Slashdot Mirror
Judge Orders Deleted Emails Turned Over
Anonymous Coward writes "In a lawsuit brought by the Federal Trade Commission, a subpoena sent to Google orders the turnover of the complete contents of a Gmail account, including deleted e-mail messages. The Judge has granted the subpoena and orders that all e-mail messages, including deleted messages, be divulged. Google's privacy policy says deleted e-mail messages 'may remain in our offline backup systems' in perpetuity. It does not guarantee that backups are ever deleted. So much for the Delete Forever button."
Nothing for you to see here. Please move along.
oh, really?
#
#\ @ ? Colonize Mars
#
I TOLD YOU SO.
I've maintained before that Google retains far too much information to make the use of Gmail anything less than a full-blown privacy nightmare. (For more information, please look here and here.)
And now, the chickens have come home to roost. From TFA: A stunning victory for the Establishment and a horror show for private citizens everywhere. Welcome to 1984.
And before you start, please don't object that the person affected is a defendant in a criminal proceeding, because that's quite beside the point. The point is that Google has this information on you, and will hand it over upon request. This vindicates the caterwauling of all the privacy advocates concerning Google and Gmail, and establishes a dangerous legal precedent. Remember, as our 'inalienable' rights are systematically stripped away by the architects of the New World Order, more and more of the things you do become 'illegal'...and subject to criminal persecution...er...prosecution. It might not be long before you are being referred to as 'defendant'...what will you think of your Gmail account then?
____
~ |rip/\/\aster /\/\onkey
1. Stop using the web interface and enable POP
2. Start using a client and your favourite encryption software
All email messages exist in perpetuity. They can be stored as backups in any server that they touch between the sender & the receiver.
If you're concerned about the contents of your emails being divulged - USE (open/gnu/etc...)PGP!
If that is still too insecure for you, meet the recipient in the middle of the park for a strolling conversation; and don't forget the white noise generator.
...it makes much more sense to run your own mail server. That's what I do. I don't trust ANYONE but myself with my mail.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
With everything that's been going on lately, it sounds like the American government really wants to take Google down in the war of public opinion. The gov't just keeps trying to make them look worse and worse. And since the American courts typically just allow the gov't to do whatever it wants, they're winning.
Hey, I happen to know YOUR company does backups! You deleted your mail from the server, but you didn't hunt down those tapes in the vault, did you? Huh?
Does NO ONE remember Ollie North and the White House PROFS system? 20 years later, and people still think incriminating data will always just go away when you desire.
INFORMATION WANTS TO BE COPIED.
The latest Slashdot meme.
Might Google be under some sort of secret agreement with the gov't to hold on to emails, just for circumstances like these? It really doesn't make much sense from a storage perspective to keep around tons of deleted emails. If I were Google, the Delete Forever button would clear any deleted email off of my very crowded storage systems at the same time that it clears it out of a user's inbox.
Time to cancel some webmail accounts. I'm sure Yahoo and/or MSN (which I quit using long ago) will do this too.
:)
I doubt I can set up my own MTA...any good howto's out there, or should I *urp* google it?
Someone think of the poor people that will have to read through all the spam that goes through one mailbox!!!
... I can picture the defense getting a 80GB archive tape and being told that was all messages recieved. Yes, 99.999% of them are spam. Enjoy.
Heck
Talk about burying the opposition in paperwork.
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
This is why I have almost always had my OWN PRIVATE MAIL SERVER, used by myself, friends, and family.
Perhaps it's overkill for the average Joe, but as a technology provider anyway, keeping my own server is economical, and provides me strong assurances of privacy.
I've NEVER trusted Gmail, Hotmail, or any other hosted application. I've never trusted those 3rd party "webmail gateways" that let you use your email address via a website.
It's not paranoia, it's just understanding that anybody who's not really on your side just might actually be out to get you!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
I don't think I'll bother now......
the turd you can't flush. It's sticks there forever.
I'm glad I don't use that service for anything important. After all when a message is deleted it should be gone. Not saved on some other server so that it can be used against me for some reason years down the road. I can't even really see saving it for a temp amount of time after its been deleted because there is no "undelete" feature (why should there be) and I'm sure if you contacted google and asked them to undelete a message you just deleted by mistake they would just laugh at you. If you delete something it should be gone, period.
If you don't want other people to read your mail, encrypt it. They can subpoena your mail all they want, but without the private keys they won't be able to read it.
Hey buddy, Here's that kiddy porn you wanted. -Anonymous
All the infos there in the terms and conditiosn ( which no one reads ) and then there is an uproar when people find out via the courts what is going on. If you want privacy run your own email system, download things from your ISP or rent your own server. Privacy comes from you being proactive, not hoping someone else doesn't hack into your gmail account.
SolarVPS - Quality Windows and Linux Virtual Servers
Honestly, who doesn't have backups of their email systems. When you run an Exchange server, you always backup the store. If I create a backup on March 1st and you delete an email on March 2nd, then I still have a copy of that email. EVERYONE does that. Yahoo, Hotmail, Bigfoot, and Gmail all make backups of their email storage. So if you delete a message before it is backed up, there is still a copy that can be restored.
The REAL question is, how long do they keep their backups? I have 4 tape sets of full and incremental backups. So my backups are kept for about a month.
There is nothing inherently safe about liberty. That's why so many people died protecting it.
...is the one that doesn't exist. Stop creating unnecessary heaps of personal data. You know that even information which seems to be most innocuous can come back to bite you in the ass.
Google: The gmail documents may remain present in our offline backup system. ... with a torch.
IRS: I eventually had to go down to the cellar...
Google: That's the offline backup system's machine room.
IRS:
Google: Ah, the lights had probably gone.
IRS: So had the stairs.
Google: But you found the tape, didn't you?
IRS: Yes. It was backed up on paper tape stored in the bottom of a locked drawer beneath a PC04/PC05 tape reader with a dot-matrix printed sign on the door saying 'ACHTUNG! ALLES LOOKENSPEEPERS.' Ever thought of going into search technology?
Comment removed based on user account deletion
Let's hope that the U.S. Government never goes after Strongbad, or he could be in trouble.
... but still retain every email server-side.
Remember, Google unabashadly says it wants to index the world's knowlege. Your emails, personal or not is part of that knowlege...
I gaurantee 100% of other email systems keep you 'deleted' emails in backups.,
100%, why?
Because it would time effort when you delete an email togo back and remove it from backups.
Just because google is the only one who drew light to this matter, doesn't mean that they are:
The first
The only
But the comments on here give me the impression that you guys think otherwise.
Does your own backup handle emails intelligently? Does it know not to backup deleted emails? (I am not saying it is impossible for mail server backups may do on account of space, who knows). But that is deleted emails.
What about will have soon to have been deleted emails? (red dwarf on temporal paradox)
You can go back and fetch that magnetic tape all over again, so wipe that smug 'my backup doesn't touch the trach folder' smile of your face you overweight fucking IT tech.
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
Part of living in the USA is dealing with things like this. What it comes down to it, if you are suspected by the government of being a terrorist, you have no rights. This has been true in the US long before GW Bush.
I think invasions of privacy like this are terrible, but I won't scold the US because I understand that they are doing it to protect me and everyone else in my country. I know that it opens up abuse, but *maybe* reading someone's email will save another person's life (or a lot of people). If so, I don't think any rational person would think it was wrong (not in a moral sense, but a practical one) that the government read the e-mails. As a semi-liberterian I know these views are really odd, but I think that it is too easy to get caught up in ideals and forget that one of our government's few essential jobs is to protect us, and that is practically impossible without a few right-killing powers. Plus I like to play the devil's advocate.
