U.S. K-12 Schools Must Comply With e-Discovery Rule

Lucas123 writes "K-12 school districts throughout the US have a daunting IT homework assignment over the summer: Develop systems that ensure their electronic documents, email and instant messages are in compliance with new federal e-discovery regulations, much in the same way corporations have been preparing over the past year. The new Federal Rules of Civil Procedure (FRCP) are expected to be widely enforced by the end of 2007, according to a Computerworld story. '"A lack of preparation could prove dire for K-12 school districts, which oftentimes lack technical proficiency, funding and legal expertise," said Robert Ayers, technology coordinator for the Kingston, Pa.-based Luzerne Intermediate Unit 18 school district.'"

E-Discovery?

[smartbei]

For those (like me) unaware of this terminology: (from TFA)

September 2005 updates to the Federal Rules of Civil Procedure (FRCP) require that electronic documents -- including e-mail and perhaps even instant messaging logs -- be available as evidence in civil court cases. Observers note that widespread enforcement of the rules will likely begin by the end of 2007, a year later than expected (see "New e-discovery rules go into effect in December ").

Re:

[mothlos]

Thank you. I would request that /. editors explain these sorts of things in the body of the news stub. It has always been a problem, but lately it feels like it is getting worse.

Mod parent up!

Re:Poor schools

[Technician]

Observers note that widespread enforcement of the rules will likely begin by the end of 2007

And those poor districts who barely can provide any computing resources are likely to fold their IT shop as too expensive to maintain due to the legal threat of non-compliance. It's why many schools have a metal and wood shop, most have dropped Drivers Education as part of the regular HS electives.

I took Defensive Driving Drivers ED in High School. Now that I have adopted kids entering HS, we just received a notifi

Heh..

[Anonymous Coward]

K-12 school districts, which oftentimes lack technical proficiency

In much the same way as birds oftentimes lack gills.

Not just schools

[Bender0x7D1]

It is important to realize that these rule changes aren't just for schools - they apply to every company in the U.S..

So, for those of you who are the entire IT department where you work, or if you run your own business as a consultant, (or some similar situation), you might want to pay attention to what is required regarding email and IM retention under the new rules.

Re:Not just schools

[RingDev]

Hey, if the President's IT Staff can lose e-mails, I'm sure the rest of us can too ;)

-Rick

Re:

[megaditto]

Are you seriously equating the President's IT Staff to the American public?

Well, for one, the President's IT staff are not suspected of evildoing!

Sure they are.

[FatSean]

You can say the sky is pink all day long, but I still see blue.

Re:

[mc6809e]

It is important to realize that these rule changes aren't just for schools - they apply to every company in the U.S.

Yep. And you can include local municipalities, unions, consumer groups, the AARP etc. -- All are corporations.

Re:

[DragonWriter]

So, for those of you who are the entire IT department where you work, or if you run your own business as a consultant, (or some similar situation), you might want to pay attention to what is required regarding email and IM retention under the new rules.

And you might want to get your information from (for instancE) a lawyer familiar with the rules, rather taking on faith the description of the problem from the PR department of vendors trying to sell "solutions".

Re:

[nurb432]

And soon private individuals. Just in case you might be a terrorist, or a IP pirate, or just an undesirable that needs to be tracked.

Re:

[PPH]

Our engineering firm is a subsidiary of a foreign corporation. They outsource all IT support functions to jurisdictions where the FRCP doesn't apply.

First, Sarbanes-Oxley pushes companies to list in overseas markets. Now this nonsense. Pretty soon there won't be anything left here.

Another law made by non-it people

[guruevi]

I am assigned to a committee to see how to implement these 'new' laws into our infrastructure. It's really amazing how incompetent these laws are. They require documents to be stored forever or to expire at a certain date, and as soon as it expires, nothing about the document is allowed to be found. So as soon as the document expires, somebody has to go through all backups, tapes, computers, usb sticks etc. and delete all traces of the document.

Not only is it near-impossible to implement, the only possible implementation would be a solution similar to DRM on media, which as we all know doesn't work, since you already have the content at that moment. Of course vendors like IBM and Microsoft would love to sell you their solution (that requires call-back to the central server which has to be accessible from both inside and outside the network (if you would like to use your documents elsewhere than within the office)) which not only costs a horrible amount of money, the implementation itself is flawed (as is any DRM-solution) and has so many requirements that managing and securing the solutions is going to be a major issue.

I think it's disgusting how companies and their lobby push for these impossible laws so they can sell their software.

