There is no global archive of Internet e-mail messages. Indeed, e-mail
is one of the more evanescent products of electronic communications
technology. Consider the sheer volume of e-mails: 31 billion e-mails
*daily*, estimated to account for 1829 Terabytes of data. What
facility would have the capacity to archive that amount of data?
Consider, too, that the Internet is a distributed network, and that
packet traffic flows through many and dispersed pathways. How could a
worldwide network of data be captured?
How Much Information? 2003
Report: E-mail volume grows rapidly
"The volume of corporate e-mail is rising sharply and will continue to
do so, according to a report released Thursday. In a study of 50
companies worldwide conducted this year, research firm The Radicati
Group found that the average corporate e-mail user sends or receives
about 9.6MB of e-mail data daily, up from 5MB last year. The study
predicts the figure will climb to 46MB daily by 2005."
Typically, e-mail messages are removed from an ISP's servers after
they have been retrieved by the recipient, or after a lapse of time
specified by the recipient, and thus the only copies of an e-mail
reside on the computer from which the e-mail originated and the
computer that was at the receiving address.
In general, the specifications for Internet mail services dictate the
deletion of relayed mail after transmission.
DISTRIBUTED ELECTRONIC MAIL MODELS IN IMAP4
"The offline model is the most familiar form of client/server email
today, and is used by protocols such as POP-3 (RFC 1225) and UUCP. In
this model, a client application periodically connects to a server.
It downloads all the pending messages to the client machine and
deletes these from the server. Thereafter, all mail processing is
local to the client. This model is store-and-forward; it moves mail
on demand from an intermediate server (maildrop) to a single
Post Office Protocol - Version 3
"The POP3 server marks the message as deleted. Any future reference
to the message-number associated with the message in a POP3 command
generates an error. The POP3 server does not actually delete the
message until the POP3 session enters the UPDATE state."
In some cases, messages also can be retrieved for a limited mount of
time from an ISP under subpoena, because the maintenance schedule of
the ISP prescribes that purging of past messages be done at particular
times. After the purge, the only remaining copies are on the sending
and receiving computers. This does not mean, however, that e-mail
messages are not archived.
The existence of two copies of an e-mail explains the ease with which
e-mail messages can be retrieved as evidence. It should be understood
that most companies operate intranets that are tied to the Internet,
and that internal mail i.e., mail sent from one computer or
workstation to another within the intranet, or mail to be forwarded
outbound, or mail received from the Internet, will probably be
retained on the servers for the intranet mail system. For all
companies that fall within the financial services definition of
business, however, the Securities and Exchange Commission has
promulgated mandatory rules (SEC rule 17a-4) for the archiving of
e-mail in house: all e-mail must be archived for three years.
U.S. Securities & Exchange Commission
17 CFR PARTs 240 and 242
Books and Records Requirements for Brokers and Dealers Under the
Securities Exchange Act of 1934
"B. Retention of Communications
Paragraph (b)(4) of Rule 17a-4 previously required that each
broker-dealer keep originals of all communications received and copies
of all communications sent by the firm relating to its business as a
broker-dealer, including inter-office memoranda and communications.
With respect to memoranda, including e-mail messages, the Commission
has stated that the content and audience of the message determine
whether a copy must be preserved, regardless of whether the message
was sent on paper or sent electronically. The amendments to this
paragraph adopted today will require firms to retain communications
that are subject to SRO rules regarding "communications with the
public" (such as advertising) as well, a requirement reproposed
separately as paragraph (b)(10) of Rule 17a-4. This requirement is
designed to provide State Securities Regulators with the ability to
access these public communications records so they can enforce their
laws relating to the form and use of public communications."
U.S. Securities & Exchange Commission
SEC, NYSE, NASD Fine Five Firms Total of $8.25 Million for Failure To
Preserve E-Mail Communications
"The Securities and Exchange Commission, the New York Stock Exchange
and NASD today announced joint actions against five broker-dealers for
violations of record-keeping requirements concerning e-mail
communications. The firms consented to the imposition of fines
totaling $8.25 million, along with a requirement to review their
procedures to ensure compliance with record-keeping statutes and
Each of the firms - Deutsche Bank Securities Inc.; Goldman, Sachs &
Co.; Morgan Stanley & Co. Incorporated; Salomon Smith Barney Inc.; and
U.S. Bancorp Piper Jaffray Inc. - consented, without admitting or
denying the allegations, to findings that each:
Violated Section 17(a) of the Securities Exchange Act of 1934, Rule
17a-4 under the Exchange Act, NYSE Rule 440 and NASD Rule 3110 by
failing to preserve for a period of three years, and/or preserve in an
accessible place for two years, electronic communications relating to
the business of the firm, including interoffice memoranda and
National Association of Securities Dealers
SEC Books and Records Amendments - Effective May 2, 2003
Iron Mountain Service Assesses E-mail Retention Policies, Systems
Targets financial firms facing need to meet SEC rules
"The U.S. Securities and Exchange Commission requires financial
services firms to store all e-mail traffic in its original form for at
least three years and to make those communications "accessible" for
the first two years. The National Association of Securities Dealers
Inc. also has rules that require brokerages to monitor and store
communications with their clients."
SEC NEWS DIGEST
Issue 2003-206 October 29, 2003
"COURT ORDERS JONATHAN FINK TO COMPLY WITH COMMISSION'S SUBPOENA
"In its Application, the Commission alleged that, on April 15, 2003,
the Commission issued a formal order of private investigation
entitled In the Matter of Converge Global, Inc. Pursuant to the
formal order, Commission staff began investigating a possible
stock manipulation scheme related to Converge Global, Inc., a
Florida-based holding company that purports to sell telecommunications
products through TeleWrx, Inc., its sole operating subsidiary.
Between at least March and June 2002, Converge and others
disseminated spam e-mails and press releases projecting the
explosive growth and success of TeleWrx's network marketing
Thus, in theory, it is a simple matter for an investigative agency to
subpoena the e-mails, and for the company to retrieve them.