USA: Exploding e-mails.

USA: Exploding e-mails. - Not even the software giants are safe from the letter bombs in their computers. Roger Taylor looks at how to avoid the traps that tripped up Microsoft and Netscape.

by
Last Updated: 31 Aug 2010

Not even the software giants are safe from the letter bombs in their computers. Roger Taylor looks at how to avoid the traps that tripped up Microsoft and Netscape.

It could hardly have been more awkward. Jim Barksdale, chief executive of Netscape Communications, was in the witness stand making serious accusations against Microsoft, the world's number one software company.

In support of the US Government's landmark anti-trust action, he alleged that Microsoft had approached his company in 1995 with the uninvited and unwelcome suggestion that they should avoid competing in the new market for internet browser systems and, instead, split the business between them.

His carefully planned testimony was then thrown into disarray when lawyers for Microsoft produced an e-mail which had been sent by his colleague, Jim Clark, the chairman of Netscape, to a senior executive at Microsoft.

The message proposed that that the two companies work together and even suggested that Microsoft invest in Netscape.

'We do not want to compete with you,' it read.

The message, sent by Clark during the early hours of the morning without the knowledge of anyone else in the company, seemed to flatly contradict Barksdale's version of events.

It was a telling example of how being trigger-happy with the e-mail 'send' button can cause a ton of trouble.

The Microsoft anti-trust case has produced a number of equally embarrassing e-mails. Both sides have dredged up hundreds of compromising messages.

Perhaps the best known is the note from Paul Maritz, group vice president at Microsoft, in which he described how he planned to crush any competition from Netscape. It read: 'We are going to cut off their air supply. Everything they are selling, we are going to give away for free.' Microsoft is now trying to reconcile this with its contention it never sought to use its market power to destroy Netscape.

Closer to home, those sensible, sober people at Norwich Union had to pay an unexpected £450,000 in damages and costs 18 months ago, and make a public apology, to Western Provident Association, the private healthcare group, after employees had been too free with their language on an internal e-mail system.

Colleagues at Norwich Union's healthcare business had speculated, quite without foundation, that their rival was facing insolvency and was being investigated by the DTI. Inaccurate rumours were spread at the touch of a button among the ill-advised workforce. And when Western Provident inevitably got to hear about the libel, its legal action followed. Careless e-mail talk can be that costly.

Most executives will feel their palms going a little clammy as they read about these events. Few companies can claim with confidence that their e-mail archives do not contain equal horrors.

The trouble is that e-mail feels disposable and people treat it that way, paying too little attention to what they put in their messages. Far from disposable, e-mail in fact is one of the hardest forms of IT communication to erase.

Jim Browning, an analyst at Gartner Group, the technology research company, explains: 'When I send you an e-mail, I immediately create four copies: one on my PC, another on my server, one on your server and another on your PC.'

There is then a good chance that the recipient will copy the message to others. Furthermore, it is likely the copies on either the servers or the PCs will be saved again every time the computer system saves a back-up file. Within a short period of time there will be multiple copies of the message on a range of different computers.

E-mail replicates itself like bacteria in a Petri dish. Once a message has been sent, it is virtually impossible to ensure that no copies survive.

Greg Olsen, chief executive of Sendmail, the company which distributes the software used to send about 70% of e-mail, points out that computers are intended to do this.

'Computer files are persistent by design. They tend to be copied and propagated, and every corporation backs up disks. The chances are, a year after sending a message, there will be 50 copies,' he says.

This would not be a problem if people were sensible about what they put in their e-mails. Unfortunately, the reverse is the case. The very factors that make e-mail such an attractive form of communication also make it a legal liability that could end up causing serious headaches for any business.

David Curry of Amazon, the internet bookstore, explains why his company recently sent a memo to all employees urging them to delete old e-mails - and reminding them that some things are better not put in writing. The problem, he says, is that people treat e-mail more like a telephone conversation than a document.

Browning goes further, pointing out that people are often prepared to be more rude in e-mail than when face to face. 'People who are never emotional in meetings can suddenly become very outspoken when sat in front of a computer,' he says.

Some companies even try to take advantage of this aspect of e-mail. For example, Netscape used it to allow employees to blow off steam about problems at work. People were encouraged to use message groups to moan about management deficiencies or rant about how things could be done better. Some of these messages are now being used by Microsoft to attack Netscape and to say that its failure to beat off competition from Microsoft was due to its own incompetence, and not the result of unfair competition.

Both sides in the Microsoft trial argued that their

e-mails had been taken out of context. But courts are as likely to view off-guard e-mail language as a revelation of the author's motives and actions as they are to judge that such messages were not intended to be taken seriously.

The potential legal liability of old e-mails is compounded by the ease with which they can be tracked down. Just enter a name or a key word and you can instantly call up all relevant messages. This is great if you need to remind yourself of a message from several weeks back. But in legal disputes, it can prove disastrous.

