ISSUE 488: The high tech office- March 2 1999
ALAN ZISMAN
You can burn or shred hard copy memos,
but e-mails are eternally damning
Last week we looked at the good and bad sides of e-mail -- the pleasure of reader-requested mailing lists and the pain of unrequested junk mail, known as spam.
But there's more to e-mail than that. More and more, e-mail records are being subpoenaed as evidence in court cases.
Consider the recent high-profile anti-trust case by the U.S. Justice Department against Microsoft. The Feds got to pick through the software firm's internal messages, finding quotes to bring up in court.
E-mail is also playing a role in less-publicized court cases. Not long ago, a systems analyst fired by Nova Scotia Power Corp. won pay and benefits, along with $40,000 for "mental distress," at least partly as a result of evidence of e-mail about the employee sent out by the company's controller.
In another case, sexually explicit messages distributed over Micro-
soft's internal system were used as evidence that the company had failed to provide a harassment-free work environment.Increasingly, companies are discovering that e-mail, by virtue of its very convenience, also provides a written record -- for better and for worse.
E-mail tends to be less formal than company memos. As a result, opinions tend to be expressed that might never be put down on paper. But the problem is that e-mail can be more easily and widely distributed.
And e-mail is a record that can be surprisingly long-lasting. An individual user may periodically clean out his or her message boxes, but copies also exist on the computer of whoever sent the messages, along with anyone to whom the messages were forwarded.
And most networks (including your Internet Service Provider) are regularly backed up (as they should be!). These backups provide yet an-
other source of copies of your mail -- a source that hasn't been missed in the sweep for court evidence.Some companies have started monitoring computer use -- aiming to crack down on the use of company resources by employees for everything from viewing pornography to running businesses. But many companies have hesitated, not wanting to create a Big Brother atmosphere at work.
Toronto IT lawyer Alan Gahtan, author of Internet Law: A Practical Guide for Legal and Business Professionals, suggests that contrary to popular opinion, Canadian law is not yet clear on whether employers have the right to monitor employee e-mail.
Montreal-based Jurifax Inc. suggests that a clear company policy on e-mail use can help and has sample policies for sale at its Web site (www.jurifax.com).
Gahtan agrees that having a policy can help clarify this often murky area by making clear there should be no expectation of privacy. *
What do you get when you combine Excel 95 or 97 and an Internet browser?
According to Israeli computer security company, Finjan Inc., you might have the "most significant security threat to business since the Internet." In January, the company announced the discovery of a security breach that they claim "could affect literally tens of millions of Internet users."
The firm is referring to the so-called Russian New Year Exploitation, which allows an outsider to copy data files from a computer. These attacks have been confirmed on the various Windows platforms, while the company suspects that Macs running Microsoft Office could be equally vulnerable. So far, only computers running Excel seems to be susceptible, with attackers using a combination of HTML code and Excel's CALL function, allowing any Web browser to be used to punch an undetectable hole in network security.
By simply visiting a suspect Web site, a user can open the door to an attack -- even if Excel isn't running at the time. And because these attacks can happen without the user being aware they've taken place, it's difficult to know whether many businesses have already lost data. Other attacks made possible in this way include grabbing passwords stored on a system or even inserting a so-called BIOS bomb -- which could potentially make a computer completely unusable.
Microsoft has posted a patch to disable the CALL function -- for Excel 97 only--on their Web site at
officeupdate.microsoft.com. Finjan suggests that concerned users install the two Office service releases, along with this patch. As well, Internet Explorer browser users should set the security level to "high," while Netscape users should upgrade to the latest version (4.5) and set it to block plug-ins.The Internet opens us up to a huge world out there. As is often the case, this can be simultaneously a blessing and a curse. From lawsuits to unhappy Russian New Years, we see that spam e-mail is nowhere near as bad as it can get.
I promise to be more positive next week! *
Alan Zisman is a Vancouver educator, writer, and computer specialist. He can be reached at E-mail Alan
