Hello,

I heard that somehow every e-mail sent over the internet is stored
(somehere) on the internet.

This is how they supposedly get e-mails from corporations accused of
price fixing, or illegal trading activities.

Is this true? And if not, how do they get these e-mails and where are they stored?

There is no global archive of Internet e-mail messages. Indeed, e-mail
is one of the more evanescent products of electronic communications
technology. Consider the sheer volume of e-mails: 31 billion e-mails
*daily*, estimated to account for 1829 Terabytes of data. What
facility would have the capacity to archive that amount of data?
Consider, too, that the Internet is a distributed network, and that
packet traffic flows through many and dispersed pathways. How could a
worldwide network of data be captured?


How Much Information? 2003
http://www.sims.berkeley.edu/research/projects/how-much-info-2003/internet.htm


Report: E-mail volume grows rapidly
http://news.com.com/2110-1032-5085956.html?tag=3Dnefd_hed

"The volume of corporate e-mail is rising sharply and will continue to
do so, according to a report released Thursday. In a study of 50
companies worldwide conducted this year, research firm The Radicati
Group found that the average corporate e-mail user sends or receives
about 9.6MB of e-mail data daily, up from 5MB last year. The study
predicts the figure will climb to 46MB daily by 2005."


Typically, e-mail messages are removed from an ISP's servers after
they have been retrieved by the recipient, or after a lapse of time
specified by the recipient, and thus the only copies of an e-mail
reside on the computer from which the e-mail originated and the
computer that was at the receiving address.

In general, the specifications for Internet mail services dictate the
deletion of relayed mail after transmission.


RFC 1733
DISTRIBUTED ELECTRONIC MAIL MODELS IN IMAP4
http://www.faqs.org/rfcs/rfc1733.html

"The offline model is the most familiar form of client/server email
today, and is used by protocols such as POP-3 (RFC 1225) and UUCP. In
this model, a client application periodically connects to a server. 
It downloads all the pending messages to the client machine and
deletes these from the server.  Thereafter, all mail processing is
local to the client.  This model is store-and-forward; it moves mail
on demand from an intermediate server (maildrop) to a single
destination machine."


RFC 1939
Post Office Protocol - Version 3
http://www.faqs.org/rfcs/rfc1939.html

"The POP3 server marks the message as deleted.  Any future reference
to the message-number associated with the message in a POP3 command
generates an error.  The POP3 server does not actually delete the
message until the POP3 session enters the UPDATE state."


In some cases, messages also can be retrieved for a limited mount of
time from an ISP under subpoena, because the maintenance schedule of
the ISP prescribes that purging of past messages be done at particular
times. After the purge, the only remaining copies are on the sending
and receiving computers. This does not mean, however, that e-mail
messages are not archived.

The existence of two copies of an e-mail explains the ease with which
e-mail messages can be retrieved as evidence. It should be understood
that most companies operate intranets that are tied to the Internet,
and that internal mail i.e., mail sent from one computer or
workstation to another within the intranet, or mail to be forwarded
outbound, or mail received from the Internet, will probably be
retained on the servers for the intranet mail system. For all
companies that fall within the financial services definition of
business, however, the Securities and Exchange Commission has
promulgated mandatory rules (SEC rule 17a-4) for the archiving of
e-mail in house: all e-mail must be archived for three years.


U.S. Securities & Exchange Commission
17 CFR PARTs 240 and 242
Books and Records Requirements for Brokers and Dealers Under the
Securities Exchange Act of 1934
http://www.sec.gov/rules/final/34-44992.htm

"B. Retention of Communications

Paragraph (b)(4) of Rule 17a-4 previously required that each
broker-dealer keep originals of all communications received and copies
of all communications sent by the firm relating to its business as a
broker-dealer, including inter-office memoranda and communications.
With respect to memoranda, including e-mail messages, the Commission
has stated that the content and audience of the message determine
whether a copy must be preserved, regardless of whether the message
was sent on paper or sent electronically. The amendments to this
paragraph adopted today will require firms to retain communications
that are subject to SRO rules regarding "communications with the
public" (such as advertising) as well, a requirement reproposed
separately as paragraph (b)(10) of Rule 17a-4. This requirement is
designed to provide State Securities Regulators with the ability to
access these public communications records so they can enforce their
laws relating to the form and use of public communications."


