Judge Orders Deleted Emails Turned Over

Anonymous Coward writes "In a lawsuit brought by the Federal Trade Commission, a subpoena sent to Google orders the turnover of the complete contents of a Gmail account, including deleted e-mail messages. The Judge has granted the subpoena and orders that all e-mail messages, including deleted messages, be divulged. Google's privacy policy says deleted e-mail messages 'may remain in our offline backup systems' in perpetuity. It does not guarantee that backups are ever deleted. So much for the Delete Forever button."

Easiest way to deal with this in 2 easy steps

[rikkards]

1. Stop using the web interface and enable POP
2. Start using a client and your favourite encryption software

Re:Hate to say 'I told you so', but...

[The Snowman]

This is one more reason why my email is a regular old email account and I access it via secure POP/SMTP. If I want to delete email, I can do it myself and make sure that it is gone forever. Maybe I'm paranoid. Better safe than sorry.

I think the real issue here is control. By allowing Google to control your email, you are forced to stand helpless when shit like this happens. Google may offer nice services, but do you really want to give up control over your personal data such as emails? I don't.

Re:Hate to say 'I told you so', but...

[TheSkyIsPurple]

Sorry, but If your email was ever on a computer (trust me, it was), and that computer was backed up when your email was on it (you hope it was), you're still open (oh crap).

Whoever your provider is just needs to be subpoena'd, and voila... everything you thought you removed is back in action.

POP can delete client-side

[everphilski]

... but still retain every email server-side.

Remember, Google unabashadly says it wants to index the world's knowlege. Your emails, personal or not is part of that knowlege...

Re:Easiest way to deal with this in 2 easy steps

[Mostly a lurker]

Using the POP interface to Gmail, by default keeps a copy on the server. If you override this default, it then becomes deleted email that Google's privacy policy states 'may remain in our offline backup systems' in perpetuity.

Encryption would be the way to go with email if all your correspondents would agree to cooperate. In my case, there are perhaps two people I correspond with regularly via email who might consider making the effort.

Re:Encrypt everything.

[brasscount]

Encrypt away, they'll subpoena the email, you're right. Then they'll subpoena the passphrase. If you don't comply with the subpoena for the passphrase, they'll obtain a search warrant, and find where you wrote it down, admit it, its in a card in your wallet, or in some pass store software, isn't it? Then they'll use good old fashioned forensics to decrypt the shadow cache and drag a list of passwords on your server out in the open.

And finally, if that doesn't work, they'll throw you in jail for contempt of court until such time as you do remember your passphrase.

Don't underestimate the power of the government to discover secrets, they've been in the business for years.

What concerns me more is this enforced compliance with a subpoena for a crime that might have been committed, but for which they have to conduct a search to determine if evidence exists that a crime was committed. This thing stinks to high heaven of unconstitutional and illegal search and seizure. Where are the lawyers screaming habeas corpus?

Re:Why save deleted message?

[dmatos]

As others have pointed out above and below, what happens when Google runs a standard backup program _before_ you've deleted your email? It ends up on a tape, and that tape ends up in a fire-proof vault somewhere. Pushing the "delete" button does not cause that email on that tape in that vault to suddenly self-destruct.

Sure, it could take a lot of time, but under a subpoena, Google may be forced to go through all of their archive tapes and grab every piece of data from every time period they have recorded.

the problem is Google's data retention policy

[Anonymous Coward]

Every intelligent organization saw the writing on the way years ago, and went to a 1-week backup recycling policy. That is, backups are only kept for a week, after which the media is reused for a newer backup. All staff is fully aware that if they need something from backup that they inadvertantly deleted, they have less than a week to put through the restore request.

That will, of course, prevent future historians of your organization from using those old backup archives to help develop an organizational history. It will also prevent your organization from data-mining those archives (which is why Google kept them; so much for "don't be evil").

But, and this is important, it also stops these subpoenas. You can't turn over data that you don't have.

The thing is that you have to have this policy in place before you run into any legal issues. You can't decide that you're not going to keep backups after you've been sued or otherwise have reason to believe that you'll be subpoenaed.

You have to put this policy in place, and then you have to adhere to it strictly. You can't decide to keep some backups and not others; because then if you get accused of criminal activity then any destroyed data will be seen as being discretionary and part of a cover-up. Put another way, you can only destroy data as part of routine mandatory policy, and not because you don't like that data.

And, of course, if you do get sued/subpoenaed, then you have to retain the data related to the matter from that point.

Uh, no.

[_KiTA_]

Working for an ISP, I have to point out that we have better things to spend money on than a tech sitting at our email server making backups all day every day. Our mail server currently handles around 10,000 customers and if we were going to back it up, even once, we'd need to corner the market on backup tape casettes. And that's not even pointing out that it'd be near impossible to restore.

I like (HOPE) that we're a normal ISP in this reguard.

Re:Encrypt everything.

[Threni]

http://en.wikipedia.org/wiki/Deniable_encryption [wikipedia.org]

Re:Hate to say 'I told you so', but...

