E-mail: When E stands for embarrassing

The Microsoft chairman, who's been stung by e-mail several times, got caught yet again discussing schemes against a corporate enemy in e-mail messages admitted as evidence in antitrust testimony last week. In one note to top executives, Gates said he approved of Microsoft's association with the Web Services Interoperability Group (WS-I), code-named "foo," as long as Sun Microsystems was kept on the sidelines.

This comes only a month after a January 1999 e-mail surfaced in court in which Gates described a plan to use the Windows operating system to promote Microsoft's audio and video delivery software over that of rival RealNetworks.

Gates isn't alone in the court of public embarrassment over e-mail better forgotten.

Just this week, Oracle and its business partner Logicon were accused by a California legislator of defrauding the state of California, based on an incriminating e-mail exchange. In another case, the New York attorney general uncovered embarrassing e-mail from Merrill Lynch analysts, including former Internet Pied Piper Henry Blodget, in which they privately criticized dot-com stocks that they were at the same time publicly promoting to clients. Prosecutors this week said settlement talks in the case are ongoing.

Despite a succession of awkward revelations, high-profile executives and underlings can't seem to say "no" to charged discussions that not long ago would have been relegated to hushed conversations behind closed doors, or darkened underground parking lots. Convenience and the appearance of impermanence have proven a durable lure to unwary e-mail users who continue to record their most intimate--and incriminating--thoughts on their computer keyboards, only to find the words thrown back at them in court.

"What you have now is once-forgettable remarks between co-workers now being memorialized in an e-mail document," said Dennis M. Brown, managing partner of the San Jose, Calif., office of employment law firm Littler Mendelson. "It's difficult to explain away comments that appear in e-mail that in the past wouldn't have been remembered. By and large, companies have institutionally learned this, but it remains difficult for individuals to remember the lesson."

In the past 10 years, e-mail has become a revolutionary tool for communication, giving corporations a fast and expedient means to do business and disconnected people to say in touch. That convenience has its darker side, and in recent years e-mail has caused much hand-wringing in corporate cultures, leading to a shift in company policies and practices related to e-mail monitoring and its destruction.

But average e-mail users have yet to treat e-mail with the same respect routinely given over to words printed on paper.

"It's not just lawsuits and government investigations where badly thought out e-mail can hurt you," said Stewart Baker, head of the technology department at a Washington, D.C.-based law firm Steptoe and Johnson.

"Anybody who has been online for a while has had the embarrassing experience of seeing an e-mail written for one audience sent to a very different one."

The head-in-the-sand attitude is remarkable, given the prominence of e-mail in most civil and criminal investigations these days. According to Stewart, every case his firm investigates involves a review of e-mail, which is expressly permitted under federal law.

Internet service providers such as America Online get hundreds of subpoenas every year by investigators to review subscriber's e-mail and they must comply under the Electronic Privacy Communications Act.

"You've got to think that anything you put in e-mail might be looked at by unfriendly eyes and you have to be ready for that," said Beth Schroeder, partner in the employment law department at Los Angeles-based Silver and Freedman.

Employees not immune
While some of the most embarrassing e-mail leaks have occurred in court, rank-and-file employees are also at risk, thanks to liberal workplace monitoring rights for employers.

Legal experts say notifying employees of monitoring practices destroys "a reasonable expectation of privacy" in the workplace in the eyes of the court. And more and more companies have moved to put such "cyber policies" in place to address staff privacy. In addition, most corporations have written rules specifying that employees should not send e-mail with offensive or harassing language or inappropriate jokes.

"It's been almost uniform now because it's so critically important for employers to monitor e-mail," said Littler Mendelson's Brown.

In fact, 78 percent of U.S. firms monitor employee communications in some way and almost half of businesses track e-mail, a dramatic jump from nearly 30 percent in 2000, according to an April report from the American Management Association. In addition, the Privacy Foundation said that about 14 million employees are under constant surveillance.

But many employees don't pay heed to company warnings of e-mail tracking. For example, the Washington State Department of Labor and Industries in April fired six employees for sending e-mail that contained references to vulgar sex acts and illegal drug use.

Shanti Atkins, head of content and business development for Employment Law Learning Technologies, said that because many employees develop their Internet and e-mail habits in their private lives it's difficult for human resources to train staff to use discretion with e-mail at work. Still, Atkins said that Human Resources training is blossoming in this arena, because more and more companies are frightened of legal cases.

"People very easily fall into the trap thinking that there's a division between their personal and business lives," said Yobie Benjamin, chief technology officer at Ernst & Young. "Even to this day, with the Andersen and Enron scandal, people are as cavalier with e-mail as they are with the phone."

Of course, even phone conversations can come back to bite executives. A voicemail left by Hewlett Packard Chief Carly Fiorina to her company's chief financial officer was leaked to a newspaper during a high-profile vote on the company's merger with Compaq Computer. The message was featured in a lawsuit brought shareholder Walter Hewlett charging the company with misleading investors over the merits of the deal. A judge found no evidence of wrongdoing in the case, however, and upheld the vote result.

Training employees
Companies have started taking two new formalized approaches to e-mail. The first aims to control the content of e-mail by reminding employees that e-mail can be monitored and encouraging them to be cautious about what they write, particularly with customers or partners.

Even when employees are discussing their own private views, it can come back to sting a company in litigation, according to Steptoe & Johnson's Baker.

"There is a real worry for companies that employees who shouldn't be speaking for them will end up as poster children for the company's attitudes because of an e-mail that has been turned up in discovery," he said.

Baker joked he would like to have an e-mail server that bounces back a message for verification, prompting the authors about whether they really meant to say those words.

More recently, legal experts say that companies are increasingly aware of the costs of housing all the data generated by e-mail. Consequently, businesses are adopting data-purging policies to save on storage costs. Some are destroying all e-mail after 90 days and others after two weeks, depending on the business.

Microsoft spokesman John Murchinson said the company does not comment on its internal policies. Oracle declined to comment on its e-mail policy.

Deleting files can raise tricky legal issues. Federal law requires some industries to maintain records including e-mail for a set period of time. Brokerage firms, for example, must keep all communications for three years, according to the National Association of Securities Dealers Regulation.

Legal experts said that all companies should have strict policies for purging e-mail messages, whether it's two weeks or three months after they are sent. But they caution against employees or companies from randomly deleting messages in spurts or after a legal request for review, which would be considered obstruction of justice.

Companies should not consider purging a foolproof method for keeping awkward messages from ever seeing the light of day. Computer forensic tools offer surprisingly robust methods for recovering documents that companies thought were deleted, according to experts.

Inexpensive software utilities from the likes of Norton can be used to scour hard drives for traces of deleted material. Baker said that more sophisticated forensic experts can even tease out scraps of deleted material to "reveal a lot if you have access to a hard drive."

E-mail may also propagate in ways that complicate the process of wiping a record clean forever. For example, e-mail sent to someone who accesses their email over a public Internet service provider may be recovered by searching the ISP's computer systems, which are not under the control of the company.

That's not to say there are no defenses against e-mail accusations. Some explosive allegations detailed in e-mail have been successfully challenged on forgery grounds.

In 1997, Oracle CEO Larry Ellison fended off a wrongful employee-termination lawsuit that hinged on a single e-mail. Using cell phone records that placed him in a different location when the e-mail was sent, he successfully argued that the message was a fake.

Such cases are the exception, however. In the end, experts say, only discretion can protect people from themselves, and that, unfortunately, is a resource that is all too often in short supply in the easy-come, easy-go exchanges that characterizes so many e-mail conversations.

"People aren't ever going to learn their lessons," Baker said. "Most people don't get burned by the discovery of email until they get burned really bad."