Slashdot Mirror
Judge Orders Deleted Emails Turned Over
Anonymous Coward writes "In a lawsuit brought by the Federal Trade Commission, a subpoena sent to Google orders the turnover of the complete contents of a Gmail account, including deleted e-mail messages. The Judge has granted the subpoena and orders that all e-mail messages, including deleted messages, be divulged. Google's privacy policy says deleted e-mail messages 'may remain in our offline backup systems' in perpetuity. It does not guarantee that backups are ever deleted. So much for the Delete Forever button."
All email messages exist in perpetuity. They can be stored as backups in any server that they touch between the sender & the receiver.
If you're concerned about the contents of your emails being divulged - USE (open/gnu/etc...)PGP!
If that is still too insecure for you, meet the recipient in the middle of the park for a strolling conversation; and don't forget the white noise generator.
...it makes much more sense to run your own mail server. That's what I do. I don't trust ANYONE but myself with my mail.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
With everything that's been going on lately, it sounds like the American government really wants to take Google down in the war of public opinion. The gov't just keeps trying to make them look worse and worse. And since the American courts typically just allow the gov't to do whatever it wants, they're winning.
Hey, I happen to know YOUR company does backups! You deleted your mail from the server, but you didn't hunt down those tapes in the vault, did you? Huh?
Does NO ONE remember Ollie North and the White House PROFS system? 20 years later, and people still think incriminating data will always just go away when you desire.
INFORMATION WANTS TO BE COPIED.
The latest Slashdot meme.
Your ISP presumably backs up customer mail on a regular basis, and keeps those backups for God knows how long. POP accounts are no more secure than webmail accounts when talking about "deleted" mail.
Before you fly off the handle here, keep in mind that Google has only been ordered to produce the emails. What will be interesting is whether or not Google is able to produce the emails. If so, how many of them will they be able to retrieve? The subpoena itself - which is scary, but unfortunately a part of the legal system - is really secondary to this. A judge can't magically make deleted data reappear, no matter what they order. But if the data is not deleted... well... then your fears are fully justified.
I've always wondered if that clause was more of a CYA clause meant to get around the fact that plenty of stuff may remain in the GoogleFS for a period of time after it has been "deleted", but without a live index. The results here may very well show if that is true or not.
Javascript + Nintendo DSi = DSiCade
If you're concerned about your privacy, why are you sending sensitive information in the clear over email; through any provider?
Use PGP!
And would you mind telling me how gmail is any different than hotmail or yahoo mail in regards to managent's access to email contents?
what will you think of your Gmail account then?
"I refuse to divulge my PGP private key & passphrase."
BadAnalogyGuy, is that you?
This guy's the limit!
Google: The gmail documents may remain present in our offline backup system. ... with a torch.
IRS: I eventually had to go down to the cellar...
Google: That's the offline backup system's machine room.
IRS:
Google: Ah, the lights had probably gone.
IRS: So had the stairs.
Google: But you found the tape, didn't you?
IRS: Yes. It was backed up on paper tape stored in the bottom of a locked drawer beneath a PC04/PC05 tape reader with a dot-matrix printed sign on the door saying 'ACHTUNG! ALLES LOOKENSPEEPERS.' Ever thought of going into search technology?
The point is that Google has this information on you, and will hand it over upon request
I think this would be better stated if you replace "will hand it over upon request" with "must hand it over when ordered to by a judge". I see a big difference there.
nothing
Encryption would be the way to go with email if all your correspondents would agree to cooperate. In my case, there are perhaps two people I correspond with regularly via email who might consider making the effort.
Yeah, I mean you wouldn't want the following email message to get out into the public
to: MOMfrom: TripMasterMonkey
Subject: Second Post
Mom, I only got second post on the slashdot story about Gmail. Well, at least I got +5 interesting for mentioning 1984. If you need me, I'll be in the basement. A new story is coming out in 5 minutes and I have to do some serious copying and pasting and then mention privacy concerns. See you upstairs later tonight for dinner.
Love, Your son TMM ^_^
Finding other idiots on
1. Buy stamps, envelopes & paper
2. Use the Postal Service
He who knows best knows how little he knows. - Thomas Jefferson
Encrypt away, they'll subpoena the email, you're right. Then they'll subpoena the passphrase. If you don't comply with the subpoena for the passphrase, they'll obtain a search warrant, and find where you wrote it down, admit it, its in a card in your wallet, or in some pass store software, isn't it? Then they'll use good old fashioned forensics to decrypt the shadow cache and drag a list of passwords on your server out in the open.
And finally, if that doesn't work, they'll throw you in jail for contempt of court until such time as you do remember your passphrase.
Don't underestimate the power of the government to discover secrets, they've been in the business for years.
What concerns me more is this enforced compliance with a subpoena for a crime that might have been committed, but for which they have to conduct a search to determine if evidence exists that a crime was committed. This thing stinks to high heaven of unconstitutional and illegal search and seizure. Where are the lawyers screaming habeas corpus?
Confidentiality, Integrity, Availability: without Availability the other two are assured, as is Bankruptcy.
Why more so than Hotmail, Yahoo, or any other webmail? I'm sure all their "privacy" promises are at least as loose as Google's.
While any ISP, including your local pop3 box provider would likely comply with this request...
Only google claims to want to "organize all the worlds information", including the information *you* no longer value, like old emails you've deleted. They have value to them for their profiling/advertising efforts.
While any ISP *might* have an incidental backup of your email going back 3 years. Google is the only one that is likely to be systematically going to the trouble of keeping your email, all of it, going back forever.
It only remains a question of how much data Google has actually retained. Though they don't guarantee to delete mail when trashed, in practice they probably do eventually, and the case concerns events two or three years ago.
Exactly. No other ISP is likely to be able to produce much more than an incidental or partial backup that far back; but nobody here will be surprised if Google can bring back everything. (Complete with relevant ads down one side.)
Look folks.. Privacy simply does not exist. You'll get your search terms read, email copied, if you encrypt you have to give over the keys and if you don't then you get put into prison anyway.
Your phone will be tapped, mobile will be tracked, cars followed with "traffic enforcement cameras". Your DNA will be on file, biometrics saved and your Underground trips logged.
Everywhere you go there are CCTV cameras, face recognition. Your purchases are tracked with credit cards, store loyalty cards and RFID tags. Your bank transactions are flagged if they look interesting and the tax people peer into your account looking for money that suddenly appears.
1984 got here, oh, 22 years ago now...
This is why I'm my own ISP (so to speak). I run my own server, and do my own backups, which I retain ONLY for disaster recovery purposes. The system is backed-up each nite, with the backup files copied to another system. After 3 days, the backups are expunged with a secure erase program. It's all automated. It never hits tape, and as such, if I delete something, it's gone.
I also religiously encrypt outbound email, and ask my correspondants to encrypt mail they send to me.
Now, don't get me wrong - I don't think this is 100% secure, but it sure beats letting Google/Comcast/AT&T/Earthlink/MSN or whoever determine what gets kept and what doesn't.
I would never change back - come what may, as long as owning a server is legal, that's how I'm getting my email. And if they try to make it illegal, well, Jefferson told us how to deal with that problem.