"E-mailGate": A Failed Policy, Process or System? (Or, something far more sinister?)

Citizens for Responsibility and Ethics in Washington (CREW) has alleged that many e-mail messages pertaining to the recent firings of U.S. attorneys currently under investigation and sent by top White House officials, have gone missing.

CREW Executive Director, Melanie Sloan says that senior officials used e-mail accounts on the Republican National Committee (RNC) system which automatically deleted messages every 30 days, thereby resulting in as many as 5 million missing e-mails.

White House spokesperson, Dana Perino said that 22 aides in the political arm of the Presidents office used their RNC accounts in order to properly keep political correspondence off the White House system. But, she also admitted that the White House "screwed up" by not ensuring that these messages were saved. Perino did not challenge the scope of the loss. "I wouldn't rule out that there were a potential 5 million e-mails lost," she told reporters.

Record keeping in the White House, as with most government organizations, is governed by explicit laws. The Presidential Records Act (PRA) for example, enacted in 1998 following Watergate, requires that the President preserve all presidential records. CREW claims that deliberately sending e-mail messages pertaining to the U.S. attorney investigation through the RNC e-mail system is a violation of PRA.

The White House on the other hand claims it was following the Hatch Act of 1939 which prohibits White House staff from using White House resources (in this case, e-mail) for political purposes. CREW however claims that correspondence pertaining to the presidential appointments for U.S. attorney positions are not political in nature and therefore should fall under PRA.

Back in 1993, the Clinton Administration Policy, in a memo to all White House staffers from Staff Secretary John Podesta, stated clearly that all records, including e-mails, were to be retained, and that external e-mail networks were prohibited because records could not be saved. The Bush Administration has not made its record-keeping policy public.

CREW further claims that the White House was aware of the lost e-mails back in 2005 and abandonned any plans to recover the missing e-mails. CREW also claims that the Bush Administration willfully dismantled the e-mail archiving system put in place during the Clinton Administration and has not replaced it. According to CREW, e-mail servers are being backed up, but without an archiving process"this system does not have adequate safeguards in place to ensure that stored messages are not modified or deleted".

All government organizations, regardless of their size or jurisdiction, have a responsibility to its citizens as "The Stewards of the Public Record".

I believe in three simple rules to ensure proper record keeping in any organization, government or business, large or small.

1. Must have responsible and well understood policies, in alignment with any laws and best practises applicable to the organization,

2. Must have processes that support these policies, and

3. Must have a system that ensures that the processes are applied consistently throughout the organization and at all times.

If the truth ever becomes known, it will be interesting to assess the facts against these three rules. The White House charges that CREW's allegations are politically motivated. This is probably the case, but even so, it seems to me that they have some explaining to do. I suspect this is going to get dirty...

Archive it All - Is this the End of the Smoking Gun Defense?

I am not so naive as to think that corporate lawyers will now stop recommending to their executives that the company regularly delete e-mails to avoid the "Smoking Gun" in subsequent litigation. However, I do believe that Intel's e-mail problems in its current anti-trust case with competitor AMD, pokes holes in what lawyers once considered a bullet proof defense.

With the exception of highly-regulated industries, lawyers might continue to argue that there is no law that stipulates that e-mail messages, sent or received prior to onset of pending litigation, must be retained. And although this is true, there is an inherent risk in this approach.

The risk, as Intel has now learned, is that errors are likely to result when an organization tries to abruptly shift to a more restrictive retention policy. For example, if a corporation's retention policy is to delete messages automatically every 90 days, when that corporation is forced to make an abrupt change because of pending litigation, the change is nearly impossible to execute cleanly.

Mistakes will be made, primarily because of the reliance on communication to key personnel to affect this change. As critical as the new retention policy is to executives and lawyers, it is not typically regarded by individual employees with the same degree of importance. Users accustomed to a particular manner of dealing with e-mail may not necessarily sense the urgency or relevance of the change. In addition and as Intel can attest, there is a strong likelihood that individuals may not immediately fully understand what is being asked of them under the new policy.

The new Federal Rules of Civil Procedure (FRCP) effectively state that those entering into litigation must be prepared to present all electronic evidence germain to the case, in a timely manner. In civil litigation, the courts are unlikely to tolerate defendants who cannot produce electronic evidence because of flaws in their retention policy.

Case law is based on the simple principle that future legal best practises are defined by most recent court rulings. If a case like the Intel/AMD anti-trust case does not set a new legal precedent for e-mail retention, maybe the next one will. For small-to-midsize companies, a policy of archiving all e-mail messages, could help the company avoid the risks inherent in changing its retention policy because of pending litigation.

Lessons Learned from Intel's Lost E-mails

The anti-trust case leveled against Intel by rival AMD in June 2005 has taken some interesting turns relating to e-mail retention. Intel has admitted to AMD and to the courts that it may have inadvertantly deleted e-mail messages that it was required to present during discovery. The judge has recently given Intel until April 17 to respond to AMD specifically on whether the corporation will be able to produce the e-mails (presumably from back-up tapes).

Here's what happened so far:

• Intel had a corporate policy of deleting user e-mails every 35 days (senior execs every 45-60 days), and therefore the company relied solely on employees to back-up their own messages
• Intel was to inform 1000 of its 100,000 employees not to delete their e-mail messages because they might relate to the case
• Early last month Intel informed the judge that some messages pertaining to the case might have gone missing, blaming human error. Many users were not properly instructed about what to preserve (e.g., many saved their received mail but allowed their sent mail to be deleted)
• AMD in response has claimed that Intel's efforts were "half-hearted", stating that Intel "apparently allowed evidence to be destroyed".
• On April 6, the judge gave Intel until April 17th to report on whether or not it will be able to find and present these e-mails. At that point, the judge will rule on Intels actions and if applicable, impose his penalties.

Meanwhile, Intel doesn't even know for sure whether any of the messages deleted actually pertain to the case. They could end up spending $ millions, pouring through back-up tapes, digging through a haystack for a needle they don't even know for certain, exists.

What can business managers, lawyers and IT managers learn from this situation?:

1. E-mail archiving should be automatic. Leaving a decision as important as the preservation of evidence to an office memorandum or executive directive cannot in itself guarantee adherence to today's more stringent rules for civil disclosure.
2. All employees should be informed and well aware of the company's record-retention policy (e.g., Intel says that many of its users didn't save messages because they believed the company was doing it automatically). Even though the company had a policy of automatically deleting emails every 35 days, its employees (at least some of them) weren't aware of it.
3. This case, particularly when seen in context of the new FRCP rules on disclosure of electronic evidence in civil discovery, effectively and once and for all, puts an end to the "smoking gun defence", the all-too-common legal advise given to corporate leaders to deleting e-mail messages regularly in order to destroy potential incriminating evidence.
4. There is nothing about the situation Intel finds itself in that is specific to a large company. Small-to-midsize organizations are equally as likely as Intel to be subjected to the same legal scrutiny of its e-mail records. If you're only a 100-person company and not 100,000 like Intel, maybe instead of presenting 30 million documents and e-mails in discovery, you will only need to disclose 300,000.
5. E-mail messages and their attachments are corporate assets, not personal ones. Therefore, stewardship of these corporate assets is the responsibility of the corporation and not individual employees.
6. Don't ignore the importance of Sent messages. Received messages are only the half of it. Messages an employee sends on behalf of its employer can be every bit as much a business record as the ones he/she receives.

But, I'm not a lawyer. I'm happy to hear other opinions.

E-mail Archiving is a 10 to 20-year Decision

Your e-mail archiving solution should outlast pretty much any information solution you are currently using. The shelf life of this decision should be at least as long as the longest specified retention period in your e-mail policy.

Why? Because one of the fundamental principles of archiving is that archived data has no value when it can't be retrieved, and therefore retrieval from the archive must be assured no matter what. More simply, without easy retrieval, an archive is no longer an archive.

How do you implement an e-mail archiving solution that ensures retrieval?

The answer is two-fold:

1. Store archived messages in a vendor-neutral format, and
2. Avoid a retrieval system that hooks you to one vendor.

A solution that works with only one vendors messaging system (e.g., Exchange), can lock you to a single architecture for many years. You may not be able to even consider replacing your messaging system because the ability to retrieve archived mail is locked to one system. I don't know about you, but I hate not having options.

Without a doubt, Microsoft holds the lion share of the messaging market. Lately however, we are beginning to see many new e-mail options e.g., open source, LinuxMail, All-in-one small business servers, etc. These alternatives are particularly important for small-to-midsize organizations where the importance of following the market leader is less critical. Exchange gets better with each release but unfortunately, at least from what we can see in Exchange 2007, it also gets more complicated. Retaining the option to make a change is a good safe business practise.