The legal department of my company is blocking me from continuing with the deployment of Notes 8.5.2 because of the new feature that allows saving emails as .eml files. I’ve found the policy that disables the ability to drag&drop emails out of Notes, but that doesn’t remove the ability to open an email and select File > Save As from the menu.
I am at my wit’s end and I’m desperate for a solution. I really do not want to skip deploying 8.5.2 because it is big improvement in the Notes client (especially the managed replica feature). We’ve looked into blocking the saving of specific file types through our AV software, but that doesn’t appear to be possible.
Does anyone have any ideas how I might be able to solve this problem?
I think the feature that IBM included in 8.5.2 to save emails as .eml files is the dumbest thing they have done in a long time. They obviously didn’t consider things like document retention policies or safe storage policies in larger businesses. Why would you want to allow your users to store email anywhere outside of notes? Keeping it contained in the nsf was always great. Sure they can have a local replicate but you can force encryption on that. Sure they can copy and paste text and find other means to save it, but when you make it this easy and poorly planned the privilege will be abused by the users. I saw the same policy to prevent drag and drop, but not offering a way to limit it from the File, Save As, come on IBM!
I think the only reason they included it was so they could mark an item of off how to make Lotus Notes function more like outlook. I went to a lotus user conference back in August, and this stupid feature was the most talked about. IBM boasted how awesome it was that you can now save as eml. I just thought to myself, really, this is the biggest feature you’re going to discuss, a feature that most email programs have had for the past 10 years. I can’t seem to get a grip on the direction IBM is taking Lotus Notes. They also did a preview of project Vulan and it looked like a facebook knock off.
That capability really MUST be able to be turned off for us to use that client version or any others that offer it. US-based companies subject to the Federal Rules of Civil Procedure and the vexing and huge costs of email ediscovery in civil matters, would have the scope increase for email searches to many other places, which will add much more cost.
It also opens the door to challenge the integrity of these messages, once outside the security environment and care, custody and control of Domino/Notes, as those files could be easily changed, which opens up more potential costs in haggling about whether or not they are authentic.
As with message recall and drag and drop, that needs to be configurable somehow.
I guess I should post how I finally resolved this problem. Yes, I understand that it is actually a nice feature, and, yes, there are certainly other ways to save emails. Unfortunately, our legal department had it in their minds that somehow saving as EML is different, and as much as I tried, there was no reasoning with them.
Because I was determined not to let this hold me back from deploying 8.5.2, I came up with what is a rather lame solution, but it satisfied legal and that is all that mattered. I wrote a small little AutoIt script that we deployed to everyone’s PC that sits in the background and immediately cancels the Save as EML window as soon as it opens. Yes, I did take care to make sure the script didn’t consume a bunch of CPU by running in a tight loop. Obviously, it is quite easy to circumvent if you know what you are doing, but hopefully by the time legal figures that out (if they do), Lotus will have added a policy to permanently disable it.
BTW, we did initially look into using our anti-virus software to kill the EML files, but our anti-virus solution just doesn’t have that functionality. Regardless, even that solution can be easily circumvented.
This is silly to have to even think about doing this, but if IBM doesn’t have a way to completely disable it this might work.
Create a rule in your anti-virus software to quarantine and delete any and all .eml files. I know most AV out there has this ability. It wouldn’t prevent the users from trying but it wouldn’t let them save the files. Just make sure it checks local and network drives, or possibly in the active or realtime scanner.
We try very hard to avoid making changes to Notes that change defaults or existing behavior or introduce new behavior, unless it is controllable by policy. This is especially true for changes in maintenance releases.
We obviously make some limited exceptions for things that we believe “of course, everyone’s going to want that”. Unfortunately, our radar was broken on this one in terms of possible negative consequences. Mea culpa.
I took a quick look at the code and didn’t see any easy way to disable the new functionality, but we’ll look into seeing what can be done in terms of customer control for the feature in a fix pack.
