An E-Mail Shredder

Computer World –

Most computer users with some experience treat e-mail with the informality of an untaped phone call.

As Bill Gates and a host of lesser-known e-mail users have discovered, this can be a big mistake. Increasingly, old

e-mail, even internal e-mail, is likely to be used as evidence in a court case. Sometimes, what was written in an informal e-mail in the heat of the moment doesn't always look so good when your company is under a litigator's microscope.

Obviously, you can delete e-mail, but deleted computer files have a nasty way of resurfacing. A lawyer looking for provocative e-mail will send in a forensic team to make image copies of your company's local and network hard drives and backup tapes and then scan them for the proverbial "smoking gun." What you may need is disappearing e-mail from the San Francisco firm that calls itself Disappearing Inc.

Vanishing View

Disappearing e-mail has two parts: a 300KB add-on to Microsoft Outlook 98 or 2000 on each user's desktop, and a Disappearing Inc. key server that is accessible via the Web. (A version for Lotus Notes is due this quarter, but Notes users can read disappearing e-mail messages that they receive.) Once the software is installed on Outlook, the user will see a new tab on Outlook's Options menu and a "Send Disappearing E-Mail" button when drafting a new message.

When the message is ready to go, click the Send Disappearing E-Mail button instead of the usual Send button, and the message is sent like any Outlook message.

When a recipient gets the message, it looks just like regular e-mail except for a notation that the message will disappear after a given period. If anyone attempts to read or reread the message after the expiration date and time, the message says it has expired. If a forensics expert tries to resurrect the message from a backup tape or fragments of a hard disk, he may find that a message was sent from one person to another, but he won't be able to read it.

If the recipient doesn't use Outlook, the message arrives as a hyperlink attachment with a note about expiration. Click on the hyperlink before the expiration time, and the message opens in your browser; after that, you'll see a message that says your e-mail has expired.

Disappearing e-mail can be installed for a minimum of $10,000 per year for 100 users.

A Web-based policy module gives your system administrator several options, including the ability to determine who is required to use the system -- all users or just specific people -- and set a maximum period for which a message will be available.

This module also lets users freeze the keys for all messages or a selected group of messages. This defeats the disappearing e-mail mechanism. However, it is useful if your company is hit with a subpoena, or litigation becomes a possibility, and your lawyers decide that e-mail is evidence and must not be destroyed.

The desktop version of disappearing e-mail, which doesn't offer policy options, is available for free download at www.disappearing.com.

Encrypt your e-mail with traditional means, and a court might order you to provide your opponent with a key that lets him read those messages. But no key exists for disappearing e-mail once it has disappeared. Neither sender nor recipient ever knows what the key is, and neither has any control over itt. And not even the service vendor can provide or reconstruct a key.

Potential Holes

There are a few potential security holes: Recipients can print e-mails before they expire or copy and paste the text of unexpired messages into nonexpiring files. And attachments are never encrypted and never disappear. A version that permits encryption of attachments and prohibits printing and copying and pasting is due in the next few months; it may include an "Oops" button that lets senders make messages disappear before they're read.

A routine e-mail destruction policy makes sense for many organizations. Disappearing e-mail enables you to implement such a policy effectively and to know that when it's gone, it's really gone.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies