Forgot your password?
typodupeerror
Businesses Privacy Communications Government The Courts Your Rights Online News

New Email Rules Effective Friday 193

Posted by Zonk
from the kiss-your-conversations-goodbye dept.
An anonymous reader writes "As of today [Friday], certain U.S. companies will need to keep track of all the e-mails, instant messages and other electronic documents generated by their employees, in accordance with new federal rules. In April the Supreme Court began requiring companies and other entities involved in federal litigation to produce 'electronically stored information' as part of the discovery process of a trial." From the article: "Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing the equivalent of 'virtual shredding,' said Alvin F. Lindsay, a partner at Hogan & Hartson LLP and expert on technology and litigation. 'There are hundreds of "e-discovery vendors" and these businesses raked in approximately $1.6 billion in 2006, [James Wright, director of electronic discovery at Halliburton Co.] said. .'"
This discussion has been archived. No new comments can be posted.

New Email Rules Effective Friday

Comments Filter:
  • What's next? (Score:5, Informative)

    by Salvance (1014001) * on Friday December 01, 2006 @10:58AM (#17065254) Homepage Journal
    What happens for companies that don't host their own e-mail, particularly smaller companies?

    In order to save money, my company hosts our website and e-mail on a shared server. E-mails are downloaded via POP3 and immediately deleted from the server (each account can only hold 20MB online at one time). Most people then delete their e-mails after reading, so we have absolutely no way to retrieve this data.

    This doesn't seem to impact my company, but at some point I fear regulators will start requiring more stringent data retention processes (among other IT tech processes). SOX has already hurt large companies, hopefully they don't start pushing some its fundamentals down to the little (non-public) folks.
    • Even in the summary above it says "certain U.S. companies", not all U.S. companies.
    • Re:What's next? (Score:5, Informative)

      by MoralHazard (447833) on Friday December 01, 2006 @11:50AM (#17066156)
      companies that don't host their own e-mail, particularly smaller companies

      This is a no-brainer, right? If you're the kind of company that is subject to these retention rules, having a shared email server that immediately deletes DL'd messages, with no user policy
      at the local level, either, is illegal. You'd have to immediately move your email in-house and implement appropriate policies, or find a 3rd-party that can handle it, or some mixture.

      If you're not the kind of company that is subject to these rules, who the fuck cares?

      If you don't already know that your company is subject to these rules, and it turns out you do need to follow them, fire your in-house counsel because they're incompetent.
      • He said SMALL business. Most small businesses I know don't have in-house counsel. Hell, many are lucky if they have ANY counsel, even on retainer.

        Good suggestion, but way off base for small business.

        I have the same problem the GP mentioned and am not sure if this affects us or not. How would you know if you are "subject to federal lawsuits"? EEOC (discrimination) lawsuits would count as federal -- so do I need to address this or not? In theory, everyone is subject to federal suits so should eve
        • by sumdumass (711423)
          You need to have a plan in place. If your not subjected to the retention as of now, as soon as you become involved in a federal suit you will have to take the steps.

          FTA

          Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing "virtual shredding" once a lawsuit has been filed,

          It apears that once your informed of the suite, you cannot delete the stuff. Sadly, It will probably take a team of lawers to figure out to what extent you need to save

      • My company, which CERTAINLY comes under this, last week ordered everyone to pull all their emails prior to 12/1/06 off the servers. You know, we're, uhm, saving space. Yeah, that's the ticket.

        Hmmmmmmmmmmmmmmmmmmm...
      • by kalirion (728907)
        If you're the kind of company that is subject to these retention rules

        Which U.S. companies would not be subject to these retention rules? Those who know for a fact that they will never be involved in federal litigation?
      • by sumdumass (711423)
        But, if your not one of these companies now, then get involved with a federal lawsuite, you become one of these companies automagicly.

        So at minimum, it would be prudent to at least have an what if stratigy. It would suck to claim you didn't need to keep these things just to find out every user who deleted thier junkmail for the day is now guilty of destroying evidence because your company was sued in federal court this moring.
    • Re:What's next? (Score:5, Insightful)

      by archen (447353) on Friday December 01, 2006 @12:08PM (#17066490)
      I'm an admin in a smaller company as you - shared hosted email. If you really want to play it safe, I would say make the responsibility of saving email the responsibility of each user.

      Really this is a bunch of crap anyway. What about companies that don't even CONTROL their employee's accounts and just expect them to use personal hotmail accounts. Catalog all instant messaging traffic? How about clients that might IM that are installed aside from what the company keeps track of. Yeah, let me just start logging ALL network traffic on that 20 trillion terabyte tape I rotate every day.

      Besides which how about tracking stuff that's encrypted? What if the messages are IMed through some http system? Now I have to do man in the middle attacks to sniff HTTP connections, then I have to store that information. Because we also do credit card transactions via HTTP I am storing credit card information this goes against Visa's policy for businesses allowd to do credit card transactions. I wouldn't be surprised if it were against the law either.

      The Supreme Court can say whatever they want, but I can't do what they're telling me, nor can I raise the dead like Jesus if they required that either. The law is irrelevant unless you PURPOSELY shred / delete documents - and that's against the law already during litigation.
      • Re: (Score:3, Insightful)

        by brouski (827510)
        If you really want to play it safe, I would say make the responsibility of saving email the responsibility of each user.

        And what part of that seems "safe" to you?

      • Re:What's next? (Score:4, Interesting)

        by Vellmont (569020) on Friday December 01, 2006 @01:38PM (#17068388)

        I'm an admin in a smaller company as you - shared hosted email. If you really want to play it safe, I would say make the responsibility of saving email the responsibility of each user.

        It's a good thing you're an admin, and not head of the company. Here's how your scenario might play out it court:

        Judge: Email 1 is a reply to email 0, but I don't see email 0. These are all emails to Dwayne. Dwayne, what happened to email 0?

        Dwayne: Umm.. I guess I must have deleted it by mistake. I do that all the time. I know we're not supposed to delete email, but this email thing is complicated and I must have hit the wrong button or something.

        Judge: Ok, but companies keep backup tapes these days. What happened to them?

        Archen: Oh I just decided to leave all that stuff up to the users. I couldn't be bothered with buying more tapes and modifying my backup schedule. The backup tapes get over-written every week, and that email was from 3 weeks ago.

        Judge: I see. Well you've obviously in violation of the ruling. I can't hold Dwayne here responsible since these systems are complicated, and data retention should be handled by someone specially trained. But since you made the decision, I'm holding the entire company responsible and fining you 1 million dollars. I'm also recommending to the federal prosecutor you be charged with obstruction of justice Mr. Archen. Destruction of data also won't help the case against you.
        • Re: (Score:2, Informative)

          by sBox (512691)
          If you are in the group required to do this, I'd print out and retain that message from the boys upstairs saying 'we can't afford this solution' or 'it doesn't apply to us.' I can just imagine someone saying, 'I thought we were doing this?' and the company being sanctioned. CYA never hurts, and the blank spot on your resume will be telling to your next boss.
          • by Vellmont (569020)

            I'd print out and retain that message from the boys upstairs saying 'we can't afford this solution' or 'it doesn't apply to us.'

            Oh absolutely. Print out that email, and send it to yourself registered mail. Then don't open it and keep it in your safe. It could quite literally be a "get out of jail free" card. My only point is an admin deciding that users should be in charge of retaining data is just foolish, short sighted, and could lead to a nice firing or worse.
    • Re: (Score:3, Interesting)

      by darkmeridian (119044)
      The rules only require companies to maintain their normal course of business. The exception is if a company realizes it is going to be sued, or the target of a government investigation. Under those circumstances, the company has to enter into a hold and stop destroying data even if it would have done so in the normal course of business.
      • by bigpat (158134)
        The exception is if a company realizes it is going to be sued, or the target of a government investigation.

        Aurthur Andersen got in trouble because they thought they were going to be subject to a good old Federal probing and someone said to go ahead and follow their document retention policy anyway even though they were asked about the possibility of an investigation, which conveniently enough was to start shredding anything older than a couple months or something like that.

        I had thought that it was already
      • by Samrobb (12731)

        The rules only require companies to maintain their normal course of business. The exception is if a company realizes it is going to be sued, or the target of a government investigation.

        Think about that. Large companies are always going to be hit by this. Microsoft, Apple, Sun, IBM, General Motors, Ford, State Farm, Allstate... you name it, once they get large enough, there is always going to be a lawsuit or investigation either pending, or in progress. Some of these things can drag out for decades.

    • Re: (Score:3, Insightful)

      by kabocox (199019)
      This doesn't seem to impact my company, but at some point I fear regulators will start requiring more stringent data retention processes (among other IT tech processes). SOX has already hurt large companies, hopefully they don't start pushing some its fundamentals down to the little (non-public) folks.

      Plan for it. If the government doesn't do it, the larger companies that have to will start forcing the government to go after smaller to midsized companies that aren't following the rules that they have to. Wh
    • Re: (Score:3, Informative)

      by MrNougat (927651)
      IANAL, but I have worked in IT for a company during a time when it was under subpoena.

      The summary mentions companies "involved in federal litigation." If you are not involved in federal litigation (you're not being charged with a crime or sued or under subpoena), then you can do anything you like. The moment you become involved in federal litigation, you cannot destroy any electronic data, as it is discoverable by the court.

      The fact that this is a new official rule shouldn't frighten anyone - this has bee
  • by hsmith (818216) on Friday December 01, 2006 @10:59AM (#17065258)
    Is congress and the white house. Much like congress is exempt from the Sarbanes/Oxley Act.

    Want to see the biggest crooks and ones fudging the numbers, look at congress. Enron couldn't come close. They all would have been locked up years ago if they had to abide by the laws they pass.
    • Re: (Score:3, Interesting)

      by Spazntwich (208070)
      Our government fears transparency because we'd see the damage done to its lungs after years of surviving on tobacco taxes.
    • Proof? Or is this just hyperbole. We all know they like to vote themselves raises every year, take bribes from lobbyists, and what not, but last I checked congress wasn't a bankruptcy-bound company fudging the books to look like a multi-billion dollar company. Congress is exempt from sox because they aren't a for-profit company.
      • by drinkypoo (153816)

        We all know they like to vote themselves raises every year, take bribes from lobbyists, and what not, but last I checked congress wasn't a bankruptcy-bound company fudging the books to look like a multi-billion dollar company

        We live in a capitalistic society and therefore everything works on money. As such, every entity has a balance sheet (real or imagined) applied to it. Our government is no exception. Congress has its own budget, goals, and charter. The only way it's different from any corporation is

        • by Verteiron (224042)
          what we need in this country is a law that says that congress can't vote themselves a raise without simultaneously increasing the minimum wage by the same percentage

          So... you want to pay $10,000 for a candy bar, is that it?
          • by drinkypoo (153816)

            what we need in this country is a law that says that congress can't vote themselves a raise without simultaneously increasing the minimum wage by the same percentage

            So... you want to pay $10,000 for a candy bar, is that it?

            The minumum wage hasn't kept up with inflation in over a decade but the already-wealthy people in congress continue to get raises that outstrip it.

            If you've got a better solution I'd like to hear it.

          • Do you feel any guilt what-so-ever buying a 50 cent candy bar knowing the people involved in getting it to you work 40 hours a week and still don't make enough to live on? How about the CEO taking a paycut from their million dollar a year salary instead of always passing the costs down to the customer. They don't want you to know they make millions while the poor man suffers below the poverty line working for him.

            We're talking about a living wage, not getting rich doing menial labor. $5.15 here in michig
      • Re: (Score:3, Informative)

        by hsmith (818216)
        Lets take an example:

        The $61 trillion in unfunded liabilities we currently have for Medicare ALONE. Medicare which is set to go bankrupt in 2018, Social Security in 40 years. "Emergency war spending" so that we can "pretend" we get "closer" to balancing the budget. Printing out gobs of money destroying the value of our savings so they can pretend to pay for all this shit

        Please, if you think they are somewhat honest in how they present any of the ways they pay for or fund anything you are kidding yours
        • by hondo77 (324058)
          Um, but you know about all this stuff, right? What Congress and the Executive Branch has been doing is stupid but you know about it. It's not like they're hiding their shenanigans, a la Enron. That means they can be voted out of office...if people actually cared enough to.
  • Post office (Score:2, Insightful)

    by otacon (445694)
    That would be like making the post office open every letter then copy and store them...I guess it's not EXACTLY the same thing because it's all digital, but it's still illogical, and a waste of resources.
    • Re: (Score:3, Insightful)

      That would be like making the post office open every letter then copy and store them...I guess it's not EXACTLY the same thing because it's all digital, but it's still illogical, and a waste of resources.

      No, it's more like saying you have to permanantly store every piece of paper you ever write on. Every memo, every piece of scrap paper. It gets ridiculous eventually.

    • by eln (21727)
      Please stop giving the government ideas.
  • Misleading (Score:5, Informative)

    by calbanese (169547) on Friday December 01, 2006 @11:03AM (#17065330) Homepage
    Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing the equivalent of 'virtual shredding.

    This is a bit misleading. Its only "virtual shredding" if you don't keep the records around for a reasonable period (either by statutory requirements or insutry standards) or if you have notice of litigation in which the evidence is relevant, and you continue to shred.

    Thats why there is a document retention policy safe harbor in the rules themselves.

    As amended, Rule 37 creates a "safe harbor," protecting a party from sanctions for failure to produce electronically stored information as long as it took reasonable steps to preserve electronically stored information when it knew or should have known such information was discoverable, or the failure results from loss of information during routine operation of such party's electronic information system.
    FWIW, lawyers, even the "technology experts" don't seem to understand technology as well as someone who came through IT before becoming a lawyer.

    (disclaimer: IT guy-turned-lawyer, so I always think I know more than "pure lawyers" when it comes to tech).
    • Yeah, it appears to me that the main risk is when you can't produce records that fall within the period specified in your retention policy.

      And of course as the PP mentioned, it also helps if your retention policy complies with the law.
  • If I remember correctly, Microsoft had a policy of deleting email from their servers after a short period, in order to avoid it being used in trial.

    This will have to change, then.
    • How ignorant is that? They are bound by SO just like any other publicly traded company...
      • by MLopat (848735)
        Not at the time we weren't. In fact, the note from Ballmer said something like -- Delete all emails older than one month. Keep nothing. Don't be stupid about this. Delete them all.
  • The amendments (Score:5, Informative)

    by jwaters (45772) on Friday December 01, 2006 @11:07AM (#17065388)
    Since the linked article is light on information, I found the actual amendments [uscourts.gov] (note: PDF)
    • *YAY*!!!!!!!!!! You are my SAVIOR! Of course this means that now I have to read and digest it for my coworkers... but hey, that's my job. :P
    • You are a gentleman and a scholar. /Network admin who is trying to figure out if next year's equipment budget need to include a RAID for the RAID
  • by precogpunk (448371) on Friday December 01, 2006 @11:08AM (#17065412) Journal
    While I'm in favor of measures to curb white collar crime these requirements seems to do more harm that good by encouraging companies to take business elsewhere.
    • I'm sure the consulting company I work for is drooling over this, though. More services and products to sell to our clients. Whenever a new law costs companies money, there's always a consulting company out there that will have record profits.
  • Legislated expense (Score:3, Interesting)

    by jdray (645332) on Friday December 01, 2006 @11:10AM (#17065462) Homepage Journal
    The company I work for has been implementing this sort of infrastructure over the past year. It's hard. With all the IM clients available, getting one system that will handle all the traffic and maintain usability in the face of changing features across the field is hard enough; couple that with long term storage requirements for corporate e-mail where the culture is to send huge attachments around willy-nilly, and add in all the other changing requirements, and the burden to adhere to this new bit of legislation becomes quite a burden.

    Couple that with the fact that the company I work for is a regulated utility that has to convince the local PUC each year that costs to provide service continue to go up, and the margins just keep getting tighter. Every year around March, there's a panic call from Accounting asking everyone to contribute some of their budget back to the bottom line because of some new development that wasn't forseen the previous year. For a cash-strapped IT department wanting to provide good service, the problems just mount up, stresses are high, and the employment door keeps revolving.
    • You illustrate a very good point regarding the requirement for IM storage. IMO, I view IM's much as I would an informal conversation passing someone in the hallway. This as opposed to an actual mail message which is the equivalent of an old office memo and probably should be stored.

      Therefore I view the IM storage requirement as a kind of unfair tax on businesses like yours. I mean take this far enough and what's next? Will the government require that digital recordings of all hallway conversations be m
  • by Doc Ruby (173196) on Friday December 01, 2006 @11:10AM (#17065464) Homepage Journal
    Practically everyone can scramble our email, like with "Pretty Good Privacy" (PGP) [wikipedia.org]. If many of us do it, they might be able to crack it or force our password after due legal process, but private parties won't be able to snoop through all of us on any possible budgets.

    Your government can probably crack any nonsymmetric crypto (with help from the US), but might not have the resources to crack everyone's all the time. You can try a tinfoil hat, YMMV.

    The real problem is webmail, which can't use any installed crypto on either end (with possible rare exceptions, but the rarity and/or nonintegration makes them useless at only one end of the comms).

    If GMail let me upload a PGP applet I signed myself (which I could validate in the pages when I hit them), which they embedded into their pages in Javascript the public could audit for holes, they might actually become by far the best email system for the masses. And win the webmail wars. And really piss off the government(s) that have been trying to pry into their transactions for years.
    • by Beetle B. (516615) <{moc.liame} {ta} {b_elteeb}> on Friday December 01, 2006 @11:21AM (#17065626)
      If GMail let me upload a PGP applet I signed myself (which I could validate in the pages when I hit them), which they embedded into their pages in Javascript the public could audit for holes, they might actually become by far the best email system for the masses.

      Don't ever use "PGP" and "the masses" in the same sentence. There's a reason people don't use it unless they really need to. It's the hassle of exchanging keys and building a trust database, and getting people to use it as it should.

      It's a very minor hassle for those who use it well, but getting the masses to follow protocol is next to impossible.
    • by NatasRevol (731260) on Friday December 01, 2006 @11:26AM (#17065686) Journal
      Well, maybe you could use Squirrelmail.

      http://www.squirrelmail.org/plugin_view.php?id=153 [squirrelmail.org]
    • Re: (Score:2, Insightful)

      by Anonymous Coward
      I often wish for that too, but it's clearly a pipe dream. Google's sole interest in providing email services is to obtain access to messages themselves. They want to know what you're talking about so they can sell you crap--and they want to retain that information, so they can cross-reference it.

      Providing an easy interface for you to encrypt your email undermines that goal utterly. For it to be of any value to you, they won't ever have access to your keys or plaintext.

      So, it will never happen with Gmail.
    • Re: (Score:3, Interesting)

      by fossa (212602)

      I agree with your sentiments, but I think no one cares about encryption. For what it's worth, freenigma [freenigma.com] provides GnuPG webmail through a Firefox extension and an existing webmail account supported by freenigma (includes GMail, Yahoo, Hotmail, others). I have not used freenigma, but last time I read the docs I got the impression it was not compatible with, say, mutt's PGP/MIME which I use for kicks (I have zero encryption using friends).

      One thing that always bugged me about mutt's PGP is that attachments

    • by 0xABADC0DA (867955) on Friday December 01, 2006 @11:43AM (#17066014)
      Yeah google is really going to let you decrypt your email at the client... I can see the ads now:

      413b57037 buying guide
      replacement 6cf46e1dfc quote
      fd8869a15cb936d8e59 Free Shipping!
      bee5e2b at Amazon

    • by neoform (551705) <djneoform@gmail.com> on Friday December 01, 2006 @12:24PM (#17066800) Homepage
      How hard do you think it'd be for the government to get their hands on those PGP keys if they were stored on google's servers.. ?

      Google is a US company and should a court request those keys.. they'd give them.
      • by fossa (212602)

        Like someone said, GMail exists to read email, and therefore the possibility of it supporting encryption seems unlikely... but, if a webmail were to support encryption, it could either store the PGP private key encrypted with a passphrase (storing neither the passphrase nor the decrypted emails permanently), or it could rely on browser support for performing all decryption. Still not unbreakable, but requires theoretically large resources and could probably not be done en masse.

        I would love to see browse

  • Tape? (Score:3, Funny)

    by Mr.NoMoniker (1034330) on Friday December 01, 2006 @11:13AM (#17065516)
    These are NEW rules? and they refer to an IT worker copying over TAPE? Does this mean I should be saving all my carbon paper too? how about punch cards?
    Might all this extra data clog the system of tubes that is the internet?
    • Last I heard, millions of people were still using tapes for backup. Up until very recently, they were a cheaper archival medium than disks, and they're still more durable and easily stored off-site.
    • Federal guidelines also dictate things like WORM tape. Although you're obviously never going to be overwriting one of those for obvious reasons.
  • by Silver Sloth (770927) on Friday December 01, 2006 @11:16AM (#17065566)
    Techie:- We need to keep more backups of our e-mail database
    Bean Counter:- How much do the tapes cost
    Techie:- Lots - we need at least one DLT per backup
    Bean Counter:- We can't afford it.
    Techie:- We have to afford it
    Bean Counter:- Just leave the requisition in my intray


    Months Pass

    Bean Counter:- The courts are on to us. Where are the e-mail backups for the 1st December 2006
    Techie:- I had to overwrite them so as to keep a reasonabley current backup
    Judge:- Techie, you shredded evidence - now you're for it
    • by itlurksbeneath (952654) on Friday December 01, 2006 @12:12PM (#17066552) Journal

      I've actually had that conversation with the bean counters, but it went like this:

      Techie: We need $5,000 to buy another 100 DLT tapes to comply with this no-rewrite order.
      Bean Counter: Again! We don't have any money in the budget to buy any more tapes
      Techie: Ok, no problem. Send me an email and CC your boss and my boss and tell them that we can not comply to this federal ruling because we don't have any money in the budget.
      Bean Counter: Erm.. Uh.. Oh! Here's some money for tapes you can have.

      As long as the gun is pointing at them, they are very cooperative.

    • What if this conversation were taking place in person or by phone instead of email?

      I understand the intent of the law, but it's so easy to bypass
      because most decisions and discussions are made outside the computer
      in most businesses. And if a decision is going to have legal reprocussions,
      you can be sure that it won't have a paper trail. I don't see how
      this law can be enforced, unless you record all voice conversation
      made by all employees (inside and outside the office) and ensure that
      employees can't turn off
    • by Tim C (15259)
      Well, given that the techie knew about the legal requirement to keep the backups (or he wouldn't have been asking for the money in the first place), he of course kept an audit trail of the conversations and so could demonstrate to the judge that it was not his responsibility as he had done all he could.
  • invest in storage (Score:3, Insightful)

    by jwegy (775655) on Friday December 01, 2006 @11:17AM (#17065574)
    Now would be a good time to invest in companies that make storages devices
  • This is disconcerting, if unsurprising. It definitely strikes me as out of place for the government to require companies to keep certain records, so that, if it wills it, the government can snoop around the personal information of people, as long as it can offer a reasonable cause. Next, perhaps, new houses will have mandatory monitoring systems, so that if an "appropriately serious" situation arises, someone can see what occurred. This is already occuring with the black boxes inside of cars, which, in n
  • What I don't get is, why the double-standard on communication? I think congress should enact legislation recording all communication within such companies. We should have microphones in every room and every hallway, to record every word spoken in such a company, just in case people do something wrong. We should probably also have video cameras, in case the would-be lawbreakers decide to write paper notes, and every paper shredder should have a scanner with OCR in line with it, so that the letters are sto
  • I am not a lawyer, but I highly doubt this blurb is accurate.

