That would depend on who the contact is with. If you are talking about SEC Rule 240.17a-4 then you may need to retain conversations. The real difference to me is that e-mail is legally considered a document and that IM is no different from a telephone conversation. Should we wire tap all the phones and record them for violations?
Doing a google search under SEC Rule 240.17a-4 will pop up a lot of information on the subject. -----Original Message----- From: Andy David [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 7:57 AM To: Exchange Discussions Subject: Re: The SEC is killing me. I asked the lawyers here that same question and havent gotten a response yet if it is required. If it isnt now, I imagine it will be very soon. ----- Original Message ----- From: "Ed Crowley" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Wednesday, January 15, 2003 11:50 PM Subject: RE: The SEC is killing me. > What are you doing about instant messaging? Don't you have to keep > all IM transactions as well? > > Ed Crowley MCSE+I MVP > Technical Consultant > hp Services > "There are seldom good technological solutions to behavioral > problems." > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Dupler, Craig > Sent: Wednesday, January 15, 2003 6:34 PM > To: Exchange Discussions > Subject: RE: The SEC is killing me. > > > This will not help you with your SEC problem. It's just a musing and > is merely to suggest that no audit technique is fool proof. I think > that any system that you can design, a clever person can get around. > > Let me suggest a scenario from back in the days when I was working on > virus delivery techniques and counter measures. The key to this > particular "almost impossible to detect" nefarious message delivery > technique would be to send a message to an external mailbox that had a > client running against it with in-box rules enabled. The client could > parse the message and execute a script or even an external program > that would generate another message, which could be sent to any smtp > address (or in the case of a virus, do nefarious things on its own > local network). So let's say I send a one word message to my home > mailbox that says "hi." That could trigger a script that sends a > message to tell someone to sell. Another script triggered by "dinner > tonight" could trigger a script that generates the buy message. You > get the idea. The offending message itself can be as simple or complex > but apparently harmless cipher that you could imagine. It could even > be embedded in a pattern that looks like I'm sending a daily (or > better yet, apparently random and occasional) note commenting on > tonight's menu, with an "if message text contains" filter at the other > end. A hindered word note that contained the phrase "rare steak" > could be the trigger. The "to" address is not that of the ultimate > recipient, and the instruction in a form that you could detect is > beyond the reach of your archives and searches. There reality is, that > you simply cannot filter for this sort of thing in your archives. You > can find someone that is being stupid or careless, but not someone > that is cunning and deliberate. > > The extent to which variations on this technique can be used is > frightening. Consider what a batch file on a DOS machine could do, in > terms of generating an Assembly language program by having VB Script > simply write stings from an Excel or Word document to a text file. > The VB Script does not even have to travel with the Office document, > but can simply be running on the machine on the receiving end. Such a > trigger can be hidden behind layer upon layer of isolating techniques. > The initial trigger instruction does not have to be sent via SMTP. A > FAX to something like a SatisFAXtion modem or a call to an IVR system > listening for a specific DMTF sequence that would not be recorded by > your phone system can do it. A web site can do it. Web mail to your > home smtp address can do it. A cellular call . . . You get the idea. > Every link will leave some tracks, but those tracks can be incomplete > and look very harmless. > > Back in the 80's before Microsoft Office became the dominant office > suite, there was a product called "Smartware" by a small company in > Lenexa, Kansas that was later purchased by Informix and destroyed. > Smartware had the equivalent of VBA in all of its modules, and it had > a communications module. The second version of the package even had > PEEK and POKE instructions. Imagine what you could do with that today > in and administrative security context on a Win2K machine in an > Internet world. > > > Nedry (a transposition of "nerdy") is still out there. > > > -----Original Message----- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 15, 2003 4:45 PM > To: Exchange Discussions > Subject: Re: The SEC is killing me. > > > There are a number of archival solutions out there. Some of them are > listed at www.mail-resources.com in addition to the ones Gary > mentioned. Contact me offline, I might have some other ideas. > > On 1/15/03 17:05, "Clemens, Rick" <[EMAIL PROTECTED]> > wrote: > > > > Mixed Exchange 5.5 SP4 / Exchange 2000 SP3 > 100% Active Directory > 100% Windows 2000 Advanced Server SP4 > > Our Legal and Security department wants us to provide the ability to > access every e-mail the company sends or receives for a period of 90 > days to satisfy certain SEC requirements. > > The original plan was to Journal everything into a mailbox using an > Exchange > > 5.5 server. It worked in so far as all the mail went to the > mailbox...but...After it got over 1000000 messages outlook didn't do a > very good job searching it. > > So we moved the Journal to Exchange 2000 and are Indexing it. With > 500000 messages so far Outlook searches it pretty fast. So far so > good. > > I guess my questions is....what is everyone else out there doing to > satisfy SEC requirements for Electronic Documents Retention? Is there > a better way? > > Or Better Software? > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
