2004-06-24

Hansell, Saul. Two Arrested and Charged in E-Mail Theft. The New York Times. June 24, 2004.

AOL engineer stole 92 million e-mail addresses and sold them to spammers. He and an accomplice were charged with violating the new federal antispam law.

2004-06-23

O'Reilly, Dennis. Is E-Mail Doomed? PC World. June 21, 2004.

More discussion around SPAM and phishing (internet scams and fraud ... see Anti-Phishing Working Group site for more info) and their effect on corporate e-mail. Suggestion that solutions could include move away from e-mail to IM-based technologies, increase in encryption technologies or similar.

Callaghan, Dennis. Exhibitor Shortage Puts Brakes on Comdex. eWeek. June 23, 2004.

If you were planning on attending Comdex Nov. 14-16 in Las Vegas, it's been "postponed".

2004-06-22

New Blog on Exchange & Security: At the Sharp End

Paul, Missy and the gang have recently launched a blog for 3sharp ... check it out at http://www.3sharp.com/blog/. Will touch on Exchange issues, security issues and occasional ramblings about Missy's experiences working from her home office. :-)

McGuire, David. E-Mail Companies Seek Spam Solution. Washingtonpost.com. June 22, 2004.

Article on today's announcement by the Anti-Spam Technical Alliance, essentially discussing various ways of identifying e-mail senders. One options relies on using header information including reply-to and SMTP gateway IP. Another depends on digital "keys" to verify an e-mail's authenticity.

2004-06-21

Hankins, Michelle. Will Sarbanes-Oxley Force Tighter Integration Between Inventory and Financial Systems? Billing World & OSS Today Magazine.June 2004

Interesting dicussion on reconciliation of inventory reports with financial reports. Touches on OSS. Billing World and OSS Today Magazine: " The Sarbanes-Oxley Act of 2002 places greater emphasis on accuracy of a company's financial reports, putting more stress on the finance department to understand the true picture of a company's inventory and assets. The implications for executive level management for poor financial reporting that are spelled out in Sarbanes-Oxley may drive inventory and financial integration projects in the near future. "

2004-06-20

Hansell, Saul. The Internet Ad You Are About to See Has Already Read Your E-Mail. The New York Times. June 21, 2004.

When Google announced in April that it would test a free Web-based e-mail service that offered users vastly more storage space than its rivals, it introduced one twist - the ads that users see when they read their mail would be related to the subject mentioned in the message...

2004-06-16

[Vendor Press Release] Entrust to Acquire Advanced Content Scanning Capabilities. Entrust. May 19, 2004.

Entrust is entering the fray of e-mail content-level scanning and policy enforcement per their acquisition of AmikaNow! technologies and assets.

McCullagh, Declan. The upside of "zero privacy". Reasononline - Database Nation. June 2004.

Reason: Database Nation: The upside of "zero privacy": "Not content with existing rules, privacy activists have been pressing for more regulations targeting U.S. businesses. Their recent successes include the 1999 Financial Services Modernization Act, better known as Gramm-Leach-Bliley, which regulates the data collection practices of financial services firms. The law has resulted in millions of disclosure statements mailed to consumers, who routinely ignore them. Then there's the Health Insurance Portability and Accountability Act of 1996, which regulates medical care providers. Credit bureaus are covered by the Fair Credit Reporting Act. More efficient and less burdensome are the state laws known as privacy torts. Those punish snoops who pry into someone else's private affairs, anyone who publicly discloses embarrassing private facts, and publicity that shows someone in a false light. Jim Harper, a former Capitol Hill staffer who runs the advocacy site Privacilla.org, says left-leaning privacy advocates have willfully ignored state privacy torts when arguing for more-intrusive regulations. 'Privacy advocates and others have helped to foster the impression that there is no law protecting Americans,' Harper says. 'This is a violation of the trust that many have placed with them. Substantial criticisms of the privacy torts can be made, but they should be made directly, rather than by telling the press, the public, and public officials that no privacy-protecting law exists in the United States.'"

Atlas, Adam N. The Impact of PIPEDA. Globetechnology. June 2, 2004.

Good article on a new Canadian privacy law called the "Personal Information Protection and Electronic Documents Act" (PIPEDA) which went into effect on Jan. 1, 2004 and applies to all businesses and individuals in Canada. Essentially all personal information concerning Canadian or US citizens is protected under the Act. "... PIPEDA prohibits the collection, storage and disclosure of 'personal information' without the appropriate express or implicit consent from the individual concerned. Personal information is any factual or subjective information, recorded or not, about an identifiable individual. Privacy law in the U.S. is not as evolved as it is in Canada or the EU. Personal health information in the U.S. receives protections similar to those under PIPEDA under the U.S. Federal Health Insurance Portability and Accountability Act (HIPAA). In the financial services sector businesses are required to maintain privacy policies (as is the case with PIPEDA), under the U.S. Federal Gramm-Leach-Bliley Act. Where a U.S. business is found to be in violation of its published privacy policy, it can be liable for unfair or deceptive acts or practices in the marketplace under the U.S. Federal Trade Commission Act, the US equivalent of our Competition Act (Canada)."

Sturgeon, Will. Cheat Sheet: Sarbanes-Oxley. Silicon.com. June 10, 2004.

Good high level summary on SOX. Cheat Sheet: Sarbanes-Oxley - printer friendly - silicon.com: "So every file, every email, every IM, every phone call is going to have to be recorded? That's been a lot of people's gut reaction, according to Mark Ellis, CA's director of storage and information management, but it's not quite so extreme. Many companies just assume as long as they do that they will be compliant with that aspect of SOX - which is true, if a little naive regarding the storage and logistics implications of such thoroughness. Ellis describes this reaction as being 'like a rabbit caught in the headlights' and explained that 'people need to know what they must keep'. 'Legal compliance is not about what you need to keep, it's about knowing what you can delete,' he said, imploring companies to find out more about the complicated legislation. "

Schwartz, Ephraim. Sarbanes-Oxley will require a message-storage rethink. InfoWorld. June 11, 2004.

Another good article [driven by EMC's big marketing push of late]. Good quotes: "Traditionally, government regulations don’t specify exactly what a company’s policy should be, but they do specify that if there is a policy in place, that policy must be adhered to. The problem is that, even if a company implements a policy stating that it does not retain e-mail, not every organization will be capable of enforcing such a policy. If compliance auditors find one or two employees who have saved e-mail on their notebooks, there’s a good chance that the auditors will want to look at everybody’s PC. As a result, like it or not, companies will need to retain e-mail as a matter of policy. On average, each user generates roughly 10MB of e-mail data per day, and that figure is forecast to increase to 44MB per day by next year, according to AMR Research."

CIO fails Sarbanes-Oxley. IT-Analysis.com. June 15, 2004.

IT-Analysis.com - CIO fails Sarbanes-Oxley: "Apparently a very large American corporation, who I will not name, asked their internal audit department to review their compliance with Sarbanes-Oxley (SOX), especially section 404 which starts to kick in this year. They failed through lack of controls in the IT department and now the CIO's neck is on the block."

Kopytoff, Verne. Cyber attack interrupts Internet services. SFGate.com. June 16, 2004.

If you couldn't get to Google yesterday, here's why. Cyber attack interrupts Internet services: "However, others said the incident had the hallmarks of a denial-of- service attack, a relatively frequently used technique to disrupt Web sites. Such attacks are often the result of a hacker surreptitiously taking control of other people's computers, then using them to overload a target with data or electronic requests. "

First mobile phone virus strikes. itv.com. Jun 16, 2004.

Interesting. "A computer virus that can infect mobiles has surfaced for the first time. The virus, called Cabir, infects the Symbian operating system that is used in several makes of phone, including Nokias, and spreads through the new Bluetooth wireless technology. "

2004-06-11

Garretson, Cara. Compliance costly. Network World. June 7, 2004.

Results of annual Network World 500 survey are released in this article. About 60% of respondents said ensuring compliance with regulations over the next 12 months is "extremely important," while only 2% said the issue isn't important at all. This was the first year this issue was raised in the survey, which was conducted jointly by Network World and Research Concepts and polled 500 network IT executives. Nearly half of the respondents said they will upgrade their applications or purchase new applications this year to ensure compliance with regulations, including the Health Insurance Portability and Accountability Act (HIPAA) and the Sarbanes-Oxley Act. IT executives also are examining data-handling processes and information storage to be sure their operations are up to snuff because such laws can be particular about how corporate information is to be handled and kept.

Hayman, Russell et al. A General Counsel's Guide To Avoiding "Obstruction Of Justice" Liability. McDermot WIll & Emery. June 9, 2004.

This is a really good article that defines in legal terms what is meant by "obstruction of justice" and what the relevant technical implications are for corporate IT departments and, specifically, for Sarbanes-Oxley related incidents. A series of "best practices" recommendations is at the bottom of the article.

Kedrosky, Paul. Next Big Thing: Clean up the Inbox. National Post - Financial Post. June 7, 2004.

