Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Email storage and legal requirements

Email storage and legal requirements

  • Comments 4

One of the trends (might I say minimal requirements) in the hosted email filtering space today is that of email storage and archiving.  Exchange Hosted Services does it, and a number of our competitors do as well.

Government regulations often spring up new businesses.  When Sarbanes-Oxley passed in 2002 in the wake of all the corporate scandals in the United States, it became law to keep copies of all corporate communication.  This includes email.  As the implications of the law became more and more apparent to everyone, it became equally clear to anti-spam vendors that email archiving solutions were going to play an integral part in their service offerings. 

Obviously (in my opinion), the best way to do email storage is via database backends.  That makes it searchable, particularly if you have full text indexing on the content of the message.  For large companies who are sometimes subject to litigation or discovery, the ability to hunt through email in real-time (or near real-time) is crucial.  I would think that Microsoft has an advantage in this regards since one of their own in-house technologies is SQL server.  Although, I guess other companies could get by with Oracle or MySQL but I don't know enough about performance evaluations to judge whether one is better than the other.  I do know that Microsoft solutions are designed to integrate with each other (ie, run on Windows and use SQL Server).

Anyhow, one of the direct applications of the email archiving solution is in the resignation of New York State governor Eliot Spitzer.  Apparently, they have been able to access email records of him engaging in illegal activities.  With all of the legal requirements surrounding email archiving, authorities would be able to search through all his email records in order to build a case against him.  This is an example of how technology has been able to assist in law enforcement.

Communications are a great thing; archiving communications comes with great responsibility.

Leave a Comment
  • Please add 2 and 1 and type the answer here:
  • Post
  • "With all of the legal requirements surrounding email archiving, authorities would be able to search through all his email records"

    I doubt that very much.  I believe the following part of what you said:  "it became law to keep copies of all corporate communication".  Corporate communication and government communication are two separate worlds.  The government controls corporate communication, the government does not control government communication.

    Even if the CIA e-mailed copies of its torture videos, it would not be required to archive the e-mail, because "the company" is not a company, it's a government agency.

    I gave documents to the FBI in 2005 and the FBI destroyed them in 1990.  The FBI didn't say what technology they used in accomplishing this, but they have a court ruling authorizing this odd retention policy.

    Other government agencies destroy documents at will.

  • How did the FBI destroy documents 15 years before you gave them to them?

  • "How did the FBI destroy documents 15 years before you gave them to them?"

    I already told you nearly everything they told me about it:

    'The FBI didn't say what technology they used in accomplishing this, but they have a court ruling authorizing this odd retention policy.'

    I suppose I could look for their letter and type it in exactly (they said which court gave them permission to do this).

  • Oh neat.  A letter came from the US Department of "Justice" dated March 18, 2008, the same date as this blog posting.  Part of their weasel wording avoids saying whether they had told the truth about destroying documents 15 years before I gave them to them.  Another part of their weasel wording still implies that the US government does not require the US government to retain evidence.

    With Sarbanes-Oxley the US government still only controls US corporations and not the US government.

Page 1 of 1 (4 items)