Re:Another law made by non-it people

[yar]

The Federal Rules of Evidence aren't quite as unreasonable as people seem to think. IMHO, the article is overstating the effects of the newly implemented rules. Important things to remember are
A) Have a records retention policy, and
B) follow that records retention policy.
If you're a public school, you probably have a records retention policy already. Many schools don't follow those policies for electronic records like they're supposed to, but there's very likely one that exists. Applying records retention policies to electronic media has been a problem with many public schools and many government organizations. It doesn't necessarily require going through one of those vendors or using those tools- it does require planning.

IT people were definitely involved in the creation of these rules.

I'm not sure what you mean that nothing is allowed to be found- that's what the discovery rules address. The new rules of evidence provide ways to share or shift costs of finding that information. In the past, you would have to pay those costs. With the new rules, either those costs are shared, or if it truly would be very burdensome to recover that information, the company seeking that information could pay those costs.

Re:

[spiedrazer]

See my post below, but the HUGE point that everyone is missing is that the retention ONLY has to do with correspondance concerning ongoing legal action, or issues where it can reasonable be assumed that legal action may arrise! there is NO requirement to log ALL electronic commincations etc. in any way. Everything else this poster said about a retention policy etc. is true. Once you have a retention policy that deletes messages after x days etc. you do need to make an effort to START retaining messages b

Re:

[cayenne8]

"See my post below, but the HUGE point that everyone is missing is that the retention ONLY has to do with correspondance concerning ongoing legal action, or issues where it can reasonable be assumed that legal action may arrise! there is NO requirement to log ALL electronic commincations etc. in any way. Everything else this poster said about a retention policy etc. is true. Once you have a retention policy that deletes messages after x days etc. you do need to make an effort to START retaining messages bey

Re:

[yar]

I commented on your message below. ^_^ I agree with your statement that most of this is vendor hype. There is no requirement to log everything in the rules themselves, although there are logging/retention requirements in some laws- SarbOx, FERPA, etc. The shock to most public schools is going to be applying records retention policies to electronic media- something they had to do before, but many hadn't really realized it.

Re:

[cwgmpls]

the retention ONLY has to do with correspondance concerning ongoing legal action, or issues where it can reasonable be assumed that legal action may arrise!

Since the law covers potential civil litigation, not just criminal litigation, it would pretty much cover all correspondence between a school and families. A family can bring a case to civil court for any school action that the family feels harmed by, so the school will have to retain all electronic communication with students and their families.

Re:

[DragonWriter]

The Federal Rules of Evidence aren't quite as unreasonable as people seem to think.

The Rules at issue are the Federal Rules of Civil Procedure, not the Federal Rules of Evidence.

Re:

[yar]

Rules of Evidence are in the Rules of Civil Procedure- I was using them synonymously. Sloppily. :P

For I.T. people this can be generalised to

[Colin Smith]

Have a decent backup system.

You can usually define retention policies there. I'm pretty sure that while not quite as flexible or manageable as commercial systems, Bacula can define retention on a per job/filesystem basis. It can back up to tape, library and/or a BFO disk.

 

Re:

[walt-sjc]

No. Backup is not enough. Here's why.

Let's say that you have a nightly backup schedule. VP at ACME sends an email to his broker buddy telling about a pending acquisition. Both delete the emails from their sent / received folders to hide traces. No record, nothing gets backed up.

Archiving needs to be done at a much lower level, such as the gateway / email server / etc.

Re:

[Colin Smith]

In the case you mention, the logs of the mail servers would still be available on the backup media though the email itself may be gone, often the email system will retain deleted mails for a couple of days just in case they were deleted by accident, I know that UW-imapd will store deleted mails in a hidden namespace.

What you're saying essentially though is that the IT system has to prevent deliberate circumvention. Sorry, it's just not possible to be 100% leak proof. It's always possible to get round such m

Re:

[rtechie]

The Federal Rules of Evidence aren't quite as unreasonable as people seem to think. IMHO, the article is overstating the effects of the newly implemented rules. Important things to remember are
A) Have a records retention policy, and
B) follow that records retention policy.

You simply do no grasp how much of hassle this is. Many of these systems were not designed with retention in mind. How the hell do you implement this for IM and text messages? Hell, how do you implement this is Exchange? Exchange, and most mail servers, assume that users can silently delete their own emails. So, in practice, I would have to set up an nearly identical mirror server (it would need a lot more space, pray nobody in your organiztion uses attachments) which maintains copies for THREE years.

Let m

Re:

[yar]

Of course I have a grasp of how much of a hassle this is. I'm an IT person with records education. I don't know of any organizations which are fully compliant- particularly in education. It is a burden, but oftentimes a necessary one. Educational institutions have had to deal with this- I know of one university that was required to keep all emails during litigation for several months. That is a near impossible task. Systems were not designed with this in mind. But the Rules of Civil Procedure aren't what ca

Re:

[rtechie]

You don't seem to get my point. I *DON'T* think these sorts of laws are a public good because they are a huge waste of time and money. When even the White House, the most closely monitored organization on the planet, can casually flout these laws, what's the point?

