Does email analysis invade privacy?

At Defrag, JP Rangaswami was talking over lunch about how he’d opened up his inbox to all his direct reports. This fascinated me, both for the behavior of his subordinates (they were most interested in his sent items, as a way of understanding what he was thinking) and because it was a very logical idea, but one I’d never heard even discussed before.

One of the great strengths of email as a communications tool is that it has a very clear security model. You explicitly list the people you want to receive the email by name, and they’re the only ones who get it. There are plenty of ways information can be leaked, such as forwarding on to third parties, but these all require somebody to actively make a decision to do so. By contrast, it’s much harder to know who can see an internal wiki page.

A lot of people focused on collaboration seem to believe that worrying about access is just oldthink that needs to be eradicated. The new collaboration tools will enable a new world where information is freely shared across the corporation, vaulting over traditional communication barriers. In my experience, there’s a lot of non-technical reasons why people care about access.

Fundamentally, most leaders are rewarded for the results their team or department produces, since that’s a lot easier to measure than the contribution their employees have made across the whole company. This means that it’s hard to justify spending resources collaborating with other internal teams, even though looked at holistically that might be best for the company. Taken to an extreme, this stovepiping can be crippling, but it’s an inherent emergent feature of hierarchal organizations, so I don’t see it disappearing anytime soon.

On a individual level, knowledge is power. People may have invested a lot of time building relationships within the company, and one reward is access to information others don’t have. This may make them reluctant to share these sources, both for selfish reasons and so they can act as a filter for information requests, to make sure the source isn’t overwhelmed with inappropriate ones.

There’s also a lot of sensitive personnel-related communications that can go on. Even the knowledge that two people have ever emailed each other can be sensitive if it’s a subordinate bypassing her boss and contacting human resources.

The sort of email analysis I’m interested in takes all an organization’s messages, and does a global analysis to reveal useful relationships and information, especially about the social graph of the employees. This is not information that people were expecting to reveal when they sent their emails, and while there’s nothing illegal about doing this, the emails all belong to the company if they’re sent on company accounts, it is breaking the security model that people trust. That’s both ethically uncomfortable and likely to be a barrier to adoption.

The solution has to be keeping the ownership and sharing of information within the user’s control. One way of doing that is by default only allowing anonymous information to be publicly reported, which could include such things as how many people read or forwarded an email you sent. You could also designate certain internal mailing lists as publicly accessible across the organization. There’s already an understanding that lists with open membership policies are not private, so this isn’t changing the mental access model that people trust. Going a step further, you can give people tools to share certain emails, the way a lot of people share calendars at the moment. This would work particularly well tied into Sharepoint, since documents there have their own access model. In particular, it might be useful to add a special email address that adds the email to the public intranet, and visible to email analysis tools.

It should be possible to overcome user’s concerns about access and email analysis, but it will require some careful design. I can certainly understand why most existing services focus on either client-side tools, or global analysis designed to give top management or forensic analysts an unrestricted view of all emails, those both sidestep these issues.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: