At 11:48 PM -0700 10/9/97, John W. Noerenberg wrote:
Moreover, it is not unheard of during legal discovery for email to be made subject to search (Our lawyers are constantly tut-tuting about all the email that is saved). So to say it is not used for long-term storage is simply incorrect.
Not surprising that your lawyers are worried about extensive mail archives. Imagine the juicy things that must lie in gigabytes of archived e-mail messages! (Or the messages which can be twisted by skilled lawyers into seeming to be anticompetitive, price-fixing, conspiratorial, etc.) I don't think we've yet seen a good example of massive amounts of e-mail being examined in a "discovery" process, yet, but we saw the effects on IBM during its antitrust issues in the 70s. Basically, every scrap of paper, every desk calendar, every internal memo, everything, had to be turned over to opposing counsel. We will almost certainly see some examples of where lawyers demand access to all company e-mail. (When I was at Intel there were periodic purges of old memos, old reports, old scraps of paper. Ostensibly this was to cut clutter, but the real reason was, probably, that Intel feared old memos and reports would be demanded by AMD or whichever competitors were suing Intel, or by a government bent on breaking up the world's most powerful chip monopoly (as the Feds saw it). As a sidenote, I kept nearly all of my old reports and papers, and this came in handy several times...others had purged their corporate memories, but I had the needed information to solve a problem.) I can imagine that companies are getting very worried about the possibly "discovery" of their increasingly computerized communications systems, with lawyers pawing through gigabytes with keyword searches for anything to help their case. (And there are similar examples in the political sphere. E-mail in the President's "PROFS" system during the Iran-Contra controversy was acquired; the Ollie North crowd thought they had deleted the messages implicating them, but the PROFS backups revealed all.) Is there a solution? Well, "key recovery" is probably one of the _worst_ solutions! (This is in my opinion. If I had a company I'd fear a CAK system would be used against my company. Expect CAK keys to be the first things demanded in the discovery process.) Certainly lawyers can subpoena the holders of various keys, and I'm certainly not saying that having X hundred separate, non-CAKked keys means the discovery process hits an insurmountable obstacle. But it is certainly true that having a large repository of all e-mail, conveniently accessible with a small number of easily subpoenaed CAK keys, is an overwhelmingly tempting target. If CAK is implemented, and these corporate discovery trends continue, expect to see less communication through the official corporate channels, and more through personal accounts. (E.g. people will use the Net to access other accounts, even Web mail throwaway accounts, to communicate even with persons in their own company!) It may be that PGP, Inc. and the other companies claiming "communications plaintext recovery" is so important are talking to the wrong groups of lawyers at various companies. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."