<http://www.theregister.co.uk/2004/10/11/ms_legal_mail_autodestruct/print.html> The Register Biting the hand that feeds IT The Register ; Software ; Original URL: http://www.theregister.co.uk/2004/10/11/ms_legal_mail_autodestruct/ How key Microsoft legal emails 'autodestruct' By John Lettice (john.lettice at theregister.co.uk) Published Monday 11th October 2004 07:23 GMT The latest court documents to be unsealed by Judge Frederick Motz in Burst.com's suit against Microsoft paint a picture of Microsoft document handling procedures which destroyed the very emails that were likely to be most relevant to several antitrust actions, Burst's included. According to Burst's lawyers Microsoft's status as "a defendant in major antitrust cases since at least 1995" means that it has a duty to preserve potentially relevant evidence. But "Microsoft adopted policies that, to put it mildly, encouraged document destruction from 1995 forward." Microsoft is still resisting Burst's attempts to have it hand over documents defining its retention policies, but a Burst brief of 27th September puts forward a forensic examination of the net effect of whatever these policies might be, accompanied by a certain amount of rolling of eyes. We, and the technology press in general, are indebted to PBS columnist Robert X Cringely for his dogged and single-handed pursuit of Burst v Microsoft. You can read his take on the latest developments here, (http://www.pbs.org/cringely/pulpit/pulpit20041007.html) and links to the court documents here. (http://www.pbs.org/cringely/links/links20041007.html) As Microsoft's retention policies remain for the moment a closely-guarded secret it would be absolutely wrong of us to draw any inference as to what they might be solely from what happens. What happens, though, is pretty damn peculiar. The system as a whole defaults to swift destruction of employees' emails, while there is clear evidence that Microsoft takes a very narrow view of whose documents may be relevant to a particular case. In some cases its choice of 'relevant' employees to be subject to retention seems perverse and misleading. So in the normal course of events documents would be destroyed swiftly, documents would be saved only by a document retention notice, and if document retention notices were not sent to the right people (the Burst brief argues that they were not), then by the time those people were properly identified the documents would almost certainly have been destroyed. Microsoft exec Jim Allchin, who seems to be shaping up as a star exhibit, instructed Windows division employees in January 2000 to delete emails from their hard drives after 30 days. "Do not be foolish," he said, "do not archive your e-mail." In response to emails about this instruction Allchin sends another which confirms the existence of an "official policy" on document retention sent company-wide in the summer of 1996, and says that this is the only written policy. Allchin however reiterates his 30 day instruction, adding an exception only for those who "have received specific instructions from Legal to retain certain documents or email that may be related to pending litigation. These instructions override the general policy." Microsoft has not yet yielded the 1996 policy, but Allchin's reference to it plus his insistence on 30 days suggests that the general policy was 30 days, from 1996 onwards. The retention of legally-relevant documents is therefore clearly dependent on Legal sending retention notices to the right people at the right time. Burst's brief at this point notes that Microsoft has confirmed it did not produce any of the Allchin email string in 12 prior cases, including DoJ v Microsoft, on the basis that, it claims, nobody asked for them. But in Sun v Microsoft, Microsoft undertook to "produce documents concerning Microsoft business policies, procedures or guidelines for document retention, to the extent such documents exist, for the period January 1, 1998 to November 30, 2002." This period covers the Allchin string, but the string was not produced, so when Microsoft confirmed that it had completed the production of documents, it was not telling the truth. The general policy, if it is the policy, of 30 days covers local storage. Email could also be saved on the Exchange servers. Microsoft however enforces rigorous limits on employee storage on these servers, and on average there appears to be space for about a month's emails per employee. No storage allocation left, no email until you delete some. In addition, emails could be saved on servers maintained by the Operations Technology Group. But as made clear previously in this case (reported here (http://www.theregister.co.uk/2004/05/24/allchin_destroy_email_claim/)), company policy is that emails should not be archived on these servers. This policy was strengthened by the addition of the words "Due to legal reasons..." in 1997, but weirdly, Microsoft claims that this bit was made up by information technology employee Candy Stark, purely to add weight to her campaign to save on storage costs. In fairness, therefore, we should consider the possibility that many other apparently incriminating things in surviving emails have been made up too. Is there a company policy on when to believe what an exec is telling you? And if there is, has it been made up? Frightening, isn't it? But the Burst brief declines to believe Stark made it up, and suggests the "legal reasons" may track back to the elusive 1996 policy, which again is cited by Stark. Archive location number four at Microsoft is provided by the servers maintained by the IT person for each individual business group. The servers most relevant to the Burst case were maintained by a Mr Ochs, who did not receive a retention notice, and who testified to routinely destroying documents on the servers. These are the very servers Microsoft has previously said it cannot reasonably search for documents, because it does not know who uses which servers. The brief puts forward several examples of cases where Microsoft failed to identify relevant employees and send them retention notices. In response to a DoJ request in 1997 it failed to identify Chris Phillips and his boss Eric Engstrom, although Phillips had led negotiations with RealNetworks and the ensuing deal was sometimes referred to internally as "the Chris Phillips deal." Microsoft did identify the in-house lawyer brought in to draft the contracts, but not Phillips or Engstrom, so both destroyed their emails. Neatly, as a Microsoft attorney the lawyer's emails were protected by attorney-client privilege, so Microsoft doesn't have to release them. Similarly Engstrom emails relevant to Intel's decision to drop development of its JMF Java Media Player have been destroyed. The Burst brief only asks for Microsoft's retention policies to be produced in camera, so even if Redmond does cough up there's no certainty we'll ever know if they explain the apparent weirdness of Microsoft document and archiving policies. But if Microsoft does have a policy to diligently retain relevant documents, well, it clearly needs to write a new policy that works instead. We at The Register have a humble suggestion. Seeing Rick Rashid of MS Labs is in the habit of touring the world telling people that storage is now pretty well cheap enough for you to just record your whole life in a lifeblog, couldn't everybody at Microsoft just... Related links Allchin named, as proof of MS email destruction policy is sought (http://www.theregister.co.uk/2004/05/24/allchin_destroy_email_claim/) Cringely PBS column (http://www.pbs.org/cringely/pulpit/pulpit20041007.html) Links to court documents (http://www.pbs.org/cringely/links/links20041007.html) -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'