These laws don't work with PAPER documents. Remember all the records shredded during the Enron scandal?

Discovery is discovery. Once you sue somebody you try to get what records you can (and hope people are stupid enough to write things down) and t

Re:

[yar]

Then I disagree entirely, and not just about your argument that it's identical to keep every phone conversation. It's not. As an IT professional, you can say that it might not be possible in your organization, but that's not the case for everyone- and these rules of civil procedure are partly about deciding who fits the bill for that type of situation. If it's unreasonable and burdensome for you to have to do it, the party seeking that information might very likely have to pay for it themselves, or at the v

Re:

[alcourt]

IT people were definitely involved in the creation of these rules.

I want to know what fantasy world you live in. In my experience, IT people are so rarely involved in policy at any given company that they might as well not exist.

Re:

[yar]

Texas.

To this issue, though, I know that IT people were involved in the creation of the Rules of Civil Procedure, because I had the brief opportunity to speak with some of the people involved in the court cases that led to these rules, as well as some of the people from the Sedona Conference(which releases guidelines and principles related to these rules as well as other issues). It is primarily legal professionals involved, but some of those people have pretty significant technological expertise, and they

Re:

[LuYu]

They require documents to be stored forever or to expire at a certain date, and as soon as it expires, nothing about the document is allowed to be found. So as soon as the document expires, somebody has to go through all backups, tapes, computers, usb sticks etc.

This sounds excellent. The schools can just make the storage policy 24 hours and have a nightly cron job that deletes any documents over 24 hours old. A script could delete any documents that are older than that when a USB disk was inserted (S

Re:

[Opportunist]

And what if Big Brother seizes those USB sticks and media (as they usually do) and stick it into a machine that isn't deleting expired items? And they'd have quite a good argument in "that's what a data miner would do".

Re:

[oyenstikker]

You are making the assumption that all data on any particular tape expires at the same time. If that assumption is not valid, then you've got a lot of work ahead of you.

Re:

[jedidiah]

If you've got that situation, you're already in trouble. You don't need any help from the federal government.

Re:

[NMerriam]

You are making the assumption that all data on any particular tape expires at the same time. If that assumption is not valid, then you've got a lot of work ahead of you.

Yeah, and the annoying USDA for some reason requires that we keep track of when meat is a certain age! The entire meat industry will collapse, because there's certainly no way to organize it in advance of storage or anything -- we just throw it all in a warehouse at random and pull out whatever is most convenient when we sell it! I'm sure

Re:

[Ctrl-Z]

It's interesting though, that real-word records management systems are not obtuse phone-home DRM systems. Most organizations that actually care about this stuff have people that, well, care about this stuff. And they have no problem going out and deleting the stuff that they need to delete when it needs to be deleted. They just need a system that tells them when to do what in order to comply with their policies.

Re:

[indifferent children]

Local control might have some issues, but at least its easier to hold officals responsible.

"Some issues"? My company has branches in 23 states. Do you have any idea how bad the federal rules would have to be before they were harder to comply-with than 23 different sets of rules, drawn up by 23 different sets of local yokels?

What good are logs?

[delirium of disorder]

Any Semi-intelligent person will use cleartext for official but non-confidential business at school and work, and encrypt any email or IMs that contain personal information or nefarious plans. If you are stupid enough to send something revealing over a public, corporate, or academic network, you DESERVE to get caught.

Hopefully as more and more people get caught for using cleartext, crypto will be the norm and all these laws requiring logging will become useless for law enforcement purposes.

Re:

[TheNicestGuy]

Hopefully as more and more people get caught for using cleartext, crypto will be the norm

In other words, you hope that some judge sets a precedent as quickly as possible for encrypted records to not count as "accessible"? Or better yet, that the justice department gets handed the statistics to convince a clueless legislature to outlaw encryption? I mean, if they're going to require these records to be discoverable in the first place, why wouldn't they require by law that prosecutors and judges can actually read them?

My understanding is that when the rules first go into effect, individual jud

Re:

[rtechie]

The post-9/11 political climate is definitely not the time for it to try, because as far as I know there's nothing constitutional to prevent Congress from killing it if they've got a reason.

Encryption is here to stay. People seem to forget that the biggest users of encryption are large corporations trying to ward off corporate espionage, prevent data theft by hackers, and protect intellectual property. Large corporations run the government and they want their shit protected.

Re:

[fallen1]

It would be nearly impossible for Congress to outlaw encryption - for individuals or for anyone else. Encryption is used in many forms and facets of life from SSL to PGP to bank data to private communication between attorney and client to file systems that encrypt saved files to etc, etc, etc. The exclusions that would have to be included in any law trying to ban or outlaw encryption use for individuals (using IM or e-mail) would, by necessity, be a tangled web that anyone could get around the new law. Maki

Re:

[RexRhino]

At that point, the government will simply outlaw encryption.

Re:

[Dan Ost]

If encryption is outlawed, only the government will have encryption.

Re:

[profplump]

You're assuming that I have the key. For interactive things like IMs I lose the ability to decrypt the conversation as soon as I close the window. My PGP key has a longer term, but I rotate them out at least once a year, and I don't keep the old one much after I've created the new one.

And as I read this law, there's no requirement that I keep such keys, so long as my self-directed data retention policy doesn't require otherwise.

Re:

[delirium of disorder]

Fucking nazi son of a bitch. I don't plan to be turned into the goatse guy just because you and your jack-booted bastard friends have turned everything, including my paid for by mysekf ISP into your dirty fucking little spies.

Actually, I'm an anarchist. I personally don't want government to have the right to look at private logs or to require schools or shops to keep logs. I don't even want there to BE any government at all! The State shouldn't exist! However, I acknowledge that there IS a government.

Electronic Amnesia

[mbone]

The only rational response to this 300 page regulation - not imposed, note, by any act of Congress - will be to delete immediately all emails upon reading (unless you are in an industry that already has requirements to store them). Good look for the historians of the future trying to decipher the history of the early 21st Century USA - the Courts required us to delete it.

Re:

[yar]

I think your post is the biggest worry that hasn't really been addressed yet by the business and legal community. In many ways, these actions encourage companies and government organizations to destroy information. I've seen that espoused by persons in the legal community at large industry conferences: have a strict records retention policy, and follow that records retention policy. There are many companies that offer just those services. Microsoft's new Office integrates with Sharepoint to enforce records

Why is this in the Fed's jurisdiction

[Raisey-raison]

I was wondering if someone could explain why this is in the jurisdiction of the federal government as opposed to the states. The schools are mostly state institutions. Is it the fact that the email 'crossed' state lines that makes all the difference? What if it is within one state? Does it matter where the severs are located?

Re:

[sgent]

It applies because schools can be sued in federal court. There is no real requirement here -- but if policies aren't in place, then in federal (and most likely state) courts any email not found can be held against you (assume the worst).

Re:

[Anonymous Coward]

More than that, but almost all public schools accept Federal funding. As a result, they have to follow Federal rules, or they lose said funding.

Neighbor, you've just taken a lot of words to avoid using the word "extortion".

Re:

[linguae]

Most public schools receive federal funding. In order to receive federal funding, you must abide by federal rules. This is one of those rules.

Yes, such federal funding requirements are used to bypass the Ninth and Tenth Amendments. For other examples, see the 55mph speed limit (before it got repealed), the 21 year old drinking age, the Clean Air Act and how it relates to highway funding, etc. (and all of the examples I gave are just in the realm of highway funding. There are plenty of other examples.).

Re:

[DragonWriter]

I was wondering if someone could explain why this is in the jurisdiction of the federal government as opposed to the states.

You want to know why the rules governing civil procedure in the federal courts are in the jurisdiction of the federal government as opposed to the state governments?

Great headline

[Timesprout]

Now I have visions of all these school kids being given ecstasy pills so that they can discover what drugs are about for themselves. When does the crack discovery program start?

some schools can't pay for good IT people much....

[Joe The Dragon]

less the hard ware and soft where needed for something like this.

look at that substitute teacher who was facing 40 years for pron pop ups most likely if the School had more or better IT people / payed for the web filter / had some kind of firewall and anti-spyware protections then this may of not happened..

Re:some schools can't pay for good IT people much.

[N3WBI3]

some schools can't pay for good IT people much....

The average school in the US spends about 6K per student some of the schools you might consider poor (lets look at DC) spend upwards of twice that. 12K per kid per year that more than double what many elite private schools charge usually only 70% of that (not the kind with ponies and security teams where diplomats send their kids those are in a league of their own).

So when someone says our schools cant afford this or that I have to wonder when a class of

Re:some schools can't pay for good IT people much.

[Kijori]

The average school in the US spends about 6K per student some of the schools you might consider poor (lets look at DC) spend upwards of twice that. 12K per kid per year that more than double what many elite private schools charge usually only 70% of that (not the kind with ponies and security teams where diplomats send their kids those are in a league of their own).

OK, firstly while the average school spends around $6k per child, this doesn't tell the whole story; the variance in the figures is very large. Suburban schools in New York spend between 10 and 19 thousand dollars per child, while inner city schools in Utah struggle to meet the $3k mark. The schools you might consider poor do not spend "upwards of twice" $6k, they struggle to raise half of it.

Your estimates for the costs of private education are just as far off as your estimates of the money involved in public schooling. I suspect you have been misled by figures bandied about in the school voucher debate - these tend to lump secondary schools with elementary schools and even free schools to bring the apparent price down to less than the cost of a public school. For example, an often quoted figure for private school cost is $3600 per child - this is arrived at by taking the average for secondary school, elementary schools, free independent schools and church schools - all designed to make the secondary school cost look low. In truth, the average fee level of a private secondary school is rather higher at about $5,500. The gap between the private and public sector can be explained by a few things, such as reduction in bureaucratic red tape and potential increase in efficiency, but also by their frequent status as charitable organizations soliciting donations that can increase this to meet the public level, and their selectiveness; if you don't have to deal with unruly or disadvantaged children you can cut costs heavily.

My final point is that you seem to underestimate the costs in the day to day running of a school rather heavily! Just taking into account the staffing takes your available funds down to around $4k per pupil (and remember the schools that only make $3k per pupil originally?). Then you have to buy computers, books, stationary and furniture, run activities, organize school board elections, pay for heating, lighting and water and provide a bus for disabled students who can't get in otherwise. Depending on your location security might be an issue. And your building and equipment don't last forever with thousands of children inside - you need to make it to the end of the year with some surplus in case someone's broken a telescope or put a broom through the ceiling. (Or get insurance - but that will of course cost more than the average year's renovation costs; that's how insurance works).

My point with all this is that schools don't have millions of dollars sitting around in a cupboard somewhere. They aren't choosing not to employ a team of network technicians, it's just that even a small technical staff - say 2 people - eats into your budget by around $80k year if they're good at what they do. That money doesn't appear overnight.

Re:

[rabiddeity]

The gap between the private and public sector can be explained by a few things, such as reduction in bureaucratic red tape and potential increase in efficiency, but also by their frequent status as charitable organizations soliciting donations that can increase this to meet the public level, and their selectiveness; if you don't have to deal with unruly or disadvantaged children you can cut costs heavily.

For that matter, why should public schools have to deal with unruly students at all? Under the curre

Re:

[Kijori]

For that matter, why should public schools have to deal with unruly students at all? Under the current system, there seems to be a belief that everyone is entitled to a free education, no matter what. The right to a free education extends just as far as it doesn't interfere with others' rights to a free education. If a student is habitually disruptive or destructive, at some point we should step back and say, "You've forfeited your right to a free education. You can reapply next year. Get out." It would keep our schools focused on education instead of crisis management. Right now, the worst we can do is shuffle a disruptive "student" between schools. This doesn't even attempt to solve the problem. Right now, one or two "students" can completely destroy the learning atmosphere in a class of 30. How is this fair? On one hand, there are kids who actually do want to be there and really want to learn. On the other, there are those in the classrooms that don't want to learn; let them leave. If they're impeding other students, make them leave.

This really is a difficult question to answer - I doubt we'll ever be sure what the solution is. Personally, I believe that everyone is entitled to a free education, no matter what. At the end of the day, these are children; they aren't mature enough to make reliably good decisions, and yet the decisions they make will have a huge effect on the rest of their lives. I'm a strong believer in personal responsibility, but I'm still not quite sure that the behaviour of unruly children is their fault - from my e

Re:

[N3WBI3]

Suburban schools in New York spend between 10 and 19 thousand dollars per child, while inner city schools in Utah struggle to meet the $3k mark.

You're right there is a variance but it is down right deceitful of you to tag 'suburban NY' as if to say that inner cities are not spending money. Lets look at DC arguably the worst school system in the nation which spend more than any state (per pupil) except NJ (13K per kid) or NYC, can you get more urban, at nearly fourteen thousand (only 2% less than the state

Re:

[Kijori]

You're right there is a variance but it is down right deceitful of you to tag 'suburban NY' as if to say that inner cities are not spending money. Lets look at DC arguably the worst school system in the nation which spend more than any state (per pupil) except NJ (13K per kid) or NYC, can you get more urban, at nearly fourteen thousand (only 2% less than the state average). UTAH as a whole does not spend much money per pupil at 5K per pupil (least in the nation) so picking out Salt Lake City and your example even bolsters my point. West High in Salt Lake city (the school district you mentioned) is one of the top in the nation

"West High School has been named the top high school in Utah and number 158 in the nation by Newsweek and the Washington Post.

Its not the dollars going into the class its how they are getting used.

First, I'd like to point out that variance is not the same thing as variation. I wasn't talking about the variation in the amount spent in terms of school quality, I was discussing the variance of the data; the level of deviance from the mean. My point wasn't to characterize Utah's schools as being of low quality, just to show that your point - that they had money to spend on technology - was unfounded. If you want to discuss quality of schooling in terms of money spent, though, you might want to use an ex

Re:

[N3WBI3]

My point wasn't to characterize Utah's schools as being of low quality, just to show that your point - that they had money to spend on technology - was unfounded.

