×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Email Rules Effective Friday

Zonk posted more than 7 years ago | from the kiss-your-conversations-goodbye dept.

Businesses 193

An anonymous reader writes "As of today [Friday], certain U.S. companies will need to keep track of all the e-mails, instant messages and other electronic documents generated by their employees, in accordance with new federal rules. In April the Supreme Court began requiring companies and other entities involved in federal litigation to produce 'electronically stored information' as part of the discovery process of a trial." From the article: "Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing the equivalent of 'virtual shredding,' said Alvin F. Lindsay, a partner at Hogan & Hartson LLP and expert on technology and litigation. 'There are hundreds of "e-discovery vendors" and these businesses raked in approximately $1.6 billion in 2006, [James Wright, director of electronic discovery at Halliburton Co.] said. .'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

193 comments

FIRST TROUT! (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17065234)

I AM A FISH!

Re:FIRST TROUT! (0)

Anonymous Coward | more than 7 years ago | (#17065704)

I am the walrus!

Re:FIRST TROUT! (0)

Anonymous Coward | more than 7 years ago | (#17066786)

Posting this 400 times will not help you pass your astro-navigation exams...

What's next? (4, Informative)

Salvance (1014001) | more than 7 years ago | (#17065254)

What happens for companies that don't host their own e-mail, particularly smaller companies?

In order to save money, my company hosts our website and e-mail on a shared server. E-mails are downloaded via POP3 and immediately deleted from the server (each account can only hold 20MB online at one time). Most people then delete their e-mails after reading, so we have absolutely no way to retrieve this data.

This doesn't seem to impact my company, but at some point I fear regulators will start requiring more stringent data retention processes (among other IT tech processes). SOX has already hurt large companies, hopefully they don't start pushing some its fundamentals down to the little (non-public) folks.

Re:What's next? (4, Informative)

MoralHazard (447833) | more than 7 years ago | (#17066156)

companies that don't host their own e-mail, particularly smaller companies

This is a no-brainer, right? If you're the kind of company that is subject to these retention rules, having a shared email server that immediately deletes DL'd messages, with no user policy
at the local level, either, is illegal. You'd have to immediately move your email in-house and implement appropriate policies, or find a 3rd-party that can handle it, or some mixture.

If you're not the kind of company that is subject to these rules, who the fuck cares?

If you don't already know that your company is subject to these rules, and it turns out you do need to follow them, fire your in-house counsel because they're incompetent.

Re:What's next? (0)

Anonymous Coward | more than 7 years ago | (#17066706)

I don't know about his small company but my small company has no in house council.

Re:What's next? or who's next? (1, Informative)

Anonymous Coward | more than 7 years ago | (#17066202)

If they can do it for corporations, how long do you think it will be before they require ISPs to store all personal email?

Do yourselves a favor and become a part of anoNet [anonet.org] now.

Re:What's next? (1)

crazygamer (952019) | more than 7 years ago | (#17066450)

That's why you get Thunderbird, and don't empty your trash on exit. I have emails dating at least 2 years back in my trash, and I've had to go back as far as year-old emails looking for links and other stuff. Doesn't take up space on a server, and barely takes up space on your computer. Simple.

Re:What's next? (5, Insightful)

archen (447353) | more than 7 years ago | (#17066490)

I'm an admin in a smaller company as you - shared hosted email. If you really want to play it safe, I would say make the responsibility of saving email the responsibility of each user.

Really this is a bunch of crap anyway. What about companies that don't even CONTROL their employee's accounts and just expect them to use personal hotmail accounts. Catalog all instant messaging traffic? How about clients that might IM that are installed aside from what the company keeps track of. Yeah, let me just start logging ALL network traffic on that 20 trillion terabyte tape I rotate every day.

Besides which how about tracking stuff that's encrypted? What if the messages are IMed through some http system? Now I have to do man in the middle attacks to sniff HTTP connections, then I have to store that information. Because we also do credit card transactions via HTTP I am storing credit card information this goes against Visa's policy for businesses allowd to do credit card transactions. I wouldn't be surprised if it were against the law either.

The Supreme Court can say whatever they want, but I can't do what they're telling me, nor can I raise the dead like Jesus if they required that either. The law is irrelevant unless you PURPOSELY shred / delete documents - and that's against the law already during litigation.

Re:What's next? (3, Insightful)

brouski (827510) | more than 7 years ago | (#17066658)

If you really want to play it safe, I would say make the responsibility of saving email the responsibility of each user.

And what part of that seems "safe" to you?

Re:What's next? (0)

Anonymous Coward | more than 7 years ago | (#17066896)

You make it a personal responsibility instead of a corporate one that is unenforceable. By making people responsible for tracking this stuff, they become the ones that are responsible for the obstruction of justice. If they're doing something wrong, they delete the documents and assume responsibility for that. Which basically puts you back to the same situation we'd be in before this new requirement.

That's my thinking anyway, I'm probably wrong.

