• Law, Policy -- and IT?

    Tracy Mitrano explores the intersection where higher education, the Internet and the world meet (and sometimes collide).


Lessons of Clinton and Wise

Don't try to violate email rules.


August 24, 2015

Between the Hillary Clinton email debacle when she was at the Department of State and the Saliata case at the University of Illinois at Urbana-Champaign, there is a lot of buzz about how manage email in a manner that accords with the law and institutional policy. Reminiscent of the kerfuffle that arose as Facebook made its way through higher education and then public space, email management is this decade’s “public awareness” campaign about personal privacy and appropriate work performance with technology.  I thought I would offer a few tips:

Remember that old adage about never putting anything in email that you would not want published on the front page of the New York Times? It’s still true! 

IT Policy and Security personnel used to say it to refer more to misguided use of list services and “waterfall” emails (forwarded from person to person or group) but now there are two more compelling reasons to remember it: Internet insecurity and legal actions.

In the first category, Internet security has gone from a mishmash of drivers to two primary ones: nation-state attacks and global organized crime. In both cases, assume the worst. The military and criminals are often one step ahead not only of the law but also often of the most current market technologies. In other words, to be on the safe side, assume that you have already been hacked. If you are an executive in either public or private institutions – or members of the board – do you really want that email to be splashed on some web site? Put on WikiLeaks? Used for ransom or blackmail? If not, then don’t send it!  Pick up the phone. The worse that can happen, as best we know, at this point is that the NSA will know the number you called, on what date and how long you talked. :-)

In the second category, legal action, there are two types worth mentioning. The first is open record laws. If you are a state institution, remember, even in the heat of a challenging moment, about the responsibility you have to do business in a manner that is transparent. You forget this advice at your peril, especially in light of recent attention on this subject, because the public will always suspect something fishy if you don’t.

Here is a really, really important point: don’t think that just because you used a “private” email account you have evaded the law. You haven’t. Here’s the mantra to say to yourself when the little devil on your shoulder suggests that trick: “Clinton, Petraeus, Wise …”

The second type of legal action of which to beware is everything else. Criminal, civil, you name it, it could visit at any moment. Just when you have sent that nastygram at 10:30 after a second scotch (and wine at dinner, and cocktails before that …) Or that flirtatious note that you did not mean to be but was nonetheless just a little bit over the top.

Count on an opposing attorney to take it out of context. A courtroom is not your therapist’s office, where you have the chance to explain mistakes to someone who cares about your happiness. It is about ego and money and power. Frankly there are no winners in that mix.  N.B. It does not matter if you’re at an institution that is public or private, or whether you thought you were clever and sidestepped to a “personal” consumer email account. A subpoena is a subpoena, and that means that the other side gets it.   

What is the net/net of this advice?

First, if you are at a public institution, have Legal Counsel, IT, Communications, Record Retention and Archive representatives sit down at the table and hammer out some clear rules for staff. For example: “You are not allowed to use any other email service, consumer applications or accounts for institution business than the institutional enterprise account established precisely for that purpose."  

Even though I just made the case above for it being a distinction without a difference when it comes to open record or any other form of legal request, the point is the institution does not want its staff to give the appearance of impropriety to the public.  (And it is good information management … but that is another topic.)

Second, if you are either public or private, remind staff – academic and non-academic – that every single stitch of what you send in email is fair game at some point in a legal process. Criminal, civil, it does not matter. If the case is hot, aggressive or nasty enough it will come to an e-discovery request.  And we all know how costly defying those orders have become, so don’t count on your institution to shield you. 

No matter how loyal or good a citizen you have been over the years, when it comes to facing a judge, legal counsel has no choice but to throw you under the bus.

Third, don’t forget that adage about the New York Times! Technology often has the effect of casting a spell over people. Sending that message might seem like magic.  

You may think, “Look how much time I saved by not having to talk!”  But alas, don’t be email wise and public foolish. The time you might save by sending that email instead of having a chat might not only under some circumstances become an exponential time sink, it might have a truly profound disadvantageous effect on your job, career and life. 




Back to Top