Technology

Information Management: Defending Against Immortal E-mail

Sensitive E-mail messages can be harder to kill than James Bond. Here are a few new weapons.
Lisa YoonNovember 14, 2000

Tomorrow Never Dies is not just the title of the penultimate installment of the 007 film franchise; it also captures what many companies have learned the hard way about the life span of E-mail. True, some companies understand the dangers of mounting E- mail messages, and have developed corporate E- mail retention policies to deal with them. They often forget, however, that a retention policy is only as good as the company’s ability to implement it. One of the most famous examples of damaging E-mail, of course, is when the federal government dug up embarrassing messages, believed to have been deleted, at Microsoft Corp. during the antitrust investigation of the Redmond, Wash.-based software company.

“Having no enforcement mechanism” is the single most common mistake companies make with their E-mail policies, according to Los Angeles information technology attorney Michael R. Overly. Though most companies have E-mail deletion policies—for example, purging E-mail that is more than 60 or 90 days old— they rely on the initiative taken by employees to delete them manually. In most cases, there is no way to ensure that employees are taking action.

Then there is the misconception that so many people have of the nature of E- mail. “Employees look at E-mail as an ephemeral means of communication,” explains Overly. They forget or ignore the fact that E- mail, unlike a phone call, has a permanent life. The staggering volume of messages can live forever on various servers. Under the right unfortunate circumstances, such as a lawsuit from a disgruntled former employee, the failure to purge such non-crucial E-mails can have costly consequences, even when companies have nothing to hide. “It’s extremely expensive to dig up E-mail. In some cases, it can cost hundreds of thousands of dollars,” says Overly.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

A crop of software solutions has sprung up to help companies enforce E-mail policies and avoid potentially expensive and embarrassing run-ins with courts involving E-mail. San Francisco-based Disappearing Inc., for example, offers Microsoft Outlook-compatible software called Disappearing Email that decrypts messages at the time specified by the sender, rendering them, for all practical purposes, unreadable. Users can indicate an expiration time of anywhere from five minutes to several months after the message is opened. A Lotus-compatible version is in the works.

Chief technology officer Maclen Marvit says Disappearing Inc. is different from many E- mail management technology offerings because it’s one of the few that (virtually) destroys the messages after they’re sent. It also destroys received messages after a set period of time. “Other products prevent others from listening in on the [E-mail] conversation,” while Disappearing EMail works as a virtual shredder, he explains. ZixMail, by ZixIt, makes E-mail messages accessible to recipients only through ZixMail software or on a secure Web page. Another company, Waltham, Mass.-based Authentica Inc., offers MailRecall, which works in a similar manner to Disappearing Email. It also gives the user a number of control options, such as forwarding and copying. Marvit believes the market for such products will grow as companies embrace the value of regularly disencumbering themselves of non-crucial E-mail. “A lot of conversations are important to the functioning of companies, but they begin to have a negative value after a while.”

David Ferris, research director of consulting firm Ferris Research, also believes products like Disappearing Email and MailRecall will become more popular, especially with senior management. He expects that in five years, such products will be commonplace among most corporate E-mail users, while most senior executives will be using them in two years. And he doesn’t confine the usefulness of disappearing E-mail to the anticipation of potential lawsuits. It comes in handy in day- to-day business dealings as well. For example, CFOs will find E-mail encryption capabilities useful in mergers-and-acquisitions conversations, which often involve complex legal requirements related to non- disclosure.

Finally, says Overly, vanishing E-mail will become widespread as a solution to the enforcement problem. “The solution [to E-mail deletion enforcement] has to be technology. We can’t, nor would we want, to rely on humans to purge E-mails from servers periodically.”