RE: [Declude.JunkMail] Determining a BCC Recipient

[John Tolmachoff \(Lists\)]

Uh oh.   Time to backup up and take a breath.   I have not been following this, but have meant to go back and read it because of the implications of the subject.   Having gone back and read some of the posts, well, Matt, I like you a lot, but there are some issues.   Matt said: Not to debate the applicability of the technology, but you shouldn't proceed under the assumption that government regulators are out there giving IT staff lists of words to be used in "full-text search" of E-mail archives.  That is not the law, and it is not how subpoenas are issued   In reality, that is exactly what they can indeed do. No, I have not reviewed the letter of the law, nor will I, nor do I have a desire to. However, I have been briefed on the matter by the in-house IT staff of clients I am involved with that are either subject to SOX or SEC regulations.   Matt said: What is at question here is document retention, or more specifically in this case, E-mail retention.  There is nothing specific in Sarbanes-Oxley that indicates anything other than destruction of records, thereby implying that records such as E-mail are required to maintained for a period of 5 years.  There is absolutely no mention of required technologies, but it is clearly implied that you can't lose access to such documents due to a failure to properly apply a technological solution that survives that length of time (i.e. archival means need to be accessible going 5 years back at any time).   While it is true that no mention of what technology is to be used, there are requirements, particularly in SEC regulations, that once a subpoena is presented, you have a time limit to comply and produce the requested information. This time period can be in as little as 4 hours. Obviously, you are going to need technology to provide copies of all e-mail to and from so and so for the last 3 years in 4 hours. Simply having an archive is not enough. You must have the means to search and retrieve quickly.   Matt said: There are applications that archive and mine data from E-mail, but IMO, these are really just big-brother types of apps, and I've never been big on invading people's privacy.  There are other services that some companies use under the general guise of "policy enforcement" which is just a fancy way of saying content screening.  I think that Sniffer's engine could be set up to do at least part of this work (outside of attachments), but there are large companies out there that already offer such services and this is generally limited to only large customers.  I consider this to be an ineffective solution since it can be so easily bypassed with a flash drive on a key chain, or missed by a set of keywords or phrases.   Every one is intitled to their opinion. However, truth is the courts have found and upheld that e-mail using company assets are not private, and a company policy must be dictated to enforce such. This means that if a company policy states all e-mail is company property, and no personal e-mail is allowed, or words similar to that effect, the courts have upheld the companies’ explicit right to search, review, archive and take action on e-mails used within the company. Therefore, there is no question of privacy, as it is company property.   Matt, I do not see any personal attack on you by Sandy. What I see is his response to specific things you have said which appear to be incorrect. The various regulations regarding e-mail are convoluted for us to understand at best, and while yes every one is entitled to an opinion, it should not be stated as fact.   John Tolmachoff Engineer/Consultant/Owner eServices For You   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, October 29, 2004 4:46 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Determining a BCC Recipient   Let's please try to keep the personal stuff off of this list for the good of everyone.  Even though I might find it a tad bit amusing at times when it is directed at me, I don't think that others appreciate seeing it here, and I generally don't.  I hesitated even to draft this reply except that I felt it would possibly help in the future seeing as how repeated this pattern has become.  This is a support group where people come to share ideas and learn from others, and flame wars have no place in such a forum.  One can express an opinion or attempt to establish fact without in effect attacking or belittling a fellow participant, and unlike the circumstance regarding IMail, there is no reason for anyone to become angry about things so insignificant.  I don't claim to be perfect in this regard myself, but I think it needed to be said. Matt Sanford Whiteman wrote: you   shouldn't   proceed   under  the  assumption  that  government regulators  are  out there giving IT staff lists of words to be used in  "full-text  search" of E-mail archives. That is not the law, and it is not how subpoenas are issued.       First:  I  clearly  noted  that  legal (or compliance, if distinct) is given  all  documents,  including  criteria for an archive search, and that  IT  staff  are not responsible for the search. IT is expected to create a system that compliance officers can use independent of IT (in turn   respecting   employees'   privacy   from  sysadmins'  snooping, restricting  access  to  those that perform that role professionally). The  full  retention  media  must  also  be  made  available,  but the regulators will request pruned material. You seem to think that you're really  going to hit it off with regulators by coolly giving them hard drives with terabytes of raw mbox data and nothing more. You obviously don't  know  how  it  feels  to  be faced with hundreds of millions of dollars in fines and the knowledge that every day you delay is another day   with   your   company   name   in  the  papers  as  an  "ongoing investigation."  You  do  not  mess  around or play tough on producing records; you will only go down harder. The examples are legion.   Second:  last  you wrote, you'd only been involved in an investigation that  was  not  bound to SOX or SEC regulations. I see nothing in your new   comments,   though   they're   more  verbose,  that's  any  more authoritative.  Your  isolation of SOX seems deliberately naive, since it  is  commonplace  for  SOX's  open-ended storage requirements to be allied  with  SEC  17a-4  requirements  to ensure coordination between departments  and  guarantee  prompt  response to inquiries without the perception  of  considered  obstruction  through  negligence.  And  no organization  creates separate SOX-compliant systems and SEC-compliant systems if bound by both.   Third: my notes are based on our work with three different clients' IT staffs,  their  inside  and  outside  counsel  (two  different outside firms),  and  documents  submitted  by  regulatory  agencies that were specific  to the cases; it is also based on the experience of building the original, incomplete archiving systems for these clients and later expansions  and  revisions  of  these systems to achieve independently verified SEC/NASD compliance.   Fourth:  there  were  no "enemy lawyers" involved, unless you consider those  attempting  to prevent criminal actions--in this case, stealing millions   from  individual  investors  to  benefit  secret  corporate alliances--to  be  your  "enemies."  Yet,  if those are the enemies in question,   I'm   surprised  you're  opposed  to  _Ipswitch's_  recent activity.  Aren't  they  just  following  in the footsteps of Enron by concealing their probable dead-end status while soliciting huge monies for  nonexistent  products?  How  can  a private company's secrecy and price gouging be such an abomination, based on the insults you've used on  the  IMail  list,  while  here  you  encourage  a public company's destruction of records wherever you perceive a loophole?   --Sandy     ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED]   SpamAssassin plugs into Declude!   http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/   Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases!   http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/   http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/   --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]   --- This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail".  The archives can be found at http://www.mail-archive.com.       -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================