E-mail is like a loaded gun. In the wrong hands, it can cause a lot of damage and you can end up in jail. But it is too late to change it now, the genie is out of the bottle. So perhaps it is time for some rules to be laid down.
The problem with any technology is it creates at least one unforeseen new problem to replace the challenge it has helped overcome. For example, we can do anything from the comfort of our desks these days, which is marvellously efficient. But to ward off the toll this sedentary life has on our health, we have to join a gym and spend hours on a treadmill, simulating the journeys to the fax machine and the post room that have been eliminated from our daily routine.
Business systems seem to be similarly cursed. E-mail has struck a chord with users because it conveniently caters to the way humans would like to work. Opinion varies as to why the working population has taken so enthusiastically to e-mail, but there are two schools of thought. Some say e-mail is popular because of its enormous productivity benefits. Other users point out that this is the first system to allow you to spend all day sending jokes to your friends while giving the impression of working hard.
It is indisputable that e-mail is massively popular. Each of us now sends the same volume of e-mails in a day that we would have sent in an entire year at the beginning of the 1990s, according to a study by analyst firm Gartner Group. Its latest report says the average worker now spends just under an hour a day managing e-mails and a third of all e-mails (34%) are not related to work or to the company. A quarter of all e-mail users spend more than an hour a day on this activity.
Even when e-mail is not being used to send cartoons and distribute viral marketing campaigns, its ability to replicate documents across the network is becoming increasingly dangerous. While electronic systems can drive workflow, projects can become derailed as members of a group working together end up going in various directions as they refer to different versions of the same document. All because of their enthusiastic but undisciplined use of the system.
"These days, about 30% of all documents are carried in e-mails," says Ovum Research's storage analyst Graham Titterington. "More than half the overhead for firms is in managing documents, but unfettered use of e-mail is driving that figure up."
Most IT managers are all too familiar with the IT-related problem that e-mail has created, though according to Gartner only 2% of local area networks have document management systems in place. One IT manager, Paul O'Nolan at the International Rice Research Institute, seems to have had a hard time.
"When we had the so-called people power revolution here, the Internet, e-mail and mobile phone text messaging in particular were a huge part of what brought about change. Our mail system ran red hot on the Friday of the outbreak of unrest in Manila. Every available communications channel - phone, cellphone, fax, e-mail, our Internet connection - was busy. Our Exchange system's disc consumption shot up dramatically and a few days later I discovered that we'd gone down to 32Mbyte on a 25Gbyte drive, which didn't even offer me the space to defragment the information store," explains O'Nolan.
The upshot was more than a day of downtime. A good old-fashioned disc crash soon followed. The aftermath was even more embarrassing.
"Back-ups were taking 10 hours using digital linear tape and the length of time it took to do restores and to run repairs on the mail database - twice, we had backed up corrupt data - was a major factor in keeping the system down for two days," O'Nolan says.
The planned solution had a technical and a cultural bias. On one hand, the IT department instituted shared storage with snapshot capabilities and high speed back-up. It also appealed to employees to mend their ways, asking them to use centralised storage.
What is called for is a change in business culture, say many IT manufacturers. Andrew Gilfrid Day, chief technology officer at ihave moved.com, is adamant that users must adapt to suit the technology.
"Workers copy e-mail too freely and archive them too much. Companies should implement a system to change the culture, so people tell colleagues where to look for information rather than sending them a copy. The ability to access shared work is one of the reasons for the existence of electronic software, yet many companies are failing to use it in the way it was intended. As well as reducing archive materials, using central storage, say intranets or shared servers instead of copying, ensures workers only ever see the most recent copy of a document," Gilfrid Day says.
But efficient though it is if people use e-mail shortcuts to a centrally held document, this involves more work for the user than hitting buttons. When it is as easy to send a map of a document's location on a server, as it is to just attach it, the problem may go away. And then there's the small matter of engendering an intranet usage culture in the first place.
Users will co-operate on modifying their e-mail use, but only when it is convenient for them, advises Dan Chase, IT manager at marketing agency Bite Communications. The best thing to do is to work with them. You cannot stop people sending massive graphics files around, so it is better to limit the damage.
"At Bite, we have a series of aliases so only people who want or need to receive e-mails and attachments do," says Chase. "Along with all the individual client teams and project aliases, there are aliases for account execs, account managers, lads, ladies, first floor, second floor, football, smokers, party and 'funny' which is an opt-in for those who want to receive puerile humour.
