Thursday, July 1, 2004

Espionage and email: tips for managing your own email archives


By Ann James

Espionage and email: as the Pentagon discovered, the two often go hand in hand. Following the arrests of two U.S. servicemen suspected of spying, the Pentagon is broadening its investigation of possible espionage activities at Guantanamo Bay, Cuba. According to CNN, at least one of the security cases has involved suspicious emails that were discovered as part of a routine monitoring process.

My company, C2C Systems, is frequently on the receiving end of panicked calls from Exchange administrators and IT managers. One of our products, Active Folders Content Manager, has been purchased by organizations that need an electronic forensics tool -- a tool that can quickly search email information stores and archives -- to respond to an emergency situation like terrorism. In fact, it was recently part of a $1 million systems purchase by United States Southern Command (SOUTHCOM) for the Guantanamo Bay case.

Since releasing it, we've learned a lot about electronic forensics. What follows are a few tips you should keep in mind.

When the legal department says "Find it!"

Ideally, you shouldn't wait until an emergency to have an email content manager in place. It can help enforce a centralized policy for greater security and minimize liability associated with inappropriate email content. Recent lawsuits show the need for such precautions:

  • A U.S. organization was ordered to pay female employees $2.2 million to settle a sexual harassment lawsuit stemming from inappropriate email circulated by male employees.
  • UBS Warburg was sued for sex discrimination and retaliation. The plaintiff sought emails in discovery to prove her case. The emails were archived and would cost $175,000 to restore and produce. A federal judge ordered the employer, at its expense, to turn over all emails on an optical disk or an active server.

Electronic document discovery can be expensive as well as time consuming. Manually reviewing the hundreds of thousands of messages would take hundreds of man hours in review, capture and dissemination. But if you've been managing mailboxes all along, it will only take a few hours -- and a few dollars -- at most.

Finding specific content

A privately held cheese company had to search its technology environment (two-node Exchange 2000 cluster server, more than 2,200 mailboxes, over a dozen remote sites) for messages containing a few specific words. No easy task when a minimum of 20,000 messages are processed every day.

Previous mainframe email software provided this functionality, but was lost with the migration to Microsoft Exchange 2000. When the request came down from "corporate," the network manager was on the lookout for a tool that could retrieve any email message from the data store within one day.