Yahoo Ordered to Show How It Recovered 'Deleted' Emails (pcmag.com) 80
An anonymous reader quotes a report from PC Magazine:
Just what kind of email retentions powers does Yahoo have? According to a policy guide from the company, Yahoo cannot recover emails that have been deleted from a user's account -- simple as that. If the email is in a user's account, it's fair game, and Yahoo can even give law enforcement the IP address of whatever computer is being used to send said email.
Or, at least, that's what Yahoo has said. A magistrate judge from the Northern District of California has ordered Yahoo to produce documents, as well as a witness for deposition, related to the company's ability to recover seemingly deleted emails in a UK drug case... a UK defendant was convicted -- and is currently serving an extra 20-year prison sentence -- as part of a conspiracy to import drugs into the United Kingdom. He's currently appealing the conviction, in part because the means by which Yahoo recovered the emails in question allegedly violate British law.
The drug smugglers apparently communicated by creating a draft of an email, which was then available to others who logged into that same account.
Or, at least, that's what Yahoo has said. A magistrate judge from the Northern District of California has ordered Yahoo to produce documents, as well as a witness for deposition, related to the company's ability to recover seemingly deleted emails in a UK drug case... a UK defendant was convicted -- and is currently serving an extra 20-year prison sentence -- as part of a conspiracy to import drugs into the United Kingdom. He's currently appealing the conviction, in part because the means by which Yahoo recovered the emails in question allegedly violate British law.
The drug smugglers apparently communicated by creating a draft of an email, which was then available to others who logged into that same account.
Re: (Score:1)
Portmanteau doesn't mean what you appear to think it means. Well, maybe for 'left-tards'.
Using drafts (Score:5, Interesting)
Re: (Score:2, Insightful)
And it never works. Just ask General Petraeus [wikipedia.org].
Re: (Score:2)
I have no fear.
Re: (Score:3)
Which just goes to show kiddos, encrypt with something like Gpg4win even if you're keeping the message somewhere you think is "secret."
c:\messages\>gpg --encrypt --recipient "Other Person" TextDocumentExample.txt
c:\messages\>gpg --decrypt TextDocumentExample.txt.gpg > Decrypted.TextDocumentExample.txt
Re: Using drafts (Score:2)
it's pretty easy to "recover" something that was not deleted in the first place.
Re: (Score:1)
Crooks are stupid. How much do you want to bet that he forgot to delete the drafts?
it's pretty easy to "recover" something that was not deleted in the first place.
I guess that the emails the crook thought of as "deleted" were in fact just moved to the Recycle Bin/Trash folder.
Re: (Score:2)
Same trick David Petraeus used (Score:3, Informative)
That's the same method David Petraeus used. [washingtonpost.com]
You've got to appreciate the irony... (Score:3, Interesting)
Re: (Score:3)
in the fact that an international drug smuggler wants to appeal his conviction by arguing that Yahoo! "broke the law".
I don't know much about British law, but in the US that would not help him. Evidence in criminal trials is only thrown out if the police or prosecutors break the law, not a third party.
Re:You've got to appreciate the irony... (Score:5, Insightful)
Re: (Score:3)
In other parts of the world evidence is always accepted even if someone broke laws to get it. IMHO that's the only logical way - if police illegally break into a house and find evidence a crime have been committed there the evidence is still real. Of course the police in question should get some time in prison too.
Re: (Score:3, Informative)
How about if the law they break is planting evidence?
Re: (Score:2)
Then the police didn't break the law to retrieve evidence, they manufactured it. There was and is no evidence.
Re: (Score:2)
In other parts of the world evidence is always accepted even if someone broke laws to get it. IMHO that's the only logical way - if police illegally break into a house and find evidence a crime have been committed there the evidence is still real. Of course the police in question should get some time in prison too.
Yeah, good luck with that. The officers who violated your rights to get evidence will get, at most, a paid vacation while the "investigation" is on going. Hell, they may even be punished with an award of some type. Our forefathers lived in a world where this type of action was the norm, and saw fit to (try to) protect us from it.
Re:You've got to appreciate the irony... (Score:4, Insightful)
if police illegally break into a house and find evidence a crime have been committed there the evidence is still real
I wish there was a "-1 Too Young To Have Thought Things Through" mod...
Re: (Score:2)
Every house surely contains evidence of some crime or other, usually very minor.
Re: (Score:2)
if police illegally break into a house and find evidence a crime have been committed there the evidence is still real.
At the point that the officer has broken the law any evidence they find is suspect and not credible just like evidence that does not have an unbroken chain of custody it can no longer be validated as fact.
Re: (Score:3)
Let me guess - you're an American?
It's the way that you think there is a single place called "the rest of the world", and that it is a homogeneous, uniform place defined by it's not being America. Hint: there is human variation outside your experience of your home country. (Actually, there is probably more variation in your home country than you are aware. How many of your country's native languages can you at least read?)
Re: (Score:2)
Yahoo says this is impossible, then Yahoo does what they claimed was impossible. Thus, there are two options:
1. Yahoo lied the first time
2. Yahoo lied the second time
I'd appeal too. Especially if I was innocent and Yahoo faked emails to appease some government entity who was sure I must have something incriminating.
Re:You've got to appreciate the irony... (Score:4, Insightful)
A far more likely reason is that sometimes it's possible to recover a deleted email and sometimes it is not. By analogy, think of the circumstances under which it is possible to recover a deleted file on disk.