U.S. Securities & Exchange Commission
SEC, NYSE, NASD Fine Five Firms Total of $8.25 Million for Failure To
Preserve E-Mail Communications
http://www.sec.gov/news/press/2002-173.htm

"The Securities and Exchange Commission, the New York Stock Exchange
and NASD today announced joint actions against five broker-dealers for
violations of record-keeping requirements concerning e-mail
communications. The firms consented to the imposition of fines
totaling $8.25 million, along with a requirement to review their
procedures to ensure compliance with record-keeping statutes and
rules.

Each of the firms - Deutsche Bank Securities Inc.; Goldman, Sachs &
Co.; Morgan Stanley & Co. Incorporated; Salomon Smith Barney Inc.; and
U.S. Bancorp Piper Jaffray Inc. - consented, without admitting or
denying the allegations, to findings that each:

Violated Section 17(a) of the Securities Exchange Act of 1934, Rule
17a-4 under the Exchange Act, NYSE Rule 440 and NASD Rule 3110 by
failing to preserve for a period of three years, and/or preserve in an
accessible place for two years, electronic communications relating to
the business of the firm, including interoffice memoranda and
communications."


National Association of Securities Dealers
SEC Books and Records Amendments - Effective May 2, 2003
http://www.nasdr.com/books.asp


Iron Mountain Service Assesses E-mail Retention Policies, Systems
Targets financial firms facing need to meet SEC rules
http://www.computerworld.com/governmenttopics/government/policy/story/0,10801,85727,00.html

"The U.S. Securities and Exchange Commission requires financial
services firms to store all e-mail traffic in its original form for at
least three years and to make those communications "accessible" for
the first two years. The National Association of Securities Dealers
Inc. also has rules that require brokerages to monitor and store
communications with their clients."

SEC NEWS DIGEST
Issue 2003-206 October 29, 2003
http://www.sec.gov/news/digest/dig102903.txt

"COURT ORDERS JONATHAN FINK TO COMPLY WITH COMMISSION'S SUBPOENA
[...]
"In  its Application, the Commission alleged that, on April 15, 2003,
the Commission  issued a formal order of private investigation 
entitled  In the  Matter  of  Converge Global, Inc.  Pursuant to  the 
formal  order, Commission  staff  began  investigating a  possible 
stock  manipulation scheme related to Converge Global, Inc., a
Florida-based holding company that purports to sell telecommunications
products through TeleWrx, Inc., its  sole  operating subsidiary. 
Between at least March and June  2002, Converge  and  others 
disseminated  spam  e-mails  and  press  releases projecting  the 
explosive  growth  and  success  of  TeleWrx's  network marketing 
program."


Thus, in theory, it is a simple matter for an investigative agency to
subpoena the e-mails, and for the company to retrieve them.


SEARCH TERMS

://www.google.com/search?hl=en&ie=ISO-8859-1&q=POP3+servers+mail+retention&btnG=Google+Search
://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=IMAP4+servers+mail+retention&btnG=Google+Search
://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=rule+17a-4+site%3Asec.gov&btnG=Google+Search
://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=rule+17a-4++e-mail+archive&btnG=Google+Search

hlabadie-ga

---

Clarification of Answer by hlabadie-ga on 02 Mar 2004 05:18 PST

It should be noted that Carnivore e-mail snooping is in the nature of
a wiretap, and legally can only be used with a court ordered warrant,
usually obtained under FISA (Foreign Intelligence Surveillance Act) or
the Patriot Act.

Memo Reveals FBI E-Mail Snafu 
http://www.cbsnews.com/stories/2002/05/29/attack/main510393.shtml

hlabadie-ga

A couple things to add.  

First, email is generally not secure.  It generally passes as plain
text through a variety of servers and routers owned by a variety of
people.  The rule of thumb is to not put anything in an email that you
wouldn't put on a post card in the regular mail.  (There are methods
to secure email, but, this currently applies to a minority of
messages).  So, while email is not believed to be collected and stored
for any lenght of time, it can be intercepted.

Second, the FBI (and possibly other intelligence agencies) have
techniques for gathering email from targeted users or machines,
including the use of CARNIVORE.  CARNIVORE can be added to an ISPs
mail system to gather email information.

Finally, in the cases you are referring to, it is possible that the
prosecutor or party to a legal proceeding asks to have email messages
subpoenaed.  In this case, the company could recover old messages from
mail servers, end user workstations, or archival backup media.  This
would be similar to requesting any type of document, except instead of
the information residing in a filing cabinet, it resides on a hard
drive or backup media.