Allchin named, as proof of MS email destruction policy is sought
In addition to the undeliberate policy...
Evidence of a Microsoft corporate policy to destroy sensitive or incriminating emails is being sought by a US Court. Last week Judge Frederick Motz of Baltimore District Court ordered Microsoft to search backup tapes for evidence that in 2000 Jim Allchin instructed employees to destroy emails relating to the company's negotiations with Burst, which is currently suing Microsoft alleging theft and anticompetitive conduct.
A key part of Burst's case is its claim that having stolen its technology, Microsoft systematically destroyed emails relating to talks between the two companies. Last autumn Burst's lawyers were pointing to a suspicious gap in the email traffic Microsoft had handed over to them, and pointing out that it is scarcely credible that six key Microsoft executives who'd been involved had all decided to delete their Burst emails at the same time. Such claims, however, are based merely on the strong suspicion that such emails must have existed; to know for sure that particular emails existed, well, you'd have to know they existed, right?
In February Burst's lawyers served a motion to have Microsoft compelled "to produce Jim Allchin email directing Microsoft executives to destroy all 'business-related' emails." This is the precise wording used in a court document which Robert X Cringely spotted going by. Pretty much on his own Cringely has been keeping tabs on the Microsoft/Burst/email issue, and he surmises that the choice of wording here may have been a deliberate ploy to get Allchin's name connected to the emails in public. You can read his reasoning for this here.
If such an email can be found or be shown to have existed, then it will help Burst's case greatly and the ripples could spread far wider, given that the widespread application of a policy of destruction would have implications for dozens of lawsuits that are already done and dusted. But in some senses such an email would simply provide a shortcut to a truth Burst has already gone a considerable distance towards establishing: Microsoft's email archival policies are laughable, incredible to an extent that would have sent Judge Thomas Penfield Jackson up the wall, across the ceiling and down the other side (note the headline on this Cringely piece), and have the net effect of either destroying or making impossible to find historical email traffic.
One may speculate as to why this might be, but we doubt very much that Microsoft's own attorneys would argue about this being the state that exists. In a courtroom session last August, Microsoft attorney John Treece went into some considerable detail in explaining the mechanics and operation of Microsoft's backup systems. These are used to back up employee data, which is then stored on DLT tapes. Post April 2000 the servers ceased to accept files with the extension .PST (Exchange format backup files you use to backup your email), and prior to this it had been company policy not to store .PST files this way anyway. The rationale is that the intent of this system is disaster recovery, not archive, so from an administrative point of view it's actually logical for Microsoft to try to stop its staff using the system for archive.
There are however a couple of weird extra baroque features here. Microsoft denies having any indexes or having a policy of keeping indexes, and it claims it also has no way to know which particular system a given employee might have been using at any particular time. So the effect is that an email backup would only exist if the employee hadn't been conforming to company policy, and that in the case of the Burst emails Microsoft would have to search 25,000 DLT tapes to find out. So searching for a particular email here involves looking through a huge pile of stuff for something that oughtn't to exist there, while you don't know for certain if it ever existed in the first place. Treece points out that it would be an exercise of doubtful value that could only be conducted at huge expense to Microsoft, and his logic here is impeccable.
But hang on, we hear you say, if you're not likely to find emails there because they're not supposed to be there, then where are they supposed to be? OK, Microsoft's backup systems may operate to weird standards of cataloguing that are little known elsewhere in the wonderful world of networking, but what about its archiving systems? We're glad you asked about that.
Microsoft's policy regarding archiving of emails appears to be to leave it up to the individual employee. As Treece explains it, "You would keep them [the archived emails] on your own PC or laptop hard drive, or you could send them to archives." So it's up to the individual employee to decide when they want to delete emails (during the DoJ trial one exec said he deleted his emails every two months), whether they want to archive them, and presumably where they put the archive. Judge Motz asked Treece for more details at this point, but he didn't have any. He did however make it clear that the individual employee would have to specifically decide to archive emails - discoverable archives at Microsoft therefore only exist through happenstance, not company policy, and if you're trying to to archive it as a .PST (which would seem logical), you ain't going to be archiving it on the backup systems, because they don't take .PSTs.
So probably, if you're trying to track an email that might or might not have existed, you are very likely to be heavily reliant on what the employee has to say about it. The system does not specifically search out and destroy incriminating emails, but it tends towards their destruction (in of course the unlikely event that such things could exist at Microsoft). As Motz said, "You might, you know, some of these people have -- you've got to assume they're going to tell the truth and say, yeah, there was e-mail, and that somehow got deleted..." Spencer Hosie, for Burst, responded: "Your Honor, here's my reaction to that. First, taking, say, Mr. Friedman's [Friedman is one of the employees involved, but no longer works for Microsoft] deposition, Mr. Friedman, what sort of e-mail did you send back on this issue in 2000? I mean, is he going to be able to remember? Is he going to be -- and I have nothing to hold him." And Motz again: "Then one goes with the presumption that people tell the truth. You know, I -- and I'm, none of us, well, all of us believe in honor." ®
* The court records throw up a couple of errors, which is common enough, but there's one we just have to add to our collection of treasured mistranscriptions. Hosie is reported as saying: "And, of course, there are numerous findings of fact that deal directly with streaming media as a meddle ware that had potential of eroding the applications entry." WMP is meddleware - how true, how very true...
Sponsored: Becoming a Pragmatic Security Leader