Death By Email Blog

What would you do NOT to be caught by email?

One manager accidentally sent details of all his workers' salaries on a company group e-mail.  As soon as he realized his error, he set off a fire alarm to clear the office before going round and deleting the e-mail from every inbox.

This is one of several "cringe- worthy" emails released by U.K. online property firm officebrokers.com and reprinted in The Scotsman and newKerla.com. Their study concludes that "Every minute that goes by, 42 workers in the UK will be left red-faced with embarrassment having sent a wrong or mortifying email ...  As to what the content of the email can be, well anything from complaining about a colleague and accidentally forwarding it to that person to hitting the 'reply all' button on a confidential memo makes the list," reports the Scotsman.

Some other cringes ....

• After a sick day, one worker sent an e-mail to a friend explaining that his illness was due to "class A's" - drugs. Unfortunately, he sent it to everyone in his company, including the senior management, who fired him.
• A company accidentally included 24,000 e-mail names in the address box of a message. Many intended recipients never got to the actual message as it took them so long to scroll down.
• A woman police officer sent an e-mail to her colleagues asking who stole her yogurt from the fridge. Unfortunately, she accidentally sent the e-mail to the entire West Midlands police force and received hundreds of sarcastic replies including: "Do you need CID? Have you sealed off the area? Has the dog unit been called?"

Arkansas's high court ruled that a "neutral court" should use content analysis to determine whether emails are public records.  The ruling came on a Freedom of Information Act case reported by this email blog.  It related to the case of former Pulaski County Comptroller Ron Quillin, who was accused of embezzling $42,000 while in office.  During the investigation, emails that were reportedly "highly personal and graphic" were found.

One side said that the letters were personal and should be private.  The other side said that the emails were on a government computer system and, therefore, are public records.  An Arkansas judge ruled that the act of sending an email to a government email address means that there is "no expectation of privacy." 

But, yesterday, the state high court chimed in.  It ruled that personal e-mail messages stored on state-owned computers should be reviewed by a "neutral court" to determine whether they qualify as public records and are subject to the state Freedom of Information Act.  (Source)

The ruling is based on the court's interpretation of Arkansas's public record law.  A public record is one "that constitute a record of the performance or lack of performance of official functions that are or should be carried out by a public official or employee."

The court noted that with the prevalence of employees using computers at work for personal e-mail, such correspondence on public computers does not automatically count as a record of the "lack of performance of official functions."

It went on to adopt a content-driven analysis to determine whether e-mail messages on public computers count as public records and sent the case back to the lower court to review the e-mail in question and determine whether there is a nexus between the e-mail and official state activity. (Source)

Proofpoint's latest annual survey entitled Outbound Email and Content Security in Today's Enterprise, 2007 was just released.  Even though it is from a competitor, I recommend the free download.  I have quoted previous editions of the survey in business plans and presentations.

Some of the key results of the survey of 308 e-mail decision-makers at large U.S. companies include:

• Respondents estimated that nearly 20 percent of all outbound e-mail poses a legal, regulatory or financial risk.
• More than one-quarter of surveyed companies (27.3 percent) have terminated an employee for violating e-mail policies in the past 12 months.
• 32.1 percent of surveyed companies with 1,000 or more employees hire staff to read or analyze the contents of outbound e-mail.

"The emails brought to me contained information of potentially inappropriate behavior and other violations of school policy," said Arlington, MA, Superintendent of Schools Nate Levenson to the Boston Globe today.  But, in an interesting twist, the emails were not released by the school or the newspaper.  Instead, it is alleged that they were released by a hacker.

The emails involved were reportedly between middle school principal Stavroula Bouris and technology teacher Chuck Coughlin.  Frank Mondano, the attorney who represents both individuals, said his clients are not romantically involved, but are friendly with each other and were only sharing jokes and humorous musings. He said their correspondences were obtained by someone hacking into their private e-mail accounts, and called for the hacker to be exposed. (from www.boston.com)

Certainly the principal and a technology teacher ought to know that email is not private and that school email are public records.  The school reports that four people are authorized to read other people's email, " the superintendent, the assistant superintendent of curriculum, the telecommunications technology specialist or designee," according to the Arlington Advocate.

A sample of the reported emails that appeared on-line would appear to raise eyebrows.  One of them said, "Do you know what would look good on you?  Me!" signed "My hot principal."  Interestingly enough, this email appears not to be from an official email account but from a verizon.net email address to a Gmail email address.

The Arlington Advocate quoted two other emails:

On May 9, at 11:53 p.m., Coughlin wrote to Bouris in a work e-mail, “To play off that song, when I lay next to her I see you. I shut my eyes I see you. I go to bed and I see you. I smile and I see you.”

On June 12, at 2:14 p.m., Coughlin sent an e-mail to Bouris stating: “Hey beautiful. Want to get naked? Chuck.”

