"What did you know and when did you know it?" Those words are being thrown at businesspeople as often as politicians, and the search for evidence increasingly involves the reconstruction of "deleted" e-mail. OK, so you're not a Mafia don or a billionaire monopolist. But here are scenarios that could turn your hard drive into an evidentiary fishing hole:
- A large competitor tries claiming patent infringement.
- An employee sues your company for tolerating sexual harassment.
Irrespective of the outcome, what would the discovery phase of a lawsuit do to your operational efficiency, costs and profits? "It can easily cost $1 million and be disruptive to staff," says electronic communications expert David Ferris, president of Ferris Research.
Then, there's the threat from illegal intrusions. Ninety percent of the 500-plus companies responding to this year's joint FBI/Computer Security Institute survey had computer security breaches within the prior 12 months, resulting in a loss of almost a half billion dollars.
Any way you look at it, our reliance on e-mail and IM makes it difficult to keep proprietary information private. Think of an e-mail or IM as pixie dust that gets tossed across the drive platters of the PCs and servers you own, those your business partners own, and on any ISP and routing servers in between. Your messages get mixed up with billions of others annually, leaving a digital trail that's virtually impossible to tidy up.
Sooner or later, one of your messages will leave the safety of your e-mail server. Here are just a few ways to protect it in transit:
"Anyone who uses a computer for business could be at risk, even the self-employed," says Michele Lange, electronic evidence legal consultant for Kroll Ontrack, which recovers data from damaged hard drives and reconstructs deleted digital footprints for lawyers.
What Can You Do?
One thing you can't do is delete files. Yes, it's easy to wipe a hard drive clean with software like Kroll's DataEraser or Symantec's Norton WipeInfo. But investigators may find clues in a PC's recycle bin. If they do find some, you may face an obstruction of justice charge, warns Jim Reinert, Kroll's director of worldwide software.
Ferris notes that large companies put e-mails on a central server and purge them after a month or two. For that to be effective, employees can't use external services like Yahoo! Mail, and everyone has to save important e-mail data. Message strings may serve as evidence to disprove allegations, so you need an archiving as well as deletion policy.
You could use a Public Key Infrastructure product like PGP (Pretty Good Privacy) to encrypt messages. Some Web services help you ensure that only encrypted messages land on Internet servers. But some services substitute your company address for one with a conspiratorial air, or can be less convenient than an in-house system. Do you encrypt "where do we eat?" lunch messages? Would discovery of such messages help or harm you?
Everyone must learn not to commit to messages "any thought you wouldn't want to see on the cover of The New York Times," says Lange. Sadly, this is another one of those consequences that accompany the Internet's blessings. But just because you act paranoid doesn't mean people aren't out to get you.
Mike Hogan is Entrepreneur's technology editor. Write him at firstname.lastname@example.org .
Computer Security Institute
(415) 947-6370, www.gocsi.com
(415) 986-1414, ext. 102, www.ferris.com
Kroll Ontrack Inc.
(800) 752-1333, www.krollontrack.com
(800) 441-7234, www.symantec.com