Perils of E-Mail
By Nicholas Varchaver (Fortune.com 02-03-2003)
It was the sort of e-mail most people delete with nary a glance. The bland subject heading read: "E-mail content training to begin in October." But the message inside was anything but routine. Merrill Lynch was ordering its 50,000-plus employees to attend a reeducation camp of sorts. "It is imperative that every employee knows how to use e-mail effectively and appropriately," wrote Merrill president Stanley O'Neal and chairman David Komansky. "E-mail and other forms of electronic communication are like any other written communication, and are subject to subpoena." Before sending an e-mail, they advised, "Ask yourself: How would I feel if this message appeared on the front page of a newspaper?"
Good question. And one O'Neal and Komansky would get a chance to answer. Some thoughtful Merrill staffer, apparently, zapped the e-mail to the Reuters news service (or to someone else who did), from which it traveled to the pages of the New York Post, the Boston Herald, and the Houston Chronicle, and to Lou Dobbs Moneyline on CNN. Take two seconds to think about it, and two lessons emerge: (1) E-mail is inspiring a very real and growing fear in corporate boardrooms, and (2) that fear can't do anything to stop electronic messages from careening out of control.
Sure, 2002 was the Year of Corporate Scandal. But really it wouldn't be fair to give all the credit to grasping, conniving executives and malevolent, sneaky bookkeepers. No, as those corporate honchos offer their plea bargains, they'll all be able to name an accomplice: e-mail.
For prosecutors, it has become the star witness--or perhaps an even better weapon than that. Think of e-mail as the corporate equivalent of DNA evidence, that single hair left at the crime scene that turns the entire case. In theory you can explain it away, but good luck trying.
So ubiquitous has the smoking e-mail become that some lawyers have taken to calling it "evidence mail." Says Garry Mathiason, whose law firm, Littler Mendelson, defends giant corporations in employment cases: "I don't think there's a case we handle today that doesn't have some e-mail component to it."
Who knew that a nation could become so transfixed by writing? There was the Stephen King of e-mail prose--former Merrill Lynch analyst Henry Blodget--whose output was as prolific as it was haunting. Former Salomon Smith Barney analyst Jack Grubman favored a terser style--he's reportedly a BlackBerry man--for what he would later claim were his fictional musings. But literary style notwithstanding, their e-mails shared a common plot: jacking up stock ratings to please investment-bank clients. Does anybody think the nation's biggest brokerages would have agreed to hand over $1.5 billion in settlements if not for this electronic paper trail?
Nor was the pox limited to the Wall Street houses. Like forgotten land mines, unfortunate e-mails involving Enron, WorldCom, Qwest, Global Crossing, and Tyco exploded sporadically throughout the year. There was even damaging e-mail about e-mail, as happened with the J.P. Morgan Chase banker who warned a colleague to "shut up and delete this e-mail."
But even that seemingly obvious fix can bring its own perils. Five big Wall Street brokerages coughed up $8.25 million in fines in December for failing to preserve electronic messages, as securities rules require. And one cannot forget Arthur Andersen, whose destruction of Enron-related transmissions led to a criminal conviction and eventually to the accounting firm's implosion. While the degree of punishment was exceptional, the fact of it wasn't: Judges are increasingly imposing penalties on companies that can't turn over old e-mails when the court demands them.
And so it boils down to this, to borrow an old phrase: Companies can't live with e-mail, and they definitely can't live without it. As we've seen it's increasingly a legal albatross--and, at the very least, a fast track to public humiliation. But then it's also the most important business technology since the advent of the telephone. It's invaluable in allowing far-flung offices to communicate and it lets employees work from anywhere. It has freed us from the tyranny of phone tag and given us an effortless way to transmit lengthy documents without so much as a busy fax signal. If you have any doubt how much the technology has worked its way into your daily life, just ask yourself this: How many times a day do you check your e-mail?
How to reconcile these two contradictory notions--that e-mail is both
salvation and threat? As we're about to show you, there is no easy answer. In
fact, this may be one of the most daunting, high-stakes conundrums facing
But one thing is certain: Imposing a technological solution to a behavioral problem, as many companies are trying, seems doomed to failure. After all, e-mail didn't cause Blodget to write what he did--it simply did a good job of recording him.
It's not as if we've never been warned. Only four years ago Microsoft was flayed at its antitrust trial for endless indelicate e-mails, such as the one in which Bill Gates asked, "How much do we need to pay you to screw Netscape?" A decade before that an early form of e-mail provided key evidence in the 1987 Iran-Contra investigation. As it happens, many of the smoking guns consisted of e-mails that Oliver North had erased. Or thought he did.
