Judge Orders Deleted Emails Turned Over 600
Anonymous Coward writes "In a lawsuit brought by the Federal Trade Commission, a subpoena sent to Google orders the turnover of the complete contents of a Gmail account, including deleted e-mail messages. The Judge has granted the subpoena and orders that all e-mail messages, including deleted messages, be divulged. Google's privacy policy says deleted e-mail messages 'may remain in our offline backup systems' in perpetuity. It does not guarantee that backups are ever deleted. So much for the Delete Forever button."
email longevity & PGP (Score:5, Insightful)
If you're concerned about the contents of your emails being divulged - USE (open/gnu/etc...)PGP!
If that is still too insecure for you, meet the recipient in the middle of the park for a strolling conversation; and don't forget the white noise generator.
This is Why... (Score:5, Insightful)
Sigh (Score:3, Insightful)
I doubt I can set up my own MTA...any good howto's out there, or should I *urp* google it?
Encrypt everything. (Score:3, Insightful)
Re:Hate to say 'I told you so', but... (Score:5, Insightful)
Re:Hate to say 'I told you so', but... (Score:5, Insightful)
I've always wondered if that clause was more of a CYA clause meant to get around the fact that plenty of stuff may remain in the GoogleFS for a period of time after it has been "deleted", but without a live index. The results here may very well show if that is true or not.
The only log or email that can't be subpoenaed... (Score:1, Insightful)
Comment removed (Score:5, Insightful)
Re:This is Why... (Score:2, Insightful)
email just isn't secure and 100% private. we all just need to accept it, however much it does suck. i hate it too, but it's the truth
Re:oh! (Score:1, Insightful)
Just a word of warning (Score:3, Insightful)
100%, why?
Because it would time effort when you delete an email togo back and remove it from backups.
Just because google is the only one who drew light to this matter, doesn't mean that they are:
The first
The only
But the comments on here give me the impression that you guys think otherwise.
Does your own backup handle emails intelligently? Does it know not to backup deleted emails? (I am not saying it is impossible for mail server backups may do on account of space, who knows). But that is deleted emails.
What about will have soon to have been deleted emails? (red dwarf on temporal paradox)
You can go back and fetch that magnetic tape all over again, so wipe that smug 'my backup doesn't touch the trach folder' smile of your face you overweight fucking IT tech.
Re:Hate to say 'I told you so', but... (Score:5, Insightful)
I think this would be better stated if you replace "will hand it over upon request" with "must hand it over when ordered to by a judge". I see a big difference there.
Procedural Note (Score:5, Insightful)
However, based on the article Google has not yet had the opportunity to respond to the subpoena. The third party can always move to squash, and that's where things will get interesting. Will Google be able to convince the court that certain messages are deleted and thus not retrievable. Or, perhaps, that the defendant believed he was deleting the messages and thus deserves to have the messages kept under lock?
These are questions only Google, as the third party, can raise. Now that the judge has issued the subpoena, Google is in a position to actually make those motions. And, if my legal education is worth anything, my money says Google/defendant will appeal if they lose because it's such a new area of the law that an Appeals Court really ought to announce a legal precedence.
Easier way to deal with this in 2 easy steps (Score:5, Insightful)
2. Use the Postal Service
Yippee; How is it unusual? (Score:4, Insightful)
So what? They're asking for a bit of a backlog. This is no surprise
Re:The Government Hates Google (Score:4, Insightful)
Re:Hate to say 'I told you so', but... (Score:5, Insightful)
Re:Private Mail Server (Score:1, Insightful)
Let's just hope that none of the other computers your email has been on has kept a record of it, and that the person you are sending to/receiving from has the same setup, and regularly deletes mails and any backups they might make, and shreds and burns any printouts, and demagnatizes the harddrives when they discard them, and uses a secure delete program (be careful - they might be supeoned at any time), and never reads the email in public, where there might be shoulder surfers or security cameras, and takes amnesia pills after reading your mail, and never talks about the contents of your mail with other people, and
It's not paranoia, it's just understanding that anybody who's not really on your side just might actually be out to get you!
Just never email anyone, or give anyone reason to email you, and you'll be safe!
P.S. Have you ever considered that people who you think are on your side might be out to get you, too?
(Posted anonymously for security purposes - you might be out to get me!)
Re:Hate to say 'I told you so', but... (Score:5, Insightful)
What someone in 1789 considered "reasonable" might be very different from what someone today considers "reasonable". Imagine what sort of things a person will consider to be "reasonable" when they grew up expecting that the government would read their personal email and that they shouldn't care because they've got nothing to hide.
Re:Hate to say 'I told you so', but... (Score:5, Insightful)
While any ISP, including your local pop3 box provider would likely comply with this request...
Only google claims to want to "organize all the worlds information", including the information *you* no longer value, like old emails you've deleted. They have value to them for their profiling/advertising efforts.
While any ISP *might* have an incidental backup of your email going back 3 years. Google is the only one that is likely to be systematically going to the trouble of keeping your email, all of it, going back forever.
It only remains a question of how much data Google has actually retained. Though they don't guarantee to delete mail when trashed, in practice they probably do eventually, and the case concerns events two or three years ago.
Exactly. No other ISP is likely to be able to produce much more than an incidental or partial backup that far back; but nobody here will be surprised if Google can bring back everything. (Complete with relevant ads down one side.)
This is not a big deal. (Score:3, Insightful)
If you want to argue about something, say that they have no right to go digging through someone's mail looking for maybes.
Re:Hate to say 'I told you so', but... (Score:5, Insightful)
No suprise (Score:3, Insightful)
This isn't a suprise. What Google's policy says is simple and obvious: "We make backups of our systems. That includes data files like your mailbox. We archive the backups on a rotating schedule that you don't know, so don't go assuming you know when any particular day's backup will be wiped. And we don't go back and alter those backups when you modify your data, so don't assume that deleting something today makes it disappear from all backups back to the beginning of time (or the inception of our service).". This subpoena is no different from a standard subpoena to a company asking for all documents including archived copies. If you wrote a memo, it got archived and then later you decided to shred your copies of the memo, the archived copies still have to be turned over in response to the subpoena. And note that GMail's not special in this regard. If you recieve your e-mail through your ISP and use their POP3/IMAP server to get it, it's probably backed up the same way and subject to the same risk of being subpoena'd
First rule: if you want control over your data and when it's destroyed, you must never allow it onto systems which you don't control.
Re:Hate to say 'I told you so', but... (Score:5, Insightful)
I don't see why that's a "safe" assumption. The Google search engine churns through terabytes of data that can easily be recreated. That safety net allowed them to test their GoogleFS system before using it on other applications like Mail. GoogleFS was very much built around the concept that the system is its own backup. If any one PC in the cluster fails, they simply yank it and throw in another. No recovery is attempted on the old PC. They simply repair and wipe it if it's feasible, or junk it if it would cost too much time.
Thus in this guy's case, the matter will likely depend on whether Google explicitly maintains an index of deleted email and accounts, or if they simply "delete" things by removing the indexes and waiting until the various GoogleFS rebuilds wipe out the extra data.
Re:One other possibility (Score:3, Insightful)
Re:That's life in America (Score:4, Insightful)
Sure, maybe this time they're trying to protect you (though it seems it's actually more of a tax dispute). The possibility of abuse is huge and scary.
It might be that reading deleted emails, or wiretapping American citizens, or planting infiltrators in protest groups, will save some lives. You know what? Too bad. We hear all the time how "freedom has costs" and we honor "the greatest generation" and the current military for being willing to risk their lives for freedom. Here's the kicker: If you live in a free society, you must tolerate risks in the name of freedom too.
There's a chance unbridled surveillance will prevent a terrorist attack. There's a much higher chance that unbridled surveillance will destroy the Republic as we know it. I am for preserving the liberties that make the nation worth living in.
Re:That's life in America (Score:4, Insightful)
now for me, If you live in a free society, you must tolerate risks in the name of freedom too. this sounds more reasonable. forget the injustices we "must" suffer to remain safe, and start taking a few more risks to ensure that we remain free. otherwise our government becomes no better than the old soviet government or the governmtner that orwell created in 1984 with big brother watching over us.
Re:You're Not Wrong, BUT... (Score:3, Insightful)
Because I can. Like any responsible data company, they don't want you to lose important data... so they back it up.
Google isn't being exactly 100% altruistic. They are a corporation, so if you want to determine their motivation for any particular thing, look at what motivates all corporations: money.
They keep a massive amount of data, and not particularly because they are concerned about your data recovery needs, but because the massive amount of data that they can collect and associate with you allows them to better design targeted marketing (ads) directly to you.
Based on the emails that you send and the emails that you receive, they can determine if you are more likely to be interested in this service or that product. They can shoot advertisements at you like a sniper rifle, as opposed to birdshot.
