The technical details of each system vary, but all cater to a “Mission Impossible”-style fantasy in which secret messages disappear after a short time, never to humiliate, contradict or indict the sender. The cost: about $3 to $5 per employee. This summer QVtech and Disappearing will offer e-mail software that works with Microsoft Outlook to keep messages secure (QVtech’s also works with other e-mail clients). Outlook users simply click on a button to generate encrypted e-mail readable only by the designated recipient, and only for as long as the sender chooses. After the time limit expires, a message becomes unreadable and can’t be retrieved. The content is inaccessible although it may remain on the hard drive of the recipient, the hard drive of the sender or a network server-depending on where it was saved. ZipLip, which launched its service a year ago, doesn’t send out e-mail directly. Instead users store encrypted messages on the company’s secure server. Message recipients then get an e-mail directing them to a specific URL where they must type in a password (previously arranged, typically by telephone) in order to read the message, which is later destroyed.
Of the three, QVtech is courting the most paranoid clients by promising vast control over e-mail carried on internal networks. The company claims its Interosa software prevents mail recipients from forwarding, copying or printing the mail they receive. Especially twitchy execs can require that all e-mail be filtered through Interosa, so that any messages going to a law firm, for example, get automatically encrypted-or that any internal messages sent to a competitor arrive in unreadable form. Concerned about a fired employee’s laptop full of confidential e-mail? No worries, says QVtech. The messages automatically check to see if an employee is still on the approved list back at the Interosa mail server before decrypting the data.
Disappearing Inc. and ZipLip presume a less treacherous world, assuming that confidential communications occur between people who won’t spill the beans. The possibility of eliminating all traces of a potentially damaging message has got to be an appealing vision to any CEO who watched Bill Gates get blasted in court because of internal Microsoft e-mail, which was widely publicized during the Department of Justice investigation. “After the Microsoft case, companies are going to be very careful what they put in e-mail. If there are tools that can help e-mail privacy, they will sell,” says Chris Selland, a vice president with the Yankee Group, a market-research firm in Boston. But self-deleting e-mail may be an illusion. It’s difficult to prevent e-mail recipients from saving the information in some form if they really want to. (Spy camera, anyone?) “Against a knowledgeable user, none of these systems will work,” says Bruce Schneier, a security expert and the founder of Counterpane Internet Security in San Jose, Calif. “Digital information can be copied.”
And even when the programs do work properly, a skilled investigator may be able to uncover tracks of vanished data. Kenneth J. Withers, a Washington, D.C., attorney and computer forensics expert, warns that traces remain even if the content itself is unreadable. During litigation, the traces of deleted e-mail may be more damaging than the contents of the actual messages, says John Jessen, whose Seattle-based Electronic Evidence Discovery firm works with attorneys to recover electronic information. “What’s worse than looking at the traces of a suspicious- looking file that’s been erased?” he asks. Several e-mail companies encourage their customers to make use of encrypted e-mail as part of an overall electronic- records management policy to reduce the liability that e-mail can represent. Withers is skeptical that the e-mail companies mean it-or that customers will actually do it. “It’s kind of like the cereal companies, which always present cereal as part of a balanced breakfast,” he says. “But who eats the balanced breakfast? They eat the cereal because it’s quick and it’s easy.” So, here’s the bottom line for corporate James Bonds: follow the manufacturer’s instructions, or a losing court battle could make disappearing e-mail an especially expensive executive perk.
