When ousted Barclays CEO Bob Diamond says he felt “physically ill” reading e-mails of his traders crowing over interest rate manipulation, he is almost certainly telling the truth. The veteran banker says it was the first he knew that employees had worked to artificially inflate the London interbank rate LIBOR. Whatever the reality, he must have realized that the saved messages – with employees glorying in their activities and promising each other champagne – could only add to the damage.
Businesses, governments, individuals and institutions around the world are all gradually waking up to the same realization. In the 21st century anything written down electronically, even in confidence, can be stolen or subpoenaed and come back to haunt the writer – and others – years later.
The Barclays scandal which cost Diamond his job seems only the tip of the iceberg.
“E-mail, Twitter, texting and the rest all intuitively feel like short fuse ephemeral communications – a quick word in passing, if you will,” says John Bassett, a former senior official at British signals intelligence agency GCHQ and now a senior fellow at London's Royal United Services Institute. “Yet as soon as we push the send button, these communications take on an enduring digital permanence that means that in effect they never quite go away.”
As the US government discovered with Wikileaks, huge volumes of information can be lifted in a single go by one determined and skilled computer user. Sophisticated algorithms and search programs can strip through millions or more files in seconds rather than the weeks it might have taken for a team of human specialists.
Alternatively, the whole dataset can simply be dumped on the web or handed to newspapers and other media outlets, as Wikileaks did this week with thousands of Syrian government e-mails including negotiations with Western arms firms. The danger does not just come from hackers or criminals. Plenty of companies have been legally required to surrender huge volumes of electronic documents to national authorities or legal adversaries.
Already, practices are changing as a host of professionals learn what it takes to stay off the grid.
Getting a bit risque
Telephone calls, they realize, may well be safer than e-mail – although in many companies, landline calls are already recorded. Even if mobile phone calls are not, the service provider meticulously records who dials who and how long the conversation may last. Even the simple act of signing a visitor into a building is often now stored for ever in an electronic vault, easily extracted by law enforcers, legal challenge or, for some governments at least, a “Freedom of Information Act” request. But there are always new techniques.
In Washington DC, political operatives say a branch of Caribou Coffee near the White House has become the standard location for administration staffers to meet lobbyists they would rather not sign in to the West Wing.
Around the world, cafes, trade fairs and the corporate areas of major sporting events have all become venues for frenetic, serious – and largely unrecorded – conversations.
When traders and others in large financial institutions now want to discuss a matter privately, insiders say they often use a simple code: “LDL”, or “let's discuss live”, a request for a face-to-face meeting.
“We work with a daily awareness that email archives are legally recoverable ,” says Kevin Craig, managing director of London-based company Political Lobbying and Media Relations (PLMR). “We tell clients that e-mails are incredibly vulnerable… If your communication is not legally privileged (such as between a lawyer and client), think very carefully about writing it down.”
Some companies offer ways in which staff can communicate electronically without any record being kept. The US firm Vaporstream, for example, offers systems that guarantee messages cannot be forwarded, saved or later recovered. Others offer to wipe databases and make sure e-mails are truly permanently deleted – although the deliberate destruction of evidence can be distinctly legally dubious. Even then, companies will often find e-mails have been already forwarded outside company systems to personal e-mail accounts.
“The ability of e-mails to surface at a later date is, for a variety of reasons, increasing,” says Anthony Dyhouse, a cyber security expert for British defense firm QinetiQ. “They are not transient. They have no half life and they do not degrade… when viewed after a period of several years – and (with) changing politics, the original content can suggest an entirely different meaning.”
The cost of being caught out by the contents of one's electronic footprint can go well beyond simple reputational damage – although that alone can be considerable.
Diplomatic sources say U.S. officials are still working to reassure their contacts that confidential discussions will remain so. Cables released by Wikileaks named hundreds of foreigners who had spoken to U.S. officials under what they believed was a guarantee of permanent anonymity.
In the case of Barclays, the LIBOR scandal has already cost more than $450 million in fines and the company has seen its share price fall by roughly a fifth since June. There may be further pain to come as the company faces what could prove to be a vast number of lawsuits from those who lost money as a result of heightened interest rates.
Britain's News of the World Sunday tabloid could well still be in existence if it were not for the existence of a handful of e-mails between senior managers at News International on phone hacking. British Prime Minister David Cameron too found himself drawn into the story in part because of his text messages to former News International chief executive Rebekah Brooks.
It is hardly a coincidence, however, that many of the scandals and awkward e-mails currently coming to light are from several years ago – before many in the business and government world realized how long a data trail they were leaving.
When it comes to hacking and information theft, the mere revelation that a company has been a victim can be just as damaging as any particular item lost.
Millions of e-mails belonging to publishing company and private intelligence firm Stratfor released last year by Wikileaks, for example, contained relatively little seriously damaging in itself.
Through avoiding referring to them by name, the firm was even able to keep the identities of its many confidential sources secret.
The greatest harm to the company, experts in the sector say, was that a firm that prided itself on its spy-like tradecraft and security was such easy prey for “hacktivists” from Anonymous.
For many sensitive matters – such as company insiders talking to journalists – mobile phones, text and Blackberry messaging long ago replaced using company e-mail or landlines. Personal e-mail addresses or even facebook pages can also offer ways to bypass company accounts sometimes monitored by compliance departments and easily searched in the event of suspicion. But in the event of a criminal investigation or even civil lawsuit, even their records can be swiftly seized. The days of traders using mobile phones on a dealing room floor to get tips ahead of the market, industry insiders say, appear largely over – or at the very least, very much reduced.
Militant groups and criminal networks too have discovered to their growing cost the sheer amount of information available to those tracking them and speed with which it can inform police raids or drone strikes on remote hideaways.
“Technology has played a major role here,” Nigel Inkster, a former deputy chief of Britain's Secret Intelligence Service (MI6) and now head of political risk and transnational threats are London's International Institute for strategic studies, told Reuters earlier this year. “The electronic exhaust left by terrorists when they communicate has made them easier to track and sophisticated relational software has made it much easier to identify connections between people who don't want to appear connected.”
The greatest security, experts say, is simply for a small number of people – ideally no more than two – to meet in person in a place they cannot be overheard. But with work diaries ever more crowded and time at a premium, the days of the “long lunches” and drinking sessions over which deals could quietly be done have largely gone.
Even if everyone in the world tightened their act today, billions of cached electronic records of personal, business, political and sexual indiscretion would almost certainly remain.
“Human behavior hasn't adapted yet to be cyberspace environment,” says former GCHQ official Bassett. “There are already enough electronic communications in existence that if revealed that would embarrass a significant minority of the global population, both in the office and at home.”