Writing in ComputerWorld, Steve Duplessie attacks the "lost" White House emails surrounding the US Attorneys flap. He says the claims that the emails were lost is just a "smokescreen."
If the White House is telling (Congress) it lost those questionable e-mails, that means the mail client that authored the mail, the e-mail server that sent the e-mail, the e-mail server that received the e-mail and the e-mail client on the other end all lost the same e-mail -- a rather unlikely scenario, I think.)
He goes on to urge Congress to "legislate the obvious." But don't lose sight of the laws that already exist: destruction of evidence is a crime. Nixon resigned over erasing 12 minutes of audiotape (essentially).
E-mail records, required by law to be produced as evidence, are no longer able to be produced. Electronic discovery is not possible. If this were a business, or a civil trial, the fines would be huge and the possibilities of other penalties would loom large.This is thousands of emails. Here are Steve's proposals:
1. Any business or legal record created shall be kept in immutable form (meaning it doesn't change, and any change to it creates a new version with new metadata time stamps and authoring information) in accordance with stated, published policy regarding the expiration of that data. In other words, you create it, you keep it until you nuke it, and you make sure that you treat all similar data the exact same way.
For US government personnel, he says the time limit should be 50 years, same as for Wall Street.
2. If you keep any consumer data at all, you will keep it encrypted, and you will never keep any financial account information at all.
Because time after time, we hear the same story from federal agencies. We lost track of the laptops. The data wasn't encrypted, but don't worry because we have no indication that it's been misused. So we won't pay for credit monitoring. OK - we'll pay.
Yahoo and Google will keep this stuff around forever, he points out. The technologies who can enable these functions exist in spades. It isn't hard, it isn't expensive. It is even free -- Yahoo and Google will give you e-mail until your head explodes. They can keep your primary or secondary records for you, gratis. If you are in the business of keeping consumer data, all you have to do is flush the credit card information after you process the transaction. Keeping it gets you in trouble.