DESTROYED BY
SENDER
'VIRTUAL SHREDDING' LETS E-MAILERS ERASE MESSAGES THEY'VE ALREADY SENT
Author: Anick Jesdanun
Associated Press
Edition: Final
Section: Technology and Your Money
Page: F1
Estimated printed pages: 4
Article Text:
The options boil down to either
trusting your former business partner or resorting to illegal breaking and
entering.
But e-mail is changing those
rules, thanks to virtual shredding. Senders can destroy messages remotely or
automatically, without a recipient's consent or cooperation.
That gives senders unprecedented
control over what they distribute.
Though usage of the technology
is still relatively low, interest is growing, thanks in part to new federal
laws governing the privacy of health-care and financial data.
Interest has also been spurred
by the antitrust case against Microsoft Corp., in which damaging e-mail memos
from Bill Gates and other senior executives became the government's key
evidence.
The recent shredding of
electronic documents by Enron Corp.'s outside accountants, along with the
growing use of e-mail in business, might prompt even more thinking about how to
preserve and destroy records without running afoul of the law.
Authentica Inc. and other
companies make online shredding systems that scramble e-mail and limit access
to the software key needed to decrypt them.
To make messages
"disappear," access to the key is withdrawn after a given time.
The software company Peregrine
Systems Inc. bought Authentica's system about nine months ago.
Senior executives use it to send
e-mail to one another and to the company's board of directors.
"Today's business market is
so competitive, we want to make sure that communications that were meant to
stay confidential and secure remain that way," said Doug Hampshire,
Peregrine's systems administrator.
The trouble with e-mail is its
persistence.
Hitting the delete key removes a
message only from the computer's digital index, and forensics experts can often
retrieve it later.
Even if it's gone from a
recipient's hard disk, plenty of copies exist elsewhere -- on e-mail servers
used in transit and on backup tapes kept for years.
Or, perhaps an employee checked
e-mail from home or forwarded it to a personal Hotmail account.
Copies would then reside on the
home computer or at Microsoft, which runs Hotmail.
Without systematic procedures
for purging old messages, e-mail could linger for years.
Computer backup systems were
generally developed for disaster recovery -- not with lawsuits and
investigations in mind, said Kristin Nimsger, legal consultant for Ontrack Data
International Inc., a data-recovery company.
In addition to Authentica,
Atabok Inc., SafeMessage Americans Inc. and Omniva Policy Systems have systems
designed to keep embarrassing or incriminating messages from surfacing years
later. In essence, they allow e-mail to self-destruct.
Many of these services can also
restrict what recipients do with messages -- such as bar them from forwarding,
copying or printing e-mail.
These digital-rights management
tools work much like copy-protection systems being developed for music, movies
and e-books.
For the most part, the law
allows businesses to destroy documents as long as they do so uniformly and
regularly, not in response to a specific threat of lawsuit or criminal
investigation.
There are exceptions. The IRS,
for instance, recommends keeping tax records at least seven years in case of
audit.
Brokerages and other financial
institutions also have strict record-keeping requirements.
So what happens when a sender
sets a 30-day limit, but the recipient has a seven-year legal obligation? What
if a recipient gets a subpoena, but the message disappears in the meantime?
The more sophisticated digital
technology becomes, the more gray areas emerge in Internet law.
Though a 2000 federal law gives
electronically signed documents the same legal standing as paper documents,
electronic documents can't be considered equal to paper if senders can shred
them by remote control.
Senders get unprecedented power
over decisions normally left to the recipients.
So it is up to the recipient to
go back to the sender to request a paper or permanent electronic copy -- and
count on the sender's cooperation.
"It's inconvenient, but I
don't see any other way," said Kumar Sreekanti, chief executive of Omniva.
Critics warn that the technology
is not foolproof.
"The operating system
creates so many temporary backups that the user normally does not see,"
said John Patzakis, president and general counsel for Guidance Software Inc.,
which makes computer-forensics software.
For example, he said, text that
is printed often goes to a temporary "print" file that is not
encrypted.
Even if the self-shredding
software disables printing, copying and screen-capture functions, nothing will
stop a determined person from photographing the screen or jotting down the
information by hand.
And the technology can't help
companies automatically destroy e-mail they receive.
By the time e-mail reaches a
recipient, several unencrypted copies already exist.
Christopher Wolf, co-chairman of
technology litigation and policy at the Proskauer Rose law firm, says e-mail
users are better off watching what they say "rather than coming up with
gimmicks to avoid having records."
Steve Jones, a professor of
communications at University of Illinois-Chicago, also warns that sender
controls could reveal too much about how little you trust the recipient.
"How much of that you want
to have communicated to people, I'm not very sure," he said.
Caption:
ILLUSTRATION BY KNIGHT RIDDER/TRIBUNE
Copyright (c) 2002 Lexington
Herald-Leader
Record Number: 0202250212