    I can understand laws which requires retention for companies that log IMs. But they wouldn't pass a law requiring companies who do NOT log IMs to start doing so!
  • A company I worked at previously has been using a legacy e-mail system. We've been under the SEC rules for retaining e-mails already, and when they came to inspect our business we learned that even though it's not stated in the rules, e-mail records must not only be retained, but they must also be readable with modern software. SEC wanted us to deliver the e-mail records in either a formated text file or as an Outlook file. We ended up hiring two interns who spent the next nearly two weeks forwarding all
  • When I worked for Capital One, all email was automatically deleted after 30 days and pst files were not allowed. When someone asked us how they were supposed to keep information they would continue to need, we had to tell them to print it out.
  • by Anonymous Coward
    This is a great example of FUD... programmers need to stick to programming and lawyers need to stick to lawyering. (I happen to be both, but that's beside the point).

    This is not legislation.. it is part of the court rules. In a lawsuit, you have to provide all relevant documents to the other side. In the past, there had to be a *lot* of court time wasted on deciding what was subject to disclosure (i.e. a man does work for the company from home... is his home computer subject to examination? Answer: yes)
  • Stupid thing! (Score:4, Insightful)

    by VincenzoRomano (881055) on Friday December 01, 2006 @11:31AM (#17065776) Homepage Journal
    So all the email traffic done in the US will be stored somewhere at least once, often twice (sender+reciever) and in some cases several times.
    And storing them is not enough: you'l need to browse them for searches!
    This is a very very smart move!
    And when litigations will go with browsed web pages, we'll need to store all the web we browse!

    • And when litigations will go with browsed web pages, we'll need to store all the web we browse!

      Disk space is cheap. I can't wait to have a browser that caches my life's search history and lets me search it. Cryptographically, of course.
  • I guess this is probly a good time to begin encrypting all your IM's and emails. As previously mentioned there is PGP for email. But for msn there are a couple options. I had a really good experiance with simp: http://www.secway.fr/us/products/simplite_msn/hom e .php [secway.fr]

    Can do a pub/priv key exchange or just use a symmetric key and do a Diffie-Hellman exchange. Changes text colour based on authentication type, warns you about possible compromises, etc.

    I have nothing to do with the company it is just something i
  • Will they be required to backup spam too? Will it be illegal to delete it?
  • One of the big features they are pushing is that you can expire email after so many days/months have have it deleted.

    Microsoft set a internal policy for delete after a year ( i think, could have been 2 ) after being burnt in court due to old emails..

    I was wondering when this would happen.
  • My company is pushing me to find a copy of the ruling, because *cough* they don't believe it. Any idea where I can find that. I'm searching EFF.org now, and the Supreme Court website is kludgy. I'm gonna dig through the comments to see if I can find it too.

    So far, our department has taken on the impression that this doesn't affect them because they are not a public company (though we are an ASP for many companies that are, and host their data). They have NO legal policy governing data protection or r
    • Re: (Score:3, Insightful)

      by KiahZero (610862)
      Which brings me to my next point..... ERASE YOUR EXPIRED TAPES!!!!!! This is how Morgan Stanley lost the 1.45 BILLION dollar case. During Discovery, it was found that the data that was needed to LOSE the case was on tapes that had expired data on them. Welllllll... guess what? It's still there, still viable, and cost them a shiteload of cash.

      Maybe avoiding tortious conduct might be a better idea?
      • Maybe avoiding tortious conduct might be a better idea?

        Hahahahahah... this is America. Looking at someone the wrong way could be tortious. Hence, the cautions and warnings. Plus, we're in the insurance biz. Like there's no lawsuits there huh?
  • As many commenters have pointed out, these new rules only apply when your company is being sued... Or do they? I propose that there's TWO reasons why you cannot avoid implementing systems that (can) comply:

    1) These new rules apply to the discovery phase of a trial. Any trial. That means if you do business with a company that is being sued or one of your employees is being sued you're under the "discovery umbrella" and can be held accountable if you can't provide requested documents.

    2) If your company we

There is hardly a thing in the world that some man can not make a little worse and sell a little cheaper.

Working...