When I heard about the e-mail evidence in the Microsoft antitrust trial, I thought about the e-mails I’d sent in the last few years and how they might be taken out of context or in some way used against me. None of these messages seemed like a very big deal when I sent them but, I am sure, neither did the e-mails sent by Microsoft employees about Netscape.
Increasingly, e-mail is a source of legal turmoil and personal embarrassment. Many companies are addressing the problem by establishing a policy about retention of e-mail. But how do you enforce these policies?
The same question must have occurred to the developers at Disappearing Inc., the creators of a cool add-in for Outlook 98 and 2000 called Disappearing Email. (Editor's note: Since the publication of this article, Disappearing Inc. has changed its name to Omniva Policy Systems.) This interesting concept claims to deal once and for all with the problem of your e-mails coming back to haunt you.
Read on to learn more about how Disappearing Email works and what it offers the enterprise.
How it works
Disappearing Email encrypts your e-mail with a key obtained from a central server at Disappearing Inc. or within your own network. The message is sent in a format that contains a script, which in turn connects to the Disappearing Inc. server and obtains the correct key to decrypt the message.
The key expires after a set time interval has passed. This renders the message unreadable—forever. Disappearing Email allows you to determine how long the message is readable before you send it. So what’s the catch? The reader must have access to the server from which you obtained the key.
Disappearing Inc. claims that even they are not able to decrypt the message once the time limit passes and the key expires.
This product adds a few items to your Outlook installation. The most noticeable is a new toolbar in the Message dialog (see Figure A).
From the drop-down, you can select how long the e-mail should "live." You can pick from 30 minutes to up to 90 days. You can also choose to encrypt any attachments in the e-mail. The attachments will also be subject to the time limits.
Reading the e-mail is simple. If you have the Disappearing software installed, you just open as you normally would. The software contacts the “key” server, and the message is displayed if it has not expired. If its time has past, then you see just a note that says that it has expired. Even your Sent Items folder shows the message. With Outlook, it even changes the type style of the message in your Sent Items folder to show that it is no longer a readable message (see Figure B).
If you do not have the software installed, it will prompt you to download a free reader that will allow you to read the e-mail without installing the ”full” product.
If your CIO has not established a policy about retention of e-mail, he or she soon will. Disappearing Email may be just what you’ll need to help enforce those policies.
The enterprise version of Disappearing Email allows your system administrators to set defaults for the time limits on all e-mail sent from the corporate server. It’s also possible to establish rules that govern how long e-mails in the system remain readable, but with this software, the rules will be enforced by the server, not an honor system.
The product also allows you to:
- Control when users send Disappearing Email and regular mail.
- Create groups of users, each with a unique set of policies.
- Establish criteria to stop users from deleting messages that might be used as evidence in legal cases.
Currently, Outlook 98 and 2000 are the only supported platforms. The Enterprise Admin component requires Exchange. However, the company plans to add other clients and server components.
If you’d like to test the product, Disappearing Inc. offers a free 90-day trial version.
How do you enforce policies?
In the CIO Community of TechRepublic, articles and members discuss creating policies for the enterprise. But IT managers and directors are charged with enforcing those policies. We’d like to hear what problems you’ve encountered in finding ways to enforce e-mail and security policies. We’d also like to hear if you’ve found a particularly helpful product or solution that helps you enforce the CIO’s policies. E-mail us with your story.