A further investigation is expected.  I also expect that a Freedom of Information Act request will be made to force the release of the emails.  There are also charges that the release of these alleged emails were part of a smear campaign against the principal.  Both the Globe and the Advocate talk about it.

But, in the end, it just proves that emails from whatever source can be leaked.  Even if it was done as part of a smear campaign and even if it was done by a hacker, the lives of Coughlin and Bouris will never be the same. 

Are you suffering delays in your recent emails to china?  It may be because of "series of disruptions to cross-border email traffic on adjustments to the country's vast Internet surveillance system," Reuters reports today.  The delays have been going on for four days now.  But, of course, there is no way to get official confirmation.

The symptom seems to be an error message that is returned to the sender.  The error message however does not look like an end-user message.  (I do not have a sample.) 

"China is in the midst of a highly publicized campaign to rein in "unhealthy content" in its rapidly growing Internet, whose rapid spread of information regarding incidents of government corruption and rural unrest not reported in conventional media has alarmed China's stability-obsessed leaders," reports Reuters.

Most people are blaming the elaborate set of filters maintained by the Chinese government to manage information flow.

Always check before hitting reply.  Vancouver, British Columbia City Clerk Syd Baxter learned this lesson the hard way after mistakenly sending an email from his personal email account to the wrong people. 

A city strike appears imminent.  Baxter takes a firm stand in the email, saying, ""We are going through usual B.C. politics at the expense of the civic workers. ... I have no doubt (B.C. Federation of Labour executive director) Geoff Meggs and company are engineering this across the region. No work is being done as staff contemplate this."

It would seem from the email that the City Clerk was afraid of what that would mean to him.  The content was described in the Vancouver edition of 24-Hours:

"I don't get toilets" - a reference to the fact many managers will be doing union jobs if a strike does happen. He then adds, "What am I saying, I already have the big Chamber bowl. p.s. hope you are well!!! It was 35C yesterday here in south surrey. In Van with the council meeting hot air it must have been at least 40C."

The personal email was to be sent to a colleague.  Instead, it went to the Coalition of Progressive Electors, a Vancouver-based political party, on July 12.  The party describes itself as a "A progressive force at Vancouver city council, parks board, and school board." It would appear to be a party sensitive to the Labour cause.  In other words, just the wrong people to accidentally send an email to.

"B.C. Federation of Labour executive director Geoff Meggs is demanding an apology from Vancouver city clerk Syd Baxter," reported 24 Hours. 

"Councilors from opposition parties say it's inappropriate that a senior civil servant, who is responsible for running elections and regulating council meetings, should make disparaging remarks about his employers that become public without some consequences," reports the Vancouver Sun.

But, the mayor is defending him.  Mayor Sam Sullivan's communications officer, David Hurford, described the e-mail a "non-issue" in the Vancouver Sun and said the mayor "has a pretty good sense of humor."

“We’ll go back to the 1920s, and have direct conversations with people,” New Jersey Governor Jon S. Corzine in the New York Times.  If you want to reach him, put away your computer.  The Governor says that he will no longer use email.  Even his BlackBerry is now off-limits.

In my last posting, I mentioned one of several law suits regarding the email of New Jersey Governor Corzine.  Corzine has refused to release documents citing personal privacy and executive privilege.  (I guess you can add this to the list of excuses for "email bankruptcy."

A new twist on the use of the Freedom of Information Act may re-define the boundaries of personal email accounts.  We have seen many cases where an FOI request was used to get emails from government email servers.  In most cases, any newspaper or citizen can get information quickly -- with limited exception.

I was alerted to a new twist by Sara Key of the The Lucy Burns Institute, a Wisconsin non-profit dedicated to sharing  information, guidance, practical advice, legal developments and news about open records at the state and local level.  (Thank you, Sara.  And, by the way, they have a great blog about FOIA issues at http://openrecords.wordpress.com/. Recommended.) 

New Jersey's Open Public Records Act is being used to demand emails from a private email service used by Governor Corzine.  The justification appears to be that some emails that were sent might have contained some work related information.  Specifically, the NJpols section of Campaigns and Elections magazine reports that New Jersey Republican State Committee Chairman Tom Wilson wrote to the Governor and made these demands: 

"In your response to my lawsuit seeking copies of all communication between you (Governor Corzine) and Carla Katz, it was revealed that you maintain a private email server and that both you and your Chief of Staff have used that server since taking office January 2006. The existence of this non-government email server raises a number of questions as it relates to OPRA and the maintenance and the retention of records.  ...

"I am requesting, ... any and all documents, emails, memoranda, policies, procedures, etc. relating to the use of external email accounts on servers such as the "votecorzine.org" server by Governor's Office staff in connection with official State business.

"I further request access to any and all documents, emails, memoranda, policies, procedures, etc. relating to the retention of emails and documents regarding official State business conducted on external servers such as the "votecorzine.org" server.

