Self-destructing email – what Bill wants for Xmas
But it's not quite as simple as that, fortunately
The self-destructing email is almost upon us, according to a piece in the morning's New York Times. The breakthrough (if breakthrough it is) comes a little late for Microsoft, but Fort Redmond should look on the bright side - all of those awful trial exhibits add up to an amazing sales pitch to companies who don't want the same thing to happen to them.
But that of course is one of the problems as well. What do you think would be the reaction if Microsoft today started wiping its emails from its systems? Or if Microsoft developed a product that made it easier for itself and its major corporate customers to do so? The Feds wouldn't be happy, and the general conclusion would likely be that industry was giving itself carte blanche to do whatever it wanted, because there'd never be any evidence.
That's not of course how the companies developing email control systems would put it, but it's certainly how a lot of corporations are likely to see it, if the software flies in the first place.
The way the developers put it, what they're actually trying to do is to give customers the ability to control their information, stop it leaking, and stop email that only amounts to casual conversations escaping and being used against them. In its trial defence Microsoft argued that the brutal language used in its internal emails fell into this category, and couldn't be interpreted -- as the DoJ did interpret it -- as being official company policy.
Which up to a point is fair enough. In casual conversation quite a few people in business are prone to promise to do unspeakable things to rival companies, and some of this now gets transferred into email. So how come email gets recorded but the casual conversations don't?
Well, there you have the problem as far as Microsoft is concerned, anyway. Quite a bit of the trial evidence consisted of long documents of strategic significance, with accompanying emails (some of them including the rough stuff) commenting on them. How do you tell the difference between casual conversation and strategic documentation when it's all mixed up together? You don't, and if it's left to the corporations to decide where the line lies, they're going to draw it extremely tightly.
And anyway, self-destructing email looks extremely difficult to do. You have to be able to control the ability to copy the email, to print it out, to take a picture of it on screen -- it does rather look like you have to have all of the PCs in your organisation heavily locked down in order to even stand a chance of total control. Set against that challenge, developing software that makes email messages destroy themselves after a set period of time sounds pretty easy, but unless you can plug all the holes, what's the point?
Probably the best companies can hope for is to increase their ability to reduce information leakage, rather than eliminate it, in which case the documents that are being subpoenaed in current legal actions are still likely to exist, either somewhere with the organisation or with a business partner.
If companies went much further than this and actively destroyed documentation, then you could turn the casual conversation analogy on its head. They would effectively be shredding sensitive information that had been carried by email. And what happens to companies who shred information they think might get them into trouble? ®
Sponsored: The Nuts and Bolts of Ransomware in 2016