Re:What's next? (2, Interesting)

darkmeridian (119044) | more than 7 years ago | (#17066526)

The rules only require companies to maintain their normal course of business. The exception is if a company realizes it is going to be sued, or the target of a government investigation. Under those circumstances, the company has to enter into a hold and stop destroying data even if it would have done so in the normal course of business.

Re:What's next? (2, Insightful)

kabocox (199019) | more than 7 years ago | (#17066612)

This doesn't seem to impact my company, but at some point I fear regulators will start requiring more stringent data retention processes (among other IT tech processes). SOX has already hurt large companies, hopefully they don't start pushing some its fundamentals down to the little (non-public) folks.

Plan for it. If the government doesn't do it, the larger companies that have to will start forcing the government to go after smaller to midsized companies that aren't following the rules that they have to. Why should you be exempt just because your company is smaller? I could see a new e-mail niche open up for those that host business class e-mail where its part of the cost of the business class e-mail accounts to store all e-mail for x number of years. I wouldn't be surprised if there were companies that offer that kinda of service.

Re:What's next? (1)

Dracarou (894646) | more than 7 years ago | (#17066970)

Absurd...use your computer in this way or else. And so it goes that most that fall under the mandate will oblige. fools.

What's next? Record all spoken conversations and submit copies for archiving and examination.

People truly can be pathetic.

Exempt from all this of course (3, Insightful)

hsmith (818216) | more than 7 years ago | (#17065258)

Is congress and the white house. Much like congress is exempt from the Sarbanes/Oxley Act.

Want to see the biggest crooks and ones fudging the numbers, look at congress. Enron couldn't come close. They all would have been locked up years ago if they had to abide by the laws they pass.

Re:Exempt from all this of course (3, Interesting)

Spazntwich (208070) | more than 7 years ago | (#17065416)

Our government fears transparency because we'd see the damage done to its lungs after years of surviving on tobacco taxes.

Re:Exempt from all this of course (0)

Anonymous Coward | more than 7 years ago | (#17065912)

Perhaps you should read the US Constitution and realize that there is a separation of powers...

Re:Exempt from all this of course (1)

hsmith (818216) | more than 7 years ago | (#17066016)

Or, you could realize how bad the congress and white house have cooked the financial books for us and how badly we are screwed. but ok

Re:Exempt from all this of course (1)

StarvingSE (875139) | more than 7 years ago | (#17066610)

Proof? Or is this just hyperbole. We all know they like to vote themselves raises every year, take bribes from lobbyists, and what not, but last I checked congress wasn't a bankruptcy-bound company fudging the books to look like a multi-billion dollar company. Congress is exempt from sox because they aren't a for-profit company.

Re:Exempt from all this of course (1)

drinkypoo (153816) | more than 7 years ago | (#17066728)

We all know they like to vote themselves raises every year, take bribes from lobbyists, and what not, but last I checked congress wasn't a bankruptcy-bound company fudging the books to look like a multi-billion dollar company

We live in a capitalistic society and therefore everything works on money. As such, every entity has a balance sheet (real or imagined) applied to it. Our government is no exception. Congress has its own budget, goals, and charter. The only way it's different from any corporation is that it's mandated by the constitution and the public votes its employees in and out of their jobs.

The US government is bankruptcy-bound and meanwhile lying to us and telling us that the economy is in recovery.

WRT your point about voting themselves raises, what we need in this country is a law that says that congress can't vote themselves a raise without simultaneously increasing the minimum wage by the same percentage.

Re:Exempt from all this of course (2, Informative)

hsmith (818216) | more than 7 years ago | (#17066810)

Lets take an example:

The $61 trillion in unfunded liabilities we currently have for Medicare ALONE. Medicare which is set to go bankrupt in 2018, Social Security in 40 years. "Emergency war spending" so that we can "pretend" we get "closer" to balancing the budget. Printing out gobs of money destroying the value of our savings so they can pretend to pay for all this shit

Please, if you think they are somewhat honest in how they present any of the ways they pay for or fund anything you are kidding yourself.

http://releases.usnewswire.com/GetRelease.asp?id=1 24-03232004/ [usnewswire.com]

Link to new rules? (0)

Anonymous Coward | more than 7 years ago | (#17065270)

Someone have a link to these new rules? The OP, apparently, didn't think it worthy enough to include a link for some folks to read fully what it entails...

Links to the rules (4, Informative)

davidwr (791652) | more than 7 years ago | (#17065652)

This link [fulcruminquiry.com] goes into a bit more detail than the article in the main /. story.

The pertinent rules appear to be the Federal Rules of Civil Procedure, specifically Rule 16 dealing with pretrial scheduling and Rule 26(f) relating to discovery and disclosure.

Cornell University has these rules online. They might be outdated already.
Rule 16 [cornell.edu]
Rule 26 [cornell.edu]

Wikipedia also has a writeup on the Federal Rules of Civil Procedure [wikipedia.org].

Do a search for rules on electronic discovery [google.com] for more commentary.

