Forgot your password?
typodupeerror

Judge Orders Deleted Emails Turned Over 600

Posted by Zonk
from the that-is-a-lot-of-mash-letters dept.
Anonymous Coward writes "In a lawsuit brought by the Federal Trade Commission, a subpoena sent to Google orders the turnover of the complete contents of a Gmail account, including deleted e-mail messages. The Judge has granted the subpoena and orders that all e-mail messages, including deleted messages, be divulged. Google's privacy policy says deleted e-mail messages 'may remain in our offline backup systems' in perpetuity. It does not guarantee that backups are ever deleted. So much for the Delete Forever button."
This discussion has been archived. No new comments can be posted.

Judge Orders Deleted Emails Turned Over

Comments Filter:
  • oh! (Score:2, Funny)

    by Janek Kozicki (722688)
    Nothing for you to see here. Please move along.

    oh, really?
  • by TripMaster Monkey (862126) * on Friday March 17, 2006 @12:35PM (#14942322)


    I TOLD YOU SO.

    I've maintained before [slashdot.org] that Google retains far too much information to make the use of Gmail anything less than a full-blown privacy nightmare. (For more information, please look here [epic.org] and here [gmail-is-too-creepy.com].)

    And now, the chickens have come home to roost. From TFA:
    The subpoena asks for not only current e-mail but also deleted e-mail: "All documents concerning all Gmail accounts of Baker...for the period from Jan. 1, 2003, to present, including but not limited to all e-mails and messages stored in all mailboxes, folders, in-boxes, sent items and deleted items, and all links to related Web pages contained in such e-mail messages."
    A stunning victory for the Establishment and a horror show for private citizens everywhere. Welcome to 1984.

    And before you start, please don't object that the person affected is a defendant in a criminal proceeding, because that's quite beside the point. The point is that Google has this information on you, and will hand it over upon request. This vindicates the caterwauling of all the privacy advocates concerning Google and Gmail, and establishes a dangerous legal precedent. Remember, as our 'inalienable' rights are systematically stripped away by the architects of the New World Order, more and more of the things you do become 'illegal'...and subject to criminal persecution...er...prosecution. It might not be long before you are being referred to as 'defendant'...what will you think of your Gmail account then?
    • This is one more reason why my email is a regular old email account and I access it via secure POP/SMTP. If I want to delete email, I can do it myself and make sure that it is gone forever. Maybe I'm paranoid. Better safe than sorry.

      I think the real issue here is control. By allowing Google to control your email, you are forced to stand helpless when shit like this happens. Google may offer nice services, but do you really want to give up control over your personal data such as emails? I don't.

      • by eln (21727) on Friday March 17, 2006 @12:42PM (#14942403) Homepage
        Your ISP presumably backs up customer mail on a regular basis, and keeps those backups for God knows how long. POP accounts are no more secure than webmail accounts when talking about "deleted" mail.
        • by malchus842 (741252) <stephen@adamsemail.net> on Friday March 17, 2006 @01:14PM (#14942744) Homepage

          This is why I'm my own ISP (so to speak). I run my own server, and do my own backups, which I retain ONLY for disaster recovery purposes. The system is backed-up each nite, with the backup files copied to another system. After 3 days, the backups are expunged with a secure erase program. It's all automated. It never hits tape, and as such, if I delete something, it's gone.

          I also religiously encrypt outbound email, and ask my correspondants to encrypt mail they send to me.

          Now, don't get me wrong - I don't think this is 100% secure, but it sure beats letting Google/Comcast/AT&T/Earthlink/MSN or whoever determine what gets kept and what doesn't.

          I would never change back - come what may, as long as owning a server is legal, that's how I'm getting my email. And if they try to make it illegal, well, Jefferson told us how to deal with that problem.

          • by thatguywhoiam (524290) on Friday March 17, 2006 @02:55PM (#14943728)
            This is why I'm my own ISP (so to speak). I run my own server, and do my own backups, which I retain ONLY for disaster recovery purposes. The system is backed-up each nite, with the backup files copied to another system. After 3 days, the backups are expunged with a secure erase program. It's all automated. It never hits tape, and as such, if I delete something, it's gone. I also religiously encrypt outbound email, and ask my correspondants to encrypt mail they send to me.

            That's very commendable, and worthwhile.

            But just so you know...

            When the NSA goes datamining, they divide the intercepted traffic into two piles: clear and encrypted. Both piles get processed. Except yours has a red flag next to it.

            Better to maintain a normal usage profile and be even sneakier about important correspondance, if you are worried about it. (And you should be.) Its all hassle vs security. If you are going to that much trouble already, why not go all the way and use stego or something that doesn't scream "I am encrypted info" like PGPMail? (for example)

            • Just send all "private" emails like this...

              First line is "I hate your fucking guts"

              Then the attachment of goatse/tubgirl, which contains the real message...

              I mean, who the fuck is going to spend a lot of time staring at tubgirl???
            • When the NSA goes datamining, they divide the intercepted traffic into two piles: clear and encrypted. Both piles get processed. Except yours has a red flag next to it.

              Ridiculous! Do you really think that the NSA is trying to crack ALL encrypted traffic? Yes, I know about the "spying on americans" issue and all that. But think about it from a labor standpoint.

              There are many many "normal" uses of encryption that go on every single day.
              - SSH
              - SSL
              - PGP
              - VPN


              If you think the NSA is looking at ev
              • by TapeCutter (624760) on Friday March 17, 2006 @10:46PM (#14946405) Journal
                I was in full agreement up until: "...much less analyze it in any form"

                If I were a spook I would not want to figure out every message coursing through the interwebs, I would be more interested in tracking who is talking to whom. That way when I decide to piss all over peoples privacy I could seize and decrypt the accounts of the evil-doers and all their mates at slashdot. - The eternal problem that is easy to spot, is who decides what constitues evil? Are there non-binary levels of "evil", and if so what are they?

                OTOH: This kind of social network monitoring and analysis has dismantled extremly vile networks involving child tourtue and sexual abuse of toddlers. Most notably in the mid 90's in Denmark where some very high profile Danes were implicated in an international child abuse network. The result in Denmark was public revultion with thousands of people attending mass protests.

                How many people would peacfully tolerate privacy protection for that kind of activity sent over a global public network for profit? Should we refuse to employ bomb sniffing dogs to monitor snail mail because the dog might pick on an innocent package?

                From anarchists all the way across the political spectrum to 1984, the spanish inquisition and the crucifiction of Christ, every one of us looks for nirvana in a personal "book of rules", this "nirvana rule book" only exists within the deluded individual's mind. The fact that "nirvana for all" can not be discovered through a single "book of rules" does not slow humanities enthusiaim for writing "rule books" and forcefully applying varying interpretations on to everyone they encounter. I'm not saying human nature is wrong, it just "is".

                BTW: "1984" is a brilliantly insightfull book, "Animal Farm" is equally as brilliant and in my mind closer to the "truth" about ourselves.
            • by SiMac (409541)
              If the NSA could decrypt GPG-encrypted messages, it would have to have one of the following three things:

              1. A miraculous mathematical advance that made the factoring of the product of two extremely large prime numbers much easier. (Unlikely.)
              2. A quantum computer. (More unlikely.)
              3. More conventional computer power than the rest of the world combined. (Extremely unlikely.)

              All three are completely unrealistic. It is doubtful that the NSA can crack PGP, unless it's through a weakness in one of the symmetric c
              • 3. More conventional computer power than the rest of the world combined. (Extremely unlikely.)

                I'll agree that the NSA certainly doesn't have more general purpose computing power than the rest of the world combined, but I suspect that they may have more special purpose computing power. The NSA uses a lot of custom hardware and has access to significant microprocessor fabrication capacity, and when you're looking at integer factorization, it's not unreasonable to expect a hundred-fold increase in performance
        • Uh, no. (Score:3, Informative)

          by _KiTA_ (241027)
          Working for an ISP, I have to point out that we have better things to spend money on than a tech sitting at our email server making backups all day every day. Our mail server currently handles around 10,000 customers and if we were going to back it up, even once, we'd need to corner the market on backup tape casettes. And that's not even pointing out that it'd be near impossible to restore.

          I like (HOPE) that we're a normal ISP in this reguard.
        • I can't speak for all ISPs, but at least at the one I've worked at, it doesn't happen quite like that. The mail server is backed up daily at a specified time. Any messages that happened to be in your pop mailbox at that time would be backed up. Lets say the backups are running at midnight, and you had just checked your mail before you went to sleep at 11pm. The only mail on the backup tape would be anything you had recieved between 11pm and midnight. The stuff that we're interested in backing up on the mai
      • Sorry, but If your email was ever on a computer (trust me, it was), and that computer was backed up when your email was on it (you hope it was), you're still open (oh crap).

        Whoever your provider is just needs to be subpoena'd, and voila... everything you thought you removed is back in action.
    • I agree with you that gmail takes way too many liberties with personal privacy, but really any mail system other than your own will have a similar issue. Presumably, all of the webmail providers backup their data, and store it offline for unspecified lengths of time, and presumably they would all be subject to subpoenas for that information.

      Even if you store mail on your own servers, there is no guarantee that the same mail isn't stored somewhere else, such as say the Sent Messages folder of whoever sent i
    • Sigh (Score:3, Insightful)

      by Benanov (583592)
      Time to cancel some webmail accounts. I'm sure Yahoo and/or MSN (which I quit using long ago) will do this too.

      I doubt I can set up my own MTA...any good howto's out there, or should I *urp* google it? :)
    • A stunning victory for the Establishment and a horror show for private citizens everywhere. Welcome to 1984.

      TMM - I've got you on my friend's list, but I've gotta be honest, this is hardly a Google thing. Any large free provider - Hotmail, Yahoo, etc. have massive backup libraries going back months if not years. Short of running your own mail server, this sort of backup is inevitable.

      A stunning victory for the Establishment and a horror show for private citizens everywhere. Welcome to 1984.

      Here, I ag

      • Wow, that was bad editing. First quote should have been I've maintained before [slashdot.org] that Google retains far too much information to make the use of Gmail anything less than a full-blown privacy nightmare.

        BTW - TMM - how many first-posts have you racked up? ;)

    • Before you fly off the handle here, keep in mind that Google has only been ordered to produce the emails. What will be interesting is whether or not Google is able to produce the emails. If so, how many of them will they be able to retrieve? The subpoena itself - which is scary, but unfortunately a part of the legal system - is really secondary to this. A judge can't magically make deleted data reappear, no matter what they order. But if the data is not deleted... well... then your fears are fully justified.

      I've always wondered if that clause was more of a CYA clause meant to get around the fact that plenty of stuff may remain in the GoogleFS for a period of time after it has been "deleted", but without a live index. The results here may very well show if that is true or not.
    • Google retains far too much information to make the use of Gmail anything less than a full-blown privacy nightmare

      Why more so than Hotmail, Yahoo, or any other webmail? I'm sure all their "privacy" promises are at least as loose as Google's. It only remains a question how much data Google has actually retained. Though they don't guarantee to delete mail when trashed, in practice they probably do eventually, and the case concerns events two or three years ago.

      • by vux984 (928602) on Friday March 17, 2006 @01:02PM (#14942627)
        Why more so than Hotmail, Yahoo, or any other webmail? I'm sure all their "privacy" promises are at least as loose as Google's.

        While any ISP, including your local pop3 box provider would likely comply with this request...

        Only google claims to want to "organize all the worlds information", including the information *you* no longer value, like old emails you've deleted. They have value to them for their profiling/advertising efforts.

        While any ISP *might* have an incidental backup of your email going back 3 years. Google is the only one that is likely to be systematically going to the trouble of keeping your email, all of it, going back forever.

        It only remains a question of how much data Google has actually retained. Though they don't guarantee to delete mail when trashed, in practice they probably do eventually, and the case concerns events two or three years ago.

        Exactly. No other ISP is likely to be able to produce much more than an incidental or partial backup that far back; but nobody here will be surprised if Google can bring back everything. (Complete with relevant ads down one side.)

        • by 1u3hr (530656) on Friday March 17, 2006 @02:24PM (#14943426)
          Only google claims to want to "organize all the worlds information", including the information *you* no longer value, like old emails you've deleted. They have value to them for their profiling/advertising efforts.

          A supposition. What's the point of matching ads to messages you've already deleted; meaning you will never display them again? If they wanted to process them for their "profile" they would already have done that. It seems more likely to me that Google does intend to delete trashed messages, but just doesn't want to promise exactly when they'll get around to it. Maybe a scheduled garbage collection once an hour/week/month. Anyway, this case may reveal just how it works.

          • A supposition.

            But not one made completely off the cuff.

            What's the point of matching ads to messages you've already deleted; meaning you will never display them again?

            Matching ads to *them* nothing. But they don't match ads based on the content of a single message; its based on the aggregate information you have, fine tuned by whats in a particular message.

            If I receive 200 messages about vampire bats and then you send me a "Hey! Whats up?" they can show me some ads about bats, because nothing else is more re
    • by MyNymWasTaken (879908) on Friday March 17, 2006 @12:45PM (#14942440)
      If you're concerned about your privacy, why are you sending sensitive information in the clear over email; through any provider?

      Use PGP!

      And would you mind telling me how gmail is any different than hotmail or yahoo mail in regards to managent's access to email contents?

      what will you think of your Gmail account then?

      "I refuse to divulge my PGP private key & passphrase."
      • "I refuse to divulge my PGP private key & passphrase."

        That's ok, we'll just subpoena you're personal computer, PDA, desk, cell phone, etc. to find your private key. I'm sure there's a copy of it around here somewhere.

        Oh, and this is Jack Bauer. He'll be asking you for your passphrase in Holding Room B.

        • Something like this happened to a friend of mine. We were in the military, living on-base in an overseas location. He was probably into some bad shit; we all were back then. Before we knew it was bad we were portscanning and mailbombing people just because it was "fun". Anyway...

          So, he gets charged with some violation of some regulation. They come in and seize two desktops, a laptop, a printer, a monitor, KVM, and anything else computer related. They even took the keyboard and mouse. They took his fu
      • "I refuse to divulge my PGP private key & passphrase."

        of course, followed by:

        "And stop torturing me in this secret eastern european prison, #@##$$%!"

      • http://world.std.com/~reinhold/dicewarefaq.html#s u bpoena [std.com]

        and
        from http://www.faqs.org/faqs/pgp-faq/part2/ [faqs.org]

        3.21. Can I be forced to reveal my pass phrase in any legal
        proceedings?

        Gary Edstrom reported the following in earlier versions of this FAQ:

        - -----
        The following information applies only to citizens of the United
        States in U.S. Courts. The laws in other countries may vary. Please
        see the disclaimer at the top of part 1.

        There have been several threads on Internet concerning the question of
        whether or not the
    • This sounds to me like some two-bit lawyer looked at his Outlook to try to figure out everywhere an email could possibly be. "...sent items and deleted items..." sounds to me like a list of two folders. In a normal email client, something in you "deleted items" isn't really deleted. The difference is that GMails 'delete forever' isn't really like deleting from deleted items, it just hides the message.

      This is bad phraseology and bad lawyering. It will create bad law, but its not the end of society as we
    • by Alaren (682568) on Friday March 17, 2006 @12:47PM (#14942456)

      I agree that there are definite privacy concerns about GMail. What I think you're doing, however, is mistaking Google's full disclosure for some kind of unique and sinister plot.

      Google warns that "delete forever" does not mean that the message is necessarily gone. Their offline backup servers may contain copies of your messages in perpetuity. Can you think of why this might be?

      Because I can. Like any responsible data company, they don't want you to lose important data... so they back it up. Independently. Into offline storage. And when you click the "delete forever" button, your message is not magically removed from media that is not connected to the system.

      Google discloses this all very plainly. I use gmail, and while I guard my privacy, I recognize that electronic communication of any kind flat out has different risks than other kinds of communication. Life is full of risks, but the risks you take with Google are much easier to calculate than the risks you take with other companies.

      Specifically, do you think Hotmail has an offline backup system? Yahoo? Juno? If they don't, you may lose some very important data... but I suspect that they do, and if they do, then they have this exact same problem When you delete things from their servers, do their tapes or whatever magically erase the same stuff?

      Of course not.

      But I don't see them warning anyone about that fact... so pick your poison. Google could probably violate your privacy at some point or another, and they are telling you that up front. Any other service you use could do the very same thing, but I don't see them coming right out and admitting it. Do you?

      • Google warns that "delete forever" does not mean that the message is necessarily gone. Their offline backup servers may contain copies of your messages in perpetuity. Can you think of why this might be?

        Because I can. Like any responsible data company, they don't want you to lose important data... so they back it up.



        Google isn't being exactly 100% altruistic. They are a corporation, so if you want to determine their motivation for any particular thing, look at what motivates all corporations: money.
      • by Hollins (83264) on Friday March 17, 2006 @02:15PM (#14943336) Homepage
        Like any responsible data company, they don't want you to lose important data... so they back it up. Independently. Into offline storage. And when you click the "delete forever" button, your message is not magically removed from media that is not connected to the system.

        I'm not buying it. Here's a way to test your theory. Delete an email message with a large pdf attachment. Wait a few days and contact Google. Tell them you had a hard drive failure and a message you deleted contained the only copy of your Ph.D. thesis. Beg, plead, cajole. Offer them anything.

        I'll bet you a beer you won't get the message back. Google's long-term data retention policies have nothing to do with altruistic measures to protect users from data loss.

    • Why should I care if they have backups of recipes from my mom? If I was planning the next revolution, I hope I'd use a different kind of communications system, not plan-text emails from a commercial Web provider. Why is it a victory for the "Establishment" if I don't care who reads some of my emails?
      • by geoffspear (692508) on Friday March 17, 2006 @01:02PM (#14942619) Homepage
        Erosion of the expectation of privacy actually diminishes your rights to privacy. The 4th Amendment's use the the word "unreasonable" to describe what sorts of searches and seizures are forbidden makes this a problem.

        What someone in 1789 considered "reasonable" might be very different from what someone today considers "reasonable". Imagine what sort of things a person will consider to be "reasonable" when they grew up expecting that the government would read their personal email and that they shouldn't care because they've got nothing to hide.

    • But but but, Google has a web page that says they won't be evil! This can not be!
    • by szembek (948327) on Friday March 17, 2006 @12:50PM (#14942488) Homepage
      The point is that Google has this information on you, and will hand it over upon request

      I think this would be better stated if you replace "will hand it over upon request" with "must hand it over when ordered to by a judge". I see a big difference there.
    • by IDontAgreeWithYou (829067) on Friday March 17, 2006 @12:53PM (#14942524)

      Yeah, I mean you wouldn't want the following email message to get out into the public

      to: MOM
      from: TripMasterMonkey
      Subject: Second Post :(


      Mom, I only got second post on the slashdot story about Gmail. Well, at least I got +5 interesting for mentioning 1984. If you need me, I'll be in the basement. A new story is coming out in 5 minutes and I have to do some serious copying and pasting and then mention privacy concerns. See you upstairs later tonight for dinner.

      Love, Your son TMM ^_^
    • by serutan (259622) <snoopdougNO@SPAMgeekazon.com> on Friday March 17, 2006 @12:56PM (#14942555) Homepage
      Maybe I'm missing something, but since when does email exist in a different universe than any other kind of mail? Courts have always had the power to subpoena (or whatever the legal term is) personal correspondence. This new ruling doesn't require Google to keep anybody's email forever, Google already does that on their own. The court is simply demanding to see specific correspondence during a specific time period. Same as it could demand a stack of love letters in someone's dresser drawer. People who want to keep their mail secret forever should burn it, and those same people shouldn't use GMail.
      • Like I always say, "If you want to keep a secret, don't tell anyone." Or it's corollary, "I only trust me and you, and I'm not sure about you..."

        If you don't people to know shit, don't record it, whether in writing, email, audio, or anything else. Otherwise there is the risk it will come back to haunt you.
    • by MobyDisk (75490) on Friday March 17, 2006 @01:05PM (#14942648) Homepage
      Mod down this alarmist. Records are subpoenaed all the time in criminal cases. There's nothing special about this case whatsoever. This shouldn't even be on Slashdot since this happens every single day.
      I've maintained before that Google retains far too much information to make the use of Gmail anything less than a full-blown privacy nightmare.
      Google doesn't claim that your email will remain private against government subpoenaes! Why does that make it a privacy nightmare? Hint: If you don't want it to be evidence against you, don't store it unencrypted on private company email servers. On a related note, don't write it down and lock it in a drawer, don't hide it under the mattress, and don't put it in a safe deposit box under your name. None of these things are safe from a subpoena.
      And before you start, please don't object that the person affected is a defendant in a criminal proceeding, because that's quite beside the point.
      Actually, that is the entire point. I would agree with you if this were Google being pressured or requested to give the information. But this was done with the proper documentation from a judge in a court of law. The fact that you hand wave it away and blame Google is quite beside the point.
    • by SydBarrett (65592) on Friday March 17, 2006 @01:41PM (#14943000)
      oh no the super evil gubermints have won by making us use teh gmails and outlawed all other email serviceZ and googles didn't say what they were doing with the email and you don't need a court odor to OH WAIT

      You guys ever hear of a search warrant? A signed one of those can let people in your FUCKING HOUSE, nevermind your email. IT'S SCARY!

      Oh, nice use of both "New World Order" and 1984 in one post. I award you double kook points for that.
  • by rikkards (98006) on Friday March 17, 2006 @12:37PM (#14942342) Journal
    1. Stop using the web interface and enable POP
    2. Start using a client and your favourite encryption software
  • by MyNymWasTaken (879908) on Friday March 17, 2006 @12:38PM (#14942350)
    All email messages exist in perpetuity. They can be stored as backups in any server that they touch between the sender & the receiver.

    If you're concerned about the contents of your emails being divulged - USE (open/gnu/etc...)PGP!

    If that is still too insecure for you, meet the recipient in the middle of the park for a strolling conversation; and don't forget the white noise generator.
    • Please !!!! (Score:5, Interesting)

      by powerlord (28156) on Friday March 17, 2006 @12:40PM (#14942375) Journal
      Someone think of the poor people that will have to read through all the spam that goes through one mailbox!!!

      Heck ... I can picture the defense getting a 80GB archive tape and being told that was all messages recieved. Yes, 99.999% of them are spam. Enjoy.

      Talk about burying the opposition in paperwork.
    • If that is still too insecure for you, meet the recipient in the middle of the park for a strolling conversation; and don't forget the white noise generator.

      I prefer the Cone of Silence [wikipedia.org] to secure my communications.

  • This is Why... (Score:5, Insightful)

    by eno2001 (527078) on Friday March 17, 2006 @12:38PM (#14942352) Homepage Journal
    ...it makes much more sense to run your own mail server. That's what I do. I don't trust ANYONE but myself with my mail.
    • Re:This is Why... (Score:5, Insightful)

      by tgd (2822) on Friday March 17, 2006 @01:43PM (#14943012)
      And what about your mail sitting in relays on the net? I'd bet at least once in a while one of those gets picked up by a backup system.

      If you want to tell someone something securely, you need to make up a language only you two know and whisper it in their ear.

      What you're doing is only marginally more secure (and enormously more of a pain in the ass) than using GMail. At least when a disk croaks at Google you won't lose your mail. Disk croaks at your house, its gone.

      Oh wait, you have backups? Did your e-mails you deleted off your home system magically get deleted off of them, too?
  • by taylor_venable (911273) on Friday March 17, 2006 @12:39PM (#14942356) Homepage
    With everything that's been going on lately, it sounds like the American government really wants to take Google down in the war of public opinion. The gov't just keeps trying to make them look worse and worse. And since the American courts typically just allow the gov't to do whatever it wants, they're winning.
  • U R pwned. (Score:5, Interesting)

    by Bob Cat - NYMPHS (313647) on Friday March 17, 2006 @12:40PM (#14942365) Homepage
    Hey, I happen to know YOUR company does backups! You deleted your mail from the server, but you didn't hunt down those tapes in the vault, did you? Huh?

    Does NO ONE remember Ollie North and the White House PROFS system? 20 years later, and people still think incriminating data will always just go away when you desire.

    INFORMATION WANTS TO BE COPIED.
  • by benjjj (949782)
    Might Google be under some sort of secret agreement with the gov't to hold on to emails, just for circumstances like these? It really doesn't make much sense from a storage perspective to keep around tons of deleted emails. If I were Google, the Delete Forever button would clear any deleted email off of my very crowded storage systems at the same time that it clears it out of a user's inbox.
  • by mcrbids (148650)
    This is why I have almost always had my OWN PRIVATE MAIL SERVER, used by myself, friends, and family.

    Perhaps it's overkill for the average Joe, but as a technology provider anyway, keeping my own server is economical, and provides me strong assurances of privacy.

    I've NEVER trusted Gmail, Hotmail, or any other hosted application. I've never trusted those 3rd party "webmail gateways" that let you use your email address via a website.

    It's not paranoia, it's just understanding that anybody who's not really on y
  • by Blackknight (25168) on Friday March 17, 2006 @12:42PM (#14942398) Homepage
    If you don't want other people to read your mail, encrypt it. They can subpoena your mail all they want, but without the private keys they won't be able to read it.
    • by brasscount (805811) on Friday March 17, 2006 @12:56PM (#14942549)
      Encrypt away, they'll subpoena the email, you're right. Then they'll subpoena the passphrase. If you don't comply with the subpoena for the passphrase, they'll obtain a search warrant, and find where you wrote it down, admit it, its in a card in your wallet, or in some pass store software, isn't it? Then they'll use good old fashioned forensics to decrypt the shadow cache and drag a list of passwords on your server out in the open.

      And finally, if that doesn't work, they'll throw you in jail for contempt of court until such time as you do remember your passphrase.

      Don't underestimate the power of the government to discover secrets, they've been in the business for years.

      What concerns me more is this enforced compliance with a subpoena for a crime that might have been committed, but for which they have to conduct a search to determine if evidence exists that a crime was committed. This thing stinks to high heaven of unconstitutional and illegal search and seizure. Where are the lawyers screaming habeas corpus?
  • by kalirion (728907) on Friday March 17, 2006 @12:42PM (#14942402)
    Hey buddy, Here's that kiddy porn you wanted. -Anonymous
  • Honestly, who doesn't have backups of their email systems. When you run an Exchange server, you always backup the store. If I create a backup on March 1st and you delete an email on March 2nd, then I still have a copy of that email. EVERYONE does that. Yahoo, Hotmail, Bigfoot, and Gmail all make backups of their email storage. So if you delete a message before it is backed up, there is still a copy that can be restored.

    The REAL question is, how long do they keep their backups? I have 4 tape sets of fu
  • by Tackhead (54550) on Friday March 17, 2006 @12:45PM (#14942447)
    "Doing No Evil - a HOWTO Guide, presented in Socratic Dialogue form, courtesy of Zaphod Beeblebrox"

    Google: The gmail documents may remain present in our offline backup system.
    IRS: I eventually had to go down to the cellar...
    Google: That's the offline backup system's machine room.
    IRS: ... with a torch.
    Google: Ah, the lights had probably gone.
    IRS: So had the stairs.
    Google: But you found the tape, didn't you?
    IRS: Yes. It was backed up on paper tape stored in the bottom of a locked drawer beneath a PC04/PC05 tape reader with a dot-matrix printed sign on the door saying 'ACHTUNG! ALLES LOOKENSPEEPERS.' Ever thought of going into search technology?

  • Baleeted! (Score:3, Funny)

    by RyoShin (610051) <`tukaro' `at' `gmail.com'> on Friday March 17, 2006 @12:47PM (#14942459) Homepage Journal
    Let's hope that the U.S. Government never goes after Strongbad, or he could be in trouble.
  • by tod_miller (792541) on Friday March 17, 2006 @12:48PM (#14942466) Journal
    I gaurantee 100% of other email systems keep you 'deleted' emails in backups.,

    100%, why?

    Because it would time effort when you delete an email togo back and remove it from backups.

    Just because google is the only one who drew light to this matter, doesn't mean that they are:

    The first
    The only

    But the comments on here give me the impression that you guys think otherwise.

    Does your own backup handle emails intelligently? Does it know not to backup deleted emails? (I am not saying it is impossible for mail server backups may do on account of space, who knows). But that is deleted emails.

    What about will have soon to have been deleted emails? (red dwarf on temporal paradox)

    You can go back and fetch that magnetic tape all over again, so wipe that smug 'my backup doesn't touch the trach folder' smile of your face you overweight fucking IT tech.
  • how appropriate! (Score:5, Interesting)

    by corbettw (214229) <corbettw@y a h o o . c om> on Friday March 17, 2006 @12:49PM (#14942482) Journal
    Considering my first meeting today was regarding how best to redesign the mail system to make it easier to comply withsubpoenas in the future. Step one of that redesign: turn off the backups!

    Just more proof that the 'e' in email doesn't stand for 'electronic', it's 'evidence'.
  • Procedural Note (Score:5, Insightful)

    by EconomyGuy (179008) on Friday March 17, 2006 @12:53PM (#14942525) Homepage
    It's worth noting that this fight isn't over yet. The defendant has lost his motion to squash the subpoena based on a privileged communications argument. That's really not surprising... the argument is tantamount to saying "I receive letters from my lawyer in the mail, so you can't have any of my mail." It's just not gonna fly in our civil justice system which has very liberal rules of discovery.

    However, based on the article Google has not yet had the opportunity to respond to the subpoena. The third party can always move to squash, and that's where things will get interesting. Will Google be able to convince the court that certain messages are deleted and thus not retrievable. Or, perhaps, that the defendant believed he was deleting the messages and thus deserves to have the messages kept under lock?

    These are questions only Google, as the third party, can raise. Now that the judge has issued the subpoena, Google is in a position to actually make those motions. And, if my legal education is worth anything, my money says Google/defendant will appeal if they lose because it's such a new area of the law that an Appeals Court really ought to announce a legal precedence.
  • by PhYrE2k2 (806396) on Friday March 17, 2006 @12:55PM (#14942543)
    Yippee? SO they're asking for older backups from Google (as much as they have) in order too look at e-mail that may have been deleted in some sort of scramble before the order was in place. So what? Guess what? They order a history of transactions from your bank; They order a history of credit card purchases; They order a list of telephone calls from your telephone carrier; They order a list history from your ISP or employer.

    So what? They're asking for a bit of a backlog. This is no surprise
  • The moral (Score:3, Funny)

    by TheCarlMau (850437) on Friday March 17, 2006 @12:57PM (#14942570) Homepage
    The moral of this story is to never write down anything you don't want copied or seen by other eyes. I mean, look at the ancient Egyptians. We are reading their words today and they are hidden in booby-trapped tombs!
  • by Lord Bitman (95493) on Friday March 17, 2006 @01:03PM (#14942634) Homepage
    Giving someone access to *cough*"deleted" mail is no worse than giving them access to mail in the first place.
    If you want to argue about something, say that they have no right to go digging through someone's mail looking for maybes.
  • No suprise (Score:3, Insightful)

    by Todd Knarr (15451) on Friday March 17, 2006 @01:05PM (#14942649) Homepage

    This isn't a suprise. What Google's policy says is simple and obvious: "We make backups of our systems. That includes data files like your mailbox. We archive the backups on a rotating schedule that you don't know, so don't go assuming you know when any particular day's backup will be wiped. And we don't go back and alter those backups when you modify your data, so don't assume that deleting something today makes it disappear from all backups back to the beginning of time (or the inception of our service).". This subpoena is no different from a standard subpoena to a company asking for all documents including archived copies. If you wrote a memo, it got archived and then later you decided to shred your copies of the memo, the archived copies still have to be turned over in response to the subpoena. And note that GMail's not special in this regard. If you recieve your e-mail through your ISP and use their POP3/IMAP server to get it, it's probably backed up the same way and subject to the same risk of being subpoena'd

    First rule: if you want control over your data and when it's destroyed, you must never allow it onto systems which you don't control.

  • by ShyGuy91284 (701108) on Friday March 17, 2006 @01:07PM (#14942664)
    I was rather concerned with how the speaker on the BBC special about Google stepped around the question about retained search history from users by identifyable means (They didn't say what it was, and I'm not very familiar with web technology, so might be IP or MAC (maybe not), Idk). Emails are one thing, but I think most have googled something they are ashamed of or wouldn't want others knowing about. Yes, they know you searched for "ultra-midgest-fetsh" last night, and may use it in the future against you.
  • by backwardMechanic (959818) on Friday March 17, 2006 @01:07PM (#14942666) Homepage
    There's now more spam than legitamate email in the world, right? And we're all using spam filters, yes? Why not forward all your spam to a gmail account. If enough of us do it, google will see such a drop in SNR that there won't be any point storing all those old emails. What's that you say? Still not enough data to fill the mighty google? Set your random number generator to stun...
  • by sceptre1067 (197404) on Friday March 17, 2006 @01:09PM (#14942688) Journal
    Does anybody use voice mail provided to them from their cell phone or landline phone provider?

    Where is that data stored?

    Has any telco been ordered by a court to turn over that voice data?

    Just curious...
    • by MrNougat (927651) <ckratsch AT gmail DOT com> on Friday March 17, 2006 @01:53PM (#14943115)
      At a former employer, we moved from a PBX phone system to a VoIP (internal) phone system. In the VoIP system, voicemails were saved as .WAV files to a voice server, and also emailed to the recipient.

      The company I worked for had come under subpoena in the past, and a lot of effort was expended to retrieve the data the subpoena requested. With the PBX, once a voicemail is deleted, it was gone. Not so with the VoIP system - voicemails would be found on the phone server, on mail servers, on workstation email client cache, and anywhere that end users decided to save the WAV files - and any backup tapes for the above. If another subpoena occurred, we may have been responsible to discover, transcribe and deliver information about voicemails going back to the beginning of the VoIP system.

      That would be horrendously expensive. In order to circumvent this, investment was made in a third party system that would strip voicemail files out of everything. They wouldn't be backed up to tape they would be deleted from any system after some time period (30 days?). That way, we could state such in our data retention policy, and any subpoena including voicemails would only go back 30 days, and not forever.

      If you don't have the data, and are destroying it in accordance with a data retention policy, it can't be subpoenaed.

      I know this is all somewhat tangential to your question, but I figured you might find it interesting.
  • What privacy? (Score:5, Interesting)

    by frinkacheese (790787) * on Friday March 17, 2006 @01:12PM (#14942722) Journal

    Look folks.. Privacy simply does not exist. You'll get your search terms read, email copied, if you encrypt you have to give over the keys and if you don't then you get put into prison anyway.

    Your phone will be tapped, mobile will be tracked, cars followed with "traffic enforcement cameras". Your DNA will be on file, biometrics saved and your Underground trips logged.

    Everywhere you go there are CCTV cameras, face recognition. Your purchases are tracked with credit cards, store loyalty cards and RFID tags. Your bank transactions are flagged if they look interesting and the tax people peer into your account looking for money that suddenly appears.

    1984 got here, oh, 22 years ago now...

  • by DaveJay (133437) on Friday March 17, 2006 @03:28PM (#14943960)
    Okay, so let's say we did want to send emails to a small group of people without it coming back to haunt us. This is a lot of work, but then, if you want to do something illegal, you'll probably consider it reasonable.

    First: set up a computer on a residential connection that sends all logs to /dev/null (after you finish setting it up, of course -- heh) and only offers one outward-facing service: ssh.

    Second: set up local accounts for all the people you want to communicate with, and limit them reading their mail locally via ssh only.

    Third: Show each user how to read the email by sshing into the machine and reading the text mails with vi, or with mutt, or some other command-line emailer.

    Fourth: Create an iso that can be used to set the box back up from scratch to the current config, and that performs the install without user intervention, and employs a disk-wiping mechanism during the install.

    Fifth: Set the computer to boot from CD first, and a cron job to reboot the machine every night at 2am.

    Now you can happily send email to each other all day long. Every evening, the box reboots, wipes itself, and reloads everything, so mail isn't stored locally for more than 22 hours or so, limiting the amount of incriminating evidence on the machine. Even if the machine's traffic is captured and stored, the encryption is via ssh, so you can't provide your private key for decryption -- there isn't one.

    Your only real concerns now are ssh exploits, weak passwords, and your cohorts cut and pasting content from the ssh session onto their local computer. But then, if they'd do that, there are probably lots of other ways they're screwing up the heist. ;)

    Also, having never actually done anything like this, it's pure speculation. Someone tell me why it won't work. :)
  • by YesIAmAScript (886271) on Friday March 17, 2006 @05:15PM (#14944875)
    And they simply must take steps to ensure they cannot fulfill the request. And I don't mean Andersen shredding documents.

    I mean this: if it can be done, the court may compel to you do it. So Google says "we'll keep it, but we won't do anything with it". Even if you believe them, the court may make them do something with it. So they simply can't keep it.

    Same with DRM. Sony says "Yeah, a Blu-Ray disc can be made that will deactivate your player's ability to play discs, but we'd never do that." Well, they may not, but a company whose IP was breached may compel Sony to do it. Sony's only real way to avoid this is to not make it possible in the player.

    Companies need to take the long view. They want to keep all their options open, but they're just going to end up making a product where the law can compel them to bone customers, and the customers will feel burned eventually.

    Stop holding so much control, it's the only way forward.

Hard work never killed anybody, but why take a chance? -- Charlie McCarthy

Working...