Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gmail's 'Self-Destruct' Feature Will Probably Be Used To Illegally Destroy Government Records (vice.com)

Posted by BeauHD on from the search-and-destroy dept.

An anonymous reader quotes a report from Motherboard: A new update rolling out for Gmail offers a "self destruct" feature that allows users to send messages that expire after a set amount of time. While this may sound great for personal use, activists fear that government organizations will use the feature to delete public records to hide them from reporters and others interested in government transparency. Normally, government emails are available to journalists, researchers, and citizens using Freedom of Information Act requests (and its state-level analogues.) The self destruct feature was announced on April 25 as part of Google's new confidential mode for G Suite. In addition to self destruct, confidential mode allows users to delete messages after they have been sent and places restrictions on how recipients can interact with received emails. "As more local and state governments and their various agencies seek to use Gmail, there is the potential that state public records laws will be circumvented by emails that 'disappear' after a period of time," the National Freedom of Information Coalition wrote in a letter to Google CEO Sundar Pichai. "The public's fundamental right to transparency and openness by their governments will be compromised. We urge you take steps to assure the 'self-destruct' feature be disabled on government Gmail accounts and on emails directed to a government entity."

11 of 98 comments (clear)

  1. right by giampy · · Score: 2

    I for one agree. We absolutely need to keep our government (which we pay for) accountable.

    I personally think we need a transparent government much more than a small or weak (which borders with ineffective) government. If government is transparent, open and accountable, then many issues about limiting its power are moot, IMO.

    --
    We learn from history that we learn nothing from history - Tom Veneziano
  2. And this is why by rickb928 · · Score: 4, Insightful

    we need to stop this foolishness of non-government mail and file servers, using personal resources for official business, and not properly archiving everything, period, not daily but continuously.

    Expensive but worth it.

    --
    deleting the extra space after periods so i can stay relevant, yeah.
  3. You're not going to have a small gov't anyway by rsilvergun · · Score: 4, Insightful

    This is what drives me nuts about the "small government" voters. If people think the rich and powerful aren't just going to build a large government apparatus for their own use they haven't been paying attention to the last 2000+ years of history. The question is never, will there be a powerful government, it's always, who will that government work for?

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  4. Isn't this part of every enterprise-grade e-mail? by Magnus+Pym · · Score: 2

    I have not used Outlook for a few years, but even then automatic email deletions were standard. Gmail is actually late to the party with this feature.

  5. yeah no. by gravewax · · Score: 2

    unlikely. This feature would mean government agencies and many regulated industries simply won't be permitted to use gmail as you can't have email that self destruct when you have mandatory data retention.

  6. Just like Exchange by doktor-hladnjak · · Score: 2

    Exchange has had this kind of functionality for over a decade and tons of government customers. If it wasn't a problem there, why is it now with Google?

  7. Re:what an ignorant article by Peter+P+Peters · · Score: 3, Interesting

    This seems like uninformed nonsense.

    Governments obviously have to (or should) comply with certain IT record keeping standards

    They do, which is why this article is pure crap. I worked on government agency messaging project and there's all sorts of policies about data residency, privacy, encryption, legal hold, archiving etc. We had O365 which archived a copy of every email regardless of what the user tried to do with it.

  8. Re:Isn't this part of every enterprise-grade e-mai by Anonymous Coward · · Score: 4, Informative

    I have not used Outlook for a few years, but even then automatic email deletions were standard.

    So far as the unrelated topic of deleting a sent email, yes Outlook has this ability.
    It needs to be enabled, but in a company a group policy can both enable it and lock the setting so the user can't disable it.
    By default without that, you get a deletion request and need to respond 'yes' before it deletes the email.

    Gmails feature doesn't do anything like that, mainly because if the email leaves googles servers, they have zero control over it and beyond a similar "honor system" method, it's just not possible to do this using email protocols.

    This is more like how Snapchat handles pictures with auto-destruct.

    Google takes your email and stores it, then sends the recipient an email, not with your message content, but with a URL back to google.
    Opening that URL then uses javascript to show an image with your message contents (to make copy/paste a pain), refuses to show the image without javascript (to make script blockers a pain), and deletes the message once viewed or after a certain time.

    They probably also employ all the other silly javascript tricks to try and make it as hard as possible to store the image out of the browser, not that those were ever fully functional.
    It doesn't take much to get a screen shot by someone who knows what they are doing, but it will stop the vast majority of i-have-zero-clue-computers-are-magic users that make up over 99% of the Internet.

  9. Re:FFS by aheath · · Score: 2

    This raises the question of what will happen when I use the "self destruct" feature to send an email from GMail to a .gov domain. Would this allow me to file a FOIA request and then penalize the recipient for not retaining my email? This could also have an effect upon any recipient who is required to retain records in order to maintain compliance with a regulation such as Sarbanes–Oxley.

  10. Maybe, maybe not by mrdogi · · Score: 2

    As the network admin for a local government entity that uses gmail, and not having had a chance to see exactly how this will work, I have a fair amount of confidence that the 'destruction' may not be permanent. As long as a particular user's account exists, the email associated with that account exists in Google Vault. A user can delete all of their email, but that just means they don't have access to it anymore. As an admin for our Google domain, I am still able to get access to any and all emails.

    Yes, if the account is actually deleted, which in our case can only be done by a domain admin, either in our AD or in the Admin Console in Google, then all emails will be gone. Whomever does that, and there are records, will be in serious legal trouble if the account was deleted before the required period has expired, in our case 7 years. Yes, that could hide deeper criminal activity, but as an admin, it is my co-responsibility to keep those laws. This is the same as any other network/server administrator in any government entity anywhere. The trust is there, it's a matter of keeping it.

  11. Just a flag by ebvwfbw · · Score: 2

    They won't actually delete the e-mail. They'll just mark it that it's supposed to be deleted and who did that. Then later it can come back and the fact they tried to get rid of it.