Certain things about the Internet are common sense: If you want to communicate something sensitive, send a private message through e-mail solely to your recipient instead of posting it to a public online discussion forum. And if you want to avoid potential problems down the road with sensitive matters communicated through e-mail, delete the message after reading it or ask your recipient to do so.
Unfortunately, in both of these cases, what seems to be common sense is wrong.
E-mail is as private as a postcard. Though it happens relatively rarely, e-mail can be intercepted and read by others en route.
E-mail encryption utility programs prevent this from happening by ensuring that only your intended recipients can read your messages and by verifying that it’s you who has sent them. For some time now, the standard has been Pretty Good Privacy, a program from PGP Corp. (http://www.pgp.com) that provides excellent privacy for sensitive e-mail.
The pay version automatically encrypts e-mail and instant messages and lets you send “self-decrypting” messages to those who don’t have the program. The free version (available for personal, noncommercial use), lets you manually encrypt and decrypt messages. You can try the pay version for free for 30 days.
E-mail also endures. As with files on your hard drive, when you delete an e-mail message, it’s not really gone. One of the ways it can be retrieved is from tape backups—your messages are recoverable months or even years later. Sometimes, a court will require this when the e-mail relates to a criminal matter or a civil lawsuit.
In the past, some companies used the argument in court that they don’t keep e-mail for longer than a certain time. The courts, in general, no longer buy this argument. In fact, they may assume that if you don’t produce e-mail as requested, you’re trying to hide something.
This changing attitude was dramatically exemplified in May 2005 by the Morgan Stanley case brought by businessman Ronald Perelman. A circuit court judge ruled against the Wall Street firm in part because of its repeated failure to provide requested e-mail.
Other court cases have also underscored the importance of e-mail retention.
In June 2005, computer chip maker Advanced Micro Devices, Inc., delivered subpoenas to nearly 40 PC makers seeking past e-mails to help prove its contention that rival chip maker Intel Corp. is trying to monopolize the market.
Regulators are also getting in on the e-mail retention act. Under the Sarbanes-Oxley corporate reform law, public companies will be required to retain e-mail. And if you deliberately delete e-mail with the intention of obstructing a federal investigation, you may get hit with a fine of up to $1 million and a prison term of up to 20 years.
A changing legal and regulatory milieu creates new market opportunities. Eager to cash in, software makers and computer consultants have been announcing products and services to help companies create and implement e-mail retention policies.
“Most organizations don’t have a handle on e-mail,” says Tom Politowski, president of Waterford Technologies, Inc. (http://www.mailmeter.com), the maker of one such software program. With its well-regarded MailMeter Archive, Waterford targets small to mid-size businesses that have from 50 to 5,000 e-mail in-boxes, though Politowski says that organizations with as few as five employees use it as well.
MailMeter Archive captures all e-mail that employees send or receive and archives the messages in a database. Along with making message retrieval easy and inexpensive, the program also lets you analyze e-mail to detect patterns, said Politowski
This can help you, for example, determine who’s sending too many e-mail messages or too few, who’s e-mailing an important client, or who might be using e-mail inappropriately for sending jokes, music, porn, or your customer list.
Politowski says that any organization, regardless of its size, should create an e-mail policy that spells out appropriate company use of e-mail. If you send an e-mail to firstname.lastname@example.org, his company will e-mail you back a sample policy that you’re free to copy.
Waterford Technologies sells other e-mail-archiving programs along with MailMeter Archive. E-mail-archiving programs from other companies that also warrant consideration include those from Zantaz, Inc. (http://www.zantaz.com), and EMC Corp. (http://www.emc.com).
E-mail has great utility, whether for business or home use. But it’s no panacea. Like any communications medium, it has its strengths and weaknesses. Sometimes it makes more sense to pick up the phone or mail a letter.
And if you want to communicate sensitive information at very low risk, meet late at night in an underground parking garage. After all, it worked for Deep Throat.