Discovery, the legal process by which lawyers are allowed access to relevant documents to search for evidence, can be a lengthy and somewhat hit-and-miss activity when trying to find incriminating evidence among traditional paper records. It can be hard to know where to start looking for the relevant information. In contrast, computerised records make it easy for lawyers to instantly assemble every document containing, say, the word Microsoft.

The result is that, should a company end up being sued, a rapid search through the e-mail archives is only too likely to turn up some ill-considered message which appears to confirm the charges against it.

Already companies are taking measures to protect themselves, although Browning points out that interest in this subject leaps during a high profile case such as the Microsoft trial, then rapidly fades afterwards.

The first step is to adopt an e-mail policy. Despite the obvious risks posed by e-mails, Browning estimates that probably only half of leading US companies have instituted an e-mail policy. The percentage is even lower outside the US.

An e-mail policy should describe what is appropriate and what is inappropriate in an e-mail. For example, it should point out that sexist and racist language is always inappropriate. There have been cases where e-mails that contained sexist and racist jokes were used to support claims of sex or race discrimination in the workplace.

The second step is to draw up clear guidelines on what data is to be kept and what to scrap. There will usually not be any legal problem in having a policy to delete all e-mail after, say, 90 days, unless that policy is instituted after a suit has been filed. If you do that you could find yourself up on charges of obstructing justice.

Unfortunately it is easier to decide an archiving policy than to implement it. Instituting such a policy may be a complex technical exercise because most companies have back-up systems that automatically copy everything kept on corporate systems. There is no easy way for systems like these to distinguish between e-mail and other types of files.

The easiest way to keep control of e-mail at the moment is to maintain a separate e-mail server from which messages can be read but which will not automatically download the messages on to employee desktop computers.

The server can be programmed to delete everything older than, say, 90 days. Employees can download the messages they need to keep, and are then responsible for ultimately deleting them. That still leaves the problem of copies of messages sent outside the office. Currently there is no way to deal with this.

Olsen says there are moves towards instituting headers on e-mail which set expiry dates. However there are hundreds of different software products used to read mail. These would all have to be adapted to recognise and act upon expiry dates.

In the meantime, employees will simply have to be more careful about what they write. One way to encourage this is to use filtering software.

Programmes such as Assentor from SRA International and World Secure Server from WorldTalk can be used to search e-mail for keywords and to block mail that contains inappropriate language. They can also be used to protect company secrets. For example, a system could be set to prevent messages containing project code names from going outside the company.

Curry points out, ominously, that even deleting an e-mail does not wipe it completely. In several instances - including some of the evidence gathered by independent counsel Kenneth Starr during his investigation of President Bill Clinton - investigators have been able to retrieve deleted information from computer hard disks.

There are moves by a couple of companies, however, to start selling e-mail 'shredders' that will automatically wipe messages off hard disks once they are deleted.

So probably the most important lesson to take from all this is the need to be somewhat paranoid.

One of the negative consequences of a company instituting filtering software and instructing employees about e-mail policy is that employees may not feel as free about communicating through e-mail.

However, Browning points out that this can also be used to improve productivity.

One of the problems with e-mail is the tendency some people have to copy everybody they can think of on to every message they send. This can end up wasting a lot of people's time. A successful e-mail policy not only protects a company against legal liability but also encourages employees to use e-mail in a more productive fashion.

Anyway, if the worst comes to the worst, all that will happen is that people will have to start using the telephone a bit more, or even hold meetings face to face.

Whatever the solution, it is an issue that should be dealt with now and not left until the day when an executive finds himself standing in a witness box, trying to explain away an e-mail written long before, perhaps late in the evening, maybe as a joke, never imagining that one day it might have to be defended in public.

Roger Taylor reports for the Financial Times from California

DEFUSING THE MESSAGE

Before sending a message, think about how you would feel if it were made public in a newspaper or courtroom. If that makes you uncomfortable, perhaps you should use the phone instead.

Institute a company e-mail policy describing appropriate and inappropriate uses of e-mail. Offensive and abusive language should be ruled out. Similarly, in order to protect against accusations of unfair competition, overly aggressive language should be avoided. Don't

talk about 'wiping out the competition' - 'beating the competition' will probably suffice.

Adopt a clear policy on archiving. A company can implement a policy that destroys all e-mail after three months, but if it institutes such a rule after being sued, it could wind up in court for obstruction of justice.

Consider putting a rider on e-mail that moves outside the office. Law firms often have standard paragraphs on the bottom of e-mail telling the recipient that it is an informal communication and should be treated as such, and that statements and advice given in the message should not be acted upon until confirmed in a formal letter.

Consider using filtering software to catch inappropriate wording before it is sent.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Subscribe

Get your essential reading delivered. Subscribe to Management Today