As far as the more disparaging comments in the thread, I assure you it was not just to get a check mark to be able to say we are more like Outlook. Not too interested in getting those check marks.
The feature came about because we have several customers including some very large customers who have been begging us for the feature – some who have been asking for a considerable length of time. It’s as simple as that.
That being said, I think it is a great feature, but I wouldn’t put it at the top of my list of things to brag about in Notes 8.5.2. As someone has said, many e-mail products have had this for years. My favorite 8.5.2 thing is managed mail replicas – I’m loving using it. And, coincidentally, Ed Brill is discussing it today on his blog → http://www.edbrill.com/ebrill/edbrill.nsf/dx/do-you-know-about-lotus-notes-8.5.2-managed-replicas
Subject: I totally disagree you should not be saying sorry.
The argument to being able to turn it of is based around doing legal searches of emails and having to then do searches outside of the mailbox.
Using this argument I may as well ask for the following features to be disabled…
Printing an emailand then deleting the original.
Copy and pasting of emails into a text file and then deleting the original.
Double clicking an email to put it into edit mode and making changes to it and saving it.
Proper eDiscovery means that messages are captured at the router level before they hit the users inbox. The legal search is done on the capture store and not in the users inbox.
I posted the following comment at Declan’s blog, but thought it would be useful here too:
If the email is so sensitive that the company doesn’t want to be able to use file-save as, then the user shouldn’t even be able to view the email. Unless, of course, the company has disabled the use of the print screen button on the keyboard along with removing mspaint from all of the workstations. Not to mention that the user could use File > Print to print it out (possibly to even print it out to a PDF). There are far too many ways to capture the contents of that email. Even copy-paste into Word. So IBM adding a much simpler way to do this is NOT a big deal and it’s NOT a reason to prevent someone from upgrading to 8.5.2.
That being said, IBM should probably look into allowing this to be configurable. IBM does have a habit of introducing new features without allowing Admins to disable them completely. The problem here is that drag-and-drop to .eml is configurable but not File > Save As > eml. We should be able to disable that. But in this specific case it really shouldn’t be that big of a deal.
I don’t believe there’s such a thing as an email system that prevents people from storing emails into files. It’s simply not possible. Even if there were no menu option, you could copy and paste into a text file, you could write external code (or a Notes agent) to scan your mail file and produce a dump in any format you choose, you could use any screen capture tool to scrape the text off of whatever screen you’re looking at, you could forward the mail to another account that doesn’t have this restriction…
Ultimately, there’s no way to completely prevent users from making copies of whatever information they technically do have access to. You can try to make it a little harder, but that also makes it harder to use the information in legitimate ways.
All this is true no matter what email software you use.
I think your legal department will have to learn to live with this, or else your company must give up on email and go back to using paper memos (printed in non-photo-repro blue, of course). Or you can make everybory use kiosks instead of giving them general-purpose computing devices that can store files and so on.
True it is impossible essentially, but making it so easy is not helpful and adds huge extra costs. We are a large global company and we live this set of challenges.
Making it harder is helpful, as many users wont do the extra steps. Making it preventable-- by policy-- is much better. That can save tons of money for US companies given the newer Federal discovery rules. Local mail means local ediscovery. An opposing lawyer can require or induce forensic ediscovery, which is hugely expensive ($600 per hour-- IT costs not the legal costs to review the information).
The cost of doing eDiscovery review is an astounding $5,000 per GB, or about 1500 times the cost of the storage that those messages live on. Local EML files would mean effectively needing to capture, preserve, search and produce much higher volumes vs simply doing mail boxes, ie substantial portions of hard drives in PC’s.
Email exists to support the business, it is not THE business, so technology needs to be flexible enough to meet business needs including those of the legal teams. Don’torget that each dollar of expense (incurred or avoided) is reflected 100% in a company’s bottom line, whereas each dollar ofrevenue, after expenses, taxes, overhead, is only represented in smaller percentages in the bottom line. Technology is great at controlling expenses if used and configured properly; when it isn’t it adds expense. This would do that.