"Finally, I hereby request access to any and all "government records" which have been preserved in accordance with the Open Public Records Act, N.J.S.A. 47:1A-1.1 from the "votecorzine.org" server."

If the request is granted, it would seem logical that somebody would need to be able to review whether the proper emails were obtained.  This opens up the entire server to examination.  So far, the request has not been granted.  But, it is easy to see how this can establish case law that would extend access to private email accounts.  Let me engage in some conjecture here:

• Could the same argument be made to release all the emails in the Republican National Committee email server in regards to the firing of U.S. attorneys?  Would Democrats get the chance to review what emails were and were not released?
• What would have happened if the Governor's email was hosted by Google?  Could a demand be made to the ISP to release the email?
• Can this same logic be extended to business email?  For example, a company was in litigation, could a request for relevant emails be extended from business accounts to all personal accounts, too?

My advice has always been to make sure that all of your personal communications use a personal email account.  Now, you may also have to make sure that your personal email never mentions your business.  What does that mean if you write something personal to a business contact?  I am sure that we will find out.

Yesterday, I wrote: "It is dangerous to let a third party hold (an enterprise's) most confidential email, which includes much of the internal email.  If the third party receives a subpoena for your mail, would they fight the request on your behalf when they have nothing to gain by fighting?  Or, would they cooperate with authorities (or the other side) to protect their interests?"

Today, it looks like it is already happening.

The Massachusetts Lawyer's Weekly reported today on a case where a defendant's Goggle Gmail account was subpoenaed.  The article quotes North Billerica, Mass. attorney Jenny J. Liu, who is currently representing a party in a civil dispute that is in the discovery phase:

"Then, without any notification, I received a copy of a subpoena the other side sent to Google … for all e-mails sent to and received by my client's personal e-mail account," said Liu. "My client used that e-mail account partially for business, but mostly for personal use — and to communicate with me."

Liu filed an emergency order to quash the subpoena, which is pending in Middlesex Superior Court. ... 

Asked to comment on the issue, a Google spokesperson e-mailed Lawyers Weekly that "Google does comply with valid legal process[es], such as court orders and subpoenas, as required by law."

The article goes into much more detail and cites a case in which Apple went after the ISP who hosted the blogs of people who leaked confidential information.  There are strong statements that say that Google would not be willing to release the emails and would contact the account owner.  But, absolute protection was not given.  In many ways, the article shows just how unsettled the issue is. 

One has to wonder how far an ISP would be willing to go against its own interests to protect yours.  The new Lawyer's Weekly article demonstrates that handing over your email to a third party is potentially dangerous.  For an enterprise with internal, confidential email, it is a risk that can be easily avoided.

Several blog and news sites have commented on the acquisition activity in the email archiving and electronic discovery markets.  Tech Target's Search Storage site reports: "storage analysts say (Google's acquisition of Postini) could be the beginning of a shift in the email archiving and e-discovery markets toward outsourced, Web-based Software as a Service (SaaS)."  (I listed many of the acquisitions at the end of this blog post.)

I saw a succinct summary of the trend in the High Contrast blog.  It reported:

• Outsourcing of content archiving, which often means
• Outsourcing of e-discovery, which is why we see
• Search players buying hosted content archiving companies

What is driving the outsourcing market?  Are enterprise customers handing over their data in droves?

I talk to enterprise email decision makers every day.  They tell me that it is fine to outsource incoming email.  After all, this mail comes from the Internet anyway.  However, these same customers tell me that they are afraid to outsource their outbound and internal email handling.  (Internal email is email in which all the senders and recipients are within a company.)  Generally, there are two reasons given:

• It is dangerous to let a third party hold your most confidential email, which includes much of the internal email.  If the third party receives a subpoena for your mail, would they fight the request on your behalf when they have nothing to gain by fighting?  Or, would they cooperate with authorities (or the other side) to protect their interests? 

It can get worse.  For certain types of investigations, it may be illegal under the Patriot Act for the third party to tell you of the search for your email. 

• The amount of network bandwidth required to send internal mail to an outsourced provider is enormous.  Companies like Postini can easily archive external mail by intercepting it before it reaches you.  But, internal mail must be routed to the outsourced vendor, which can more than double bandwidth costs.

If you are already using Google for your business email, then the Google/Postini match is ideal in regards to bandwidth utilization.  All the mail is at Google anyway.  But, companies with their own email systems cannot afford the Internet costs for shipping that much mail to Google for processing.

These reasons make sense.  Therefore, while I believe that the Google/Postini marriage helps the viability of Google Mail, I do not see enterprise customers willingly handing over their precious internal email to a third party.  So, I have to wonder if all of this acquisition activity is being driven by investors in love with the outsourced business model -- not the enterprise customer.

Below is some of the examples of the recent activity reported in High Contrast: