Forgot your password?
typodupeerror
Businesses Privacy Communications Government The Courts Your Rights Online News

New Email Rules Effective Friday 193

Posted by Zonk
from the kiss-your-conversations-goodbye dept.
An anonymous reader writes "As of today [Friday], certain U.S. companies will need to keep track of all the e-mails, instant messages and other electronic documents generated by their employees, in accordance with new federal rules. In April the Supreme Court began requiring companies and other entities involved in federal litigation to produce 'electronically stored information' as part of the discovery process of a trial." From the article: "Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing the equivalent of 'virtual shredding,' said Alvin F. Lindsay, a partner at Hogan & Hartson LLP and expert on technology and litigation. 'There are hundreds of "e-discovery vendors" and these businesses raked in approximately $1.6 billion in 2006, [James Wright, director of electronic discovery at Halliburton Co.] said. .'"
This discussion has been archived. No new comments can be posted.

New Email Rules Effective Friday

Comments Filter:
  • by hsmith (818216) on Friday December 01, 2006 @10:59AM (#17065258)
    Is congress and the white house. Much like congress is exempt from the Sarbanes/Oxley Act.

    Want to see the biggest crooks and ones fudging the numbers, look at congress. Enron couldn't come close. They all would have been locked up years ago if they had to abide by the laws they pass.
  • Post office (Score:2, Insightful)

    by otacon (445694) on Friday December 01, 2006 @11:02AM (#17065312)
    That would be like making the post office open every letter then copy and store them...I guess it's not EXACTLY the same thing because it's all digital, but it's still illogical, and a waste of resources.
  • by precogpunk (448371) on Friday December 01, 2006 @11:08AM (#17065412) Journal
    While I'm in favor of measures to curb white collar crime these requirements seems to do more harm that good by encouraging companies to take business elsewhere.
  • Re:Post office (Score:3, Insightful)

    by Mr. Underbridge (666784) on Friday December 01, 2006 @11:08AM (#17065422)

    That would be like making the post office open every letter then copy and store them...I guess it's not EXACTLY the same thing because it's all digital, but it's still illogical, and a waste of resources.

    No, it's more like saying you have to permanantly store every piece of paper you ever write on. Every memo, every piece of scrap paper. It gets ridiculous eventually.

  • by Doc Ruby (173196) on Friday December 01, 2006 @11:10AM (#17065464) Homepage Journal
    Practically everyone can scramble our email, like with "Pretty Good Privacy" (PGP) [wikipedia.org]. If many of us do it, they might be able to crack it or force our password after due legal process, but private parties won't be able to snoop through all of us on any possible budgets.

    Your government can probably crack any nonsymmetric crypto (with help from the US), but might not have the resources to crack everyone's all the time. You can try a tinfoil hat, YMMV.

    The real problem is webmail, which can't use any installed crypto on either end (with possible rare exceptions, but the rarity and/or nonintegration makes them useless at only one end of the comms).

    If GMail let me upload a PGP applet I signed myself (which I could validate in the pages when I hit them), which they embedded into their pages in Javascript the public could audit for holes, they might actually become by far the best email system for the masses. And win the webmail wars. And really piss off the government(s) that have been trying to pry into their transactions for years.
  • by Silver Sloth (770927) on Friday December 01, 2006 @11:16AM (#17065566)
    Techie:- We need to keep more backups of our e-mail database
    Bean Counter:- How much do the tapes cost
    Techie:- Lots - we need at least one DLT per backup
    Bean Counter:- We can't afford it.
    Techie:- We have to afford it
    Bean Counter:- Just leave the requisition in my intray


    Months Pass

    Bean Counter:- The courts are on to us. Where are the e-mail backups for the 1st December 2006
    Techie:- I had to overwrite them so as to keep a reasonabley current backup
    Judge:- Techie, you shredded evidence - now you're for it
  • invest in storage (Score:3, Insightful)

    by jwegy (775655) on Friday December 01, 2006 @11:17AM (#17065574)
    Now would be a good time to invest in companies that make storages devices
  • by Beetle B. (516615) <beetle_b AT email DOT com> on Friday December 01, 2006 @11:21AM (#17065626)
    If GMail let me upload a PGP applet I signed myself (which I could validate in the pages when I hit them), which they embedded into their pages in Javascript the public could audit for holes, they might actually become by far the best email system for the masses.

    Don't ever use "PGP" and "the masses" in the same sentence. There's a reason people don't use it unless they really need to. It's the hassle of exchanging keys and building a trust database, and getting people to use it as it should.

    It's a very minor hassle for those who use it well, but getting the masses to follow protocol is next to impossible.
  • by Anonymous Coward on Friday December 01, 2006 @11:30AM (#17065764)
    I often wish for that too, but it's clearly a pipe dream. Google's sole interest in providing email services is to obtain access to messages themselves. They want to know what you're talking about so they can sell you crap--and they want to retain that information, so they can cross-reference it.

    Providing an easy interface for you to encrypt your email undermines that goal utterly. For it to be of any value to you, they won't ever have access to your keys or plaintext.

