Netmail Blog

Archive Your Secrets So You Can Review Them Before and After They Leak Out

Posted by Benjamin Wright

Jan 30, 2014 11:17:00 AM

With each passing day, it is more difficult for any enterprise to keep a secret. This truth of the Information Age affects how enterprises – such as nonprofits, corporations or government agencies – develop policy on the usage and recording of electronic messages such as email and mobile text.

Secrets Leak Out
The Edward Snowden event at the US National Security Agency is the most glaring example of how hard it is to keep secrets these days. If any enterprise in the world should know how to secure its data, it would be the NSA. NSA is the cryptography expert in the US government and is considered the premier data intelligence organization in the world.

But according to press accounts Edward Snowden stole the NSA blind. Despite NSA’s security prowess, trainloads of NSA secret records leaked out.

New Jersey Bridge Scandal
Another recent but more prosaic story shows how secrets escape. New Jersey Governor Chris Christie is wrestling with a scandal involving political retribution and the intentional infliction of traffic jams around Ft. Lee, New Jersey.

Allegedly an aide to the governor used a nonofficial Yahoo email account to give directions for closing lanes on a bridge for the purpose of causing artificial traffic jams. This aide was an employee of the State of New Jersey. This email was sent within the scope of employment of the employee. This email implicates the employer (i.e., the State of New Jersey and more specifically the Governor’s Office).

But the employee took pains to keep the email secret. She used an unofficial webmail account. When a freedom of information act request was submitted to the State, the State said it had no such email.

But the email leaked out. The news media got a hold of it.

When a sender sends an email from an account, even a secret account, it goes to one or more recipients. And they in turn can forward it to yet other people. The sender can’t prevent the onward transfer of the email.

Employer’s Perspective
Think about this email from the perspective of the employer, the State of New Jersey. The State government is implicated and can be held responsible when one of its employees does something, even though the employee tries to hide it.

In fact, a class action lawsuit has been filed against the employer, the State of New Jersey, on the grounds that its agent, its employee, intentionally hurt motorists by snarling them in a horrific, costly traffic jam. 

The employer, New Jersey, needed a record of that email from the outset. It needs records of what employees are doing, even when the employees are doing something sneaky.

Employee Oversight
For an employer like the state of New Jersey, secrets can come back to bite it. Therefore, the employer wants a copy of every secret.

The employer wants to be able to inspect these records so that it can know what its responsibilities and liability are.

Thus the employer has motivation to order employees to give all records to the employer, even embarrassing or “secret” records like the traffic jam email.

The employer has incentives to archive all work-related email (whether the content of the email is authorized or not) so that it can search the email and exercise its responsibility for oversight of employees.

If the employer is not archiving messages, then it may be failing to exercise supervision and internal control.

Policy on Unconventional E-messages
Employees have many unconventional channels for creating electronic messages today – webmail, text message, Twitter, Facebook and much more. Some of those channels may feel like secrets, but they are not. They are very vulnerable to revelation.

The wise employer will require employees (by policy or contract) to archive substantially all messages such that the employer can discover them easily.

Topics: Email Archiving, Electronic Information, ePolicy