In late 1986, the White House was on the cusp of a huge scandal involving Iran-Contra, a complicated and illegal program to sell arms to Iran and route the proceeds to the Contras, a guerrilla organization dedicated to the overthrow of Nicaragua’s leftist, Sandinista regime. To try to destroy incriminating evidence, National Security Advisor John Poindexter and his assistant, Lieutenant Colonel Oliver North shredded the paper trail and methodically set out to delete all of their emails related to the program. When done, they felt confident that they had erased anything that could have tied them and the White House to the illegal program. But that was a false confidence.
Unfortunately for the two of them, backup tapes of the email had been made, and the FBI was able to recover their emails to reconstruct much of the events that had happened. The contents of many of these emails became public during congressional hearings and, literally, the secrets Poindexter and North had tried so hard to erase ended up on the front page of the Washington Post.
Thereafter, savvy email users knew the scandal’s lesson: don’t put anything in email you wouldn’t want to see on the front page of the Washington Post.
This lesson gets forgotten, even by the most tech-savvy, although they get reminded of it periodically. Emails can leak not just through the FBI rummaging through your backups in a criminal investigation, and not just in a spectacular cyber attack like at Sony, but through the ordinary course of discovery in legal proceedings. In September of 2005, Google’s chairman Eric Schmidt sent an email detailing a conversation he had with eBay’s then (and HP’s now) president Meg Whitman where she complained about Google’s trying to recruit an eBay employee. Schmidt directed Google HR to fire the recruiter and “fix this problem” of competing with other tech companies for talent. He intended for the email to remain secret, but through the process of legal discovery it was made public. And thus it was exposed that huge tech companies were colluding to depress wages in the bay area.
When we consider the Sony hack, it is all reprehensible. And a company can reasonably hope that its employee data and corporate secrets will remain confidential. But the one thing that no company should assume is that if they discuss matters, in email, that potentially expose the company to liability that those emails will not be made public at some point. The emails probably will not become public, but the chances are non-zero. And the more reprehensible the email, the more likely it will be scooped up in discovery for some sort of lawsuit.
When the Sony executives went on to make racially disparaging remakes about the President, or comment on how female actors were paid less than lesser male actors, these comments might be fodder in discrimination suits. When they discuss actors and directors in unflattering terms, those emails could be surfaced in a legal battle with those people. Odds are very high that, absent the hack, some of those emails would have surfaced in a lawsuit.
Email may represent only a fraction of the total collection of documents stolen from Sony and released by its hackers, but the lesson here is that the release of embarrassing emails is not a rare, one-off event. Prudent businessmen and women would have known to be cautious in their comments in email and to make riskier comments in ephemeral conversation.
Of course, now they do.