The Modern Archivist

The Case against Gmail

I love Gmail. The features, UI, and integration of this service are second to none. I even use Gmail as my main e-mail client for non-professional use. However, Gmail cannot be used in the business world for one reason: it is not 100% reliable.

Yesterday, Gmail users have been reporting a huge problem – that all of their emails, labels, themes, folders and settings had been erased. According to Google, this may affect .29% of the Google Mail database. Although this seems like a trivial amount (29 out of every 10,000 mailboxes), the loss of any mailboxes at all to a corporation is substantial.

What if one of the lost accounts happens to be a C-level executive or a custodian in an eDiscovery case? I know of no IT or Legal department that would want to be traced to a problem of that magnitude. We all know how important e-mail is for day-to-day business. And imagine how indefensible it would be to explain that Google lost all of your evidence.  A day after the issue was reported, the Google engineering team is still “investigating”.

According to one blogger cited on HuffPo, “It is clear from the Gmail forums and Twitter that hundreds if not thousands of people have had their Gmail accounts compromised. A firm believer in the concept of cloud computing, it never occurred to me that my Gmail account could one day disappear.”

Cloud service providers will always have this problem – even Google can’t guarantee everything. You can check the status for the issue on Google’s forum here.

ZL’s Unified Archive will make sure this never happens for any company. While Gmail may lose e-mails forever, ZL’s e-mail archiving allows end-users (or only admins) to restore anything from single messages to entire mailboxes. In the case of user-error or disaster, everything is recoverable.

Attacks on Corporate America

In what seems like a game of cat and mouse, Hunton & Williams and several security companies (in a partnership called Team Themis) attempted to capitalize on the anti-corporate movement to expose corporate wrongdoing. The same movement has spawned sites like WikiLeaks and spurred groups like Anonymous into action. One of Team Themis’s supposed methods for discrediting the anti-corporate critics was to leak forged documents; Wikileaks and the like could then be shown to be untrustworthy after they published the forged data.

However, Team Themis seems to have forgotten that the same people who originally surreptitiously obtained information (usually through hacking) from corporate America could deploy the same methods to obtain Team Themis’s information as well. The result was that the emails involved in Team Themis’s proposal only seem to support the rationale behind the critics’ anger toward corporate America. The U.S. Chamber of Commerce summed up the suggestion as “abhorrent.”

So who can – or better yet who should – businesses trust? The costs of those “trustworthy” entities who claim to be rescuing big business appear to be torts committed in the name of the corporations themselves. A case of liability creating more liability. Could corporate America be stuck between a rock and a hard place?

One solution might be for businesses to manage the risks their data produces through their own records management, compliance and legal departments. To be clear, this is not a novel idea, even if it hasn’t been the easiest thing for large (and small) corporations to implement. But, being able to review your employees’ data and curb improper conduct before it becomes a huge risk will help with corporate governance and risk management.

Alternatively, maybe we could put Julian Assange in a boxing ring with Team Themis to finally settle things. Of course, we anticipate the match to be leaked and posted on YouTube within a few hours.

SAC Capital: Dumping Data

According to the Wall Street Journal, two former hedge-fund managers from SAC Capital Advisors have been acting quite suspiciously lately – one even took his computer drives apart with pliers and deposited the left-overs in four different garbage trucks around NYC. In testimony, the offending manager, Donald Longueuil, explained in very colorful language that, “It’s all f—in’ ripped apart. Everything’s gone.”

That is one way to enact a retention policy.

Mr. Longueuil had been reacting to this WSJ article about a federal probe into insider trading. Now, there’s no way to tell how SAC Capital manages their electronic data, but I am sure that no compliance officer is happy when someone is ripping up hard drives by piece.

“When people frantically begin shredding sensitive documents and deleting computer files and smashing flash drives and chasing garbage trucks at 2 a.m. … it is not because they have been operating legitimately,” said Manhattan U.S. Attorney Preet Bharara.

This is a prototypical case of why companies cannot allow end-users to manage the retention of their data – they are allowed to break the law and destroy the evidence. Prosecutors will not be kind to such a poorly governed company. Already the government has been broadening the scope of the investigation into SAC and its partners.

In this case specifically, SAC Capital could have benefitted from e-mail and file archiving to ensure that they keep a copy of all business-relevant data from their computers. With this information they could have proven Mr. Longueuil to be an isolated manager who went off the reservation. Instead, they will be at the center of an expanded federal investigation.