There seems to be a lot of rhetoric circulating in the political stratosphere concerning emails, email servers and the subsequent administration of all of it. As someone that has been working with the email beast since before the turn of the century, the bigger question is not being addressed. But, we will get to that.
An email server is simply what it sounds like: it is a physical computer with a lot of glorified extra parts that make it beefier to perform 'server' tasks, have some physical redundancy built into it, and run some kind of email software. They are fairly easy to build and implement, and there are plenty of YouTube videos that can assist you through your install. Moreover, you can have Google, Yahoo, GoDaddy or a whole bunch of other companies 'host' your email server for you. Honestly, in this day and age, you could have your own domain and your own personal email address and be sending and receiving email before lunch.
So far, we have covered personal email. Here is where the real questions of email management begins. How long is your retention period for deleted emails? How do you share and sync calendars? How do you connect with your mobile device? What do you do about spammers? How can you make sure that no one can use your address to perform spamming? And these are only the very few of the myriad factors that have to be addressed when hosting, administering and managing email servers. There is so much more, but I will not bore you with those details. I see you dozing off already.
However, when it comes to storage and retention policies, this is where you need to pay attention. After being with a company that went through a federal raid (that's right, the FBI came knocking on our door complete with search warrants, hand carts, and guns), I learned a little something about data retention policy. First and foremost, if your company has a policy for keeping data for a certain amount of time (let's say 7 years), then when any audit or federal raid comes barging in, you had better have those 7 years of data.
Moreover, if you have an email policy of deleting emails older than one year off of your servers to allot for your storage needs, then you had better not have some executive that wants his or her email retained for more than one year on that server. Because, if you do, then you had better have all the email that is older than one year available for all employees. The feds were very precise about making sure that companies follow their policy.
After retention policies, now throw in having to be compliant. The big two are HIPAA compliance and Sarbanes Oxley (SOX). HIPAA is about the protection of medical information and making sure that all Patient Health Information (PHI) is as secure as possible. Basically, if any communications between email servers have PHI in them, then the email must be encrypted and that server has to have all the security patches, updates, etc.. etc..
Sarbanes Oxley (introduced in 2002) put in place by the SEC and Congress for publicly traded companies to ensure that no tomfoolery of insider trading or any other unethical practices are taking place (thank you Enron), also added more rules, regulations and a five year retention of email of senior management. Essentially, senior management cannot decide to shred documents and offload email suddenly when the feds come rolling in.
Okay.. those are the basics.
Take all that has been presented and roll back to the Patriot Act of 2001. This was at a severe heightened time of security and scrutiny of all our communications - replete with copious amounts of controversy and hyperbole about keeping us safe. Given the urgent and timely push behind the Patriot Act, this would have been the perfect time to create proper rules and protocols for how the governmental departments and agencies conducted their email communications betwixt one another. Put it this way, the Secretary of State had his email hosted by AOL at the time. AOL - the "you got mail" people. Think about that. This was not an email server being maintained by an internal staff checking for viruses, hackers or if the accounts on it were compromised. Our national security was in the hands of the AOL.
Here is the big question: how come the number one method of communication (next to a telephone) was completely overlooked in the drafting of the Patriot Act? Keep in mind the Executive administration eventually deleted some 22 million emails. And because no policy or protocol was in place, they did nothing wrong.
Fast forward to 2016, and we are still devoid of policies and/or protocols concerning the maintaining and administration of email in the government. This means that any government official can host their own server (with AOL, if they want), can delete whatever they want, have no retention rules, and can easily be hacked. And there is not a governing body that can do a thing about it. However, if Congress is deciding to pass laws and create policies now and wanting to play retroactive policing, then they had best go all the way back to 2001. But why now? (Rhetorical question.)
Ergo, whenever we hear all this talk about improperly deleted emails, illegal email servers, or anything else related to the matter of emails utilized by government folks, remember that the powers that be had their chance to create real policy and protocol in 2001: but, they decided, for whatever reason, that it was best to go down to Circuit City and get more AOL disks to keep their email solutions afloat.
The point is, they obviously know how to legislate email when it comes to the rest of us (kind of like healthcare)... but when it comes to their own email, the rules do not apply. And that is why the 'email trials' will continue to go nowhere: no laws were broken, because no laws exist in which to break.
