Judge Orders Deleted Emails Turned Over 600
Anonymous Coward writes "In a lawsuit brought by the Federal Trade Commission, a subpoena sent to Google orders the turnover of the complete contents of a Gmail account, including deleted e-mail messages. The Judge has granted the subpoena and orders that all e-mail messages, including deleted messages, be divulged. Google's privacy policy says deleted e-mail messages 'may remain in our offline backup systems' in perpetuity. It does not guarantee that backups are ever deleted. So much for the Delete Forever button."
Easiest way to deal with this in 2 easy steps (Score:4, Informative)
2. Start using a client and your favourite encryption software
Re:Hate to say 'I told you so', but... (Score:3, Informative)
This is one more reason why my email is a regular old email account and I access it via secure POP/SMTP. If I want to delete email, I can do it myself and make sure that it is gone forever. Maybe I'm paranoid. Better safe than sorry.
I think the real issue here is control. By allowing Google to control your email, you are forced to stand helpless when shit like this happens. Google may offer nice services, but do you really want to give up control over your personal data such as emails? I don't.
Re:Hate to say 'I told you so', but... (Score:3, Informative)
Whoever your provider is just needs to be subpoena'd, and voila... everything you thought you removed is back in action.
POP can delete client-side (Score:3, Informative)
Remember, Google unabashadly says it wants to index the world's knowlege. Your emails, personal or not is part of that knowlege...
Re:Easiest way to deal with this in 2 easy steps (Score:5, Informative)
Encryption would be the way to go with email if all your correspondents would agree to cooperate. In my case, there are perhaps two people I correspond with regularly via email who might consider making the effort.
Re:Encrypt everything. (Score:5, Informative)
And finally, if that doesn't work, they'll throw you in jail for contempt of court until such time as you do remember your passphrase.
Don't underestimate the power of the government to discover secrets, they've been in the business for years.
What concerns me more is this enforced compliance with a subpoena for a crime that might have been committed, but for which they have to conduct a search to determine if evidence exists that a crime was committed. This thing stinks to high heaven of unconstitutional and illegal search and seizure. Where are the lawyers screaming habeas corpus?
Re:Why save deleted message? (Score:3, Informative)
Sure, it could take a lot of time, but under a subpoena, Google may be forced to go through all of their archive tapes and grab every piece of data from every time period they have recorded.
the problem is Google's data retention policy (Score:2, Informative)
That will, of course, prevent future historians of your organization from using those old backup archives to help develop an organizational history. It will also prevent your organization from data-mining those archives (which is why Google kept them; so much for "don't be evil").
But, and this is important, it also stops these subpoenas. You can't turn over data that you don't have.
The thing is that you have to have this policy in place before you run into any legal issues. You can't decide that you're not going to keep backups after you've been sued or otherwise have reason to believe that you'll be subpoenaed.
You have to put this policy in place, and then you have to adhere to it strictly. You can't decide to keep some backups and not others; because then if you get accused of criminal activity then any destroyed data will be seen as being discretionary and part of a cover-up. Put another way, you can only destroy data as part of routine mandatory policy, and not because you don't like that data.
And, of course, if you do get sued/subpoenaed, then you have to retain the data related to the matter from that point.
Uh, no. (Score:3, Informative)
I like (HOPE) that we're a normal ISP in this reguard.
Re:Encrypt everything. (Score:3, Informative)
Re:Hate to say 'I told you so', but... (Score:3, Informative)
Re:Hate to say 'I told you so', but... (Score:2, Informative)
IRC, is that recorded?
Yes and no. It can be, so assume it is. It is, however, normally recorded by a user or bot on the channel for archival purposes. See http://ds9a.nl/klogbot/ [ds9a.nl] for an example.
I don't know why computer communication isn't given the same legal protections as phone conversations. In most states, intercepting a phone call is illegal, and so is recording them without concent. How is communicating with a computer different than communicating with a phone? ,) but it is not the Internet. In the case of IRC, you are posting to a semi-public forum, not to one person over a private connection.
Because in _most_ cases "computer communication" means the Internet and relies on "public" systems to relay messages. Telephone conversations, OTOH, are a "dedicated" connection between two people who have "leased" lines. You can do this with computers as well (even using quantum security, http://www.magiqtech.com/ [magiqtech.com]
How can I encrypt my emails so the person recieving can read them, but everyone else can't?
GPG, PGP, etc.
Re:Hate to say 'I told you so', but... (Score:5, Informative)
That's very commendable, and worthwhile.
But just so you know...
When the NSA goes datamining, they divide the intercepted traffic into two piles: clear and encrypted. Both piles get processed. Except yours has a red flag next to it.
Better to maintain a normal usage profile and be even sneakier about important correspondance, if you are worried about it. (And you should be.) Its all hassle vs security. If you are going to that much trouble already, why not go all the way and use stego or something that doesn't scream "I am encrypted info" like PGPMail? (for example)
Re:Hate to say 'I told you so', but... (Score:3, Informative)
Then you generate a key pair one key is public and people who want to send you encrypted files or emails get it either from you or a keyserver (I think) and a private key that decrypt what the others have sent you and actually use it. If you need to know that the identity is really who you think they might be, then you need to set up a key signing party where you will;
as outlined at cryptnet.net [cryptnet.net]. I've thought about telling people who send me email that my email filter thinks everything that's plain text is spam and to resend just to get to critical mass.
Re:Hate to say 'I told you so', but... (Score:3, Informative)
and
from http://www.faqs.org/faqs/pgp-faq/part2/ [faqs.org]
3.21. Can I be forced to reveal my pass phrase in any legal
proceedings?
Gary Edstrom reported the following in earlier versions of this FAQ:
- -----
The following information applies only to citizens of the United
States in U.S. Courts. The laws in other countries may vary. Please
see the disclaimer at the top of part 1.
There have been several threads on Internet concerning the question of
whether or not the fifth amendment right about not being forced to
give testimony against yourself can be applied to the subject of being
forced to reveal your pass phrase. Not wanting to settle for the many
conflicting opinions of armchair lawyers on usenet, I asked for input
from individuals who were more qualified in the area. The results
were somewhat mixed. There apparently has NOT been much case history
to set precedence in this area. So if you find yourself in this
situation, you should be prepared for a long and costly legal fight on
the matter. Do you have the time and money for such a fight? Also
remember that judges have great freedom in the use of "Contempt of
Court". They might choose to lock you up until you decide to reveal
the pass phrase and it could take your lawyer some time to get you
out. (If only you just had a poor memory!)