Now, 15 years later, it sounds obvious to say that "delete" doesn't mean delete. It sounds schoolmarmish to say, "Careful what you write." We know that already. But still, neither lesson has sunk in.
So what is it about e-mail that makes it seem like electronic truth serum?
Some years back, researchers at the
Perhaps that explains our apparent tendency to confess electronically. In Alphabet to E-Mail: How Written English Evolved and Where It's Heading, linguist Naomi Baron notes that 25 years of research reveal that "people offer more accurate and complete information about themselves when filling out questionnaires using a computer than when completing the same form on paper or through a face-to-face interview. The differences were especially marked when the information at issue was personally sensitive."
That's great news for D.A.s and advice columnists, but a nightmare from the corporation's vantage point. "Companies are really struggling with this," says Jay Ehrenreich, senior manager of PricewaterhouseCoopers' cybercrime prevention and response group. For starters, we're drowning in electronic paperwork. The ease of e-mail means we send and receive more documents than ever before. And as document-management consultant Bob Williams of Cohasset Associates points out, the rise of word processing and e-mail has led to the gradual extinction of the secretary--the person who paid attention to filing and purging. If the typical middle manager were to file papers the way he stores e-mails, his office would be filled with five-foot pillars of vellum and bleached bond. Is it any wonder that embarrassing e-mails keep popping up?
Many corporate managers have concluded that the best solution to this mess is the mass purge. If your business isn't, say, a brokerage or health-care company, both of which have specific rules on how long they must keep records, you can trash e-mails whenever you want, as long as you do so pursuant to the terms of a formal policy. And so companies are cleaning out their electronic closets, now typically wiping all e-mail messages from their servers after 30 to 90 days.
Others limit individuals' storage capacity. For example, Boeing restricts staffers to 15 megabytes of e-mail in their in-box. If they exceed the limit, the system won't allow them to send any e-mail. In theory, employees will judiciously eliminate messages that have outlived their usefulness.
Purging has other benefits--it allows companies to free server space for more productive uses. But as a litigation-avoidance tool it's "pissing into the wind," in the earthy words of Tom Campbell, founder of Kobo.biz, a company that offers high-end web-based e-mail. Purges don't delete the messages that are stored on employees' hard drives; they don't eliminate the ones that people print out and file away; and they don't eradicate the e-mails that have been sent or forwarded to people outside the company. In other words, a huge percentage of e-mails will escape most purges.
More fundamentally, do businesses want the legal tail to wag the commercial dog? How many documents do you want to throw out in hopes of avoiding future litigation? "To purge the contents of the entire e-mail system," says consultant and lawyer Randolph Kahn, co-author of the forthcoming book E-Mail Rules, "is to potentially dispose of records with business significance that are needed to protect the company's business and legal interests."
And, believe it or not, e-mail can actually come to the rescue of corporations in litigation. In employment cases, says lawyer Mathiason of Littler Mendelson, e-mail evidence is as likely to help a company as it is to hurt it. He cites a recent mediation in which a company was sued because a male executive had allegedly sexually harassed a female employee. Mathiason's team retrieved lurid e-mail attachments that the woman had sent to her ostensible harasser, undercutting her claim that she'd been a victim. Says Mathiason: "The attachments were so gross and so disgusting that, first of all, one of our paralegals wouldn't even look at them, and I could hardly blame that person. We threw those out in the mediation, and the claim went down from $1 million to $10,000."
But for good or ill, e-mails are fundamentally survivors. They are the cockroaches of mass communication. Even if e-mails have been purged from a server, for instance, they may survive on the company's backup tape. And while it can be difficult and expensive to retrieve files from backup tapes, that doesn't get companies off the hook: Courts expect you to produce the e-mails anyway.
Consider one recent case involving a GMAC subsidiary, Residential Funding
Corp. In a breach-of-contract lawsuit, RFC had won a $96 million jury award
against DeGeorge Financial Corp. That is, until a
If purging isn't the answer, can e-mail monitoring come to the rescue? These
days, 47% of companies engage in the practice, according to the ePolicy
Institute, a research and consulting firm in
Even when monitors do what they're supposed to do, they gear their efforts
largely to warding off sexually explicit and junk e-mails--not ferreting out the
Blodgets and Grubmans among us. Adam Ludlow, senior network engineer at
electronics manufacturer Brother Industries, estimates that spam- and
obscenity-hunting software blocks 7,000 of the 20,000 e-mails that arrive at
The software also filters what is going in the other direction, waylaying
messages with objectionable language. "I don't let any profanity leave this
It's both impressive and chilling--and still only nascent. According to International Data Corp., companies spent $139 million on content-oriented e-mail monitoring in 2001, compared with the $1.67 billion they shelled out for software that blocks viruses. IDC predicts that e-mail monitoring software sales will grow to a $662 million market by 2006.