[selfabuse]

I can't speak for all ISPs, but at least at the one I've worked at, it doesn't happen quite like that. The mail server is backed up daily at a specified time. Any messages that happened to be in your pop mailbox at that time would be backed up. Lets say the backups are running at midnight, and you had just checked your mail before you went to sleep at 11pm. The only mail on the backup tape would be anything you had recieved between 11pm and midnight. The stuff that we're interested in backing up on the mail server, is not in fact the customers mail. We're more concerned with the config files, and the actual OS etc, so if the server was to die, we could ressurect it easily. We generally only keep backups for a week also. They're mostly for disaster recovery, and if there was a disaster, we'd want the tape from the previous day - something several months old would probably not help, unless the machine had been hacked and we hadn't noticed it for quite a while. In a situation like that, we'd actually prefer to rebuild the box from scratch anyway.

Re:Hate to say 'I told you so', but...

[dextromulous]

IRC, is that recorded?
Yes and no. It can be, so assume it is. It is, however, normally recorded by a user or bot on the channel for archival purposes. See http://ds9a.nl/klogbot/ [ds9a.nl] for an example.

I don't know why computer communication isn't given the same legal protections as phone conversations. In most states, intercepting a phone call is illegal, and so is recording them without concent. How is communicating with a computer different than communicating with a phone?
Because in _most_ cases "computer communication" means the Internet and relies on "public" systems to relay messages. Telephone conversations, OTOH, are a "dedicated" connection between two people who have "leased" lines. You can do this with computers as well (even using quantum security, http://www.magiqtech.com/ [magiqtech.com] ,) but it is not the Internet. In the case of IRC, you are posting to a semi-public forum, not to one person over a private connection.

How can I encrypt my emails so the person recieving can read them, but everyone else can't?
GPG, PGP, etc.

Re:Hate to say 'I told you so', but...

[thatguywhoiam]

This is why I'm my own ISP (so to speak). I run my own server, and do my own backups, which I retain ONLY for disaster recovery purposes. The system is backed-up each nite, with the backup files copied to another system. After 3 days, the backups are expunged with a secure erase program. It's all automated. It never hits tape, and as such, if I delete something, it's gone. I also religiously encrypt outbound email, and ask my correspondants to encrypt mail they send to me.

That's very commendable, and worthwhile.

But just so you know...

When the NSA goes datamining, they divide the intercepted traffic into two piles: clear and encrypted. Both piles get processed. Except yours has a red flag next to it.

Better to maintain a normal usage profile and be even sneakier about important correspondance, if you are worried about it. (And you should be.) Its all hassle vs security. If you are going to that much trouble already, why not go all the way and use stego or something that doesn't scream "I am encrypted info" like PGPMail? (for example)

Re:Hate to say 'I told you so', but...

[budgenator]

Get GPG, GNU Privacy Guard [gnupg.org] installed and set up on your system; and it runs on about everything.
Then you generate a key pair one key is public and people who want to send you encrypted files or emails get it either from you or a keyserver (I think) and a private key that decrypt what the others have sent you and actually use it. If you need to know that the identity is really who you think they might be, then you need to set up a key signing party where you will;

      1. Generate A Key Pair (already done)
      2. Send Public Key To Designated Keyserver (or Coordinator)
      3. Send Public Key Info To Coordinator
      4. Show Up At The Party
      5. Verify Your Key Info
      6. Verify Everyone Else's Key Info
      7. Verify Everyone Identify for IDs You Will Sign
      8. Sign All The Verified IDs On The Verified Keys
      9. Send The Signed Keys Back Up To The Designated Keyserver (or to the key owner)

as outlined at cryptnet.net [cryptnet.net]. I've thought about telling people who send me email that my email filter thinks everything that's plain text is spam and to resend just to get to critical mass.

Re:Hate to say 'I told you so', but...

[GoofyBoy]

http://world.std.com/~reinhold/dicewarefaq.html#su bpoena [std.com]

and
from http://www.faqs.org/faqs/pgp-faq/part2/ [faqs.org]

3.21. Can I be forced to reveal my pass phrase in any legal
proceedings?

Gary Edstrom reported the following in earlier versions of this FAQ:

- -----
The following information applies only to citizens of the United
States in U.S. Courts. The laws in other countries may vary. Please
see the disclaimer at the top of part 1.

There have been several threads on Internet concerning the question of
whether or not the fifth amendment right about not being forced to
give testimony against yourself can be applied to the subject of being
forced to reveal your pass phrase. Not wanting to settle for the many
conflicting opinions of armchair lawyers on usenet, I asked for input
from individuals who were more qualified in the area. The results
were somewhat mixed. There apparently has NOT been much case history
to set precedence in this area. So if you find yourself in this
situation, you should be prepared for a long and costly legal fight on
the matter. Do you have the time and money for such a fight? Also
remember that judges have great freedom in the use of "Contempt of
Court". They might choose to lock you up until you decide to reveal
the pass phrase and it could take your lawyer some time to get you
out. (If only you just had a poor memory!)