Slashdot Mirror

← Back to Stories (view on slashdot.org)

Judge Orders Deleted Emails Turned Over

Posted by ryuzaki0 on from the that-is-a-lot-of-mash-letters dept.

Anonymous Coward writes "In a lawsuit brought by the Federal Trade Commission, a subpoena sent to Google orders the turnover of the complete contents of a Gmail account, including deleted e-mail messages. The Judge has granted the subpoena and orders that all e-mail messages, including deleted messages, be divulged. Google's privacy policy says deleted e-mail messages 'may remain in our offline backup systems' in perpetuity. It does not guarantee that backups are ever deleted. So much for the Delete Forever button."

5 of 600 comments (clear)

  1. Easiest way to deal with this in 2 easy steps by rikkards · · Score: 3, Informative

    1. Stop using the web interface and enable POP
    2. Start using a client and your favourite encryption software

    1. Re:Easiest way to deal with this in 2 easy steps by Mostly+a+lurker · · Score: 5, Informative
      Using the POP interface to Gmail, by default keeps a copy on the server. If you override this default, it then becomes deleted email that Google's privacy policy states 'may remain in our offline backup systems' in perpetuity.

      Encryption would be the way to go with email if all your correspondents would agree to cooperate. In my case, there are perhaps two people I correspond with regularly via email who might consider making the effort.

  2. Re:Encrypt everything. by brasscount · · Score: 5, Informative

    Encrypt away, they'll subpoena the email, you're right. Then they'll subpoena the passphrase. If you don't comply with the subpoena for the passphrase, they'll obtain a search warrant, and find where you wrote it down, admit it, its in a card in your wallet, or in some pass store software, isn't it? Then they'll use good old fashioned forensics to decrypt the shadow cache and drag a list of passwords on your server out in the open.

    And finally, if that doesn't work, they'll throw you in jail for contempt of court until such time as you do remember your passphrase.

    Don't underestimate the power of the government to discover secrets, they've been in the business for years.

    What concerns me more is this enforced compliance with a subpoena for a crime that might have been committed, but for which they have to conduct a search to determine if evidence exists that a crime was committed. This thing stinks to high heaven of unconstitutional and illegal search and seizure. Where are the lawyers screaming habeas corpus?

    --
    Confidentiality, Integrity, Availability: without Availability the other two are assured, as is Bankruptcy.
  3. Re:Encrypt everything. by Threni · · Score: 3, Informative

    http://en.wikipedia.org/wiki/Deniable_encryption

  4. Re:Hate to say 'I told you so', but... by thatguywhoiam · · Score: 4, Informative
    This is why I'm my own ISP (so to speak). I run my own server, and do my own backups, which I retain ONLY for disaster recovery purposes. The system is backed-up each nite, with the backup files copied to another system. After 3 days, the backups are expunged with a secure erase program. It's all automated. It never hits tape, and as such, if I delete something, it's gone. I also religiously encrypt outbound email, and ask my correspondants to encrypt mail they send to me.

    That's very commendable, and worthwhile.

    But just so you know...

    When the NSA goes datamining, they divide the intercepted traffic into two piles: clear and encrypted. Both piles get processed. Except yours has a red flag next to it.

    Better to maintain a normal usage profile and be even sneakier about important correspondance, if you are worried about it. (And you should be.) Its all hassle vs security. If you are going to that much trouble already, why not go all the way and use stego or something that doesn't scream "I am encrypted info" like PGPMail? (for example)

    --
    If Jesus wants me it knows where to find me.