Feeds

Allchin named, as proof of MS email destruction policy is sought

In addition to the undeliberate policy...

  • alert
  • submit to reddit

Business security measures using SSL

Evidence of a Microsoft corporate policy to destroy sensitive or incriminating emails is being sought by a US Court. Last week Judge Frederick Motz of Baltimore District Court ordered Microsoft to search backup tapes for evidence that in 2000 Jim Allchin instructed employees to destroy emails relating to the company's negotiations with Burst, which is currently suing Microsoft alleging theft and anticompetitive conduct.

A key part of Burst's case is its claim that having stolen its technology, Microsoft systematically destroyed emails relating to talks between the two companies. Last autumn Burst's lawyers were pointing to a suspicious gap in the email traffic Microsoft had handed over to them, and pointing out that it is scarcely credible that six key Microsoft executives who'd been involved had all decided to delete their Burst emails at the same time. Such claims, however, are based merely on the strong suspicion that such emails must have existed; to know for sure that particular emails existed, well, you'd have to know they existed, right?

In February Burst's lawyers served a motion to have Microsoft compelled "to produce Jim Allchin email directing Microsoft executives to destroy all 'business-related' emails." This is the precise wording used in a court document which Robert X Cringely spotted going by. Pretty much on his own Cringely has been keeping tabs on the Microsoft/Burst/email issue, and he surmises that the choice of wording here may have been a deliberate ploy to get Allchin's name connected to the emails in public. You can read his reasoning for this here.

If such an email can be found or be shown to have existed, then it will help Burst's case greatly and the ripples could spread far wider, given that the widespread application of a policy of destruction would have implications for dozens of lawsuits that are already done and dusted. But in some senses such an email would simply provide a shortcut to a truth Burst has already gone a considerable distance towards establishing: Microsoft's email archival policies are laughable, incredible to an extent that would have sent Judge Thomas Penfield Jackson up the wall, across the ceiling and down the other side (note the headline on this Cringely piece), and have the net effect of either destroying or making impossible to find historical email traffic.

One may speculate as to why this might be, but we doubt very much that Microsoft's own attorneys would argue about this being the state that exists. In a courtroom session last August, Microsoft attorney John Treece went into some considerable detail in explaining the mechanics and operation of Microsoft's backup systems. These are used to back up employee data, which is then stored on DLT tapes. Post April 2000 the servers ceased to accept files with the extension .PST (Exchange format backup files you use to backup your email), and prior to this it had been company policy not to store .PST files this way anyway. The rationale is that the intent of this system is disaster recovery, not archive, so from an administrative point of view it's actually logical for Microsoft to try to stop its staff using the system for archive.

There are however a couple of weird extra baroque features here. Microsoft denies having any indexes or having a policy of keeping indexes, and it claims it also has no way to know which particular system a given employee might have been using at any particular time. So the effect is that an email backup would only exist if the employee hadn't been conforming to company policy, and that in the case of the Burst emails Microsoft would have to search 25,000 DLT tapes to find out. So searching for a particular email here involves looking through a huge pile of stuff for something that oughtn't to exist there, while you don't know for certain if it ever existed in the first place. Treece points out that it would be an exercise of doubtful value that could only be conducted at huge expense to Microsoft, and his logic here is impeccable.

But hang on, we hear you say, if you're not likely to find emails there because they're not supposed to be there, then where are they supposed to be? OK, Microsoft's backup systems may operate to weird standards of cataloguing that are little known elsewhere in the wonderful world of networking, but what about its archiving systems? We're glad you asked about that.

Microsoft's policy regarding archiving of emails appears to be to leave it up to the individual employee. As Treece explains it, "You would keep them [the archived emails] on your own PC or laptop hard drive, or you could send them to archives." So it's up to the individual employee to decide when they want to delete emails (during the DoJ trial one exec said he deleted his emails every two months), whether they want to archive them, and presumably where they put the archive. Judge Motz asked Treece for more details at this point, but he didn't have any. He did however make it clear that the individual employee would have to specifically decide to archive emails - discoverable archives at Microsoft therefore only exist through happenstance, not company policy, and if you're trying to to archive it as a .PST (which would seem logical), you ain't going to be archiving it on the backup systems, because they don't take .PSTs.

So probably, if you're trying to track an email that might or might not have existed, you are very likely to be heavily reliant on what the employee has to say about it. The system does not specifically search out and destroy incriminating emails, but it tends towards their destruction (in of course the unlikely event that such things could exist at Microsoft). As Motz said, "You might, you know, some of these people have -- you've got to assume they're going to tell the truth and say, yeah, there was e-mail, and that somehow got deleted..." Spencer Hosie, for Burst, responded: "Your Honor, here's my reaction to that. First, taking, say, Mr. Friedman's [Friedman is one of the employees involved, but no longer works for Microsoft] deposition, Mr. Friedman, what sort of e-mail did you send back on this issue in 2000? I mean, is he going to be able to remember? Is he going to be -- and I have nothing to hold him." And Motz again: "Then one goes with the presumption that people tell the truth. You know, I -- and I'm, none of us, well, all of us believe in honor." ®

* The court records throw up a couple of errors, which is common enough, but there's one we just have to add to our collection of treasured mistranscriptions. Hosie is reported as saying: "And, of course, there are numerous findings of fact that deal directly with streaming media as a meddle ware that had potential of eroding the applications entry." WMP is meddleware - how true, how very true...

Related links:

Cringely column, 28th August 2003
Microsoft response at Dave Farber's site
Cringely responds to the response

Choosing a cloud hosting partner with confidence

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.