CIA tape destruction offers cautionary tale for CIOs

IDG News Service - The recent revelation that the U.S. Central Intelligence Agency destroyed videotapes of interrogations of two terrorist suspects may offer a timely reminder for CIOs at private companies in the U.S. tasked with electronic evidence preservation rules since last December.

The e-discovery rules -- amendments to U.S. courts' Federal Rules of Civil Procedure -- don't apply to the CIA. But the agency's decision to destroy videotapes showing harsh interrogation techniques may teach private companies how not to handle evidence, some e-discovery experts said.

The e-discovery rules require U.S. companies to keep electronic records when they're faced with a civil lawsuit or the likelihood of a lawsuit. In effect, what this means is that companies should archive e-mail and other electronic records, said Ralph Harvey, CEO of Forensic & Compliance Systems Ltd., an e-mail archiving vendor based in Dublin.

"The lesson learned is you keep everything for a finite period," he said.

In the CIA case, several lawmakers have called for an investigation into the destruction of the videotapes. The tapes, recorded in 2002, were destroyed in November 2005, when there was a heated debate about the use of harsh interrogation techniques on terrorism suspects. Some former staff members at the government-created 9/11 Commission have also questioned whether the tapes were evidence that the CIA withheld from the group, which probed the Sept. 11, 2001, terrorist attacks on the U.S.

Under the e-discovery rules, companies can be subject to significant fines for not producing electronic evidence they're required to keep. In May 2006, even before the new e-discovery rules went into effect, Morgan Stanley agreed to pay a $15 million fine for failing to produce e-mail linked to several legal investigations.

"Ultimately, the issue is, you don't know how important that e-mail is to someone else," Harvey said.

One of the most tricky issues with e-discovery is the security of the evidence a company is supposed to preserve, Harvey added. Companies need to be able to find the electronic records, and in some cases, they may need to be able to prove that they didn't receive a certain e-mail message, he said. In nearly every case, they will need to assure the court that their records are accurate.

"You can't say you're in compliance when Bob from administration, with a slight slip-up, can delete all e-mails," he said.

Another issue the CIA case brings up is that electronic evidence can come in many forms, said Chris O'Brien, vice president of operations for Xerox Litigation Services. Right now, e-mail is the focus of e-discovery rules, but instant messages, electronic voice mail and Web-based videoconferencing could fall under e-discovery preservation rules, he said.

"Anything that's electronically preserved could theoretically be subject to discovery," he said.

O'Brien said he would be surprised, however, if many companies were archiving their videoconferences in order to meet e-discovery rules.

Perhaps the biggest lesson is not to destroy evidence when it's part of an ongoing investigation -- in the CIA's case, the 9/11 Commission inquiry, said Patrick Egan, a white-collar criminal defense lawyer based in the Philadelphia office of law firm Fox Rothschild LLP.

"Always tell the truth," he advised.