Nice; tell you about new rules, just not the rules (0)

linuxtelephony (141049) | more than 7 years ago | (#17065278)

So, what are these new rules? And, just who do they apply to? Publicly traded companies? All companies w/more than 50 employees? Everybody?

More details would be appreciated

Re:Nice; tell you about new rules, just not the ru (1)

stry_cat (558859) | more than 7 years ago | (#17065404)

RTFA:
The rules, approved by the Supreme Court in April, require companies and other entities involved in federal litigation to produce "electronically stored information" as part of the discovery process, when evidence is shared by both sides before a trial.
so if you are or might be involved in federal litigation, you better follow the rules.

Re:Nice; tell you about new rules, just not the ru (2, Interesting)

nm42 (310685) | more than 7 years ago | (#17065882)

Keep in mind that many states adopt the federal rules with little or no modification for use in state courts. Within the next few years, these changes will be incorporated into local rules for just about every jurisdiction.

The scariest parts of the new federal rules are:

  • 26(b)(2) which says that a party can designate information as "not reasonably accessible". It's supposed to protect companies from having to spend huge amounts of money to restore backup tapes from ancient systems, but it's going to lead to a lot of additional motions (and more attorney's fees) to prove whether the data really is inaccessible.
  • The Committee Note for Rule 34(a) states that a party may be required to provide access and technical support to an opposing party for inspecting data (which would include things like a database, SAN, or other systems). Not only do you have to give them the info, you have to show them how to understand it as well.
  • There are other scary provisions, but the overall theme of these rule changes are a shift in the timing of dealing with discovery issues. Traditionally, many cases settle or are dismissed before the discovery process (usually the most expensive part of a case) begins. The new rules require the parties to evaluate and discuss these issues within the first 120 days. This means litigation gets more expensive for the big companies (usually a defendant), but the small plaintiffs won't see much of a change, other than getting bigger settlements earlier in the case!

Re:Nice; tell you about new rules, just not the ru (1)

cdrudge (68377) | more than 7 years ago | (#17066222)

Bullet #2 already is pretty much the case now anyways. If you have been following IBM vs. SCO, IBM had to turn over their CMVC system to allow SCO to inspect code. IBM had to provide a server as well as basic instructions on how to use it, sign in, etc. Just handing them a CD or DVD of all the data and saying "Here, it's in a obsecure binary format, figure it out on your own" doesn't meet discovery requirements. You don't have to make the other side understand every detail of the technology, you do need to assist in letting them retrieve information though.

Re:Nice; tell you about new rules, just not the ru (1, Interesting)

magarity (164372) | more than 7 years ago | (#17065420)

Most impressive! Not only did you not read the article, you didn't even read the summary that clearly states this is for "companies and other entities involved in federal litigation."

Re:Nice; tell you about new rules, just not the ru (0)

Anonymous Coward | more than 7 years ago | (#17065436)

From TFA:
The rules, approved by the Supreme Court in April, require companies and other entities involved in federal litigation to produce "electronically stored information" as part of the discovery process, when evidence is shared by both sides before a trial.

Re:Nice; tell you about new rules, just not the ru (2, Informative)

calbanese (169547) | more than 7 years ago | (#17065456)

It applies to all companies. The length of time you are required to retain documents before destroying can be different for different companies. Like a poster noted, Sarbanes-Oxley defines a time period for publically listed companies. But other than that (and other industries where regulations prescribe time periods for record retention), the courts have used a "reasonable time period" requirement in the past and most commentators expect that to continue under the new rules, which are, in many ways, a formalization of previous court practice.

Re:Nice; tell you about new rules, just not the ru (2, Informative)

DerGeist (956018) | more than 7 years ago | (#17065480)

Welcome to the wonderful world of scare-mongering!

This only applies to compaies [myway.com] under federal litigation, but I'm sure it'll get a lot more pageclicks if you make it sound terrifying and scream things like WE'RE ALL GONNA DIE!

Truth time, kiddies! You absolutely must hold on to email and IM data... IF it is part of a subpoena or a discvoery process, and so on. But there's nothing requiring companies to hold on to such data for any specified period of time.

Re:Nice; tell you about new rules, just not the ru (0)

tinkerghost (944862) | more than 7 years ago | (#17066306)

Um, companies under federal litigation have to turn over electronic communications in discovery. That means you have to already have them. Since any company can be brought into federal litigation at any time, that can be logically extended to mean that every company will have to retain these records.

Re:Nice; tell you about new rules, just not the ru (3, Informative)

DerGeist (956018) | more than 7 years ago | (#17066392)

Nice try, but you are sadly wrong thanks to your slippery-slope fallacy. As long as you have a data collection policy and follow it, you're fine. Documents/data that have been shredded prior to discovery or litigation aren't your problem. If your policy is "shred every 60 days" and you follow it, and the court requests something 120 days old, your policy will stand up in court. This rule applies only to those who are currently under federal litigation or think they soon might be.

Re:Nice; tell you about new rules, just not the ru (0, Flamebait)

garcia (6573) | more than 7 years ago | (#17065514)

Then fucking search Google, Google News, and a multitude of other sites that you already know. If you still can't find it (and because we currently have 10 comments I know you didn't do that) then continue to do research until you can.

Slashdotters are not your research assistants.

Re:Nice; tell you about new rules, just not the ru (-1, Offtopic)

Elemenope (905108) | more than 7 years ago | (#17065744)

You know, it's people like you who convince people like him to raise kids that beat the crap out of geeks in high school gym class. You are perpetuating a vicious cycle, and the pain and anguish of literally thousands of socially awkward and perhaps painfully homely children are at your feet.

Re:Nice; tell you about new rules, just not the ru (0)

Anonymous Coward | more than 7 years ago | (#17066334)

Wow. What a dick you are.

Re:Nice; tell you about new rules, just not the ru (0)

Anonymous Coward | more than 7 years ago | (#17066418)

Thanks, I pride myself in being a prick. You, OTOH, are a toolshed douchebag.

As the summary says... (5, Funny)

jpellino (202698) | more than 7 years ago | (#17065820)

"companies and other entities involved in federal litigation"

Odds are you already know if you're one of these.

(Use your best Jeff Foxworthy voice for this next part)

"If your CFO has been escorted out of the building on the national news by people with big yellow letters on their backs..."
"If the new guy in the office spends all his spare time chatting up his sleeve instead of the secretary..."
"If your office phone system now says Press 1 for Customer Service, Press 2 for Public Defenders..."
"If they show Dennis Kozlowski on Biography and your boss snorts "Huh. Pikers..."
"if you check your email and a cheery voice announces "You've got bail!"

Post office (2, Insightful)

otacon (445694) | more than 7 years ago | (#17065312)

That would be like making the post office open every letter then copy and store them...I guess it's not EXACTLY the same thing because it's all digital, but it's still illogical, and a waste of resources.

Re:Post office (2, Insightful)

Mr. Underbridge (666784) | more than 7 years ago | (#17065422)

That would be like making the post office open every letter then copy and store them...I guess it's not EXACTLY the same thing because it's all digital, but it's still illogical, and a waste of resources.

No, it's more like saying you have to permanantly store every piece of paper you ever write on. Every memo, every piece of scrap paper. It gets ridiculous eventually.

Re:Post office (0)

Anonymous Coward | more than 7 years ago | (#17066332)

No. This is more like telling to Negroponte's secretary that it's no longer OK to shred documents documenting his order to teach "freedom fighters" to electrocute genitals... It's like telling Merck it's not OK to wipe out messages informing higher-ups that Vioxx can kill thousands... It's like telling Enron it's not OK to destroy messages that could have prevented financial ruin of millions of investors/retirees.

This has nothing to do with "privacy" for the little guy, since we already have none (just check out Googles, Merck's, FBI's, NSA's privacy policies).

So now if the big guy stonewalls/lies/cheats, s/he has a slightly greater chance of paying for it.

Misleading (5, Informative)

calbanese (169547) | more than 7 years ago | (#17065330)

Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing the equivalent of 'virtual shredding.

This is a bit misleading. Its only "virtual shredding" if you don't keep the records around for a reasonable period (either by statutory requirements or insutry standards) or if you have notice of litigation in which the evidence is relevant, and you continue to shred.

Thats why there is a document retention policy safe harbor in the rules themselves.

As amended, Rule 37 creates a "safe harbor," protecting a party from sanctions for failure to produce electronically stored information as long as it took reasonable steps to preserve electronically stored information when it knew or should have known such information was discoverable, or the failure results from loss of information during routine operation of such party's electronic information system.
FWIW, lawyers, even the "technology experts" don't seem to understand technology as well as someone who came through IT before becoming a lawyer.

(disclaimer: IT guy-turned-lawyer, so I always think I know more than "pure lawyers" when it comes to tech).

Re:Misleading (0)

Anonymous Coward | more than 7 years ago | (#17065608)

Well, it would still be virtual shredding. But shredding of actual paper documents is legal as well, in many cases.

Re:Misleading (0)

Anonymous Coward | more than 7 years ago | (#17065734)

FWIW, lawyers, even the "technology experts" don't seem to understand technology as well as someone who came through IT before becoming a lawyer.

And IT people, even the "IT-people turned lawyers" don't understand the law as well as someone who became a lawyer first before learning IT.

Re:Misleading (0)

Anonymous Coward | more than 7 years ago | (#17066384)

Let's see, one group goes to college and gets a liberal arts degree, goes to law school, gets a legal job and picks up IT when they can.

The other group goes to college, gets an engineering/technical degree, possibly works in IT, goes to the same law school, gets the same legal job and already knows IT so they can concentrate on the law.

But I'm sure you're right.

Microsoft (1)

javilon (99157) | more than 7 years ago | (#17065348)

If I remember correctly, Microsoft had a policy of deleting email from their servers after a short period, in order to avoid it being used in trial.

This will have to change, then.

