The executive thought he had taken every possible precaution in quietly offering jobs to a group of workers at a competing firm if they would steal their company’s trade secrets for him.

He stayed off his company’s e-mail and used a free AOL account. He copied his e-mail conversations onto diskettes, moving data constantly. Finally, he deleted all the evidence from his hard drive.

Or so he thought.

“I was able to show how the data came in through AOL and how he moved it around and had these different names on it,” said Mark McLaughlin, an investigator for Computer Forensics International, who analyzed the data from two of the executive’s laptops as part of a trade secrets lawsuit. “He settled the case immediately.”

E-mails are becoming a major part of investigative trails, whether they involve criminal activity, civil lawsuits, regulatory examinations or internal malfeasance within a company.

Often more conversational and informal than paper documents, they can reveal the intent or motive of an individual under investigation providing a critical piece of evidence needed to prove a crime was committed. They are routinely requested in lawsuits, particularly those filed by the Securities and Exchange Commission and other regulatory agencies. They also may be part of a company’s internal investigation into sexual harassment and other claims.

Yet many executives and employees continue to use e-mails freely and carelessly, often unaware of how devastating they could be.

“In e-mail, they regurgitate their contemporaneous thoughts,” said Cliff Hyatt, a partner at Pillsbury Winthrop Shaw Pittman LLP and former deputy assistant regional director at the SEC. “That’s what makes it so potentially damaging to companies and so valuable for the government.”

Deconstructing data


Major companies have fallen victim to incriminating e-mails. Last month, Boeing Co. ousted Chief Executive Harry Stonecipher after learning of an e-mail he sent to a female executive with whom he was having an extramarital affair.

Locally, a former vice president of shoemaker Vans Inc. pleaded guilty in January to fabricating e-mails in order to implicate other executives and exonerate him in an alleged bribery and extortion scheme. And Los Angeles Mayor James Hahn, who faces re-election next month, was asked last year to retain e-mails from his office as part of a federal and county investigation looking into whether city contracts are awarded on the basis of campaign contributions.

Even without criminal or civil penalties, companies facing an investigation pay thousands of dollars to have a lawyer or computer forensics investigator comb through millions of its e-mails.

“I’m involved in representing companies and individuals in SEC matters and other regulatory matters; other times, I’m in the e-mail retention and distribution business,” said Hyatt. “It occupies a substantial portion of my time.”

The SEC routinely asks for e-mails as part of an investigation or regulatory examination, according to Sandy Harris, associate regional director of enforcement at the SEC’s Pacific Regional Office. Similarly, the Federal Bureau of Investigation often seizes the computers of a company in order to obtain e-mails. Since the late 1980s, members of the FBI’s Computer Analysis and Response Team have deconstructed computer data in cases involving cyber-crimes, child pornography, movie piracy and financial frauds.

About 15 examiners at the Los Angeles bureau, several of whom are computer specialists, are dedicated to foraging through computer hard-drives and servers as part of an investigation, said Kenneth McGuire, supervisory special agent at the FBI in Los Angeles. Some even specialize in analyzing text messages and e-mail from cell phones, hand-held devices and digital video recorders.

“We could use 10 more right now,” he said of the examiners in L.A. “E-mail is just critical. In some cases, more so because people tend to say more on an internal e-mail than on a phone call.”

Gary Tang, public information officer for the IRS’ criminal investigation unit in Los Angeles, said local agents send computer data to the lab when assisting in financial fraud investigations. “A bank statement or financial document shows numbers, but it doesn’t show what the intent of those actions is,” Tang said. “While on an e-mail, it shows a discussion, which could show intent.”

‘Window to someone’s soul’


Intent or motive is critical in most investigations. In the corporate culture of internal e-mails and instant messaging, investigators can retrieve communication that reflects with documented dates and times what used to be said across the hall or between cubicles.

Brian O’Neill, a partner at Jones Day, calls those e-mail conversations “harebrained ideas expressed at an unthinking moment.” “All that is a tool for investigators to get into the heart and mind of the person under scrutiny,” he said. “It’s a window to someone’s soul.”

Those thoughts are especially instrumental in sexual harassment claims. More than a quarter of Fortune 500 companies have faced sexual harassment claims originating from corporate e-mails, according to the ePolicy Institute, a Columbus, Ohio-based non-profit organization that studies e-mail issues. In 1995, Chevron, now ChevronTexaco Corp., paid four of its female employees $2.2 million to settle a sexual harassment lawsuit that originated when male employees sent e-mail jokes.

In the old days, sexual harassment complaints and lawsuits were handled by corroborating the stories of each employee and sifting through internal memos, Christmas cards, photos, Post-It notes or other paper documents, said Keith Jacoby, a labor and employment lawyer at Littler Mendelson. But few people write love letters on Post-It notes, he said, while e-mail reveals gratuitous or flirtatious remarks, pet names and provocative stories in graphic detail.

While e-mail is often used as supporting evidence to someone’s claims that fraud exists within a company, the way in which e-mail is obtained makes a difference before a judge or jury. McGuire said he often receives copies of computer hard drives from a company’s computer technicians, who often fail to follow standard procedures used by forensic computer experts. “They may not have obtained what they needed in a fashion easily described for a judge or jury,” he said.

Last month, Citigroup Inc.’s brokerage unit was fined $350,000 by the New York Stock Exchange for failing to screen its employees’ e-mails, one of which, sent by a former salesman, contained “inaccurate and misleading information” about Guess Inc.

Hard to delete


While many executives at public companies have become savvy about e-mail preservation and will download their electronic files on a regular basis, they seldom have enough time nor understand how to destroy e-mails effectively.

“It’s typically done by someone who’s not aware of computer forensic procedures,” said McGuire. “Even though they delete it, they may not take precautions to make sure it’s completely obliterated from the system.”

In most cases, e-mail remains in the company’s server. “People forget these are being maintained and there are backup copies of the e-mails that exist,” he said. “They’re so wrapped up in the day-to-day happenings it’s wiped from their minds.”

In many investigations, companies cooperate by hiring an outside lawyer or computer forensics specialist to search through e-mails. E-mails that contain privileged communications are often weeded out before sent to investigators in a packaged CD.

“You have to make sure e-mail that is privileged communications between in-house counsel and individuals remains privileged communications,” Hyatt said.

Harris, of the SEC, said the agency often requests e-mails from other businesses or accounting firms that dealt with the company in question. “If we don’t believe that a party in one of our investigations has produced documents required, we have a means of enforcing a subpoena,” she said.

Computer forensics specialists use software programs to search e-mails by keywords or phrases. First, they analyze undeleted e-mails that still exist in folders of the corporate e-mail system. If that doesn’t work, they search deleted files on hard drives or e-mails that were sent through the Internet.

The process could take weeks and cost between $6,000 and $9,000, said McLaughlin, whose rate is $300 per hour. But finding a “smoking gun” e-mail doesn’t always solve the crime.

“Computer forensics is not an end-all,” McLaughlin said. “You have to talk to people and get a sense of what happened. We can point you in the right direction, but you must do a good investigation, too.”