To be somewhat on topic, I'll give my opinion: Google should probably work on deleting those e-mails faster, but perhaps, in the grand scheme of things, a saved incriminating e-mail may benefit the world.
How can we trust deleted mail to tell the whole story. Couldnt one can have said something and then took it all back? What if the deleted mail was sent by someone else and deleted? Etc. Anyway whatever, seems more and more people choose/want easiest path to conviction rather than complete investigation for truth. All for the supposed "overall good" (although actually just selfish convenience) and cheapness.
..not something given as some sort of gift or benefit of a social contract.
It's obvious the way it was worded that it is an intrinsic human right
More and more people seem to think 4th amendment is a revokable privilege and unrelated to ensuring real truth and justice. The 4th amendment was created because it will protect innocent people from injustice and wrong fast conclusions.
Considering my first meeting today was regarding how best to redesign the mail system to make it easier to comply withsubpoenas in the future. Step one of that redesign: turn off the backups!
Just more proof that the 'e' in email doesn't stand for 'electronic', it's 'evidence'.
God invented whiskey so the Irish would not rule the world.
... it's the law. If memory serves me correctly, they have to keep them for seven years.
google should natively support GPG for gmail and google desktop and encrypt all users personal data. yap, this process won't hamper googles personal add as email need to be decryptedbefore viewing via gmail on the web.
now i wounder can government order google to sniff the private key of all user too
Google may get business value by storing deleted emails. Since their advertising is based on the collection and classification of individual users information. The reason we didn't see a delete button initially and why they now store the information in perpetuity is because they can know a great deal more about you that way. Google isn't necessarily being malicious but they do know a scary amount of information. By knowing more about you Google Strengthens their bottom line.
Proof by very large bribes. QED.
Wonder when they'll acquire a big-screen "TV" company and just give them away for free -and how many saps will go for the freebie.
Google is your friend. Accept the free TV and enjoy.
(look ma: right topic this time! wheee!)
Sig for hire.
pwned! sux to use gmail!
It's worth noting that this fight isn't over yet. The defendant has lost his motion to squash the subpoena based on a privileged communications argument. That's really not surprising... the argument is tantamount to saying "I receive letters from my lawyer in the mail, so you can't have any of my mail." It's just not gonna fly in our civil justice system which has very liberal rules of discovery.
However, based on the article Google has not yet had the opportunity to respond to the subpoena. The third party can always move to squash, and that's where things will get interesting. Will Google be able to convince the court that certain messages are deleted and thus not retrievable. Or, perhaps, that the defendant believed he was deleting the messages and thus deserves to have the messages kept under lock?
These are questions only Google, as the third party, can raise. Now that the judge has issued the subpoena, Google is in a position to actually make those motions. And, if my legal education is worth anything, my money says Google/defendant will appeal if they lose because it's such a new area of the law that an Appeals Court really ought to announce a legal precedence.
Only 120 characters... who can summarize their entire world understanding in 120 characters?!
1. Buy stamps, envelopes & paper
2. Use the Postal Service
He who knows best knows how little he knows. - Thomas Jefferson
Ack, I'd better give my contact in Nigeria a different email address. Wouldn't want the tax man to find out about all the money I'm about to receive for helping out the poor chap with his financial problems!
This message is brought to you by The Ministry of Truth^H^H^H^H Federal Trade - BIG BROTHER IS WATCHING YOU^H^H^H^H READING YOUR EMAILS
Yippee? SO they're asking for older backups from Google (as much as they have) in order too look at e-mail that may have been deleted in some sort of scramble before the order was in place. So what? Guess what? They order a history of transactions from your bank; They order a history of credit card purchases; They order a list of telephone calls from your telephone carrier; They order a list history from your ISP or employer.
So what? They're asking for a bit of a backlog. This is no surprise
when you see the word 'Linux', drink!
I love google as much as the next guy, but some of these court battles are driving me insane. Couldn't google have prevented most of these legal snafus by simply not archiving irrelevant data? Yeah, I know they "say" it is used in order to improve their service to the end user, but I just don't know if I believe that or not. They wouldn't have to surrender any results if they don't backlog it. Why would you bother storing old e-mails the user wanted deleted? Attempt to document important company secrets? Blackmail? Fetish? As they say, there is no reason for them to keep this data since the text is scanned dynamically to generate their ads so the e-mails are still kept between you and the sender. So, why is it being kept after the email account holder doesn't want it anymore and deletes it? If it isn't important to the gmail account holder, should they even care?
You could argue that information has to be archived, kept just in case it could possibly be some sort of "proof" of illegal action by the user. Maybe someone admitted killing someone via a quick morning e-mail? Stole important company data and sent a bcc to their "hotgurl4u" gmail account just in case? I guess this is the mixed wonders of having a free email service. I suppose they need to get something out of the deal [keeping stuff].
Of course, half the respected deletions are probably recipes from various grandmothers. I wouldn't want to be caught dead with those in my box either...
Eh, just my two cents. I guess I am rambling
http://www.achieve360points.com/
That's what the "Report spam" button is for. If it happened to me I would probably report abuse as well. That way I've covered my arse, if the Keystone Kops come round accusing me of looking at kiddie porn I can point to an action I've taken to mark the message as "Not mine guv!".
Oxford Dictionaries Online
In a civil trial, subpoenae are available for all information in anyone's possession. Deleted or archived too, so long as someone still has it. No penalty if not. It's all potentially evidence. If it's fishing, then object to the judge. S/he'll decide on the merits. Do you want courts to work without evidence?
The moral of this story is to never write down anything you don't want copied or seen by other eyes. I mean, look at the ancient Egyptians. We are reading their words today and they are hidden in booby-trapped tombs!
It's ridiculous that just because the information is in electronic format and doesn't cost the Govt 'almost' any money to access it (apart of my hard earned money paid in tax), that they get their hands on it. shouldn't the same laws apply to them as entering in my house and snooping on my mail?!
i live on an alternate planet
We call that spam... And seeing as we live in an age where real life child molestors and rapists are "re-habilitated" instead of sentenced, I find it hard to believe that any judge would allow spam that you deleted to be entered in as evidence against you...
It's NOT a stunning victory for the establishment. It's common sense that this can, does, and will continue to happen as email and electronic formats become the predominant form of official communication. Google is complying with a lawful legal order. Anyone who has an ounce of experience maintaining a database knows that you NEVER delete anything forever. If something comes up... like say a crime is committed, then you have a table of deleted items that's never purged until it's offloaded someplace. And then you keep the transaction logs in another location, just in case you need to track someone. The idea that you get a free email account from a massive search engine and then would get total privacy? It's laughable. If you want security, you as a consumer should use the free POP mail account that every ISP I've encountered in the last five years gives customers. Then delete emails off the servers. If you're really concerned about the security, encrypt your email, or better yet encrypt your emails and have your own server. My point is, you get what you pay for.
Am I the only one who doesn't care about privacy? I mean hell, I don't really have any to begin with. The grocery stores know what I eat, you can find out how much I make online easily enough, and anybody can find out what I buy / where I buy it / pay in rent / pay in loans / what I make in salary via a quick and easy credit check. I'm sure if you want it you can find my SNN easily enough
Maybe I'm just boring, but there's nothing in my email they'd find worth reading anyway. I never understood what the big deal is with privacy.
I really don't see what the major concern here is. I'm very concerned when records get turned over without court orders, but without the ability to compell evidence to be turned over if there's probable cause (or whatever the legal standard for the subpeona is), how could *anyone* be prosecuted? You don't have a right to hide evidence of a crime. The only right you have in that area is that you can't personally be compelled to reveal incriminating evidence against yourself.
Go Badgers! -- #include "std/disclaimer.h"
Giving someone access to *cough*"deleted" mail is no worse than giving them access to mail in the first place.
If you want to argue about something, say that they have no right to go digging through someone's mail looking for maybes.
-- 'The' Lord and Master Bitman On High, Master Of All
"The Judge has granted the subpoena and orders that all e-mail messages, including deleted messages, be divulged. Google's privacy policy says deleted e-mail messages 'may remain in our offline backup systems' in perpetuity. It does not guarantee that backups are ever deleted. So much for the Delete Forever button."
This is kind of funny, considering this dude is trying to get his own email back and can't seem to get any help (not even a human response) from Google:
http://blog.outer-court.com/forum/22209.html
Maybe he should sue.
This isn't a suprise. What Google's policy says is simple and obvious: "We make backups of our systems. That includes data files like your mailbox. We archive the backups on a rotating schedule that you don't know, so don't go assuming you know when any particular day's backup will be wiped. And we don't go back and alter those backups when you modify your data, so don't assume that deleting something today makes it disappear from all backups back to the beginning of time (or the inception of our service).". This subpoena is no different from a standard subpoena to a company asking for all documents including archived copies. If you wrote a memo, it got archived and then later you decided to shred your copies of the memo, the archived copies still have to be turned over in response to the subpoena. And note that GMail's not special in this regard. If you recieve your e-mail through your ISP and use their POP3/IMAP server to get it, it's probably backed up the same way and subject to the same risk of being subpoena'd
First rule: if you want control over your data and when it's destroyed, you must never allow it onto systems which you don't control.
So then they'll say you willfully did it to throw off the governmnet, to evade the law.
Would you kindly mod me +1 insightful?
I was rather concerned with how the speaker on the BBC special about Google stepped around the question about retained search history from users by identifyable means (They didn't say what it was, and I'm not very familiar with web technology, so might be IP or MAC (maybe not), Idk). Emails are one thing, but I think most have googled something they are ashamed of or wouldn't want others knowing about. Yes, they know you searched for "ultra-midgest-fetsh" last night, and may use it in the future against you.
In undeveloped countries, the consumer controls the market. In capitalist America, the market controls you.
There's now more spam than legitamate email in the world, right? And we're all using spam filters, yes? Why not forward all your spam to a gmail account. If enough of us do it, google will see such a drop in SNR that there won't be any point storing all those old emails. What's that you say? Still not enough data to fill the mighty google? Set your random number generator to stun...
Every intelligent organization saw the writing on the way years ago, and went to a 1-week backup recycling policy. That is, backups are only kept for a week, after which the media is reused for a newer backup. All staff is fully aware that if they need something from backup that they inadvertantly deleted, they have less than a week to put through the restore request.
That will, of course, prevent future historians of your organization from using those old backup archives to help develop an organizational history. It will also prevent your organization from data-mining those archives (which is why Google kept them; so much for "don't be evil").
But, and this is important, it also stops these subpoenas. You can't turn over data that you don't have.
The thing is that you have to have this policy in place before you run into any legal issues. You can't decide that you're not going to keep backups after you've been sued or otherwise have reason to believe that you'll be subpoenaed.
You have to put this policy in place, and then you have to adhere to it strictly. You can't decide to keep some backups and not others; because then if you get accused of criminal activity then any destroyed data will be seen as being discretionary and part of a cover-up. Put another way, you can only destroy data as part of routine mandatory policy, and not because you don't like that data.
And, of course, if you do get sued/subpoenaed, then you have to retain the data related to the matter from that point.
Does anybody use voice mail provided to them from their cell phone or landline phone provider?
Where is that data stored?
Has any telco been ordered by a court to turn over that voice data?
Just curious...
I taught my first "how to user corporate e-mail" class in 1991. I stressed to that class, and every one since, that every e-mail message whether deleted or not is potentially findable and discoverable in court, and that you should not put anything in e-mail you don't want to see on the front page of the New York Times, the National Enquirer, or both. Nothing has changed here.
sPh
Why doesn't everyone find a nice cheap computer running around, stick 512MB of ram in it, buy their own Microsoft Action pack and just install exchange server 2003 on it?
Anyone with any intelligence can set this up and if a court orders you to send backups over you can reply "oops sorry, i dont have any *stick up middle finger*" there aint shit they can do about it then. You only have to rely on yourself and your Exchange administration skills.
Yes i know there are other SMTP servers out there but i picked this as an example.
Look folks.. Privacy simply does not exist. You'll get your search terms read, email copied, if you encrypt you have to give over the keys and if you don't then you get put into prison anyway.
Your phone will be tapped, mobile will be tracked, cars followed with "traffic enforcement cameras". Your DNA will be on file, biometrics saved and your Underground trips logged.
Everywhere you go there are CCTV cameras, face recognition. Your purchases are tracked with credit cards, store loyalty cards and RFID tags. Your bank transactions are flagged if they look interesting and the tax people peer into your account looking for money that suddenly appears.
1984 got here, oh, 22 years ago now...
...institute a policy of limiting the retention duration of *ALL* logs and old backups on a rather short recurring basis... say every 10 days wipe it all clean in the interest of saving money on their data storage operations expenses.
"Your rights online" are basically that you have no rights online.
Working for an ISP, I have to point out that we have better things to spend money on than a tech sitting at our email server making backups all day every day. Our mail server currently handles around 10,000 customers and if we were going to back it up, even once, we'd need to corner the market on backup tape casettes. And that's not even pointing out that it'd be near impossible to restore.
I like (HOPE) that we're a normal ISP in this reguard.
I hate to say "Yeah, SO????", but c'mon!
All email servers do this, unless it is your privately owned server. Backups are routinely made, and even if you hadn't pulled it from the server yet and viewed it, it could have been backed up.
Considering all the unsolicted email we all get, they could make a case that all of us are probably penis enlarging, low-cost XP buying, Nigerian investing, sexual deviants.
Better fix your tinfoil hat. The space rays are getting through!
the ONLY time there's a "delete forever" button in the gmail interface is for messages marked as SPAM. You do not have the option to "delete forever" from your regular inbox.
I can't see blaming google for this. They collect the information they said they collect. If there's something criminal in one's emails, google has a right to protect itself by saving the proof rather than be acused of being an accomplice to the crime by helping delete it.
You can get 15 minutes of fame, but you can go down in history for infamy.
Hotmail and Yahoo Mail have been around for a long timeand they have quite a few email accounts. .I wonder if the goverment also requested all emails from them?
If we didn't hear about it, does it means that they complied?
Or maybe what they ask from Goolgle is purely a legal strategy?
Gmail permits both SMTP and POP access.
While its unfortunate that you can't read your encrypted messages in Google's brilliant webmail client, there's no reason to stop using their service.
Use PGP (or GPG) for important stuff. Access it from your desktop e-mail client. The rest of the crapmail you get can remain in plaintext.
Note that this is something you CANNOT do on Hotmail and yahoo's free service.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
Imagine how many lives could be saved if there were cameras in everyone's homes. Imagine how many lives could be saved if everyone was required to wear "pacification collars" that emitted 10,000V shocks to immobilize any person about to commit a crime.
Imagine how many lives could be saved if every non-citizen entering the United States had to be fingerprinted.
Imagine how many lives could be saved if there were a secret list of people that might possibly use a commercial airplane for a criminal act, and those people were denied the use of any commercial airline in the U.S.
Imagine how many lives could be saved if people accused of terrorism by the U.S. government could be held indefinitely, incommunicado, with no access to the rest of their "terrorist cells" (or lawyers, or family members, or the media).
Imagine how many lives could be saved if the government was allowed to listen in on anyone's telephone conversations, without a warrant, and it was illegal to even disclose who was being listened to.
Where will you draw the line?
BTW - the case this subpoena applies to has nothing to do with terrorism. It's a case of fraud, and an attempt by the IRS to track down Pukke's vast ill-gotten gains, so they can tax them. I think that the subpoena is reasonable in this case, and the judge was acting within the intent of the law, and in a manner compliant with common sense.
It may look like I'm doing nothing, but I'm actively waiting for my problems to go away.
--Scott Adams
All the same, the notion of them delivering a few metric tons of paper does get a grin. Congress haven't caught up with Stallman yet: no "preferred form" restrictions.
As always, all IMO. Insert "I think" everywhere grammatically possible.
Most organizations should routinely purge back-ups of mailbox (i.e., IMAP, POP) servers precisely to avoid this type of situation.
It's no good to wait until a subpoena is served. At that point, you simply have to wait and allow the legal process to play itself out -- all the way out. Even if you prevail at the trial level, you have to squirrel away your back-ups for years because if you destroy them before the requesting party has exhausted all its opportunities for appeal, the organization and possibly its officers are liable to be held in contempt of court. (This discussion is confined to U.S. law; I don't know about other jurisdictions.)
Even if you don't care about confidentiality, this makes economic sense. Wholly aside from the privacy issue, responding to subpoenas for email back-ups can involve enormous expense in staff and machine time, and while some judges will consider claims by the responding party that the cost of retrieval exceeds the probative value of the backed-up messages in the "offer of proof" by the requesting party (describing what the messages are expected to contain), more often than not that argument doesn't work.
You can waste a lot of money to collect individual messages from back-up media, only to discover they have no effect on the outcome of the legal proceeding. I've seen it happen.
Since mass storage is inexpensive these days, and since the majority of messages have a short shelf-life, the sensible thing to do is to give mail users the ability to store as many messages as they want permenently in server-based mail folders, which means they will be picked up by even a very recent back-up, encourage them to get rid of any messages they don't need (perhaps by purging old messages from their INBOX folder automagically), and eradicate your back-up media on a regular basis -- keeping only what you need to restore the message store on your server(s) in the event of a catastrophic failure.
(By the way, this militates in favor of organizations other, perhaps, than ISPs using IMAP rather that POP. You really don't want to have to go around trying to retrieve messages stored on thousands of desktops and laptops in response to a subpoena.)
Needless to say, deleted messages should either not be backed up at all, or should should only be stored on daily incrementals for at most a few days.
Your deleted images are kept in backups for a while, and even if you close your account it remains in the DB for 90 days in case FBI/DOJ wants to take a look. This is a common practice everywhere. Don't like it? Set up your own mail server.
OK, well first of all I'll have to comment that I don't really see what the big deal is. This isn't cops busting in and demanding information, it's a warranted search. If they wanted, they could likely also go through your bank records, Visa records, and a lot of other potentially more personal things.
And as for the "deleted" mail and/or any archives of it, there is no guarantee that any such archive exists. Personally, if I were running a big outfit like google I'd very likely have some sort of process to skim off any 'deleted' records... otherwise there is simply too much accumulation of crap. A lot of the users here love to delete things without emptying trash (I don't auto-empty because they also accidentally delete shit and come back a week later). They then complain when their trashbox is slow because it's got 25,000 items in it. Multiply that by a whole lotta users on gmail and it would be an insane amount of extra processing, storage to back up.
The other thing I wonder about is "filtered" mail. If a spam mail got routed off, it is still archived somewhere. If so, depending on the user in question the cops might have a whole lotta crap to sift through if they're looking for anything useful. The flip side to that, of course, is that a lot of spam can be explicit or imply and/or outright advertise illegal acts... possibly enough to make somebody look back if you were looking for any little bit of 'evidence' that put them into disrepute.
Google warns that "delete forever" does not mean that the message is necessarily gone. Their offline backup servers may contain copies of your messages in perpetuity. Can you think of why this might be?
Because I can. Like any responsible data company, they don't want you to lose important data... so they back it up.
Google isn't being exactly 100% altruistic. They are a corporation, so if you want to determine their motivation for any particular thing, look at what motivates all corporations: money.
They keep a massive amount of data, and not particularly because they are concerned about your data recovery needs, but because the massive amount of data that they can collect and associate with you allows them to better design targeted marketing (ads) directly to you.
Based on the emails that you send and the emails that you receive, they can determine if you are more likely to be interested in this service or that product. They can shoot advertisements at you like a sniper rifle, as opposed to birdshot.
Keeping all that data indefinitely allows them to constantly index and profile you for advertising purposes. It allows them to make money.
On the flip side of that, people are more likely to trust Google with that profitable data if Google fights tooth and nail to ensure the privacy of users, so barring severe punishment from the government, it makes sense for Google to safeguard users' data from the prying eyes of Big Brother.
If I had points, you'd get 'em. (And so would IDontAgreeWithYou's funny post just above.)
I guess back in the old days, when your paper letters were subpoenaed, you had your fair second chance to run back to the office and illegally burn them. Now, it's "1984".
Well, the obvious solution is to pass a new law. We'll call it the "No fair, stuff on the internet doesn't count!" law.
So if there are things unrelated to this particular case, as well as conversations with his attorneys, that he really doesn't want the courts to know about, there's at least some protection there.
... because all my e-mails disappeared without a trace a few weeks back. Pretty please?!
ultra- midget-fetish
The evaluation of an action as 'practical' . . . depends on what it is that one wishes to practice.
But, the onus to prove it was spam is on you. Just you. While the government only needs to create a reasonably plausible set of circumstances which make it look like it might not have been spam, but information you actually wanted, might have copied off to disk somewhere for your perverted pleasures, perhaps even copied on to CDs and shared with other like minded perverts like yourself.
"Oh, what's that you say, you never shared this data? So, you're not denying that you're a pervert who had this data in your posession at one time then? You own a computer, you purchased blank CDs, your computer had a CD burner, we searched your computer hard drive and obviously you'd wiped out all traces of the files after you burned then to CD."
"Objection noted your honour, withdrawn the last comment"
Man, you just haven't been paying attention have you?
Reason why there is hope for the future generation #364:
"I wish my grass was emo so it could cut itself."
This is no suprise. Storage is cheap. and all these GB for an email account are just a red flag.
DELETED!
bun-fhuinneog agam!
The ISP that makes backups of user mboxes is the exception, not the rule and probably advertises and charges for the service.
ISPs run on very tight margins and don't spend money on things they don't have to. And backing up user mboxes is definitely in the "don't have to" category.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
OK, so I've seen a number of comments that say the same general thing 'Encrypt your email if you don't want anyone else to read it' ... OK, so hears a question for all the lawyers here on Slashdot (or atleast the ones that play one on TV) ... Can you be ordered via the judicial system to decrypt a document?
... do I have to comply, based on the 5th Amendment, which is that I have the right to not self-incriminate.
I'm not asking if Google can be ordered to decrypt a document of yours, I know thats the same as just trying to break the encryption. I'm asking if the courts can order ME to decrypt a document that I have encrypted. And if they 'can'
Pardon my spelling, as my rant meter is boiling and I'm trying to keep it level to ask a serious question...
harryk
think before you write, it'll save me moderator points.
Turining your point around, since when does email exist in a different universe than any other kind of mail?
If I shred my personal mail by running it through a shredder, it's gone. Why is it that if I "delete forever" my email, it's not gone?
Personally, I think it was a mistake on the part of the computer designers to allow things to be undeleted. The courts are just taking advantage of this flaw to uncover evidence they normally wouldn't have access to.
Hey buddy, Here's that kiddy porn you wanted. -Anonymous
I wonder if this would be a good way to get rid of some of our political officials -- Internet style...
Zhrodague.net - I do projects and stuff too.
So after reading several posts about Google storing unwanted email in their backups it seems to me that many of you have forgotten about the time frame issue. Lets assume for a moment that Google only archives undeleted messages. In this scenario Google is only archiving what it feels might be important to the user later. A problem however arises between the time when a user recieves an email and the user deletes an email. During that time it is very possible that Google has made a backup containing the unwanted email even if they were trying to avoid doing so. To further complicate matters, users often recieve mail that they initially read and then decide to delete at some time in the future. In either case an intelligent backup system can not accurately determine if the email is indeed unwanted or not and is therefore placed in the archive. In this case the only solution would be for Google to not maintain backups of email, the cost of which their users could potentially lose valuable information during a system failure.
Seriously, I would not be surprised if a law is passed that makes it illegal NOT to keep X years of emails backed up. Damn the cost to private industry, the republican-majority gov't needs to spy on it's people!
Blar.
If you want privacy, run your own mail server. Don't rely on an ISP.
... who you think is so interested in you, and why?
Can you say "Contempt of Court"?
A judge can pretty much order you to do anything. Whether that gets held up on appeal or is subject to reversal happens after the fact.
If you refuse the judge, bring your toothbrush.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Maybe its a dumb question but it sounds like there may be a lot of hours in getting all the past emails from backups? I'm sure google can afford it but it still doesn't seem right.
I suspect that's being just a little parnoid. If I were them, I'd have a good backup system simply to ensure I didn't have a PR nightmare when a server went down and millions of people lost their email.
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
Paying attention to what? The burden of proof is on the prosecution. The defense merely has to raise reasonable doubt, and doubt in this case would be reasonable. The prosecution has to convince 12 jurors, ordinary people, that you were, beyond a shadow of a doubt, in possession of illegal images. Now, if the police found a CD in your house with your finger prints on it, containing these images, then you're probably in hot water. But then, they wouldn't need the deleted e-mail, would they?
Please clarify... what real life cases are you referring to where the prosecution has made some vauge "you might have done xyz" claim and been able to get an even an indictment, much less a conviction?
The judge did ask for everything, so lets give them everything that ever appeared in the email - including all those ads for "medications" or buy this stock (so I can get your money), or ...
Comment removed based on user account deletion
I'm not a lawyer, and I don't know if this situation has ever gone to court before. But I would think that an argument could be made that the government cannot force you to decrypt a document based exactly on the premise you provided: the Fifth Amendment protects you from self-incrimination.
However... an analogy I can think of is if you had an incriminating piece of evidence (or the police think you do) in a safe. Can law enforcement force you to open it? I don't believe they can. But they probably have other ways to get inside it.
With encryption, it depends on what you're using. If you're just password protecting a Word Document with the off-the-shelf Microsoft Office encryption, the government could get that information without your cooperation.
But say you're using this type of encryption. The government's options would be limited to trying to obtain the information by a different means (i.e., going to the recipient of the data you sent).
Either that, or ignoring the Constitution. Nah, the government would never do that.
Because I can. Like any responsible data company, they don't want you to lose important data... so they back it up. Independently. Into offline storage.
No, because they are an advertizing company. Aggregating your personal data, including personal data that not longer means anything to you, means they can sell you stuff more effectively.
This isn't just a problem with Google--very few email service providers will guarantee that they actively remove deleted emails from all backup tapes. Getting secure, guaranteed, permanent deletion is a feature that you have to pay extra for. Some commercial mail service provides offer it to business as part of a package where they provide compliance with regulatory document retention requirements.
... you will be in a cell next to his. Most emails are very well traceable ;). BTW, you will be there for distribution, which caries longer term. Neat trick, good luck!
I think I will take my chances with Google. At least they don't turn over people who DARE to speak their mind in China to the athorities at their smallest whim.
If google thinks a request is obnoxious, they fight it.
I'm not buying it. Here's a way to test your theory. Delete an email message with a large pdf attachment. Wait a few days and contact Google. Tell them you had a hard drive failure and a message you deleted contained the only copy of your Ph.D. thesis. Beg, plead, cajole. Offer them anything.
I'll bet you a beer you won't get the message back. Google's long-term data retention policies have nothing to do with altruistic measures to protect users from data loss.
Just because a copy may remain does not mean it's easy to find. Google's Bigtable technology might retain deleted data for days, but finding the data could be nearly impossible.
This is just the beginning. If this stands (and is not overruled by a higher court), then soon the government will have the right to run "undelete" on your hard drive looking for things, or go searching through your trash and your shredder looking for evidence!!
What's that? They already do?
<emily litella>Never mind.</emily>
(sig) The last bug isn't fixed until the last user is dead. (/sig)
I don't think it's paranoia -- Google makes its money from the fact that they are able to expertly target advertising to their users, and they make no bones about the fact that they target that advertisement to you based on (in the case of GMail), the content of your emails. Granted, it's a bot and not some 21-year-old intern skimming through your response emails from the Foot Fetish website, but they still base the ads they send you on your email content.
Any email provider can put ad banners in your mail. The trick is to put ad banners in your mail that you would actually click on. Google can determine what advertisements you will click on by seeing the topics that frequently come up in your emails. If my fiance sends emails back and forth to her friends about looking forward to a trip to Aruba, and Google puts a bunch of ads for Aruba activities and hotels on the same page, she will click on them. If those same pages just had advertisements about the newest vacuum cleaner or a new release movie, she probably won't click on them.
This is one reason why Google gives you so much storage space and encourages you to simply archive emails rather than delete them -- it helps them to index you for advertising purposes.
Holding onto that information for eternity might have the added benefit of giving you an avenue for data recovery if you accidentally delete something -- but that's only a byproduct of Google making a profit, not the primary intention.
That is until the first time the DoJ or judge bust them down for not obeying a court order for data they don't have.
It's a good thing that this Anonymous Coward doesn't have a gmail address.
MOD PARENT UP!!!!
"Love is like pi - natural, irrational, and very important." (Lisa Hoffman)
Of course your ISP can do the same thing. But there have been several slashdot stories lately suggesting Google is hoping you'll store all sorts of personal information on their servers. They just bought an web-based word processor company, for example. By using their servers instead of your own desktop, you allow the government to get the information with only a subpoena, instead of a warrant. That's a serious flaw in our legal system, imo, but try getting them to change it.
It's not just Google, it's everybody in the whole Web 2.0 craze...37Signals, calendar apps, a couple hundred companies at least...I think I'll keep running local apps on my hard drive, maybe with deniable encryption.
It's funny, I don't have anything to hide from my government ... yet. They havne't made any of my activities illegal ... yet. But I also have peace of mind that no sysops between here and there can see my communications.
Also, to clear up a misconception, courts of law can pretty much order anything disclosed, no matter how much of a privacy interest you have. First, the only remedy is to not submit it to a jury. Second, a reasonable suspicion (or sometimes probable cause to believe that the e-mails or other evidence would yield evidence of a crime) usually suffices to supersede your privacy rights.
If ppl want more control on old email and how "deleted" their emails are... host your own!
/dev/random shredder... oh yeah.. no more fcc findin what that message was about.
That way you can send deleted messages to the dd
And for what its worth... as a network guru wannabe - perpetual backups are heaven... good for google - then again... there is no gaurantee that all the deleted stuff would make it back from the tar grave.
This is why I don't have a gmail account, and why my Yahoo account is just a spam trap. I also delete spam, especially stuff that is of questionable legality, unopened.
Even so, I know that some day some fundie jerk may rule, and even my most innocent mail will become "evidence" in the show trial for "immorality" and "liberal subversion".
This just makes it "routine".
use Sig::Witty;
There is a simple way of avoiding any one of the situations described by other posters.
If it touches a storage drive (tape, HDD, any disk, and sometimes USB mem sticks), in most cases, it will be recovered. How do you safe guard against this? Never retain anything that you don't want haunting you years down the road. If you decide to save it, destroy it when you are done. Don't overwrite it or trust that some software will purge it from your system. Physical and total destruction is the only perfect eraser.
And remember, however nice encryption may sound - "There is no such thing as the perfect password, key, or classified information." I've worked data recovery and security too long to see a "Fool proof system"
--Brix
"brix_zx2, What is your sole purpose in this forum!?!?!"
"To do whatever you tell me MODERATOR!!!!"
Hey, if anyone cares, you could switch to Charter Communications. Charter doesn't back up any of its email at all.... @_@
The existance of just that sentence with no actual material could touch off an investigation :p
I have been called paranoid for running my own mail server and not using one of the many free ones.
Then friends called me crazy and paranoid when I encrypted the servers HD with AES256 requiring some one to be there when the system boots.
Then they laughed when I installed the thermite packs over the drives with a kill switch what would burn the drive at the push of the button.
They giggled when I made the interface for the thurmite accessible through the web so I can kill it from anywhere in the world.
Now they are calling me asking if they can use my mail server.
I am paranoid!
Just remember that the definition of paranoia is "A healthy understanding of the way the universe works"
I was under the impression that according to the letter of the law, just receiving kiddy porn is illegal, even if you never wanted it in the first place. So all they have to do is prove you've received it, then your hope rests on the sanity of the jury.
We all know that google and other webbased mail servers, even ISP's probably keep back ups. Do we really care? I have nothing to hide from google or any of you. Does that mean I don't have private matters? Hell no. I just don't share those things I wish to keep to myself. By the way, I use G-Mail all the time.
This is why I send all mail, be it written or electronic, written (typed) in invisible (white) ink (fonts)
Have we got a secret prison for you!
Charges? We don't need no stinking charges.
Don't bother to call your lawyer.
Okay, so let's say we did want to send emails to a small group of people without it coming back to haunt us. This is a lot of work, but then, if you want to do something illegal, you'll probably consider it reasonable.
/dev/null (after you finish setting it up, of course -- heh) and only offers one outward-facing service: ssh.
;)
:)
First: set up a computer on a residential connection that sends all logs to
Second: set up local accounts for all the people you want to communicate with, and limit them reading their mail locally via ssh only.
Third: Show each user how to read the email by sshing into the machine and reading the text mails with vi, or with mutt, or some other command-line emailer.
Fourth: Create an iso that can be used to set the box back up from scratch to the current config, and that performs the install without user intervention, and employs a disk-wiping mechanism during the install.
Fifth: Set the computer to boot from CD first, and a cron job to reboot the machine every night at 2am.
Now you can happily send email to each other all day long. Every evening, the box reboots, wipes itself, and reloads everything, so mail isn't stored locally for more than 22 hours or so, limiting the amount of incriminating evidence on the machine. Even if the machine's traffic is captured and stored, the encryption is via ssh, so you can't provide your private key for decryption -- there isn't one.
Your only real concerns now are ssh exploits, weak passwords, and your cohorts cut and pasting content from the ssh session onto their local computer. But then, if they'd do that, there are probably lots of other ways they're screwing up the heist.
Also, having never actually done anything like this, it's pure speculation. Someone tell me why it won't work.
Some posters are replying with "maintain your own servers and don't make backups." Well guess what's going to happen next: Not keeping backups will be seen by law enforcement and the courts as "furtive behavior" and the act of NOT making backups might (will?) be recognized as intent to avoid capture. So disconnect the tape drives if you care to, but keep a watch out for some clueless lawmaker to propose a law that criminalizes you for NOT bothering to save something THEY think is evidence in YOUR future trial for acts of treason or lawlessness that YOU are someday going to commit.
=^..^= all your rodent are belong to us
I* decide if the government gets my mail. They better have a search warrant (assuming they haven't totally taken away every right we have) when they come asking for my server. If they don't. I've got time to destroy the drives.
Isn't this illegal? I'm not a lawyer, and it's been a while since I read news about the various corporate scandals, but isn't destroying such evidence considered a crime in many US jurisdictions?
Heck, I thought I remembered something about a UK law that made refusal to disclose a private encryption key punishable, but I don't remember if that ever went live.
It helps align your interests with those of your government.
"When the going gets weird, the weird turn pro" -- HST
He's not talking about restoring data lost because YOU screwed up (because that could be a full time job for 100 people). He's talking about restoring data lost because GOOGLE screwed up or had a hardware failure or something.
I suspect that most ISP's have an official policy of not backingup purely for that reason.
Apocalypse Cancelled, Sorry, No Ticket Refunds
"To receive" is an active verb, much like "to take". IANAL, but I would guess that "receiving" digital media would imply more than just having it show up in your in-box and promply deleting it. I would guess it would be more on the lines of "receiving stolen goods", where you have to actually take possession.
So then please explain how the situation would be any different if there were a supoena for you to produce all e-mail that is archived on computers under your direct control (as opposed to those under the control of a third party like GMail)?
Is there a subtle implication that because you have the advanced technical skills, you would be able to securely wipe any incriminating files that you wouldn't otherwise have with a third party? Is it that you keep everything encrypted on the drive, and you are willing to risk jail time for contempt by not turning over the keys?
Not trying to be a wise guy here, it just seems to me that if there is a supoena for your e-mail (to either you or your ISP), you get to choose from one of the following 3 options:
A third party like GMail will just go with the first option. The only "benefit" by being your own ISP is that you get the other 2 choices, both of which go to jail, directly to jail, do not pass Go, and not collect $200.
Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
"Bring your toothbrush"? That's the stupidest catchphrase I've ever heard in my entire life. You, sir, are a fucking retard.
The difference is you can use postal mail for all your mail, and burn only the messages you don't want anyone else to see.
This decision makes that impossible with GMail (or any online mail service). You can either burn none, or burn them all (not use the service). There's no way to selectively burn only the mail you don't want others to see. Which I guess is something you shouldn't really expect from an online mail service anyway, but it still means the situation with online email is very different from postal mail.
maybe some company will consider doing something like eff's tor for email...in a reliable, fast way. might as well do tor as well.
maybe there is money to be made. they could hire outside consultants, like someone the eff aproves of, to come in and certify that all their encryption connections are sane and their backups are limited to the system or perhaps the user for 7 days...who knows.
certified private systems could be a very lucrative market if the federal government/executive branch keeps forcing coporations to divulge information about their customers.
Funny to see how the man eats itself.
I'm still trying to figure out what people mean by 'social skills' here.
Let me explain it to you in small words.
Judge: Decrypt those files
You: No
Judge: Bailiff, put this guy in jail until he changes his mind.
Get it?
Don't think it happens? Ask Judith Miller.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
And they simply must take steps to ensure they cannot fulfill the request. And I don't mean Andersen shredding documents.
I mean this: if it can be done, the court may compel to you do it. So Google says "we'll keep it, but we won't do anything with it". Even if you believe them, the court may make them do something with it. So they simply can't keep it.
Same with DRM. Sony says "Yeah, a Blu-Ray disc can be made that will deactivate your player's ability to play discs, but we'd never do that." Well, they may not, but a company whose IP was breached may compel Sony to do it. Sony's only real way to avoid this is to not make it possible in the player.
Companies need to take the long view. They want to keep all their options open, but they're just going to end up making a product where the law can compel them to bone customers, and the customers will feel burned eventually.
Stop holding so much control, it's the only way forward.
http://lkml.org/lkml/2005/8/20/95
You don't move to have them squash it, you just give them what you have. We've recieved subpoenas that say basically "We want all e-mails you have for user X from this date to that date." Well, sometimes, ok most of the time, the answer is it's too old and we don't retain data that long so the answer is "Here's everything we have, which is nothing." They say ok, and go about their business. It's not like they aren't used to that sort of thing happening. The only time there'd be trouble is if they suspected you'd deleted the information on purpose because of their subpoena.
You are correct that Google can now put up a challenge if they want, but if they simply don't have anything, they don't have to file a motion or anything, they just say "Sorry, it's all been deleted," and that's the end of it.
> Records are subpoenaed all the time in criminal cases. There's nothing
> special about this case whatsoever.
Yes, records are subpoenas evey day. No, there is one thing special about this case; Google -retains- far more information than a common ISP. It's not that they are hit with a subpeona, or that they will comply with it. It's that they, unlike many, are -able- to comply with it. Sure, other outfits make backups; but Google is trying to index the world. They are retaining the data much longer than anyone else.
> Google doesn't claim that your email will remain private against government
> subpoenaes! Why does that make it a privacy nightmare?
Re-read the part you quoted. "...Google retains far too much information..."
The key part is "retains". Google retains far more data than ordinary mail services, and for far longer (theoretically forever).
> Hint: If you don't want it to be evidence against you, don't store it
> unencrypted on private company email servers. On a related note, don't
> write it down and lock it in a drawer, don't hide it under the mattress,
> and don't put it in a safe deposit box under your name. None of these
> things are safe from a subpoena.
Good advice all. I'll just note that anticipating future needs is difficult, and not all legal proceedings involve criminality. Sometimes they involve people slipping on your sidewalk, auto accidents, and other civil proceedings that quickly become nightmares.
"I'm guilty of all charges" :)
jred
I'm not a mechanic but I play one in my garage...
Let us remember that this government is under the control of the people. All we do is complain and complain and leave it at that. We have the power to change the law. No lobbying effort, MPAA, or RIAA is stronger than the will of the majority of the people. I've never studied law but I know there is a way for us to do something about all these issues WITHOUT risking arrest. The ultimate check and oversight on the government is not a group of judges on a superior court but the people (us). We MUST aim to introduce new laws that extend our freedom instead of eroding it for once. There are people who are punished more for downloading pirated music than for battery on another human being! We have let politicians run the show for far too long. If our representatives do not back us up on our issues then we can fire them and hire someone who will. If we want more privacy, freedom online, and if we prefer to cut into the RIAA's profits by eliminating some of the more ridiculous copyright fines/laws in order to better serve the majority then we can and we should.
Then you have nothing to be afraid of. I don't see how this harms anyone except people who do illegal things.
After all, the button does say 'Delete Forever'
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
And if they try to make it illegal, well, Jefferson told us how to deal with that problem. ... Get'em up against the wall...
If the NSA could decrypt GPG-encrypted messages, it would have to have one of the following three things:
1. A miraculous mathematical advance that made the factoring of the product of two extremely large prime numbers much easier. (Unlikely.)
2. A quantum computer. (More unlikely.)
3. More conventional computer power than the rest of the world combined. (Extremely unlikely.)
All three are completely unrealistic. It is doubtful that the NSA can crack PGP, unless it's through a weakness in one of the symmetric ciphers and not the RSA/DH algorithim.
I'm going to install cameras throughout your house. I don't see how this will harm you unless you're growing weed or bringing home prostitutes.
I'm going to install a satellite phone/monitor/GPS on your car that will phone the police if you exceed the current speed limit. I don't see how this will harm you unless you're breaking the speed limit.
I'm going to install a keystroke logger on your computer that will record everything you type. I don't see how this will harm you unless you use your computer to transfer money for gangsters.
I'm going to log every packet your computer sends that leaves the USA (Oh, wait, the NSA beat me to it...). I don't see how this will harm you unless you're secretly communicating with al Qaeda.
I'm going to steam every piece of mail that arrives in your mailbox open and photocopy it before it gets to you. I don't see how this will harm you unless you were the bastard who was sending the Anthrax letters.
I'm going to put a rootkit on that CD you bought that will contact me if you try to copy it and then break your computer. I don't see how this will harm you unless you like to rip and share music illegally.
Have I made my point?
... and they got hammered in California for it.
I remember when members of the California government put pressure on Google to add a "delete" option. I remember when people mentioned on this very forum that the button was a red herring---that archives would generally be kept in any case, and that in fact Google was one of the few e-mail providers to be completely honest about that aspect of modern e-mail. But they added the button anyway, and now someone fell for the ruse.
When will people---not just Californians, but people in general---when will people learn that you can't legislate away the behavior of an already-established system?
Take care,
Mark
There is a solution...
Good thing IANAL: FindLaw agrees more with you than with me. A quote from the page: (emphasis mine)
...and then later... (again, emphasis mine.)
--JoeProgram Intellivision!
This is a great example of why it's so much better to use a small/regional ISP for mail and other services. They really do respect customers' privacy and they don't have the resources to archive customer data. It goes without saying, "Nothing is free" and this is a good example of that.
Go with the small ISPs and you will be secure.
Why is everyone assuming
a. Google will give this accopunt up?
b. Google actually has access to the Delete forever emails?
DOJ can ask for the dna from the saliva i left on the sidewalk 3months ago (end of backup cycle) doesnt mean they'll get anything.
c.The DOJ is asking for delete forever? there is a folder called "Deleted Items" (trash , Recycle Bin 'for the ignorant') that like all email services is the second stage of deleting Email.
Pff, way back when, the ISP I worked at had a policy of not backing up the email because by the time the backup finished, the email would have been read, erased, and completely replaced. Twice.
We decided we had better things to waste tape on.
I read this this morning and watched Law and Order tonight on TNT like I normally do and the case was about things not getting deleted and at the end they make mention to the fact that no email is ever really deleted. I just thought that was pure irony.
"Don't meddle in the affairs of a patent dragon, for thou art tasty and good with ketchup." ~ohcrapitssteve
One thing I've often wondered about is...
if you had your encrypted (ascii format) pgp file, then went in and altered one or two characters that only you knew about, and you knew to undo when you wanted to decrypt (changed case, rolled a few chraters forward, transposed some, etc)... at that point, even if you gave out the correct passphrase it would fail to decrypt.. could you then turn around and claim the prosecution damaged your data just to make you look bad, especailly if the same key and passphrase decrypted other files just fine? I wonder how well that might stand up, or if it at least would put in a reasonable amount of suspicion against the prosecution...
Oh no, not again.
I used to make all my friends send me encrypted emails to my own personal server for which I had hired my own personal uber-hacker to defend with all his mighty computer might. But even that wasn't safe enough. Now I make my friends hand deliver messages in a sealed envelopes inside of a vacuum sealed pouch (so I know it's not opened) inside of a solid steel block, that's then surrounded by a layer of toxic neuropoison.
Well... I mean... if I had any friends that's what I'd do...
While ISP's have the ability to persist all network traffic not just email, it would be at great cost with no incentive. Oddly enough, ISP's do not actively try and screw their customers. Everyone must comply with the law, the goverment is saying if you have it hand it over, but there is no law compelling people to log everything.
Ooh, interesting. I should remember that one.
I've upped my standards, so up yours.
I believe you misunderstood what the other fellow was saying about Google having a backup of all information.
The point of their backup is not to prodect some goof from deleting his thesis paper. It is to prevent the loss of 'live' data which you currently have in your inbox. If some fraction of their GMail users (or god forbid, all of them) were to lose your inboxes you can be sure that there would be a large handful of angry people and the potential for costly litigation. Not to mention that employees would likely lose data too.
They are a corporation, so if you want to determine their motivation for any particular thing, look at what motivates all corporations: money.
Actually, corporations don't have motives. They don't even think. They're not human beings, you know...
People have motivations, and while the directors of Google, the marketers of Google, the engineers at Google, etc., are all *supposed* to have making money for the shareholders as their sole motivation, they certainly don't.
Well, I'm safe. My webmail server is in China.
Well, no.
If you truly run your own mail server, with MX records rather than using your ISP's POP box as a store-and-forward, then it isn't going through their server. Technically ;>. The only real difference this makes is that your communications clearly fall under the Pen Register rules rather than the Wiretap rules when the authorities try to legally obtain info about your communications.
It does still go through their network. But that's a (slightly) different matter. Yes, they can still sniff the traffic both ways. This is where StartTLS comes in. If your mail server offers StartTLS, and the remote mail server is willing to try it, then everything except the EHLO of the SMTP transaction is encrypted just as HTTPS web pages are.
You can easily set up most mail servers to run "Opportunistic" StartTLS. That is to say, "Offer it, and take advantage if someone else offers it, but don't require it." For the purposes of encryption, it doesn't matter that most people will use self-signed certificates. (Yes, that kills authentication.)
You can also require StartTLS, but that would impact your ability to send and receive mail to sites not configured to do StartTLS. (But for the paranoid, it bears mentioning.)
Google quickly found a few sites for various mail transfer agent configurations:
In short... my mail server secures mail with anyone else who cares to do so. If you are enough to run your own server, consider caring enough to offer and take advantage of StartTLS encryption.
N.B. - If self-signed certs are a pain (and they are), look into CAcert.
> Am I the only one who doesn't care about privacy? I mean hell, I don't
> really have any to begin with.
Maybe that's -why- you don't care; you don't miss what you never knew you had.
People who grew up in places where any officious putz could stop them on the street and demand they provide identity papers, and shunt them over to the Jewish ghetto (or Ravensbruck, Auschwitz, or Treblinka) realize what a viciously slippery slope this can be.
I'm white, but I know some black people who've been caught "driving while black"; anything like that ever happen to you? Where you need to demonstrate that you have a right to be "driving in this here neighborhood"?
> The grocery stores know what I eat, you can find out how much I make
> online easily enough, and anybody can find out what I buy / where I
> buy it / pay in rent / pay in loans / what I make in salary via a
> quick and easy credit check. I'm sure if you want it you can find
> my SNN easily enough
Which is not true of a lot of people. A lot of people try very hard to keep their personal information personal.
> Maybe I'm just boring, but there's nothing in my email they'd find
> worth reading anyway.
Excellent point, but I think you tossed it off too quickly, with an implication that "if you aren't guilty, why are you keeping it secret?"
Not all secrets are guilty secrets. Maybe someone had a cleft palate repaired as a child, and wants to keep it a secret. Maybe a woman had a breast reduction. Maybe she had a mom who died of breast cancer, or was in a mental institution, and wants to avoid problems with health insurance. Maybe a man had an accident and lost a testicle.
Maybe they married someone who decided they were gay years later, which tore the family apart, and they just don't want people to know their business.
Any number of people might want to keep these and hundreds of thousands more things about themselves secret. Why can't they? The government, of course, -mostly- doesn't care about this stuff (but see the FBI's misuse of information during the civil rights movement); but some government officials misuse their power. And others just do a crappy job of protecting data (see the articles on the DHS failing another security audit).
Check out this little thingie, brought to us by Richard Jones, who previously grought us GmailFS and other so cool hacks. This is the shit.
/John Sjolander, project manager Contribio
Glad I don't give out my email to anyone, including family.
Nobody knows my email address, I never register with it, I never give it out, and sometimes I have a hard time remembering it. But I check it daily. Just to make sure nobody has emailed me.
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
Why is it that all the right-wing crazies post as anonymous cowards?
In the past few years, which party has controlled the Legislature and Executive Branch?
Which party, which claims to stand for responsible spending and small government, got us into a huge war, raised the debt ceiling, created ill-advised new departments to handle security and disaster who subsequently failed at their jobs?
Which party had it's leader claim the right to wiretap anybody with no paper trail or warrant? Despite having the ability to tap for days without the document? All because (ostensibly) they didn't want a trail of who was being spied on?
I don't blame the republicans because I am a democrat, I blame the republicans because they are the ones fucking doing it to us right now!
Blar.
I was thrilled at the time. (Still am.) But I realize this has privacy implications. No one ever goes over the old tapes to delete files you no longer want. Most IT departments have backup policies where they retain at least some snapshots for months or years, if not FOREVER. Whether they made the copy to help out poor users who accidentally delete their thesis or to CYA in case of catastrophy that's completely beside the point. Copies of your deleted email exist, and can always be subpoenad by a court.
You're not safe just because you don't use webmail or IMAP. If you use a POP provider, there's likely some backup tape running over the POP server. There may be smaller windows of time that your data could get recorded, but short of encryption, absolute privacy is an elusive concept when you're using a store-and-forward network for communcation. (What part of "store" don't you understand?)
Subject Is Topic Subject Is Short Shadexiii Has Free Time Subject May Not Be Funny To Others Shadexiii was at least amused during yet another long, drawn out, painful class.
I appreciate the reply, and assumed as such. I wasn't aware of the immunity peice, but that was helpful as well.
I'll be sure to keep this in mind if I'm ever faced with anything as such, I can't imagine every being in such a situation, but just in case.
thanks again,
harryk
think before you write, it'll save me moderator points.