Obligatory witless witticisms (0, Offtopic)

davidwr (791652) | more than 7 years ago | (#17065356)

Supreme Court: All your documents are belong to us.

In Soviet Russia, documents preserve YOU.

Now that that's out of the way, may the intelligent posting begin :)

Re:Obligatory witless witticisms (0)

Anonymous Coward | more than 7 years ago | (#17066242)

I, for one, welcome our email & IM hoarding overlords.

Rising cost of business (3, Insightful)

precogpunk (448371) | more than 7 years ago | (#17065412)

While I'm in favor of measures to curb white collar crime these requirements seems to do more harm that good by encouraging companies to take business elsewhere.

Re:Rising cost of business (1)

businessnerd (1009815) | more than 7 years ago | (#17066008)

I'm sure the consulting company I work for is drooling over this, though. More services and products to sell to our clients. Whenever a new law costs companies money, there's always a consulting company out there that will have record profits.

Legislated expense (2, Interesting)

jdray (645332) | more than 7 years ago | (#17065462)

The company I work for has been implementing this sort of infrastructure over the past year. It's hard. With all the IM clients available, getting one system that will handle all the traffic and maintain usability in the face of changing features across the field is hard enough; couple that with long term storage requirements for corporate e-mail where the culture is to send huge attachments around willy-nilly, and add in all the other changing requirements, and the burden to adhere to this new bit of legislation becomes quite a burden.

Couple that with the fact that the company I work for is a regulated utility that has to convince the local PUC each year that costs to provide service continue to go up, and the margins just keep getting tighter. Every year around March, there's a panic call from Accounting asking everyone to contribute some of their budget back to the bottom line because of some new development that wasn't forseen the previous year. For a cash-strapped IT department wanting to provide good service, the problems just mount up, stresses are high, and the employment door keeps revolving.

Re:Legislated expense (1)

Aqua_boy17 (962670) | more than 7 years ago | (#17065722)

You illustrate a very good point regarding the requirement for IM storage. IMO, I view IM's much as I would an informal conversation passing someone in the hallway. This as opposed to an actual mail message which is the equivalent of an old office memo and probably should be stored.

Therefore I view the IM storage requirement as a kind of unfair tax on businesses like yours. I mean take this far enough and what's next? Will the government require that digital recordings of all hallway conversations be made? Capturing and storing all IM's is really the equivalent of this, is it not?

Re:Legislated expense (1, Informative)

Anonymous Coward | more than 7 years ago | (#17066478)

The company I work for has been implementing this sort of infrastructure over the past year. It's hard. With all the IM clients available, getting one system that will handle all the traffic and maintain usability in the face of changing features across the field is hard enough; couple that with long term storage requirements for corporate e-mail where the culture is to send huge attachments around willy-nilly, and add in all the other changing requirements, and the burden to adhere to this new bit of legislation becomes quite a burden.

What's hard? Pick one of the jabber/xmpp servers and be done with it. Wildfire Enterprise covers logging.

Massive Pretty Good Privacy (4, Insightful)

Doc Ruby (173196) | more than 7 years ago | (#17065464)

Practically everyone can scramble our email, like with "Pretty Good Privacy" (PGP) [wikipedia.org]. If many of us do it, they might be able to crack it or force our password after due legal process, but private parties won't be able to snoop through all of us on any possible budgets.

Your government can probably crack any nonsymmetric crypto (with help from the US), but might not have the resources to crack everyone's all the time. You can try a tinfoil hat, YMMV.

The real problem is webmail, which can't use any installed crypto on either end (with possible rare exceptions, but the rarity and/or nonintegration makes them useless at only one end of the comms).

If GMail let me upload a PGP applet I signed myself (which I could validate in the pages when I hit them), which they embedded into their pages in Javascript the public could audit for holes, they might actually become by far the best email system for the masses. And win the webmail wars. And really piss off the government(s) that have been trying to pry into their transactions for years.

Re:Massive Pretty Good Privacy (4, Insightful)

Beetle B. (516615) | more than 7 years ago | (#17065626)

If GMail let me upload a PGP applet I signed myself (which I could validate in the pages when I hit them), which they embedded into their pages in Javascript the public could audit for holes, they might actually become by far the best email system for the masses.

Don't ever use "PGP" and "the masses" in the same sentence. There's a reason people don't use it unless they really need to. It's the hassle of exchanging keys and building a trust database, and getting people to use it as it should.

It's a very minor hassle for those who use it well, but getting the masses to follow protocol is next to impossible.

Re:Massive Pretty Good Privacy (4, Insightful)

Doc Ruby (173196) | more than 7 years ago | (#17066232)

Ah, but building demand by promoting the existing tool will encourage new developers to make it more useable.

Re:Massive Pretty Good Privacy (2, Insightful)

Anonymous Coward | more than 7 years ago | (#17065764)

I often wish for that too, but it's clearly a pipe dream. Google's sole interest in providing email services is to obtain access to messages themselves. They want to know what you're talking about so they can sell you crap--and they want to retain that information, so they can cross-reference it.

