• Be Smart About Sensitive E-mail

    Feb. 1, 2006
    Certain things about the Internet are common sense. If you want to communicate something sensitive, instead of posting it to a public online discussion

    Certain things about the Internet are common sense.

    If you want to communicate something sensitive, instead of posting it to a public online discussion forum, send a private message through e-mail to your recipient alone. If you want to avoid potential problems down the road with sensitive matters communicated through e-mail, delete the message after reading it or ask your recipient to do so.

    In both of the above cases, what's common sense is wrong.

    E-mail is as private as a postcard. Though it happens relatively rarely, others can intercept e-mail and read it en route.

    E-mail encryption utility programs prevent this from happening by ensuring that only your intended recipients can read your messages and it's you who has sent them. For some time now, the standard has been Pretty Good Privacy, a program from PGP Corp. (www.pgp.com) that provides excellent privacy for sensitive e-mail.

    The pay version automatically encrypts e-mail and instant messages, and lets you send “self-decrypting” messages to those who don't have the program.

    The free version, available for personal, noncommercial use, lets you manually encrypt and decrypt messages. You can try the pay version free for 30 days.

    E-mail also endures. As with files on your hard drive, when you delete an e-mail message, it's not really gone. It is retrievable, among other ways, from tape backups months or even years later. Sometimes, actually, a court will require this when the e-mail relates to a criminal matter or a civil lawsuit.

    In the past, some companies used the argument in court that they don't keep e-mail for longer than a certain time. The courts, in general, no longer buy this argument, and they in fact may assume that if you don't produce e-mail as requested, you're trying to hide something.

    This changing attitude was dramatically exemplified in May 2005 by the Morgan Stanley case brought by businessman Ronald Perelman in which a circuit court judge ruled against the Wall Street firm in part because of its repeated failure to provide the requested e-mail.

    Other court cases have also underscored the importance of e-mail retention.

    In June 2005, computer chip maker AMD delivered subpoenas to nearly 40 PC makers seeking past e-mails to help prove its contention that rival chip maker Intel was trying to monopolize the market.

    Regulators are also getting in on the e-mail retention act. The Sarbanes-Oxley corporate reform law requires public companies to retain e-mail. And if you deliberately delete e-mail with the intention of obstructing a federal investigation, you may get hit with a fine of up to $1 million and a prison term of up to 20 years.

    A changing legal and regulatory milieu creates new market opportunities. Eager to cash in, software makers and computer consultants have been announcing products and services to help companies create and implement e-mail retention policies.

    “Most organizations don't have a handle on e-mail,” says Tom Politowski, president of Waterford Technologies Inc. (www.mailmeter.com), the maker of one such software program. With its well-regarded MailMeter Archive, Waterford targets small to midsize businesses having from 50 to 5,000 e-mail in-boxes, though Politowski says that organizations with as few as five employees use it as well.

    MailMeter Archive captures all e-mail that employees send or receive and archives messages in a database. Along with making retrieval, if it's later needed, easy and inexpensive, the program also lets you analyze e-mail to detect patterns, said Politowski.

    This can help you, for example, determine who's sending too many e-mail messages or too few, who's e-mailing an important client or who might be using e-mail inappropriately for sending jokes, music, porn or your customer list.

    As do many others, Politowski suggests that any organization, large or small, create an e-mail policy that spells out appropriate company use of e-mail. If you send an e-mail to [email protected], his company will e-mail you back a sample e-mail policy that you're free to copy.

    Waterford Technologies sells other e-mail archiving programs along with MailMeter Archive. e-Mail archiving programs from other companies that also warrant consideration include those from Zantaz Inc. (www.zantaz.com) and EMC Corp. (www.emc.com).

    E-mail has great utility, whether for business or home use. But it's no panacea. Like any communications medium, it has its strengths and weaknesses. Sometimes it makes more sense to pick up the phone or mail a letter.

    And if you want to communicate sensitive information at very low risk, meet late at night in an underground parking garage. It worked for Deep Throat.

    Reid Goldsborough is a syndicated columnist and author of the book Straight Talk About the Information Superhighway. Contact him at [email protected] or http://members.home.net/reidgold.