Judge Orders Deleted Emails Turned Over 600
Anonymous Coward writes "In a lawsuit brought by the Federal Trade Commission, a subpoena sent to Google orders the turnover of the complete contents of a Gmail account, including deleted e-mail messages. The Judge has granted the subpoena and orders that all e-mail messages, including deleted messages, be divulged. Google's privacy policy says deleted e-mail messages 'may remain in our offline backup systems' in perpetuity. It does not guarantee that backups are ever deleted. So much for the Delete Forever button."
Hate to say 'I told you so', but... (Score:4, Interesting)
I TOLD YOU SO.
I've maintained before [slashdot.org] that Google retains far too much information to make the use of Gmail anything less than a full-blown privacy nightmare. (For more information, please look here [epic.org] and here [gmail-is-too-creepy.com].)
And now, the chickens have come home to roost. From TFA: A stunning victory for the Establishment and a horror show for private citizens everywhere. Welcome to 1984.
And before you start, please don't object that the person affected is a defendant in a criminal proceeding, because that's quite beside the point. The point is that Google has this information on you, and will hand it over upon request. This vindicates the caterwauling of all the privacy advocates concerning Google and Gmail, and establishes a dangerous legal precedent. Remember, as our 'inalienable' rights are systematically stripped away by the architects of the New World Order, more and more of the things you do become 'illegal'...and subject to criminal persecution...er...prosecution. It might not be long before you are being referred to as 'defendant'...what will you think of your Gmail account then?
The Government Hates Google (Score:5, Interesting)
U R pwned. (Score:5, Interesting)
Does NO ONE remember Ollie North and the White House PROFS system? 20 years later, and people still think incriminating data will always just go away when you desire.
INFORMATION WANTS TO BE COPIED.
One other possibility (Score:2, Interesting)
Please !!!! (Score:5, Interesting)
Heck
Talk about burying the opposition in paperwork.
Re:Hate to say 'I told you so', but... (Score:5, Interesting)
Use PGP!
And would you mind telling me how gmail is any different than hotmail or yahoo mail in regards to managent's access to email contents?
what will you think of your Gmail account then?
"I refuse to divulge my PGP private key & passphrase."
how appropriate! (Score:5, Interesting)
Just more proof that the 'e' in email doesn't stand for 'electronic', it's 'evidence'.
Re:There may be business value (Score:2, Interesting)
You think email is bad? (Score:3, Interesting)
Retention of data - just curious (Score:3, Interesting)
Where is that data stored?
Has any telco been ordered by a court to turn over that voice data?
Just curious...
What privacy? (Score:5, Interesting)
Look folks.. Privacy simply does not exist. You'll get your search terms read, email copied, if you encrypt you have to give over the keys and if you don't then you get put into prison anyway.
Your phone will be tapped, mobile will be tracked, cars followed with "traffic enforcement cameras". Your DNA will be on file, biometrics saved and your Underground trips logged.
Everywhere you go there are CCTV cameras, face recognition. Your purchases are tracked with credit cards, store loyalty cards and RFID tags. Your bank transactions are flagged if they look interesting and the tax people peer into your account looking for money that suddenly appears.
1984 got here, oh, 22 years ago now...
Re:Hate to say 'I told you so', but... (Score:5, Interesting)
This is why I'm my own ISP (so to speak). I run my own server, and do my own backups, which I retain ONLY for disaster recovery purposes. The system is backed-up each nite, with the backup files copied to another system. After 3 days, the backups are expunged with a secure erase program. It's all automated. It never hits tape, and as such, if I delete something, it's gone.
I also religiously encrypt outbound email, and ask my correspondants to encrypt mail they send to me.
Now, don't get me wrong - I don't think this is 100% secure, but it sure beats letting Google/Comcast/AT&T/Earthlink/MSN or whoever determine what gets kept and what doesn't.
I would never change back - come what may, as long as owning a server is legal, that's how I'm getting my email. And if they try to make it illegal, well, Jefferson told us how to deal with that problem.
Re:Retention of data - just curious (Score:4, Interesting)
The company I worked for had come under subpoena in the past, and a lot of effort was expended to retrieve the data the subpoena requested. With the PBX, once a voicemail is deleted, it was gone. Not so with the VoIP system - voicemails would be found on the phone server, on mail servers, on workstation email client cache, and anywhere that end users decided to save the WAV files - and any backup tapes for the above. If another subpoena occurred, we may have been responsible to discover, transcribe and deliver information about voicemails going back to the beginning of the VoIP system.
That would be horrendously expensive. In order to circumvent this, investment was made in a third party system that would strip voicemail files out of everything. They wouldn't be backed up to tape they would be deleted from any system after some time period (30 days?). That way, we could state such in our data retention policy, and any subpoena including voicemails would only go back 30 days, and not forever.
If you don't have the data, and are destroying it in accordance with a data retention policy, it can't be subpoenaed.
I know this is all somewhat tangential to your question, but I figured you might find it interesting.
Re:Hate to say 'I told you so', but... (Score:3, Interesting)
That's ok, we'll just subpoena you're personal computer, PDA, desk, cell phone, etc. to find your private key. I'm sure there's a copy of it around here somewhere.
Oh, and this is Jack Bauer. He'll be asking you for your passphrase in Holding Room B.
Comment removed (Score:3, Interesting)
Re:You're Not Wrong, BUT... (Score:4, Interesting)
I'm not buying it. Here's a way to test your theory. Delete an email message with a large pdf attachment. Wait a few days and contact Google. Tell them you had a hard drive failure and a message you deleted contained the only copy of your Ph.D. thesis. Beg, plead, cajole. Offer them anything.
I'll bet you a beer you won't get the message back. Google's long-term data retention policies have nothing to do with altruistic measures to protect users from data loss.
Re:Hate to say 'I told you so', but... (Score:3, Interesting)
But not one made completely off the cuff.
What's the point of matching ads to messages you've already deleted; meaning you will never display them again?
Matching ads to *them* nothing. But they don't match ads based on the content of a single message; its based on the aggregate information you have, fine tuned by whats in a particular message.
If I receive 200 messages about vampire bats and then you send me a "Hey! Whats up?" they can show me some ads about bats, because nothing else is more relevant, and they know i like bats.
If you send me a "Hey! You need a bat?" They can show me some ads for the winged bats instead of the wooden ones... because from the profiling they know what kind of bats I like.
etc.
I agree deleted messages might have less value than messages I want to keep, but perhaps not... some people delete practically everything. Suppose I'm a big stereo buff, and am always corresponding with various online stores about bits; and after buying a component I delete the bulk of the pre-sales correspondance. Suppose also that I keep all the birthday pictures my family sends me... my profile if they only looked at what I kept would, after a few years be a whole lot of birthday pics, and few recent inquiries about stereo components -- suggesting I'm much more interested in birthdays (and might be in the market for party hats, flowers, cakes, etc), and not stereos, which make up the bulk of my correspondance. Deleting messages clearly skews the accuracy of the profile.
If they wanted to process them for their "profile" they would already have done that.
When they improve their profiling algorithms they'll want to run it against the original data.
It seems more likely to me that Google does intend to delete trashed messages, but just doesn't want to promise exactly when they'll get around to it.
Definately a possiblity. Likely for most ISPs. I'm not convinced its nearly as likely for google.
But as you said, perhaps we'll learn from this case.
a thought on secure mail (Score:3, Interesting)
First: set up a computer on a residential connection that sends all logs to
Second: set up local accounts for all the people you want to communicate with, and limit them reading their mail locally via ssh only.
Third: Show each user how to read the email by sshing into the machine and reading the text mails with vi, or with mutt, or some other command-line emailer.
Fourth: Create an iso that can be used to set the box back up from scratch to the current config, and that performs the install without user intervention, and employs a disk-wiping mechanism during the install.
Fifth: Set the computer to boot from CD first, and a cron job to reboot the machine every night at 2am.
Now you can happily send email to each other all day long. Every evening, the box reboots, wipes itself, and reloads everything, so mail isn't stored locally for more than 22 hours or so, limiting the amount of incriminating evidence on the machine. Even if the machine's traffic is captured and stored, the encryption is via ssh, so you can't provide your private key for decryption -- there isn't one.
Your only real concerns now are ssh exploits, weak passwords, and your cohorts cut and pasting content from the ssh session onto their local computer. But then, if they'd do that, there are probably lots of other ways they're screwing up the heist.
Also, having never actually done anything like this, it's pure speculation. Someone tell me why it won't work.
Re:Hate to say 'I told you so', but... (Score:3, Interesting)
First line is "I hate your fucking guts"
Then the attachment of goatse/tubgirl, which contains the real message...
I mean, who the fuck is going to spend a lot of time staring at tubgirl???
Re:Hate to say 'I told you so', but... (Score:3, Interesting)
Ridiculous! Do you really think that the NSA is trying to crack ALL encrypted traffic? Yes, I know about the "spying on americans" issue and all that. But think about it from a labor standpoint.
There are many many "normal" uses of encryption that go on every single day.
- SSH
- SSL
- PGP
- VPN
If you think the NSA is looking at every single packet and "marking" them based on whether they are encrypted or not, I think you are mistaken. Think of all the legit traffic that is encrypted. It's a bunch. A whole bunch. And not even the NSA has the resources to parse through all of it, much less analyze it in any form.
Re:Not possible to decrypt (Score:3, Interesting)
I'll agree that the NSA certainly doesn't have more general purpose computing power than the rest of the world combined, but I suspect that they may have more special purpose computing power. The NSA uses a lot of custom hardware and has access to significant microprocessor fabrication capacity, and when you're looking at integer factorization, it's not unreasonable to expect a hundred-fold increase in performance when going from general purpose hardware to custom circuitry.
I would personally be very surprised if the NSA were unable to factor several 1024-bit composites per day.
Re:Hate to say 'I told you so', but... (Score:3, Interesting)
So, he gets charged with some violation of some regulation. They come in and seize two desktops, a laptop, a printer, a monitor, KVM, and anything else computer related. They even took the keyboard and mouse. They took his fucking CD player because it "could be used to hold a data CD". Well, the data was protected with some kind of encryption. I don't know if he used PGP or MagicFolders; but something to obfuscate the data was in-place.
After 4 months, we still hadn't heard anything from the cops. We started calling the lawyers trying to find out what was happening. They basicly responded that the case was on-hold pending collection of evidince.
Well, 14 months later, he was scheduled to move to another base. They refused to let him because they still had him "under investigation". 20 months later, they refused to let him leave the military (his contract had expired) because he was under investigation.
They ended up not allowing him to be promoted, not allowing him to move, not allowing him to get out for just over 6 years. All because he wouldn't give up his key.
26 months *after* he should have been allowed to leave the military, they ordered him to go to Kuait. They also ordered him to take a bunch of Anthrax shots. He refused the shots (they have done some pretty bad things to people) and they gave him a dishonorable discharge a few weeks later.
The shit of it? The commander promised that they would hold on to his computers till they can read the data. She promised that she'd have her best guys look at it every year till they figured it out. She promised that when they found what they were looking for, they'd find him and lock him up in a military prison.
Re:Hate to say 'I told you so', but... (Score:4, Interesting)
If I were a spook I would not want to figure out every message coursing through the interwebs, I would be more interested in tracking who is talking to whom. That way when I decide to piss all over peoples privacy I could seize and decrypt the accounts of the evil-doers and all their mates at slashdot. - The eternal problem that is easy to spot, is who decides what constitues evil? Are there non-binary levels of "evil", and if so what are they?
OTOH: This kind of social network monitoring and analysis has dismantled extremly vile networks involving child tourtue and sexual abuse of toddlers. Most notably in the mid 90's in Denmark where some very high profile Danes were implicated in an international child abuse network. The result in Denmark was public revultion with thousands of people attending mass protests.
How many people would peacfully tolerate privacy protection for that kind of activity sent over a global public network for profit? Should we refuse to employ bomb sniffing dogs to monitor snail mail because the dog might pick on an innocent package?
From anarchists all the way across the political spectrum to 1984, the spanish inquisition and the crucifiction of Christ, every one of us looks for nirvana in a personal "book of rules", this "nirvana rule book" only exists within the deluded individual's mind. The fact that "nirvana for all" can not be discovered through a single "book of rules" does not slow humanities enthusiaim for writing "rule books" and forcefully applying varying interpretations on to everyone they encounter. I'm not saying human nature is wrong, it just "is".
BTW: "1984" is a brilliantly insightfull book, "Animal Farm" is equally as brilliant and in my mind closer to the "truth" about ourselves.