Ads by TechWords

See your link here
Receive the latest technology news and information.
Storage
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

CIA tape destruction offers cautionary tale for CIOs

Companies face big fines for not producing electronic evidence

December 10, 2007 12:00 PM ET

IDG News Service - The recent revelation that the U.S. Central Intelligence Agency destroyed videotapes of interrogations of two terrorist suspects may offer a timely reminder for CIOs at private companies in the U.S. tasked with electronic evidence preservation rules since last December.

The e-discovery rules -- amendments to U.S. courts' Federal Rules of Civil Procedure -- don't apply to the CIA. But the agency's decision to destroy videotapes showing harsh interrogation techniques may teach private companies how not to handle evidence, some e-discovery experts said.

The e-discovery rules require U.S. companies to keep electronic records when they're faced with a civil lawsuit or the likelihood of a lawsuit. In effect, what this means is that companies should archive e-mail and other electronic records, said Ralph Harvey, CEO of Forensic & Compliance Systems Ltd., an e-mail archiving vendor based in Dublin.

"The lesson learned is you keep everything for a finite period," he said.

In the CIA case, several lawmakers have called for an investigation into the destruction of the videotapes. The tapes, recorded in 2002, were destroyed in November 2005, when there was a heated debate about the use of harsh interrogation techniques on terrorism suspects. Some former staff members at the government-created 9/11 Commission have also questioned whether the tapes were evidence that the CIA withheld from the group, which probed the Sept. 11, 2001, terrorist attacks on the U.S.

Under the e-discovery rules, companies can be subject to significant fines for not producing electronic evidence they're required to keep. In May 2006, even before the new e-discovery rules went into effect, Morgan Stanley agreed to pay a $15 million fine for failing to produce e-mail linked to several legal investigations.

"Ultimately, the issue is, you don't know how important that e-mail is to someone else," Harvey said.

One of the most tricky issues with e-discovery is the security of the evidence a company is supposed to preserve, Harvey added. Companies need to be able to find the electronic records, and in some cases, they may need to be able to prove that they didn't receive a certain e-mail message, he said. In nearly every case, they will need to assure the court that their records are accurate.

"You can't say you're in compliance when Bob from administration, with a slight slip-up, can delete all e-mails," he said.

Another issue the CIA case brings up is that electronic evidence can come in many forms, said Chris O'Brien, vice president of operations for Xerox Litigation Services. Right now, e-mail is the focus of e-discovery rules, but instant messages, electronic voice mail and Web-based videoconferencing could fall under e-discovery preservation rules, he said.

"Anything that's electronically preserved could theoretically be subject to discovery," he said.

O'Brien said he would be surprised, however, if many companies were archiving their videoconferences in order to meet e-discovery rules.

Perhaps the biggest lesson is not to destroy evidence when it's part of an ongoing investigation -- in the CIA's case, the 9/11 Commission inquiry, said Patrick Egan, a white-collar criminal defense lawyer based in the Philadelphia office of law firm Fox Rothschild LLP.

"Always tell the truth," he advised.


Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Jump to comments

CIA

Additional Resources

WHITE PAPER
Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.
WHITE PAPER
Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.
WHITE PAPER
Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

What People Are Saying

White Papers & Webcasts

PCI DSS Compliance in the UNIX/Linux Datacenter Environment
Download this complimentary white paper today! Provided by BeyondTrust.  

Preventing Data Breaches in Privileged Accounts Using Access Control
To learn how using access control can protect your organization, download this white paper today!  

Achiving Compliance Through Good Governance
Watch this complimentary video today!

FISMA Prescriptive Guide
A Tactical Guide Enabling you to take Action and Achieve Operational Excellence