Notwithstanding its inherent vulnerability to disclosure in lawsuits, or to being forwarded to the wrong person, email has long been like samizdat, a medium for truth-telling. But the Sony hacks have already begun to have an impact, sending unvarnished opinion further underground. “As I’m sure you’re aware, the Sony Corporation has suffered a HUGE, EMBARASSING hack, (sic)” read a sign posted over the weekend in the break room of a notable New York media company. “Personal emails are RUINING CAREERS. Keep that in mind when you send the next joke or comment on TEXT, EMAIL, INTER-OFFICE MESSAGING or ANY OTHER MEDIUM. You might want to take a look at what you’ve said lately and delete anything NOT-WORK-RELATED that could get you or this company in trouble.”
That instinct, to cleanse the internal electronic record, also occurred to a publicist for one of Las Vegas’ largest casino conglomerates. She sent a text to a cadre of fellow publicists and corporate executives, which Bloomberg Politics has seen, instructing them, in all capital letters, to “DELETE ANY EMAILS OR TEXTS THAT COULD BE MISCONSTRUED IN THE EVENT OF A HACKING.”
Such paranoia about what’s in the internal electronic record—always a good thing if it gets folks to pause before they type, experts say—has understandably spiked since the first reports of the Sony intrusions and leaks. Information technology consultants for companies as disparate as Exxon Mobil and Blue Cross Blue Shield have sent out recent reminders about email etiquette, for instance, and many executives and employees alike are taking a there-but-for-the-grace-of-God attitude in watching the Sony debacle unfold.
Cleansing email is an appealing idea—but also likely futile and may even be counterproductive. “I understand why people would want to do that, but it’s a very difficult thing to do,” said Tom Chapman, a former Navy intelligence officer who is now director of operations at computer security firm EdgeWave in San Diego. “Once it gets out of your computer and even after you hit ‘empty’ on your trash, it’s still not gone. It’s still recoverable. And even if you clear it off of your end, it’s still on the recipient’s computer.”
It also could be against the law. Businesses in certain sectors—banking and health care among them—are legally required to keep archives of all electronic communications for a set number of years. Also, haphazardly deleting emails that could be embarrassing is a surefire way of creating suspicion where none is warranted should a company end up in litigation. “The email may be gone and the text might not be there anymore, but there probably is evidence that there was a message that is gone,” said Gerry Stegmaier, intellectual property and Internet security attorney and partner at the Washington D.C. law firm of Goodwin Procter. “Then, in court, there’s often this assumption that if you deleted it, it must have been damaging.”
Indeed, such a “knee-jerk reaction,” George Washington University cybersecurity professor Diana Burley said, is as predictable as it is useless. Emails at major companies, she noted, typically remain on servers that cannot be cleansed by individual employees. “One of the things we all have to be aware of is the fact that when you’re in cyberspace, whether it’s in email or on Twitter, you can’t control who will have access to what you say,” she said. “You have to be very careful in the language that you use.”
The Sony hack is not the first time this has seemed self-evident, of course. In 2012, for instance, Goldman Sachs reportedly conducted an internal email review after a former executive quit in a New York Times op-ed in which he claimed five of the firm’s managing directors had referred to clients as “muppets.” And snarky, flippant emails are at the heart of the scandals that engulfed New Jersey Gov. Chris Christie regarding the September 2012 closure of the George Washington Bridge and the 2010 flap in which accountant for PricewaterhouseCoopers circulated a rating of the attractiveness of newly hired female employees.
Explosive as those scandals were, they changed very little about peoples’ email behavior. But the Sony hack is a nuclear event, which will lead to a new awareness of online dangers. People may end up like mafia dons, saying the important things—and the ugly ones—while strolling safely out of earshot.