Common Sense About Sensitive E-mail

Common Sense About Sensitive E-mail
By Reid Goldsborough

Certain things about the Internet are common sense. If you want to communicate something sensitive, instead of posting it to a public online discussion forum, send a private message through e-mail to your recipient alone. If you want to avoid potential problems down the road with sensitive information communicated through e-mail, delete the message after reading it or ask your recipient to do so.

In both of the above cases, common sense is completely wrong. E-mail is as private as a postcard. Though it happens relatively rarely, e-mail can be intercepted and read by others en route.

E-mail encryption programs prevent this from happening by ensuring that only your intended recipients can read your messages and it’s you who has sent them. For some time now the standard has been Pretty Good Privacy, a program from PGP Corp. <www.pgp.com> that provides excellent privacy for sensitive e-mail.

The pay version automatically encrypts e-mail and instant messages and lets you send “self-decrypting” messages to those who don’t have the program. The free version, available for personal, non-commercial use, lets you manually encrypt and decrypt messages. You can try the pay version for free for 30 days.

E-mail also endures. As with files on your hard drive, when you delete an e-mail message, it’s never really gone. It can be retrieved, among other ways, from tape backups months or even years later. Sometimes, a court will actually require this when the e-mail relates to a criminal matter or a civil lawsuit.

In the past, some companies used the argument in court that they don’t keep e-mail for longer than a certain time. The courts, in general, no longer buy this argument, and they in fact may assume that if you don’t produce e-mail as requested, you’re trying to hide something.

This changing attitude was dramatically exemplified in May 2005 when investor Ronald Perelman sued Morgan Stanley for more than $1 billion. A circuit court judge ruled against the Wall Street firm in part
because of its repeated failure to provide the e-mail requested by the court.

Other court cases have also underscored the importance of e-mail retention.

In June 2005 computer chip maker AMD delivered subpoenas to nearly 40 PC makers seeking past e-mails, hoping to prove its c
ontention that rival Intel was trying to monopolize the computer chip market.

Regulators are also getting in on the e-mail retention act. Under the Sarbanes-Oxley corporate reform law, public companies will be required to retain e-mail. And if you deliberately delete e-mail with the intention of obstructing a federal investigation, you may get hit with a $1 million fine and/or up to 20 years in prison.

A changing legal and regulatory milieu creates new market opportunities. Eager to cash in, software makers and computer
consultants have been announcing products and services to help companies create and implement e-mail retention policies.
“Most organizations don’t have a handle on e-mail,” says Tom Politowski, president of Waterford Technologies Inc. <www.mailmeter.com>, the maker of one such software program. With its well-regarded MailMeter Archive, Waterford targets small to mid-size businesses, usually with 50 to 5,000 e-mail in-boxes. Some organizations with as few as five employees use the program as well, says Politowski.

MailMeter Archive captures all e-mail that employees send or receive and archives messages in a database. Along with making retrieval easy and inexpensive, the program also lets you analyze e-mail to detect patterns, says Politowski.

This can help you, for example, determine who’s sending too many e-mail messages or too few, who’s e-mailing an important client, or who might be using e-mail inappropriately for sending jokes, music, porn, or your customer list.

Politowski and many others suggest that any organization, large or small, create an e-mail policy that spells out appropriate company use of e-mail. If you send an e-mail to policy@mailme ter.com, his company will
e-mail you back a sample e-mail policy that you’re free to copy.
Waterford Technologies sells other e-mail archiving programs along with MailMeter Archive.

E-mail archiving programs from other companies that also warrant consideration include those from Zantaz and EMC.
E-mail has great utility, whether for business or home use. But it’s no panacea. Like any communications medium, it has its strengths and weaknesses. Sometimes it makes more sense to pick up the phone or mail a letter.

And if you want to communicate sensitive information at very low risk, meet late at night in an underground parking garage. It worked for Deep Throat.

Reid Goldsborough is a syndicated columnist and author of the book Straight Talk About the Information Superhighway. He can be reached at reidgold @netaxs.com or <http://members. home.net/reid gold>.



© Copyright 2005 by DiverseEducation.com