There is a story bubbling beneath the surface on the Internet that I expect will break through as a very large story over the next few days. It will be a partisan story and I’d like to not get involved in that part here on the blog.
Here’s the setup. Whenever you send mail, it goes through a server. Usually that’s an SMTP or Simple Mail Transport Protocol server.
Many companies and government agencies keep copies of all the messages flowing through their SMTP servers. That’s how lawyers can later reconstruct paper trails during the discovery phase of lawsuits.
So far, so good.
Let’s say you wanted to send mail but not have it tracked. You could route it through a different SMTP server. In fact, mail from (as an example) geofffox.com and my other domains are usually sent through other servers as a matter of convenience. When I send mail for work from home, it also goes through these generic servers.
If my boss was tracking my work emails (which he is probably entitled to do) he wouldn’t have a copy of those.
It’s probably no big deal if I send mail that way. It is a big deal if government employees… White House employees… use other servers and therefore keep their emails out of the normal archive process.
From TrustMe.com:
As Citizens for Ethics and Responsibility in Washington (CREW) notes:
CREW has learned that to fulfill its statutory obligations under the PRA, the White House email system automatically copies all messages created by staff and sends them to the White House Office of Records Management for archiving. It appears that the White House deliberately bypassed the automatic archiving function of its own email system that was designed to ensure compliance with the PRA.
I don’t know who or what side of the political spectrum CREW or TrustMe.com represent. I assume neither has a conservative bent.
Sometimes these things take a few days gain traction. As it is, TrustMe.com posted this three days ago. Or, maybe this is just some little thing blown way out of proportion and as a geek I’ve latched on to its ‘evil tech’ implications.
I’d like to think you heard it here first. Let me know, in the comments section, if this is already ‘a story’ and I just missed it?
I had not heard this until I read your blog, though I can’t say I’m all that surprised. Sadly, I don’t think there’s much that could be revealed regarding government information security breaches or work arounds that would shock much of the American public anymore.
As a SysAdmin for companies that have to comply with HIPAA and Sarbanes Oxley, I’ve been dealing with this for some time. I make a great effort to block any type of webmail and smtp from the corporate network, so everything has to go through the corporate servers. Also non-technical policies forbid employees from using email other than the one that I control
First time I had heard this Geoff. It looks like a lazy man’s attempt to circumvent the system. They should all know better. As a litigator, even though I have legal privilege with my clients, it is a cardinal rule NEVER to put anything in writing that you don’t want others to see, even if it is supposed to be private. A very stupid mistake but one that the bad guys often make, to their deep chagrin.