Companies that sell monitoring software say they've been getting a lot of
interest lately. Says Ivan O'Sullivan, vice-president for worldwide corporate
development at Clearswift (whose 2,000
Wall Street houses, in particular, are looking to tighten their monitoring, O'Sullivan says. In the past, they employed software to identify suspicious messages after they were sent and delivered. Now, he says, "more people want to do pre-review of messages in the financial space, rather than look at things after the fact." In pre-review, messages are electronically shanghaied and then "quarantined" until, say, a compliance supervisor reads them. Only with the supervisor's approval is a message routed to its intended recipient. Second, whereas investment banks mostly monitored e-mails that went to people outside the firm, according to O'Sullivan, they're now looking to monitor communications within the firm too. (Need we point out that the infamous Wall Street e-mails were all intracompany messages?)
Better living through software, right? Perhaps. But there are plenty of dangerous things a person can say without using a single hot-button word or combination. Consider two phrases: "This is an accommodation for an important client" and "This company is very important to us from a banking perspective." Both excerpts are from the Merrill Lynch e-mail collection. In the context of allegations that Merrill inflated stock ratings to please investment-banking clients, the phrases are extremely damning.
But if every e-mail that mentions an accommodation for a client sets off an alarm bell, companies will need battalions of censors to comb through the resulting deluge of "suspicious" messages. Even clearly inflammatory wording, such as the Blodget assessment that a stock was "a powder keg," is caught only if the phrase in question is common enough to be included on a programming list. As O'Sullivan acknowledges, "Ultimately, we're not a substitute for good management. We're a tool that organizations who wish to comply can use to assist them in their compliance."
Aggressive monitoring can actually create surprising risks for multinational
corporations, which the great majority of the FORTUNE 500 are.
Privacy-protection laws for employees are much stricter in Europe than in the
The buzz phrase for e-mail consultants in recent years is "having a policy." In theory, companies are shielded from liability by putting their e-mail rules in writing--something four-fifths of American companies already do. "But where employers drop the ball," says Nancy Flynn of the ePolicy Institute, "is that only 24% do any kind of training. So you can't expect your employees to know what to do and what not to do if you don't train them."
Companies such as Boeing and Intel have long had classes on e-mail and Internet use, which focus on commonsense rules and advice (with an occasional quirky mandate: Intel's policy forbids chain letters). Boeing even requires an annual refresher course.
Training, perhaps, is the best tonic--at least when it comes to simple concepts, such as not using offensive language. But can we ever train people when the core of the message is "Don't say anything stupid"? And ultimately, of course, e-mail is simply a recording medium. Though no company would ever admit to such a view, you get the feeling that more than one CEO is thinking, I don't care how you act--just don't write it down. And that, of course, is not an e-mail problem.
Now that some businesspeople appear to crave a return to a world where every exchange isn't recorded, it's worth recalling that there was a time when just the opposite was true. In the earliest days of the telephone, according to America Calling: A Social History of the Telephone to 1940, some businessmen actually resisted the new technology because they couldn't conceive of buying, selling, and negotiating without a permanent paper record.
Indeed, the history of the telephone offers lessons for corporate managers
wrestling with e-mail. For all its universal acceptance, e-mail has been in
widespread use for less than ten years. We simply haven't figured it out yet. By
comparison, it took decades to evolve uses for the phone that seem completely
natural now. For nearly half a century, the
Like the telephone, e-mail is occasionally blamed for long-developing changes that it didn't necessarily create (but did accelerate): the increasing overlap of home and work life and the tendency of written language to resemble speech. Both have fed people's tendency to write irreverent, loose e-mail.
Add to that more recent technological developments, such as the popularity of the BlackBerry, which both heighten the intermingling of work and home and accentuate people's tendency to fire off a quick electronic note. Where once an employee would compose himself and dictate a memo to a secretary, who might bring it back for inspection an hour later, a manager is more likely now to thumb-type a two-line e-mail while standing on the sidelines at her daughter's soccer game.
As young as it is, e-mail is already being followed by an even faster
technology that could be more dangerous still. Instant messaging is rising fast
Among teenagers and college students, IM plays the role that e-mail does for older people, argues Baron: It's casual and written in "spoken" style. Students, she says, save e-mail for more formal correspondence with parents and professors.
So our e-mail problem may disappear--only to be replaced by an IM problem. Says Paul Saffo of the Institute for the Future: "By the time we get all four corners of e-mail nailed down, the important communications are going to be instant-messaging. And no one will know what to do with that."