Did it ever occur to you the reason UTAH spends less it because the cost of living and average salery in UTAH are incredibally low? You can hire a good IT guy for considerably less in UTAH than in DC

Re:

[Kijori]

According to Payscale.com a non-certified IT technician working for a school in Utah can expect about $33k a year. That's not a great deal less than my estimate, and to be perfectly honest the difference between $40k and $33k a year for a technician is largely academic for a school struggling for cash - there are simply better things to spend the money on.

Is there any reason you write "UTAH", by the way? As far as I'm aware it's not an acronym.

Small businesses

[Normal Dan]

It is becoming increasingly hard for small businesses to do any business these days. Not because they are being crowded out by the larger ones, but because one must higher several employees just to do all the paperwork required to run a business.

Now they have to log all electronic communication. Why? How is an email or test message any different than calling someone on the phone or meeting face to face? Will we have to bring a tape recorder to every meeting from now on? When will it end?

Re:

[CodeBuster]

When will it end?

When they pass the Lawyers' Full Employment Act...

Re:

[Torodung]

When will it end?

Hopefully, sometime shortly after the sun goes nova. Of course, federal law will require that all company communications be stored in "nova proof" boxes, for the children, before we all burn.

Death and taxes, meet your new friend: paperwork.

--
Toro

If your not a litigant in a federal court case....

[fatboy]

If your not a litigant in a federal court case, do these rules matter?

Re:If your not a litigant in a federal court case.

[yar]

If you have the potential to be a litigant in a federal case, then they matter somewhat. More to the point, though, is that state laws generally follow the federal lead on rules of evidence, so expect most states to offer similar rules.

Re:

[DragonWriter]

If your not a litigant in a federal court case, do these rules matter?

Yeah, well, you can voluntarily decide not to sue anyone in federal court, but its a lot harder to make the decision not to be sued in federal court stick.

Data DESTRUCTION policy....

[nweaver]

Rather than trying to archive everything, there is an important alternative, a data destruction policy. You can't discover what doesn't exist.

You just need to have the policy long in place before someone even thinks of suing you.

Re:

[DragonWriter]

Rather than trying to archive everything, there is an important alternative, a data destruction policy. You can't discover what doesn't exist.

You also can't present what doesn't exist as exculpatory evidence when you are sued.

Re:

[yar]

Most of these problems exist without these rules. These rules assume that you're already following the law when it comes to records and records retention. SarbOx, medical, privacy etc. and such for private companies, open records, public records, FERPA, etc. for schools and government organizations.

And the rules have provisions for when things aren't completely destroyed. That information can be recovered, if people are willing to pay to discover that information.

Can anyone tell me...

[Darundal]

...the reasoning behind the provision about expiration? I understand how someone could think that keeping copies of all documents is a good idea (assuming someone who has the technical literacy of a lamp post, AKA avg. govt. worker) but I honestly don't understand where the expiration provision would come from.

Re:

[yar]

Could you be more specific? What do you mean by the expiration provision?

Were's the P2P mail and IM apps?

[schwit1]

Sounds like an opportunity for the open source community.

Okay, but don't overreact

[JavaRob]

That article freaked me out. Sure, schools... it sounds like a tough situation for them -- but I hadn't even known this was happening for businesses.

I *am* a business. I have my own mail server. I don't think there's anything terribly interesting to the feds in there, but I'll be damned if I want them sniffing around my data!

Quick as a wink, I set up a script that purges and overwrites all stored email, every 5 minutes. Take that, G-man! I sat back in my chair with a satisfied grin.

10 minutes later, I checked for new messages.

It's all FUD!

[spiedrazer]

See My reply below, but the rules DON'T say you need to archive everything. It just says that you can't destroy evidence in an ONGOING legal action (or something you expect may lead to legal action)!

All the vendors of e-mail archiving hardware/software want us to think we need to archive everything, but that's just not the case!

Same here.

[pavon]

I don't know why all these people are complaining about the extra work forced on them by the government. Sure it took a few extra minutes to write an email purge script, but ever since then my work load has dropped dramatically. Every time I think that I have new work I just have to wait a few minutes and it goes away again. In fact my boss just came in to tell me that I don't need to come to work at all any more. Score!

Re:

[TeknoHog]

Take that, G-man!

I'm not too familiar with that term. Does it mean the person who reads your G-mail?

Applicable precedent?

[Phanatic1a]

Printz v. United States was the case that struck down major portions of the Brady gun-control bill. Appellants argued, and the court agreed, that the law's requiring state employees to engage in extra work in order to compose and retain documentation in order to appease federal law violated both federalism and the concept of a unitary executive.

