"Police blotter" is a weekly News.com report on the intersection of technology and the law.
What: In a lawsuit brought by the Federal Trade Commission, a subpoena is sent to Google for the complete contents of a Gmail account, including deleted e-mail messages. This is unrelated to the Department of Justice's own subpoena to Google for search terms and excerpts from its search database.
When: U.S. Magistrate Judge Elizabeth Laporte in San Francisco ruled on Jan. 31 and March 13.
Outcome: Judge grants subpoena and orders that all e-mail messages, including deleted ones, be divulged.
What happened, according to the court: In November 2003, the Federal Trade Commission sued AmeriDebt and founder Andris Pukke on charges that the company deceived customers about credit counseling and failed to use customers' money to actually pay their creditors.
AmeriDebt settled, but the courts are still trying to uncover the location of Pukke's apparently sizeable assets. (A Washington Post article in September said the IRS is seeking $300 million from Pukke. His attorney at the venerable firm of Jones Day charges a hefty $575 an hour.)
Pukke's missing money has been linked to a Belize developer called Dolphin Development, which counts a fellow named Peter Baker as a shareholder. The court-appointed receiver in the FTC case, Robb Evans & Associates (click here for PDF), sent a subpoena to Google on Nov. 1 asking for the complete contents of Baker's Gmail account.
Baker objected to the subpoena, saying it could disclose confidential information, including attorney-client conversations.
The subpoena asks for not only current e-mail but also deleted e-mail: "All documents concerning all Gmail accounts of Baker...for the period from Jan. 1, 2003, to present, including but not limited to all e-mails and messages stored in all mailboxes, folders, in-boxes, sent items and deleted items, and all links to related Web pages contained in such e-mail messages."
Google's privacy policy says deleted e-mail messages "may remain in our offline backup systems" in perpetuity. It does not guarantee that backups are ever deleted. Baker estimated he may have tens of thousands of e-mail messages in his Gmail account.
In a Jan. 31 ruling, Laporte rejected Baker's request. She said his attorney could withhold "truly protected" information but must "err on the side" of disclosure.
Baker asked the judge to reconsider. On Monday, Laporte reiterated her decision, saying the argument about confidentiality "is baseless" because her earlier order creates an exception for such e-mail messages.
Excerpt from Laporte's Jan. 31 opinion: "Conspicuously absent from Baker's briefs is any denial that he is linked to the (Gmail) account, Pukke and/or Pukke-controlled entities. On the contrary, Baker relies entirely on formalistic objections and never once attacks the substance of the receiver's theories or facts. And, ironically, while he argues that the receiver has not submitted any admissible evidence to support its contentions, the only evidence Baker submitted are declarations by his attorneys that only support his claim that some documents may be protected by the attorney-client privilege but do not address his other claims about privacy interests."
Excerpt from Laporte's March 13 opinion: "(Baker) argues that being forced to pay his attorneys to screen these documents and to create a privilege log would 'necessarily involve an exorbitant amount of attorney time, resulting in the incurrence of thousands of dollars of attorneys' fees for which Mr. Baker will not be reimbursed...Within five court days of this order, Baker shall immediately turn over all documents to the receiver, withholding only those documents that are shielded from discovery by the attorney-client privilege, or those which are truly protected by a legitimate privacy interest."
In another article the fact that broadband pipes are fast enough to support thin client computing is touted. And, okay, maybe we're going to get some bad guys off the streets and I'm all for that. But, at the end of the day, if I run a business I want to know that "DELETE" means exactly that--It's gone never to be seen again.
Not that I want to do anything illegal. But rather that I know that every bit of my business' precious data is protected from loss, and from the prying eyes of those whom I don't wish to see it. The same thing goes for my personal data.
Delete rarely means delete, even if it's on personal computers. Except for court subpoenas, your "deleted" information is probably a lot safer from future prying eyes on Googles backup system than it is on your own hard disk without extraordinary measures.
This goes to show that, even on a company network, that a tape backup needs to have a hard set retention schedule. When you delete an email it could still be on a tape backup of the server. This tape could be pulled out by a court.