Providing an easy interface for you to encrypt your email undermines that goal utterly. For it to be of any value to you, they won't ever have access to your keys or plaintext.

So, it will never happen with Gmail.

Re:Massive Pretty Good Privacy (2, Interesting)

fossa (212602) | more than 7 years ago | (#17065868)

I agree with your sentiments, but I think no one cares about encryption. For what it's worth, freenigma [freenigma.com] provides GnuPG webmail through a Firefox extension and an existing webmail account supported by freenigma (includes GMail, Yahoo, Hotmail, others). I have not used freenigma, but last time I read the docs I got the impression it was not compatible with, say, mutt's PGP/MIME which I use for kicks (I have zero encryption using friends).

One thing that always bugged me about mutt's PGP is that attachments are neither signed nor encrypted. I'm not sure if this is a mutt problem or a general OpenPGP issue, but it is certainly unfortunate. I suppose one is expected to manually encrypt attachments prior to mailing? This might be acceptable, even preferable, if computer interfaces were not so cumbersome.

As for no one caring about encryption, I propose creating an animation for sending email, similar to the Windows file transfer animation with the sheets of paper flitting across the screen. This animation would add dozens of little faces watching the email, with visible text, flit across the screen. An encrypted email could perhaps be represented as a closed envelope.

Re:Massive Pretty Good Privacy (0, Troll)

Doc Ruby (173196) | more than 7 years ago | (#17066288)

No one cares about any kind of security until after they've been violated.

Then they close the barn door after the horse has escaped.

Most of them get a new horse. Newly secure.

People will complain about PKI, but now that most people have a digital "address book" (in their email or phone SW), adding a signature and a social network of trust seems ready for prime time.

Re:Massive Pretty Good Privacy (3, Funny)

0xABADC0DA (867955) | more than 7 years ago | (#17066014)

Yeah google is really going to let you decrypt your email at the client... I can see the ads now:

413b57037 buying guide
replacement 6cf46e1dfc quote
fd8869a15cb936d8e59 Free Shipping!
bee5e2b at Amazon

Re:Massive Pretty Good Privacy (3, Interesting)

neoform (551705) | more than 7 years ago | (#17066800)

How hard do you think it'd be for the government to get their hands on those PGP keys if they were stored on google's servers.. ?

Google is a US company and should a court request those keys.. they'd give them.

Tape? (3, Funny)

Mr.NoMoniker (1034330) | more than 7 years ago | (#17065516)

These are NEW rules? and they refer to an IT worker copying over TAPE? Does this mean I should be saving all my carbon paper too? how about punch cards?
Might all this extra data clog the system of tubes that is the internet?

Re:Tape? (0)

Anonymous Coward | more than 7 years ago | (#17065696)

Tape is a lot more common than you think - it's still the number one way to do offsite backups for disaster recovery. You *do* perform backups of all of your servers, right?

Re:Tape? (0)

Anonymous Coward | more than 7 years ago | (#17066088)

People still do most of their backup on tape--DLT to be precise.

Standard Conversation (5, Insightful)

Silver Sloth (770927) | more than 7 years ago | (#17065566)

Techie:- We need to keep more backups of our e-mail database
Bean Counter:- How much do the tapes cost
Techie:- Lots - we need at least one DLT per backup
Bean Counter:- We can't afford it.
Techie:- We have to afford it
Bean Counter:- Just leave the requisition in my intray


Months Pass

Bean Counter:- The courts are on to us. Where are the e-mail backups for the 1st December 2006
Techie:- I had to overwrite them so as to keep a reasonabley current backup
Judge:- Techie, you shredded evidence - now you're for it

Re:Standard Conversation (4, Insightful)

itlurksbeneath (952654) | more than 7 years ago | (#17066552)

I've actually had that conversation with the bean counters, but it went like this:

Techie: We need $5,000 to buy another 100 DLT tapes to comply with this no-rewrite order.
Bean Counter: Again! We don't have any money in the budget to buy any more tapes
Techie: Ok, no problem. Send me an email and CC your boss and my boss and tell them that we can not comply to this federal ruling because we don't have any money in the budget.
Bean Counter: Erm.. Uh.. Oh! Here's some money for tapes you can have.

As long as the gun is pointing at them, they are very cooperative.

Obvious followup (1)

g2devi (898503) | more than 7 years ago | (#17066832)

What if this conversation were taking place in person or by phone instead of email?

I understand the intent of the law, but it's so easy to bypass
because most decisions and discussions are made outside the computer
in most businesses. And if a decision is going to have legal reprocussions,
you can be sure that it won't have a paper trail. I don't see how
this law can be enforced, unless you record all voice conversation
made by all employees (inside and outside the office) and ensure that
employees can't turn off the recorder.

invest in storage (3, Insightful)

jwegy (775655) | more than 7 years ago | (#17065574)

Now would be a good time to invest in companies that make storages devices

Re:invest in storage (1)

itlurksbeneath (952654) | more than 7 years ago | (#17066446)

I second the parent. Working for a company that's under one of those rules currently (because of some litigation or another), we're under a "do not rewrite" order. The entire - and very large - corporation. Just in my little corner of the world, we're ordering about 50 DLT tapes a month to keep up. We're actually spending about 100K on new tape drives just so the storage per tape (and hence the amount of tapes we have to buy every month) goes down.