Keeping all that data indefinitely allows them to constantly index and profile you for advertising purposes. It allows them to make money.
On the flip side of that, people are more likely to trust Google with that profitable data if Google fights tooth and nail to ensure the privacy of users, so barring severe punishment from the government, it makes sense for Google to safeguard users' data from the prying eyes of Big Brother.
Re:This is Why... (Score:5, Insightful)
Unless you use strong encryption, your email server is no more safe than using gmail, and the only person you're kidding is yourself.
Re:That's life in America (Score:3, Insightful)
No, that's the death of America!
It's beyond me how not anyone could have flagged your post as "insightful". I object most strongly to the entire sentiment of your post.
To put things into perspective: I'm not at all worried about this particular case. I know that whatever I send over the Internet can and probably will be snooped by Echelon [heise.de], and even without that, the Internet is simply not a safe medium for confidential data. Nor am I suprised that not all data is necessarily instantly destroyed. Nor that Google is involved. The bigger the target, the more likely the attack.
What concerns me is your sheep-like blind faith in your corrupt and evil government, combined with your attitude of "if I give up some of my freedoms, this will enable my government to protect me better." You and countless ill-informed dimwits like yourself are the supportive base of a massive, concerted, very deliberate attack on the American Way, the American Constitution and the ideals on which the country was founded. Many good men died for your right not to be micro-managed by an intrusive and abusive government, and your mindless surrender of this right invalidates their lifetime heartblood.
I'll try to calm down briefly to explain better why I am ranting at you. Here are some things that need to be considered:
First off, the actual threat to your life and safety from terrorism is negligible. Acts of terrorism usually kill a few dozen to maybe a few hundred people. 9/11 was an outstanding exception that will hopefully be the high water mark for one or more decades. Yes, it sucks to be one of the 3500 people killed in NY, but please consider that:
On the other hand, there is strong evidence that US lawmakers do not have your interests at heart:
IMHO, these happenings all share a common aspect: There is money involved, lots of it, and it is likely that lawmakers are letting their decisions be swayed by the prospect of part of it finding its way into their pockets.
Your corrupt government is relentlessly extending its own powers to act against its citizens as it pleases, and using terrorism as an excuse. Much of the newly-acquired power is being used to support wealthy industries, not honest citizens. THIS is the real danger, and you are in support of it. I cannot begin to express how strongly I loathe your stupidity.
Re:Hate to say 'I told you so', but... (Score:4, Insightful)
You guys ever hear of a search warrant? A signed one of those can let people in your FUCKING HOUSE, nevermind your email. IT'S SCARY!
Oh, nice use of both "New World Order" and 1984 in one post. I award you double kook points for that.
Re:This is Why... (Score:5, Insightful)
If you want to tell someone something securely, you need to make up a language only you two know and whisper it in their ear.
What you're doing is only marginally more secure (and enormously more of a pain in the ass) than using GMail. At least when a disk croaks at Google you won't lose your mail. Disk croaks at your house, its gone.
Oh wait, you have backups? Did your e-mails you deleted off your home system magically get deleted off of them, too?
Re:Am I the only one who doesn't care? (Score:4, Insightful)
Two hundred and some years ago some guys got all fed up with how they were being treated and so they wrote to the king, "When in the course of human events, it becomes necessary for one people to throw off the political bonds that have connected them with another..." Well, it turns out that the king wasn't all that gracious about the whole thing and there was a lot of killing and other "lashing out" kinds of behaviors.
Our boys finally prevailed and they realized that any government (even their new government) can fall into this same oppressive mindset, so they put some things in their new constitution that might either prevent oppression altogether, or at least provide a means for citizens to throw off oppression if it occurs.One of those things is privacy. Our boys knew that if King George had been able to station a soldier in every private home, their little revolution would never have gotten off the ground.
We hear a lot of the phrase, "Who cares, I've got nothing to hide." Let's put the shoe on the other foot and ask, "If the government is doing such a good job of protecting us and not oppressing anyone, why should they fear their citizens having a lot of privacy?" In other words, the government's desire to "station a soldier" in eveyone's computer might indicate that they feel they should have something to fear.They would know best, after all.
