The following text is copyright 1998 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

Writing for the record

By Scott Bradner
Network World, 4/20/98

A s has been demonstrated yet again in the case of the tobacco
companies, what you write down can come back to haunt you.

Hundreds of thousands of documents have been surrendered by the
tobacco companies and are being scrutinized by these companies'
challengers. This is the sort of case where writing down the wrong
thing may wind up costing a few billion dollars.

In the tobacco case, the documents were meant to be internal
communications, but the same set of problems can easily come about
if an employee is careless in a letter to a customer.

Many firms now require that all paper mail sent to customers be
preapproved so the sending company can be sure there are no
misrepresentations of facts or any misleading wording. Some
companies have even created a catalog of pre-approved letters to be
used when communicating with customers.

And now in addition to paper mail, companies are faced with the
implications of e-mail correspondence.

At first glance it would seem as if these companies could treat e-mail
just like any other correspondence and use the same processes that
were set up for paper-based mail. But the dynamics of e-mail
exchanges are much different than those of paper-based exchanges.

People have a tendency to respond quickly to questions posed via
e-mail. Requiring e-mail users to forward their replies through a
person acting as a veracity checker is at best clumsy and
time-consuming. The New York Times reports that at least one firm is
looking into software that would scan all outgoing mail for legally
dangerous phrases, such as "my mother," as in "this security is so
safe that my mother has in-vested in it."

The ease with which e-mail can be forged presents other problems. In
the long run, this can be dealt with by requiring that all employees
who send e-mail to customers use an e-mail package that
automatically appends a digital signature to every message. But it will
be a while before secure e-mail packages are widely deployed.

In the meantime, organizations may have to resort to saving a copy of
all outbound e-mail to prove that a particular message was modified
after transmission or that a particular message was never sent. Then
again, proving that a message was never sent might be hard to do in
court, so saving copies may not be sufficient.

There are also very real privacy issues with any procedure that
involves storing all correspondence, including letters between lovers.
In addition, keeping copies of e-mail does not address employees
sending messages from non-company accounts, such as private
accounts with an Internet service provider or America Online.

Training employees to be very careful in their e-mail exchanges and to
assume they are writing for posterity - and a future claimant's lawyers
- is just one of the many challenges that accompany this digital age.

Disclaimer: Let it be known that these words are not the official or
unofficial pronouncements of Harvard University. (Is that clear
enough?)