"For attachments, there is a folder on the mail server called 'flotsam' where all .exe and .wav files and the like go. The premise being that people will send them round anyway so they simply put the file there and e-mail the 'funny' alias. Anyone sending an attachment to the whole company is publicly humiliated and rarely does it again," Chase says.
But this is only feasible at smaller companies like Bite. At a larger firm, there would not be the same level of co-operation between users and their IT department, as there would be less interaction.
Anne Marie Wolf is chief information officer at multinational advertising agency Grey Global, one of the biggest ad agencies in the world. "Our biggest e-mail document problem is people copying 20Mbyte Powerpoint presentations, but that's way down the scale against digitised graphics and video files that get circulated in a company like ours. Those are the really big digital asset management challenges that big corporations face."
Nonsense, says Lars Davies, professor of IT and Internet law at the University of London. The logistics of managing large numbers of files may be stressful, but you will not go to prison if you get it wrong. What most IT managers don't realise is that e-mail presents a significant legal threat to organisations.
"E-mail in commerce is a potential 'Go To Jail' card but only 1% of IT managers seems to be aware of their legal obligations to keep all electronic records," says Davies.
This ignorance stems from the misconception that e-commerce works in a non-regulated environment. "That's tosh. An e-mail has enormous evidential weight and there have been some well publicised cases of companies that were successfully sued on the strength of an e-mail," adds Davies.
Norwich Union was sued last year over a libellous e-mail about a third party that was sent between two of its employees.
"There's this idea that if you delete an e-mail, nobody can prove it was sent, but the other party has a legal right to access to your system. Individuals, companies and directors are liable for e-mails and they could go to jail," warns Davies.
"I like the US approach. They have no qualms about chucking directors in jail and they lose everything," he says.
Although prison is unlikely, the legal liability in the UK is a potentially huge financial burden. The legal imperative to keep all e-mail is one that has storage and archiving manufacturers rubbing their hands with glee.
No request for information about e-mail admissibility goes without an advertising plug. The British Standards Institution has guidelines regarding messaging and e-mail admissibility. "BSI PD5000:1999 says it is necessary to store confirmation of receipt to a tamper-proof storage system. For the highest level of confidence, 12in Trueworm optical solutions are available," says a supplier's spokesman.
IT manufacturers would naturally like IT departments to keep every single e-mail and attachment, since this would force even more money to be spent on storage and retrieval systems, which are already the fastest growing markets in technology. But are there not some more pragmatic solutions, rather than throwing money at the problem?
Surely viruses and worms can aid the IT manager here. If people are scared to open unsolicited e-mails and think any questionable material on their machines might be copied to everyone on their address book, they will be more circumspect about their e-mail use. But no IT manager Computer Weekly interviewed seemed willing to capitalise on this fear.
"We have tried to cut down the inbox load but it will probably be a never-ending battle," says O'Nolan. "I try not to fight human nature. I don't think I'd want to work for an organisation that did."
The only option seems to be a policy of disciplined back-up and retrieval, which leaves the IT manager to shoulder the responsibility.
How many e-mails are we sending?
Gartner found that more storage was deployed in 1999 than all previous years added together. And according to IDC:
- Data management and services market will increase by 12% by 2003 to $1bnCorporate enterprise e-mail users worldwide generate four billion e-mail messages a dayE-mail traffic is expected to grow close to seven billion messages a day by 2003The problem of archiving and retrieving e-mail information doubles every two years
What are our attitudes to e-mail?
In a survey in the US, IDC found that:
- 71% of people questioned said they regard e-mail as an essential tool for doing their jobs59% send and receive non-business related e-mail through the office system37%, said they would open an e-mail containing the phrase "I love you" 25% of people who do not send non-business related e-mails would open an e-mail titled "I love you" if it was from someone they knewMore than a quarter said their PC had been infected with a virus 11% received the Love Bug virus.
E-mail and the law
The real question you should ask about your messaging systems is not whether you can rely on them, but if they are secret, warns Lars Davies, professor of Internet and IT law at London University.
"Encryption is a waste of time. What you should really worry about is the content, because once the content has been unencrypted, it has sufficient evidential weight to be used against you," says Davies.
In his capacity as a law professor, Davies says he is often approached by companies asking advice about e-mail difficulties they have got themselves into. "A lot of the time it's their own negligence that's got them into trouble," he says.
The questions you should ask are simple:
- Do your internal communications have evidential weight? Can you rely on them? Would those words, under most circumstances (such as a letter or fax), amount to a legal contract?
