The dirty details of this presently unfolding scandal do not require repetition on this page. Google will lead you to all that you want (and don't want) to know about these sordid details. However, you won't read much of the following advice in the mainstream media. So, here we go ...
1) Discuss business on corporate e-mail accounts only
The FBI's cyberstalking investigation led to a personal Gmail account, which the government accessed and ultimately resulted in the downfall of General Patraeus. A recent Google transparency report revealed that it has fully or partially complied with at least 90% of the U.S. government's nearly 8,000 requests for user data during the first half of 2012. http://www.google.com/transparencyreport/userdata requests/ The lesson learned is that it is much easier for the government to get e-mails from Gmail, then from your own IT department. This is information that (1) you do not control; (2) might not have notice that the government has requested access to; and (3) do not have say whether the communications are protected by some privilege or confidentiality clause. As a corporation, there are many things that you might want to keep quiet: trade secrets, potential business deals, future products, etc. As Google does not have your company's interests at heart, having employees discuss these developments through personal e-mail accounts could lead to their public disclosure. Further, you would receive no notice that the information has been sought out by the government. Therefore, reminding your employees to keep business e-mails on corporate e-mail accounts will prevent your company's private issues from going public.
2) Be careful who you are e-friends with
While investigating the cyberstalking complaint, the e-mails of the victim led to the discovery of potentially inappropriate e-mails of another senior general who was uninvolved in the original cyberstalking charge. Now that senior general is being investigated. The lesson learned here is that the government, while investigating someone else on a matter unrelated to you, could come to learn information that would place you or your corporation under surveillance or investigation. Therefore it is imperative that not only you keep your corporate and personal e-mails separate (see point 1), but also that you know the person who are sending the e-mails to. A joke in poor taste to someone under surveillance could result in you landing in hot water.
Continue reading after the jump.
3) Your draft folder is fair game
General Petraeus and his mistress allegedly used an al Qaeda trick in accessing the same e-mail account, but instead of sending e-mails, they left their messages to each other in the draft folder. While it is yet unknown if their messages were left in the draft folder or were deleted and the government was able to recover the deleted drafts, the lesson learned is that an e-mail need not be sent for the government to access and analyze the e-mail. This means that all those snarky e-mails that you write, but decide not to send, can be accessed and potentially used against you. While in the past, human resource personnel have often counseled upset employees to write an e-mail, place it in the draft folder and then sleep on it to determine if they really want to send it, the prudent practice would be to not even draft the e-mail in the first place.
4) Nothing is ever deleted from cyberspace
I am sure you have heard this before, but it bears re-emphasis. The FBI reportedly looked at 20,000 to 30,000 pages of documents - the majority of which are e-mails. There's a reason why people run magnets through computers when they really want something deleted and destroyed. Pressing delete does not mean that the document is destroyed. In today's cloud based storage model, it is impossible to simply run a magnet over the cloud where your information is stored. Further, it is more difficult to destroy an e-mail because it requires both the sender and the receiver to properly destroy the e-mail. And there is no guarantee that the recipient did not forward the e-mail to someone else. The lesson learned is to be careful what you send, because once something is saved or sent, it will exist somewhere in cyberspace and can be potentially discoverable.