According to an article by Laurie Varendorff, an Australian records management expert, Microsoft and IBM have developed software that enables creators of e-mail messages to have tremendous control over their messages, even after they have been sent.
Ms. Varendorff states that the relatively recent release of Microsoft Office 2003, with its Digital Rights Management (DRM) and Information Rights Management (IRM) features, permits the creator of an e-mail message to control the printing, forwarding and copying of the message. Moreover, and importantly, the feature supposedly empowers the creator to set a date and time for the expiration of the e-mail, as well as the expiration of Word, Excel, and PowerPoint documents at the volition of the creator, rather than at the will of the recipient.
Ms. Varendorff's characterization of the feature as causing deletion may not be completely accurate from a technical standpoint, according to our sources. Instead, the feature may encrypt the information. The authorization to decrypt may be embedded within the document as sent, and the sender has an ability to put a time limit on the decryption authorization (which includes the right to print and copy). Thus, data is not destroyed unless recipients(s) choose this to be the case; otherwise, the data simply remains encrypted, and can be recovered, provided the decryption authorization is renewed.
Even if the technical aspects vary somewhat from Ms. Varendorff's characterization of the feature, there may be little practical difference between a document that has been deleted and one that is out of reach because it is encrypted. Ms. Varendorff is quite troubled by the implications of this feature as she perceives them.
In particular, she is voices great concern about what is formally called a "delete/kill, date-time" feature being added to electronic communications without the consent of recipients. She suggests that history could be changed by such developments.
As an example, she explains that if this feature had been available in the 1980s, Admiral John Poindexter's "well done" e-mail to Oliver North and other related data might have disappeared at the direction of the creator of the communications prior to having been uncovered by investigators of the Iran-Contra scandal.
Ms. Vardendorff believes that this feature should be outlawed by legislators, or at least that safeguards be put in place for recipients, such as advance notice to recipients that the feature is being used with certain communications.
Frankly, whether or not this feature is eliminated by law or otherwise, senders of electronic communications should be careful about what they say in these communications. One never knows for sure how such communications may surface later on. If the feature is used, one cannot be absolutely confident that it always will work, or that electronic communications may not be otherwise printed, stored or forwarded prior to expiration. And, of course, if the feature is not used or allowed, to be absolutely cautious, one must assume that electronic data can live on forever.
To be as safe as possible, an e-mail from one person to another should not contain information that the sender would not want others to see. Of course, that is not always practical, as more and communications are going the way of e-mail. Some of those communications necessarily must contain private, confidential or privileged information. In such case, a communication should clearly label itself in the Subject line and in the body as private, confidential and/or privileged, and it should state that it is meant to be viewed by the intended recipient. Notice should also be provided that an unintended recipient should destroy and not make use of the information contained in the communication.
Drilling down further, the question arises as to who really has "ownership," or at least control, of an e-mail message — is it the creator/sender, or the recipient? Under copyright law, it's probable that the creator of the content of the e-mail is the owner of that content. Indeed, the law has established that the copyright to the content of letters sent from one person to another belongs to the creator/sender of the letters, so the same result likely should pertain in the e-mail context.
Still, does that mean that the creator/sender of an e-mail continues to maintain complete control of an e-mail after it has been sent to a recipient? If an intended recipient of an e-mail wants to store the e-mail, print it, or forward it to another person, does the recipient have that right? In the context of letters, do we really believe that the sender of a letter, after the fact, can demand the destruction of a letter, the return of a letter, control where the recipient keeps the letter or to whom the recipient shows the letter? Unlikely, and the reason perhaps is that we believe that the creator/sender of a letter has given an implied license to the recipient to make certain uses of the letter, and the same probably should be the case with recipients of e-mails.
On the other hand, when the creator/sender of an e-mail specifically uses a feature that very much limits control of an e-mail message by a recipient, then perhaps it can be said that the creator/sender has not provided the recipient with as broad an implied license. However, it could be argued that the recipient of the e-mail message owns — as a matter of copyright law — the embodiment of the e-mail message, and as such, the creator/sender should not be able to interfere with his/her rights to at least store the e-mail without it disappearing altogether.
Furthermore, is it really beyond expectation to conclude that a recipient of an e-mail message may print the e-mail for record-keeping or other purposes before it is deleted from the system? This does not mean that the creator/sender may not be able to control the forwarding of e-mail message from the intended recipient to others, as further "publication" generally has been held to be within the scope of copyright.
Apart from the foregoing, the law provides that evidence related to matters at issue in litigation or that potentially could be at issue in litigation cannot be destroyed by a party controlling the evidence. This "spoliation" rule applies to electronic evidence. One could ask, then, whether the use of a feature that can cause electronic communications later to self-destruct (or be put out of reach by encryption) could be considered advance-spoliation when those communications relate to matters involved in litigation or potential litigation.
Beyond issues in litigation, these types of features also may make historical records more difficult to reach. If a historically important e-mail is encrypted, and no one has the power to give the right to decrypt, the document may be lost forever from any practical point of view.
Plainly, the rules of the game in this context have not been mapped out as a matter of law. At the end of the day, or today at least, companies and individuals may wish to engage counsel skilled in this area to work through the legal implications of any policy or plan to use features that vastly limit the use of electronic communications by recipients, especially when the features are designed to cause the communications to self-destruct.
Prudence also urges that important e-mail messages worth saving, when possible, should be printed and placed in appropriate paper files, everyone should be very careful about what they say in e-mail communications, appropriate notices should be placed on private, confidential and/or privileged communications, and companies should have employees sign business equipment policies in which employees promise that they only will use e-mail for proper business purposes.
Stay tuned, as we likely have not heard the last of this particular issue.
Eric Sinrod is a partner in the San Francisco office of Duane Morris (www.duanemorris.com), where he focuses on litigation matters of various types, including information technology disputes. His column appears Wednesdays at USATODAY.com. His Web site is www.sinrodlaw.com, and he can be reached at ejsinrod@duanemorris.com. To receive a weekly e-mail link to Mr. Sinrod's columns, please send an e-mail with the word Subscribe in the Subject line to ejsinrod@duanemorris.com.
Reprinted here with permission from USAToday.com.