If your industry says you have to keep records for two years... then on the 731st day... the tape should be professionally erased. With one of those industrial magnets used to erase tapes.
The question of turning over client/attorney communication is not whether the documents can be altered, it's whether there was an expectation of privacy. However, the court seems to think that it excluded such communication anyway.
The thing that bothers me about this is not client/attorney communication, which can easily be excluded, but the fishing expedition that seems to be going on for further illegal activity. Without a very specific warrant that specifies exactly what information can be taken from the records and/or made public, it seems to be a case of the government just going through mass records looking for wrongdoing, which violates the fourth amendment.
Doesn't matter. Almost anything a client tells a lawyer is covered, including a confession. The exception usually cited is if the client is about to commit a crime, particularly injury to another person.
Amother interesting computer forensics case involved the former Neandertal Republican Mayor of Spokane. He was ousted in a recall election after soliciting young males at Gay.com last year. The local newspaper acquired transcripts of the conversations, which sometimes involved virtual sex acts. Before it was over, newspaper readers, the FBI, city government and the Washington Supreme Court were privy to Jim West's amorous chats and emails.
US law provides LESS protection to this kind of personal information. In the future GMail will be forced to provide this info in everything from:
Divorce cases: See! (S)He was cheating and here's proof from their old deleted emails!
Terrorism: See! The accused did delete an anti-american email that originated/was sent to X country or person!
Personal Injury Cases: The defendant sent an email to his friend describing the accident and that description is different than the one in his testimony!
Criminal Suits: Ask some Chinese dissedent for a scenario!
Nope..... GMail can google this (making an obscene gesture)!
Frankly, anyone who uses email in this way is a fool...
Once you commit a document to electronic format and email it, you have forever lost control of it. I don't know what they could have been thinking. Even a few years back Oliver North got bitten by some emails that weren't deleted... they were on backup.
If I were in these guys shoes, I would have done the following:
1. Use a secure encryption program like PGP or GPG;
2. Change the keys frequently, say once a week.
3. Ensure that the public and private keys are stored on flash or other media where they can be destroyed and not recovered easily (if at all).
If these parties had done this, then Google could hand over their email, but it wouldn't matter, because no one could read it. Once the public/private key pairs are destroyed, no one can decrypt the stored email, even the sender or recipient. No authority can compel production of that which no longer exists.
Obviously it asks only for a "Deleted Items Folder"!
Obviously the subpoena asks only for a "Deleted Items Folder", not for Google to go over all its replicated storage and look for traces of of deleted files that were not yet written over and happened to contain someone's email. In other words, it just explicitly says that one of the folders turned over should be the "Trash" folder".
Google's privacy policy says deleted e-mail messages "may remain in our offline backup systems" in perpetuity.
These offline backup systems would not be the "Deleted Items Folder." They would be any and all archives that have been made containing that Gmail account.
From the Gmail Privacy Policy: You may organize or delete your messages through your Gmail account or terminate your account through the Google Account section of Gmail settings. Such deletions or terminations will take immediate effect in your account view. Residual copies of deleted messages and accounts may take up to 60 days to be deleted from our active servers and may remain in our offline backup systems.
So basically all this means is that even if you delete an email it could exist in tape somewhere in a vault. This is not new. Every e-mail service provider does this exact same thing! Do you truly believe that when you delete mail from that Yahoo or Hotmail account they drag out the backup tapes to delete them there too? The truly sinister thing is this: why do you know that with Gmail there is a possibility that your email could still exist in a residual back up but not with any other email provider? Why is Google the only one telling people that this can happen? If this guy had a Yahoo account the exact same thing would happen. Yahoo would have to make the best effort to retrieve all the data that is requested from them and that would include information stored in backups.
If the feds had setup an old fashioned wire tap, and part of the phone conversations were between this guy any his laywer, the feds still have the right to listen. This in no way gives them the right to use any lawyer talk in court. Email is no different, except that the data was retained before requesting a warrant for the information.
If the feds had setup an old fashioned wire tap, and part of the phone conversations were between this guy any his laywer, the feds still have the right to listen. This in no way gives them the right to use any lawyer talk in court. Email is no different, except that the data was retained before requesting a warrant for the information.
If the feds had setup an old fashioned wire tap, and part of the phone conversations were between this guy any his laywer, the feds still have the right to listen. This in no way gives them the right to use any lawyer talk in court. Email is no different, except that the data was retained before requesting a warrant for the information.
So what was the result, in the end? How much "deleted" e-mail was recovered by Google? It would be interesting to know how far back they save it. Even though they cover their ***** by saying they may save it indefinitely, there's probably a more reasonable range, like 6 months or a year, although I'm sure it varies by account and a certain amount of luck.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
Not that I want to do anything illegal. But rather that I know that every bit of my business' precious data is protected from loss, and from the prying eyes of those whom I don't wish to see it. The same thing goes for my personal data.
mark d.
Except for court subpoenas, your "deleted" information is probably
a lot safer from future prying eyes on Googles backup system than
it is on your own hard disk without extraordinary measures.
If your industry says you have to keep records for two years... then on the 731st day... the tape should be professionally erased. With one of those industrial magnets used to erase tapes.
documents can essentially be altered with little effort?
~Justin
www.TechViewsToday.US
The thing that bothers me about this is not client/attorney communication, which can easily be excluded, but the fishing expedition that seems to be going on for further illegal activity. Without a very specific warrant that specifies exactly what information can be taken from the records and/or made public, it seems to be a case of the government just going through mass records looking for wrongdoing, which violates the fourth amendment.
including a confession. The exception usually cited is if the client
is about to commit a crime, particularly injury to another person.
Neandertal Republican Mayor of Spokane. He was ousted in a recall
election after soliciting young males at Gay.com last year. The
local newspaper acquired transcripts of the conversations, which
sometimes involved virtual sex acts. Before it was over, newspaper
readers, the FBI, city government and the Washington Supreme
Court were privy to Jim West's amorous chats and emails.
Divorce cases: See! (S)He was cheating and here's proof from their old deleted emails!
Terrorism: See! The accused did delete an anti-american email that originated/was sent to X country or person!
Personal Injury Cases: The defendant sent an email to his friend describing the accident and that description is different than the one in his testimony!
Criminal Suits: Ask some Chinese dissedent for a scenario!
Nope..... GMail can google this (making an obscene gesture)!
If I were in these guys shoes, I would have done the following:
1. Use a secure encryption program like PGP or GPG;
2. Change the keys frequently, say once a week.
3. Ensure that the public and private keys are stored on flash or other media where they can be destroyed and not recovered easily (if at all).
If these parties had done this, then Google could hand over their email, but it wouldn't matter, because no one could read it. Once the public/private key pairs are destroyed, no one can decrypt the stored email, even the sender or recipient. No authority can compel production of that which no longer exists.
Google's privacy policy says deleted e-mail messages "may remain in our offline backup systems" in perpetuity.
These offline backup systems would not be the "Deleted Items Folder." They would be any and all archives that have been made containing that Gmail account.
You may organize or delete your messages through your Gmail account or terminate your account through the Google Account section of Gmail settings. Such deletions or terminations will take immediate effect in your account view. Residual copies of deleted messages and accounts may take up to 60 days to be deleted from our active servers and may remain in our offline backup systems.
So basically all this means is that even if you delete an email it could exist in tape somewhere in a vault. This is not new. Every e-mail service provider does this exact same thing! Do you truly believe that when you delete mail from that Yahoo or Hotmail account they drag out the backup tapes to delete them there too? The truly sinister thing is this: why do you know that with Gmail there is a possibility that your email could still exist in a residual back up but not with any other email provider? Why is Google the only one telling people that this can happen? If this guy had a Yahoo account the exact same thing would happen. Yahoo would have to make the best effort to retrieve all the data that is requested from them and that would include information stored in backups.
Steve
Steve
Steve