This seems pretty similar.

Re:

[DragonWriter]

Printz v. United States was the case that struck down major portions of the Brady gun-control bill. Appellants argued, and the court agreed, that the law's requiring state employees to engage in extra work in order to compose and retain documentation in order to appease federal law violated both federalism and the concept of a unitary executive.

This seems pretty similar.

"Appease" is inappropriate here, the word is "enforce". Its important, here, because this law, unlike the Brady law, doesn't mandate state

ALERT! - This is all VENDOR HYPE!!!

[spiedrazer]

I manage the networks for a K-12 school district and I am being bombarded by this same info, most of it feuled by vendor FUD!! The Rules of discovery that everyone is referencing do NOT say in any way that all electronic communications need to be stored or archived in any way.

What the rules DO now officially state (which they didn't before last year) is that electronic communications must now be treated the same as traditional paper documentation.

Specifically, that means that you cant destroy any correspondance or record HAVING TO DO WITH AN ONGOING LEGAL ACTION/LITIGATION or that you can reasonaby expect may lead to litigation. For my organization, that is less than one percent of the volume of data I have. All the vendors are saying that we need to archive ALL our e-mails in a searchable database yada yada yada so that we can protect ourselves against some unknown threat that we may be found in violation of these rules. That simply isn't the case. We will be in trouble if we destroy evidenmce in an ongoing legal case, but that is about it.

What we DO need to do is insure that the HR department and others that typically deal with sensitive legal topics understand the rules, and that they should print out and save anything that they suspect could come back to bite us, like adverse personell actions. We also need to insure that building administrators do the same when it comes to discipline actions concerning students etc.

AGAIN, anyone who tells you that you NEED to archive/store ALL e-mail or other electronic documents is at best completely mis-informed (like most of the journalists parroting back the FUD)or at worst trying to scam you directly with their FUD.

Re:

[yar]

Very much correct. The rules of evidence are nowhere near as draconian as the article or vendors appear to be making them out to be. They actually improve the situation in many cases.

UPDATE!!!

[spiedrazer]

Now that I've read the article, you notice that it references "CommVault Systems Inc.'s " product's. They are one of the worst FUD machines, getting articles in e-School News and other publications to drive up business from K-12 IT shops that don't understand the rules. They even have the school district IT guy's spreading the lies by saying "By and large, in the past, [FRCP] rules really didn't pertain to [K-12 school districts like] they did to the Enron's of the world," Attiya said. "But now we are bei

Re:

[RexRhino]

If the law is that convoluted and unclear that the vendors are able to exploit it for FUD, it is a bad law.

Re:

[spiedrazer]

It's not a law, it's a rule of legal procedure, and it's not that complicated. It simply says that you can't destroy evidence, and that electronic documentation now counts as evidence. All the other details make allowances for if you do destroy something that you shouldn't have because you didn't know it was there untill someone asked for it. Say someone is suing you, and they tell their lawyer that they sent an e-mail to your company with XXX info on this date. You get notified of the action, and durin

I'm sure you are right ... but

[vtcodger]

I'm sure that you are right. But I also remember -- and I think you probably do also -- that when we first saw the Children's Internet Protection Act, it was not interpreted as requiring filtering. It just seem to require that schools think about how they were going to protect students from pornography and other 'harmful content' and come up with a policy. e.g. We aren't going to allow internet access except by staff and from a couple of teacher monitored PCs.

But somehow -- I'm not sure how -- with no

Re:

[cfulmer]

It goes a little beyond that. If there's an ongoing legal action, you may be subpoenaed to turn over all the documents related to it. Plus, you can be sanctioned for trying to hide one piece of useful evidence in a pile full of junk. The result is that when you've been sued, you suddenly have to pour through a ton of information. These tools are intended for organizations that get sued a lot, to help them in that task.

That said, I agree with your characterization of it as FUD. Often, this sort of work

Re:

[spiedrazer]

It is true that if you have a document, you need to turn it over. But what is also true is that if you have a stated document retention & disp[osal policy, and a document is disposed of as part of that routine action before a case is brought against you, you are 100% Ok to say "We no longer have that document because it was destroyed in accordance with our 60 day policy" and there is NO action that can be brought against you period. You need to turn over anything that has not yet been destroyed, but y

Why do we all have to become cops?

[Sloppy]

Without such capabilities, he said, "what are these people in these districts going to do when approached by law enforcement saying 'we need to know what John Doe did during third period on Tuesday?"

They ought to be able to say, "Beats me; we're in the education business, not the surveillance business. But good luck with your investigation."

People take Fed.waaay too seriously

[flyneye]

Basically the problem is federal funding.
It works like this.
We work and pay taxes to both federal and state.
State runs school on state taxes and gets federal grants.
Too many people believe the power of government flows from the Fed to the state to the people.
FACT: power flows from the people to the state to the fed.
Problem:Fed withholds funds(our taxes)if states aren't politically correct and cause liberal embarassment.
Solution:contact your state representative with your concerns about school funding.Contac

New rules aren't a requirement to save everything

[TheHappyMailAdmin]

A lot of media sources and technology companies are taking this to the extreme because a) scary news sells more ad space and b) scary news sells more servers.
Here's a link to the original document: http://www.uscourts.gov/rules/Reports/ST09-2005.pd f [uscourts.gov] [PDF file]
Focus on pages 24-36 of the pdf, which discusses the background of the new rules, and 103-240 which include the actual regulations. The new e-discovery rules do not require everyone to keep copies of everything forever.

Note that the full 332 p

Whitehouse email...

[flyingfsck]

OK, so now everybody has to be able to lose email just as efficiently as the Whitehouse?

Re:

[yar]

You don't have to log everything. You have to abide by your records retention policies. You are required to log some things, by records laws, but not by the rules of civil procedure. The only situation where you might have to log more than you ordinarily would is in the case of a litigation hold, when you're party to a lawsuit.

Re:

[spiedrazer]

read my post below, but this is mostly FUD to sell e-mail archiving gear! The rules just say that you cant destroy data On An ONGOING LEGAl ACTION!! it's basically just officially extending the 'you can't destroy evidence' rule to electronic communications as well. You can destroy all your stuff whenever you want as long as it isn't about a pending legal case. All the other details (retention policies etc.) just clarify what is punishible or not punishible if it is found that you did destroy stuff after

Re:

[computational super]

We need a new political party.

Here's [lp.org] one. The problem is, they've been around for decades, and have yet to make any inroads into government. We know whose fault that is... as George Bernard Shaw said, "Democracy is a device that insures we shall be governed no better than we deserve."

What's .. Bush .. got to do .. got to do with it?

[Ungrounded Lightning]

So much for the conservative republican President's desire to keep govt. out of our lives. What a lying sack of shit he is!

The PRESIDENT? What's the PRESIDENT go to do with it?

Quoting Wikipedia:

The FRCP are promulgated by the United States Supreme Court pursuant to the Rules Enabling Act, and then approved by the United States Congress. The Court's modifications to the rules are usually based on recommendations from the Judicial Conference of the United States, the federal judiciary's internal policy-making body.

Internal rulemaking by the JUDICIAL branch - the supreme court and their hirelings - with concurrence from the LEGISLATIVE branch. The EXECUTIVE branch isn't even in this loop.

Are you faulting Bush for failing to stage an unconstitutional armed intervention into the inner workings of the Supreme Court?

Re:

[DragonWriter]

Internal rulemaking by the JUDICIAL branch - the supreme court and their hirelings - with concurrence from the LEGISLATIVE branch. The EXECUTIVE branch isn't even in this loop.

Yeah, its not like the Executive has any role in selecting who is in the judiciary or anything like that.

Re:

[BlueScreenOfTOM]

Clearly you did not get the /. memo:

Anything and everything wrong in the United States is in some way tied to President George W. Bush. The President is the root of all conspiracies in the world, including, but not limited to, all technical conspiracies. From this date forward, there shall be NO Slashdot article related to a conspiracy theory without mention of The President.

In addition, those posting about said conspiracies are required to mention The President's "apparent lack of I.Q.", but may in no way tie this to the paradox created by assuming that someone with such an "apparent lack of I.Q." is smart enough to be the root of all conspiracies.

I hope that clears things up for you.

Re:

[Ungrounded Lightning]

Clearly you did not get the /. memo: ... I hope that clears things up for you.

Why, yes, I did miss the memo.

So they DID elect him the official scapegoat:

- If invaders try to conquer Iraq, it's Bush's fault.
- If the Democrats raise taxes, it's Bush's fault.
- If the Supreme Court changes the rules of procedure, it's Bush's fault.
- If there's a hurricane in Timbuktu, it's Bush's fault.

Of course Bush wasn't there when they elected him scapegoat. But that's Bush's fault.

That upper-leg tick really needs attention.

[Ungrounded Lightning]

Ah, President Bush. I thought I smelled your foul stench.

Federal Rules of Civil Procedure are promulgated by the Supreme Court (and written by their employees), after receiving a Congressional rubber stamp. Bush and his whole branch of government aren't even in the loop.

But somehow it's Bush's fault, right? Did you elect him the official scapegoat? (If you get a cold it's Bush's fault. If the Supreme Court promulgates a rule you don't like it's Bush's fault. He wasn't there for the election - but that's HIS fault.)

You really need to get medical attention for that jerking knee.

Re:

[DoofusOfDeath]

Yeah ok, that's fair.