Great recent article touching on Sarbanes-Oxley and e-mail. Some quotes ... National Post: "One 1996 study by the Association of Computing Machinery found that subjects had, on average, 2,482 messages in their inbox; they had only an average of 858 items filed in folders. In other words, for every message they had gotten around to filing they had roughly three messages strewn about in their e-mail inbox. I know people like that. One colleague has a few thousand e-mails in his inbox, most of which are months (even years) old. He almost certainly can't find anything in that mail morass, so I'm guessing he keeps it there largely for a feeling of security. Deleting things feels rash, so you might as well keep it -- just in case. Why have we reached this e-mail impasse? Largely because e-mail was intended to be a communications medium; it was supposed to be the electronic equivalent of a brief hallway conversation. Instead it has become something else altogether, a Swiss army knife of the Internet, with responsibilities ranging from communications to personal archives and task management. But e-mail does most of those things poorly. Filing is too hard, tasks scroll off the screen in an ever-filling inbox, and personal archives in e-mail are almost entirely unsearchable. Increasingly, this has consequences. Companies lose sales because leads get lost or accidentally deleted; lawyers lose correspondence in important cases; software vendors worry about vexing e-mails hiding in dark corners; and technical support people lose track of ongoing discussions with frustrated clients. It will only get worse. People are increasingly reliant on e-mail, and they will be more so once the spam problem is reduced -- and once Sarbanes-Oxley's e-mail-retention implications are better understood."

Shropshire, Corilyn. Taming the information age: CIOs join ranks of upper management. Pittsburgh Post-Gazette. June 10, 2004.

More coverage of the CIO Forum and Executive IT Summit held this week ... sessions included those focused on Sarbanes-Oxley. Taming the information age: CIOs join ranks of upper management: "Agnoli, Lahr and Brown this week traded tips and insight on doing their jobs at a panel discussion at the CIO Forum and Executive IT Summit, a two-day conference of local CIOs that ended yesterday at the Sheraton Four Points Conference Center in Cranberry. Challenges ranging from managing wireless data to dealing with computer security and the sometimes obscure Sarbanes-Oxley Act that guides corporate governance were among topics discussed. "

Norton, Rob. The SEC's Top Cop Is Watching You. Corporate Board Member Magazine. Special Legal Issue 2004.

: "Approximately how many companies and individual directors are currently under investigation? The Enforcement Division does not track the number of companies or directors currently under investigation. However, the commission has filed an increasing number of enforcement actions relating to financial fraud or reporting violations over the last several years. For example, in fiscal year 2003 the commission filed 199 such actions, up from 103 in fiscal year 2000. Moreover, in the first half of the current fiscal year the Enforcement Division opened approximately 125 new investigations relating to potential financial fraud or reporting violations. Such matters continue to be among the commission�s highest enforcement priorities."

Massaro, Kerry. Back to Basics: Reliability, Integrity and Customer Focus. Wall Street & Technology Week. June 10, 2004.

Some great quotes in here ...Wall Street & Technology > WST Week > >: "'We're in a bull market in new regulations, which has led to new costs. At the same time we've had market declines, industry revenue declines and industry confidence declines,' Lackritz told the audience. 'This has resulted in what we have today -- a spotlight on compliance,' he said. Reviewing the new regulations, he listed Gramm-Leach-Bliley, the USA PATRIOT Act, global settlement and research analyst regulations, Sarbanes-Oxley, Basel II and the mutual-fund regulations that the Securities and Exchange Commission is now considering. With all of the new regulations at which the industry is throwing time and money, how can the industry keep its head above water and still innovate? Lackrtiz acknowledged that it's not easy. He suggested, however, that technology managers embrace their expanded roles. No longer are they just partnering with the trading and sales teams or operations staff. Today, the technology manager has to partner with the legal team, he said, and he or she 'must be aware of so many other things that are happening in the industry.' 'Every place you go, people are talking about all these new regulations, while budgets are being squeezed. Now the market is just starting to turn around, CTOs also have to deal with compliance, business-continuity planning, identity theft, e-mail ... there are a slew of things that they have to keep up with,' Lackritz noted in the pre-keynote interview. "

Boulton, Clint. EMC Aiming For 'Proven' Compliance. Internetnews.com. June 7, 2004.

Interesting article on "proven compliance" which is becoming a new buzzword in the industry. Having mechanisms set up for journaling or otherwise archiving specific e-mail content is no longer being deemed sufficient ... companies and vendors are being tasked with actually proving end-to-end compliance for their regulatory enforcement processes and technologies.

2004-06-10

Toh, Ann. Reaching Integration Nirvana. CIO Asia. June 2004.

CIO Asia - Issue - Reaching Integration Nirvana: "The technology today allows you to comply to the Sarbanes Oxley Act and that may not be relevant to a lot of people here but if they want to list on the U.S. stock exchange they have to comply. Compliance is coming into this which is forcing the interaction of unstructured data with structured data. We can't use an investment model and build ROI based on that but we can certainly address the compliance issue today. "

2004-06-08

Simpler-Webb - Exchange Resources New Site

FYI the Exchange Resource Center maintained by Simpler-Webb has been refreshed with a brand new look and feel. Nice site!