies that may have been made as well.

    A quick review for those not familar with "trusted" computing. The hardware uses digital signatures to enforce running an approved BIOS only, which in turn enforces running an approved OS, which in turn will only run approved applications. Documents are encrypted, and the approved applications can phone home to determine whether you are allowed to read a document. If the document is on a delete list, it is immediately erased. Microsoft Media Player already implements this system - except for the hardware enforcement. Microsoft Office is next. Evil Media companies, and Microsoft, want to make the hardware enforcement required by law on all computing devices.

    In the not too distant future, having obtained a copy of an incriminating document, you could keep it stored on a banned Linux system running on illegal hacked hardware, and given Microsoft's expertise with security, probably crack the encryption in a reasonable amount of time due to some stupid design flaw (e.g. random seed for session key is derived from Document time stamp). However, the resulting evidence would not be admissable in court. So stock up on tin foil hats.

Slashdot Top Deals

Math is like love -- a simple idea but it can get complicated. -- R. Drabek

Close