Re:Am I the only one who doesn't care? (Score:4, Insightful)
The big deal is that no one in this world is free from having committed actions that many others would find objectionable. There are any number of everyday activities that you do everyday that would fall into this catagory. Eat a burger lately, PETA would like to know who you are. You have a DNA gene that predisposes you to a certain disease, your health insurance company sure would like to know that. You look at hardcore (but legal) porn, the police might like to keep tabs on you. You show interest in the plight of people who might be "associated with terrorism", all sorts of agencies would love to gather what they can about you.
These are just a few off the top of my head. Heck, here's a few more: a potential landlord would surely like a look at your bank balance. Your boyfriend/girlfriend might be interested in your visits to medical clinics. Your boss might like to know how much spare time you have on weekends. Your racist neighbour might like to know about your ethnic friends. Your parents might like to track where you go on your own time. And on and on and on...
All of your actions could be legal and ethical, but that doesn't stop people who frown upon (or could benefit from) your legitimate actions from using this information against you in some way. Do you really want people you don't like you, and that you don't like, knowing everything about you?
Privacy is something that may not be required in the distant future, when humanity evolves to the point where we no longer judge one another, and there exists no reason for fear of recrimmonations for holding beliefs and taking actions that are different than anyone else's. Human nature may never allow us to ever reach this level of trust and comfort with our fellow man. So until that happens, I will value privacy until it is no longer required.
Re:how appropriate! (Score:3, Insightful)
Why? If you hire an ISP to provide you with Internet Service, then what do you care if they backup their servers or not? If all you want from them is an Internet connection, then it doesn't matter, so long as they meet their contract with you.
If you're using their SMTP and POP3 servers, and you're relying on email to conduct your extremely important business communications, I suggest you read the RFCs and find out exactly how email works. There's no guarantee that any given message is every going to reach its intended destination. Email is only slightly more reliable than the US Postal Service.
I don't backup any of the mail servers that I'm responsible for administrating because it's a pointless waste of time. Email is ephemeral, and I remind everyone that they should not bet the farm on email.
Re:Encrypted emails any better than partial delete (Score:3, Insightful)
A judge can pretty much order you to do anything. Whether that gets held up on appeal or is subject to reversal happens after the fact.
If you refuse the judge, bring your toothbrush.
Re:Can't help but wonder... (Score:2, Insightful)
Re:Hate to say 'I told you so', but... (Score:3, Insightful)
Re:Hate to say 'I told you so', but... (Score:3, Insightful)
That being said, it is clear that your legal understanding comes from Law and Order and Matlock.
I am not trying to be a jerk, but seriously- you are one of those people who thinks that at if you ask a cop "are you a cop?" and they say no then you will get off because it is entrapment...
The law is complex, and perhaps you should study it a bit before commenting.
Re:Hate to say 'I told you so', but... (Score:5, Insightful)
A supposition. What's the point of matching ads to messages you've already deleted; meaning you will never display them again? If they wanted to process them for their "profile" they would already have done that. It seems more likely to me that Google does intend to delete trashed messages, but just doesn't want to promise exactly when they'll get around to it. Maybe a scheduled garbage collection once an hour/week/month. Anyway, this case may reveal just how it works.
Re:Hate to say 'I told you so', but... (Score:3, Insightful)
Keep in mind that situations like Waco have happened throughout the FBI's history, going all the way back to the gangsters of the 20's. Having stockpiles of powerful munitions and arms is rarely sufficient to withstand a full out assault from well-equipped and well-trained FBI teams. The only reason why most situations take time to resolve is that the FBI desires a minimal loss of life.
Destroying complete police forces would mean that there was a war on our own soil. Thus the Army would be brought in for the common defense. By then, any subpoena would have been long forgotten and considered irrelevant to the situation. The US Troops would make zero effort to enforce the demand of the subpoena, and would actually invalidate the evidence if they did attempt enforcement.
Re:Hate to say 'I told you so', but... (Score:3, Insightful)
Re:Hate to say 'I told you so', but... (Score:3, Insightful)
If you don't people to know shit, don't record it, whether in writing, email, audio, or anything else. Otherwise there is the risk it will come back to haunt you.
Re:Hate to say 'You're dead WRONG', but... (Score:3, Insightful)
Companies must understand this will happen... (Score:3, Insightful)
I mean this: if it can be done, the court may compel to you do it. So Google says "we'll keep it, but we won't do anything with it". Even if you believe them, the court may make them do something with it. So they simply can't keep it.
Same with DRM. Sony says "Yeah, a Blu-Ray disc can be made that will deactivate your player's ability to play discs, but we'd never do that." Well, they may not, but a company whose IP was breached may compel Sony to do it. Sony's only real way to avoid this is to not make it possible in the player.
