Feeds

Self-destructing email – what Bill wants for Xmas

But it's not quite as simple as that, fortunately

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

The self-destructing email is almost upon us, according to a piece in the morning's New York Times. The breakthrough (if breakthrough it is) comes a little late for Microsoft, but Fort Redmond should look on the bright side - all of those awful trial exhibits add up to an amazing sales pitch to companies who don't want the same thing to happen to them.

But that of course is one of the problems as well. What do you think would be the reaction if Microsoft today started wiping its emails from its systems? Or if Microsoft developed a product that made it easier for itself and its major corporate customers to do so? The Feds wouldn't be happy, and the general conclusion would likely be that industry was giving itself carte blanche to do whatever it wanted, because there'd never be any evidence.

That's not of course how the companies developing email control systems would put it, but it's certainly how a lot of corporations are likely to see it, if the software flies in the first place.

The way the developers put it, what they're actually trying to do is to give customers the ability to control their information, stop it leaking, and stop email that only amounts to casual conversations escaping and being used against them. In its trial defence Microsoft argued that the brutal language used in its internal emails fell into this category, and couldn't be interpreted -- as the DoJ did interpret it -- as being official company policy.

Which up to a point is fair enough. In casual conversation quite a few people in business are prone to promise to do unspeakable things to rival companies, and some of this now gets transferred into email. So how come email gets recorded but the casual conversations don't?

Well, there you have the problem as far as Microsoft is concerned, anyway. Quite a bit of the trial evidence consisted of long documents of strategic significance, with accompanying emails (some of them including the rough stuff) commenting on them. How do you tell the difference between casual conversation and strategic documentation when it's all mixed up together? You don't, and if it's left to the corporations to decide where the line lies, they're going to draw it extremely tightly.

And anyway, self-destructing email looks extremely difficult to do. You have to be able to control the ability to copy the email, to print it out, to take a picture of it on screen -- it does rather look like you have to have all of the PCs in your organisation heavily locked down in order to even stand a chance of total control. Set against that challenge, developing software that makes email messages destroy themselves after a set period of time sounds pretty easy, but unless you can plug all the holes, what's the point?

Probably the best companies can hope for is to increase their ability to reduce information leakage, rather than eliminate it, in which case the documents that are being subpoenaed in current legal actions are still likely to exist, either somewhere with the organisation or with a business partner.

If companies went much further than this and actively destroyed documentation, then you could turn the casual conversation analogy on its head. They would effectively be shredding sensitive information that had been carried by email. And what happens to companies who shred information they think might get them into trouble? ®

3 Big data security analytics techniques

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.