In about 5 weeks, a semi-voluntary and somewhat draft policy will come
into effect for all Federal employees, and Federal contractors who
provide documentation services to the US Federal Govt.
All email must be saved (the entire email object and headers), and
presented to the National Archive librarian who will decide what to do
with it. This may include eventually junking large amounts of rubbish.
As always, unless sensitive, the records are public.
The identities of the originator/recipient are also required. (Its
unclear whether this refers to the real authenticated person, or the
mail accounts/addresses cited in P1-level headers.)
I assume (personally) that archival will always require cleartext
originated regardless of the tranferred form of information coding, and
that archives will be sensititivy categorized accordingly.
Now,
If the opposite of public is private, then the policy removes all
notions of email privacy for the individual who is using official govt
equipment.
It occurs to me that those for concerned with personal privacy, that a
new class of threat therefore exists - "threat of public archival". The
obvious way to counter the threat of course is not to use the email
medium (the correct solution), or else flood the archival service with
rubbish (e.g. my daily Internet/usenet/info-server mailbox)
indistinguishable from really useful material which tracks my direct
project work, versus background research and communication.
On the opposite side of the coin, to enforce the policy, then if an
email object is sensitive, and yet must be archived, it must be
protected using suitable techniques from the general public. So,
effectively, govt email users will be forced to designate the
sensitivity of all their messages, and protect them suitably. Or they
will be liable for not acting with due care to protect govt
unclassified-but-sensitive information. This is what essentially all
unreleased govt informtion is categorized as, if not otherwise
categorized.
Anyway, archival, privacy and sensitivity are clearly related now in
practice for this community of users. And it may be a relation which
creates a massive requirement for the use of protection techniques
certified as suitable for protecting unclassified-but-sensitive
email objects in the very near future. 6 weeks perhaps?