Companies need to take the long view. They want to keep all their options open, but they're just going to end up making a product where the law can compel them to bone customers, and the customers will feel burned eventually.
Stop holding so much control, it's the only way forward.
Not possible to decrypt (Score:3, Insightful)
1. A miraculous mathematical advance that made the factoring of the product of two extremely large prime numbers much easier. (Unlikely.)
2. A quantum computer. (More unlikely.)
3. More conventional computer power than the rest of the world combined. (Extremely unlikely.)
All three are completely unrealistic. It is doubtful that the NSA can crack PGP, unless it's through a weakness in one of the symmetric ciphers and not the RSA/DH algorithim.
You have nothing to fear, Comrade! (Score:5, Insightful)
I'm going to install a satellite phone/monitor/GPS on your car that will phone the police if you exceed the current speed limit. I don't see how this will harm you unless you're breaking the speed limit.
I'm going to install a keystroke logger on your computer that will record everything you type. I don't see how this will harm you unless you use your computer to transfer money for gangsters.
I'm going to log every packet your computer sends that leaves the USA (Oh, wait, the NSA beat me to it...). I don't see how this will harm you unless you're secretly communicating with al Qaeda.
I'm going to steam every piece of mail that arrives in your mailbox open and photocopy it before it gets to you. I don't see how this will harm you unless you were the bastard who was sending the Anthrax letters.
I'm going to put a rootkit on that CD you bought that will contact me if you try to copy it and then break your computer. I don't see how this will harm you unless you like to rip and share music illegally.
Have I made my point?
One of few e-mail companies that told the truth (Score:2, Insightful)
I remember when members of the California government put pressure on Google to add a "delete" option. I remember when people mentioned on this very forum that the button was a red herring---that archives would generally be kept in any case, and that in fact Google was one of the few e-mail providers to be completely honest about that aspect of modern e-mail. But they added the button anyway, and now someone fell for the ruse.
When will people---not just Californians, but people in general---when will people learn that you can't legislate away the behavior of an already-established system?
Re:If you're not doing anything illegal (Score:5, Insightful)
See if you can understand the implications?
Question one: Does someone that refuses to implicate himself in a government witchhunt prove he is guilty?
Does someone that denies he is involved in the communist party mean he is guilty?
The point is that any american that is worth his salt SHOULD deny telling the government anything for fear that failure to state his position on something will be construed as anything other than defending his constutuional rights. Check www.papersplease.org for more information.
Erik
Re:Hate to say 'I told you so', but... (Score:2, Insightful)
Now, I'm not trying to say that I know what the NSA does or can do. Rather, I'm trying to say is that I do not, and neither do you(unless you're not telling us something rather significant). So, not knowing what they're doing, we basically have (at least) two possible grounds for speculation: we can speculate based on what they do in fiction(The Digital Fortress being a prime example of the genre. I think I read about ten random pages of that book without encountering a single sentence that didn't either highly amuse me or make me cringe with its extreme lack of understanding of the subject matter(which I have only a cursory familiarity with myself - but you'd think that you'd take a week or two to do some reading before you start writing a novel about the stuff)), or we can speculate based on what is likely to be possible based on the science(or, to be paranoid, the part of the science which is publicly known).
I won't repeat those points here - someone else already did that in this thread - suffice it to say that unless the NSA are far, far ahead of the rest of the world when it comes to cryptographic theory and/or computing power, there are several commonplace ciphers that they cannot possibly decrypt. As far as I know, there are no strong indications that they are so far ahead that they can actually do things that we assume to be impossible given the current general technological level of mankind.
Another little eye-opener: it is quite easy to make a perfect encryption system(assuming a secure channel for the key, which is needed anyway). Have a randomly generated key as long as the message, and you have a one-time-pad, which the NSA cannot possibly break(this can, of course, be mathematically proved, which is the beauty of the argument). Given this knowledge, why haven't the NSA "gone out of business"? Surely, if I were a terrorist(or whomever the NSA is hunting these days), I would go to the hassle of setting up some kind of physical key exchange network for a one time pad system?
(Naturally, OTP implementations can be "broken" by not attacking them from a cryptographic angle, i.e. rather using keylogging, social engineering, etc. But this is probably what the NSA actually does with too-hard-to-break encryption as well, so if you somehow expect the NSA to perish instead of having to resort to it in the latter case, I can see no logical reason that you shouldn't expect them to do so in the former.)