The most common misconception is that e-mail is not legally binding because it can be changed. But so can documents and that has not stopped them from being accepted as legally binding. "People worry that if e-mail can be altered or it can be changed, that in some way means it can't be relied on. Not so," Davies says.
Of much greater significance is whether the parties have been identified correctly in the e-mail message. The trouble with encrypting e-mail, as a means of self-defence against litigious third parties, is that they have a legal right to access your systems. There have been cases that Davies has advised on where companies have been forced to hand over servers and other hardware, for investigators to search records for incriminating e-mail messages. So the adage that possession is nine-tenths of the law does not apply in e-mail libel cases.
Too often, when companies consider their legal position over e-mail and the law, they consider from a commercial perspective. But use of e-mail in e-commerce is only one strand of a complex web of issues. All the usual laws apply to e-mail. And then some.
"There are specific laws which were drafted to relate to certain features of e-mail, but they only caused confusion. For instance, in 1995 the Civil Evidence Act allowed electronic information without question. You can admit it to the court," Davies says.
The amount of evidential weight the court will place on the message depends on the circumstances. The factors under investigation will be the means of storing data, the systems that were used and their methods of operation. These are all the issues you will be forced to familiarise yourself with if you are dragged through the courts and you will need to prove your argument. Which, as Davies says, is very difficult and time consuming, so you will need a system which obviates that need.
Signatures were regulated by the passing of the Signatures Directive in the UK. Then there is the Communications Act in the UK and the Uniform Electronic Transactions Act in the US. The upshot of these is that you can rely on signatures and contract electronically between two individuals, ie private parties, not between an individual and a government body.
Contracts are covered by the Commerce Directive and the Communications Act. There are also other acts which apply: the Data Protection Act, for example, because the e-mails identify living parties.
In advertising, the Data Protection Act and the Data Protection Directives apply. Spamming is another dangerous area. If unauthorised commercial messages incur additional costs for the recipient, they are illegal. On this issue, the rule of law seems to be nebulous.
"How that is going to be implemented in various member states I am not yet sure, but it will be implemented," says Davies.
Then there is Human Rights Act. "It is not about getting access to encryption. It is not about snooping. It is about getting access to information if it is required. If you encrypt it, you have to provide the keys or the key holder has to provide the keys. You cannot get round your legal liability using technology," says Davies. Some innovative companies have tried placing their servers abroad. But even they cannot escape their responsibilities.
There is a huge welter of laws applicable to e-mail and only 1% of IT managers are even aware of their existence.
Top tips for reducing e-mail overload
- E-mail on a "need to know" not "just in case" basis. Think before you copyDivert all copied mail you receive to a separate folder where they can fester. Autodelete after a monthDo not send an attachment, save it to a server and send the linkDivert "serial spammers" into the binNever replace communication with e-mailBrevity is everything. No message should take more than one screenSet up mails to colour-code receipts from important peopleHave a series of aliases people can opt in and out of, to avoid unwanted jokes being circulatedBe ready for seasonal fluctuations. At Christmas, staff exchange greeting files they will forward to othersLet users know the cost of space and the nature of e-mail propagation. Too often, they are unaware.
Source: Geoff Barrall, BlueArc
How SAP cured its Exchange server headache
The software developer SAP has 15,000 employees worldwide and the only way to cope with the volume of data they send is to provide 50 servers for Microsoft Exchange systems.
Even then, server overload was a constant issue, with the increasing volume of e-mails sent and the size of attachments growing daily. Performance was being hampered as hard disc capacity was eaten away by all these files.
Bernd Himmelsbach, responsible for the operating performance of the Exchange servers, was a worried man. He thought that at the very most, SAP could only afford a server to be disconnected from the Net for a maximum eight hours or the other servers could not cope with the extra capacity. So he tried to head off the problem by limiting each user to a mailbox capacity of 80Mbytes.
"But many staff couldn't manage on that," he says.
He dismissed the idea of investing in additional kit like hard discs, servers or Raid systems. The admin costs, in terms of reloading and back-up times, would be more exorbitant than the price of the kit.
The answer was to use a bolt-on Exchange utility, called Ixos Exchange archive, which archives e-mails and attachments to a separate server. This decreased the database size and boosted server performance by 90%.
"On a global scale, that means we can save ourselves the cost of between five and 10 Exchange servers," says Himmelsbach.
Or does it give users a licence to send even more e-mails and bigger attachments?