    So, it will never happen with Gmail.
  • Stupid thing! (Score:4, Insightful)

    by VincenzoRomano (881055) on Friday December 01, 2006 @11:31AM (#17065776) Homepage Journal
    So all the email traffic done in the US will be stored somewhere at least once, often twice (sender+reciever) and in some cases several times.
    And storing them is not enough: you'l need to browse them for searches!
    This is a very very smart move!
    And when litigations will go with browsed web pages, we'll need to store all the web we browse!

  • by Doc Ruby (173196) on Friday December 01, 2006 @11:54AM (#17066232) Homepage Journal
    Ah, but building demand by promoting the existing tool will encourage new developers to make it more useable.
  • Re:What's next? (Score:5, Insightful)

    by archen (447353) on Friday December 01, 2006 @12:08PM (#17066490)
    I'm an admin in a smaller company as you - shared hosted email. If you really want to play it safe, I would say make the responsibility of saving email the responsibility of each user.

    Really this is a bunch of crap anyway. What about companies that don't even CONTROL their employee's accounts and just expect them to use personal hotmail accounts. Catalog all instant messaging traffic? How about clients that might IM that are installed aside from what the company keeps track of. Yeah, let me just start logging ALL network traffic on that 20 trillion terabyte tape I rotate every day.

    Besides which how about tracking stuff that's encrypted? What if the messages are IMed through some http system? Now I have to do man in the middle attacks to sniff HTTP connections, then I have to store that information. Because we also do credit card transactions via HTTP I am storing credit card information this goes against Visa's policy for businesses allowd to do credit card transactions. I wouldn't be surprised if it were against the law either.

    The Supreme Court can say whatever they want, but I can't do what they're telling me, nor can I raise the dead like Jesus if they required that either. The law is irrelevant unless you PURPOSELY shred / delete documents - and that's against the law already during litigation.
  • by itlurksbeneath (952654) on Friday December 01, 2006 @12:12PM (#17066552) Journal

    I've actually had that conversation with the bean counters, but it went like this:

    Techie: We need $5,000 to buy another 100 DLT tapes to comply with this no-rewrite order.
    Bean Counter: Again! We don't have any money in the budget to buy any more tapes
    Techie: Ok, no problem. Send me an email and CC your boss and my boss and tell them that we can not comply to this federal ruling because we don't have any money in the budget.
    Bean Counter: Erm.. Uh.. Oh! Here's some money for tapes you can have.

    As long as the gun is pointing at them, they are very cooperative.

  • Re:What's next? (Score:3, Insightful)

    by kabocox (199019) on Friday December 01, 2006 @12:14PM (#17066612)
    This doesn't seem to impact my company, but at some point I fear regulators will start requiring more stringent data retention processes (among other IT tech processes). SOX has already hurt large companies, hopefully they don't start pushing some its fundamentals down to the little (non-public) folks.

    Plan for it. If the government doesn't do it, the larger companies that have to will start forcing the government to go after smaller to midsized companies that aren't following the rules that they have to. Why should you be exempt just because your company is smaller? I could see a new e-mail niche open up for those that host business class e-mail where its part of the cost of the business class e-mail accounts to store all e-mail for x number of years. I wouldn't be surprised if there were companies that offer that kinda of service.
  • Re:What's next? (Score:3, Insightful)

    by brouski (827510) on Friday December 01, 2006 @12:17PM (#17066658)
    If you really want to play it safe, I would say make the responsibility of saving email the responsibility of each user.

    And what part of that seems "safe" to you?

  • by KiahZero (610862) on Friday December 01, 2006 @02:53PM (#17069772)
    Which brings me to my next point..... ERASE YOUR EXPIRED TAPES!!!!!! This is how Morgan Stanley lost the 1.45 BILLION dollar case. During Discovery, it was found that the data that was needed to LOSE the case was on tapes that had expired data on them. Welllllll... guess what? It's still there, still viable, and cost them a shiteload of cash.

    Maybe avoiding tortious conduct might be a better idea?
  • Re:What's next? (Score:1, Insightful)

    by Anonymous Coward on Friday December 01, 2006 @03:50PM (#17070944)
    The Rules of Civil Procedure are designed to be construed liberally and allow the court to make whatever decisions it feels just. However, one thing the rules are strict on is that you have to turn over whatever information that you have available to you to the other party during discovery. So, with regard to documents, you have to turn over whatever documents the other party requests, and you can't shred them just before litigation (and you can't organize your documents in a way that would make things impossible to find). The purpose of these amended rules is that companies were arguing that it would cost too much for them to restore their back-ups (and then look through all of their back-ups) for the relevant information.

    The court has supposedly "solved" this problem by saying that whatever electronic information you normally do store (and most companies store their e-mail in some way) should be available to the other side in case of litigation. If it costs you thousands of dollars to restore your back-ups, come up with a better way of storing your information. But like I said, these rules are intentionally vague so it is going to take a bunch of district and circuit cases to look at these things on a case-by-case basis and more carefully delineate the rules. Courts have inherent authority to do whatever they want, as long as they are reasonably within the rules. We'll see what happens.

Save a little money each month and at the end of the year you'll be surprised at how little you have. -- Ernest Haskins

Working...