At least TFA says it's only for companies that are currently undergoing federal litigation.

Predictable (1)

acgrissom (1002693) | more than 7 years ago | (#17065586)

This is disconcerting, if unsurprising. It definitely strikes me as out of place for the government to require companies to keep certain records, so that, if it wills it, the government can snoop around the personal information of people, as long as it can offer a reasonable cause. Next, perhaps, new houses will have mandatory monitoring systems, so that if an "appropriately serious" situation arises, someone can see what occurred. This is already occuring with the black boxes inside of cars, which, in no short order, have been abused as absolute evidence for sentencing people to life in prison. The government exists to enfoce the laws, within reason. Somewhere along the way, we have forgotten this and allowed the government to open Pandora's Box of Orwellian information gathering. Draconian tactics are not necessary for a secure country.

All Conversations (1)

giminy (94188) | more than 7 years ago | (#17065602)

What I don't get is, why the double-standard on communication? I think congress should enact legislation recording all communication within such companies. We should have microphones in every room and every hallway, to record every word spoken in such a company, just in case people do something wrong. We should probably also have video cameras, in case the would-be lawbreakers decide to write paper notes, and every paper shredder should have a scanner with OCR in line with it, so that the letters are stored for possible litigation.

C'mon, if your company isn't doing anything wrong, you don't have anything to worry about. The recordings will only be used if you're doing something illegal.

Hello? (1)

ukemike (956477) | more than 7 years ago | (#17067056)

This new rule applies to companies that are involved in federal litigation. Email is discoverable, and if you're being sued you'd better not destroy evidence. I usually get upset when some new invasive law comes down, but this is a no-brainer. If you're worried about privacy intrusion or even discoverability then implement a policy of deleting old emails. Don't keep anything older than 1 month or 6 months. If you need a copy print it and put it in the project file. This way when the subpeonea shows up you have minimal exposure. Frankly if you start deleting stuff after the subpeona, you ought to go to jail.

bad blurb (1)

Lord Ender (156273) | more than 7 years ago | (#17065618)

I am not a lawyer, but I highly doubt this blurb is accurate.

I can understand laws which requires retention for companies that log IMs. But they wouldn't pass a law requiring companies who do NOT log IMs to start doing so!

Don't count on it (1)

davidwr (791652) | more than 7 years ago | (#17065816)

Don't count out Congress when it comes to holding executives accountable.

I wouldn't be surprised if executives are required to wire themselves and keep the tape running any time they are talking to any employee, client, or anyone else relating to business matters. The company would have to keep the tapes for 2 years, or longer if certain topics were discussed or litigation is expected.

This will come shortly after mandatory phone-recording for executive's business phones.

To get around this, expect lip-reading and sign-language as part of the next generation's MBA curriculum.

Re:Don't count on it (1)

itlurksbeneath (952654) | more than 7 years ago | (#17066674)

I wouldn't be surprised if executives are required to wire themselves and keep the tape running any time they are talking to any employee, client, or anyone else relating to business matters. The company would have to keep the tapes for 2 years, or longer if certain topics were discussed or litigation is expected.

Shhh! Good lord, man.. Don't give them any ideas.

Jay Leno's had to do this for years (1)

davidwr (791652) | more than 7 years ago | (#17067022)

Comedian and Tonight Show [nbc.com] host Jay Leno videotapes not just his business life but his private life 24/7.

He does this for legal reasons. At least that's his story.

Legacy systems (1)

NetDanzr (619387) | more than 7 years ago | (#17065694)

A company I worked at previously has been using a legacy e-mail system. We've been under the SEC rules for retaining e-mails already, and when they came to inspect our business we learned that even though it's not stated in the rules, e-mail records must not only be retained, but they must also be readable with modern software. SEC wanted us to deliver the e-mail records in either a formated text file or as an Outlook file. We ended up hiring two interns who spent the next nearly two weeks forwarding all the e-mails to a newly set-up account that used Outlook, and it took so little time only because we were a relatively small company. I really feel sorry for large companies with legacy e-mail systems...

Re:Legacy systems (1)

RichMeatyTaste (519596) | more than 7 years ago | (#17066488)

Large companies bend over and buy tools that take care of this automatically. Many of them have a SQL (or similar) back end interface directly with the mail server.
If you have exchange you can just use the old alternate delivery functionality to copy all email to a depository account, and then do frequent exmerge dumps of that account to a PST file (lest your mail store get too big).

A lot of companies will have to change (1)

Lord_Frederick (642312) | more than 7 years ago | (#17065728)

When I worked for Capital One, all email was automatically deleted after 30 days and pst files were not allowed. When someone asked us how they were supposed to keep information they would continue to need, we had to tell them to print it out.

This is plain old FUD... heavy on the 'F' (2, Informative)

Anonymous Coward | more than 7 years ago | (#17065760)

This is a great example of FUD... programmers need to stick to programming and lawyers need to stick to lawyering. (I happen to be both, but that's beside the point).

This is not legislation.. it is part of the court rules. In a lawsuit, you have to provide all relevant documents to the other side. In the past, there had to be a *lot* of court time wasted on deciding what was subject to disclosure (i.e. a man does work for the company from home... is his home computer subject to examination? Answer: yes). This rule change simply makes standard what most all the court rulings concluded was subject to disclosure anyway.... all it does is save wasted court time in disputes by making the rules clear.

If a company has a "document retention policy" that sais all e-mails will be deleted in 30 days, all backup tapes will be overwritten or erased in 30 days, etc., then they can continue doing that. No one has to retain anything under these rules. These rules say that anything that *is* retained, has to be turned over in a lawsuit. After a lawsuit is started (technically when a company becomes aware of a claim even before suit is filed) the company has to not delete anything they know is relevant.... but continuing to follow the published document retention policy for everything else is fine. This has been so for many, many years. Nothing is changing is this regard.

Companies that do bad things will have evidence of doing bad things.... they will want to delete things. Companies that don't do bad things will have evidence of their proper behavior, and they will not want to delete things. I was once involved in a case where a man was blinded by some chemicals. He claimed there was no warning sign. I found the e-mail in a user's mail archive confirming installation of the warning sign, dated 6 months before his injury. If that company had been deleting all e-mails 30 days old in archives (they deleted 30-day old mail, but it did not reach local archives on the users' HD), they would have lost this exculpatory evidence. As a result, they changed policy to have uses include the word "SAFETY" in the subject line of all e-mails related to safety, warning signs, safety related repairs and maintenance, etc., and e-mails with that in the subject line were excluded from the deleting policy in the future.

Stupid thing! (3, Insightful)

VincenzoRomano (881055) | more than 7 years ago | (#17065776)

So all the email traffic done in the US will be stored somewhere at least once, often twice (sender+reciever) and in some cases several times.
And storing them is not enough: you'l need to browse them for searches!
This is a very very smart move!
And when litigations will go with browsed web pages, we'll need to store all the web we browse!

Encryption (1)

anethema (99553) | more than 7 years ago | (#17065886)

I guess this is probly a good time to begin encrypting all your IM's and emails. As previously mentioned there is PGP for email. But for msn there are a couple options. I had a really good experiance with simp: http://www.secway.fr/us/products/simplite_msn/home .php [secway.fr]

Can do a pub/priv key exchange or just use a symmetric key and do a Diffie-Hellman exchange. Changes text colour based on authentication type, warns you about possible compromises, etc.

I have nothing to do with the company it is just something i stumbled upon one day. Of course could use skype for all IMing. Probably quite a bit less secure than simp because with simp you can authenticate someones public key in person with hash checking. But it is an option.

Nothing to see here, move along (0)

Anonymous Coward | more than 7 years ago | (#17066028)

Once a litigation starts (or is imminent), you can't destroy files. Duh! This is nothing new. The new rules just explain how that applies to email (and other electronic data) in federal court cases. They finally set out one common, rational standard nationwide.

This is not some kind of blanket retain-all-data-at-all-times rule. It only has to do with litigation. (Though, BTW, it applies to individuals equally as it does to corporations and governments.)

YIIALBIANYL. GYOGDL. YMNO.

Not just companies--people too. (1)

pwackerly (697142) | more than 7 years ago | (#17066352)

Two notes--

First, these amendments are to the Federal Rules of Civil Procedure, not the U.S. Code (our national statutes). Accordingly, they effect all litigants in federal civil litigation. That will include individuals, not just companies. So, if you ever sue or are sued in federal court (relatively common--if you are suing for over $75K and the opponent lives in another state, you can likely get into federal court as opposed to state court), this rule will apply to you.

Second, the duty of retention on electronic documents is currently unclear. As is (and IANAL (yet)), under the federal rules, you have no general duty to preserve documents if you have no reason to believe that the documents will be used in litigation. Its only once you realize that you've screwed up and are likely to be sued that you need to start preservig documents. (Caveat--there may be some specific rules that I am not aware of that require a short-ish (two-year) retention period for some documents, especially documents relating to securities). So, in effect, what this rule says is you now have to hand over your IMs if they are saved, not neccessarily that you need to be saving your IMs forever,

Just curious (1)

KeepQuiet (992584) | more than 7 years ago | (#17066598)

What about if I don't use my company mail, but Gmail or Yahoo Mail when I am at work. Do they have to track those as well? If so, how?

Supreme Court (1)

jpl (58317) | more than 7 years ago | (#17066616)

When you read "...the Supreme Court began requiring..." you know there is something not right about the article summary. What power does the SC have to "begin requiring" anything? Did they suddenly get the power to create laws?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...