Yahoo's policy says it can't recover deleted emails because if it said anything else, someone with an expensive lawyer would interpret that as a guarantee.
Re: (Score:2)
Except this isn't just about a company being sloppy (or outright lying) about a customer-friendly policy. There are laws about having to delete said things after a certain amount of time.
So, for the lawyers:
1. Does something in the drafts folder count as email?
2. Regardless of 1, does this draft still existing imply the whole email system database backup still exists, or does Yahoo do extra work to just clobber old in and outboxes?
Re: (Score:2)
Yahoo says this is impossible, then Yahoo does what they claimed was impossible.
It wasn't an email, it was a draft of what could have become an email. As such, it was just a file.
One word: backup. I have tapes on the shelf of files from a decade or more ago. Long deleted from the computer. Still recoverable.
Especially if I was innocent and Yahoo faked emails
It wasn't an email. And there appears (at least in TFS) to be any claim it was faked. In fact, "the means by which Yahoo recovered the emails in question" wouldn't be "recovered email" if they simply faked a file.
Once you hand your files, any files, over to a second party, you ha
Re: (Score:2)
It wasn't an email, it was a draft of what could have become an email.
I'd say a draft is an email that just hasn't been sent yet. If I handwrite a letter to someone on paper, but I haven't placed it in the mailbox, would you argue that what I wrote isn't actually a letter because it's still sitting on my desk?
As such, it was just a file.
Every sent and received email is also "just a file," at least that's how they're stored on my systems.
Re:You've got to appreciate the irony... (Score:5, Insightful)
I'd say a draft is an email that just hasn't been sent yet.
Drafts do not need to meet any of the standards for Internet messaging, and therefore are not "email". They might contain enough header information to meet the standard, but they don't have to, and many of the drafts I've written certainly do not.
would you argue that what I wrote isn't actually a letter because it's still sitting on my desk?
Would you argue that the federal laws regarding US Mail attach to a piece of paper that you are thinking about maybe someday sending through the US Mail system? I.e., yes, I would say that your piece of paper is not yet mail because it has no stamp, has no address, and hasn't been deposited into a mailbox for sending.
Every sent and received email is also "just a file,"
No, it may be saved in a file, but it is also email. "Just" is an important word here. It conveys the concept of "only". How they are stored is irrelevant when determining "email" status. Your system may save all email as files, but that does not make all files email.
Re: (Score:2)
If they deleted it from their drafts folder, I would expect it to be clobbered from the backup system after the expired time simply because it is only in backed up files of the entire email database.
So...it is in a separate database just for drafts (or all non-sent, non-received data)? Or is the general email database backup sitting around existing when it shouldn't?
This is the investigation that needs to happen.
Re: (Score:2)
If they deleted it from their drafts folder, I would expect it to be clobbered from the backup system after the expired time
What is the "expired time"? Is there an RFC that defines this term?
simply because it is only in backed up files of the entire email database.
Drafts are not email, and are not necessarily in the "email database". I've written plenty of drafts that really are "just files", imported to the email client later.
So...it is in a separate database just for drafts (or all non-sent, non-received data)?
You mean, like, "files"? I think people want their files backed up. Yes, I'm pretty sure that most people would be unhappy were the server to crash and their files are all lost.
Re: (Score:2)
And if you were operating in the EU and those tapes contain personal information (including drafts made and never 'sent'), you'd be in violation of EU law and liable for some rather strict punishment.
Backups? (Score:3)
In the best case, Yahoo recovered them from tape, in the worst case they actually keep stuff around for various nefarious purposes. My bet is that they're doing both for their customers and simply lying about it to their products.
Re: (Score:3)
Re: (Score:2)
In the worst case? How about Yahoo hands over all of their traffic to law enforcement for consideration. This would also provide email access to law enforcement from ISPs which outsource to Yahoo like AT&T.
Seen it a hundred times at least. (Score:4, Informative)
Some exec says they can't recover anything deleted from the servers until one of the sysadmins points out that the server backup archives don't process these deletion requests retroactively.
Re:Seen it a hundred times at least. (Score:5, Insightful)
Or it may be related to the reliability of recovering from backups. Backups are intended to recover from catastrophic failures, not mere accidental deletion of messages, so recovery of any particular message can be problematic. Even if the message was stored long enough to be caught in a backup, incremental backups mean it may take searching a month's worth of backups to find the exact one that backed up that message. Fail to scan a large enough range and you won't find the message even if it's backed up. If the message was received and then deleted before the next backup run then it may not be on any backup, and there's no way to distinguish not finding it because it wasn't backed up from not finding it because you didn't search the right set of backups. Explaining all that to ordinary users is all but impossible, so from a service-level standpoint it makes more sense to not bring backups up at all and simply say "If you deleted it, we can't recover it.". That, users can comprehend even if they don't agree with it.
A request from a court for discovery is a completely different matter not limited by the service level provided to users, so it makes sense that Yahoo may be able to produce a message in response to a discovery request that it won't recover in response to a user request simply because they don't want to argue with every user whose message never made it into a backup or who wants them to go back through 5 years worth of backups to find it.
Re: (Score:3)
Re: (Score:2)
There are ways around that so you don't have to actually deal with lusers when they delete stuff. The down side is that your tape drives might be busier than they would otherwise have been.
The latest version of TSM or Spectrum Protect as IBM now like to call it has a web GUI designed for end users to recover files for example.
Re: (Score:2)
Re: (Score:2)
This claim is from their guide for law enforcement [eff.org], page 8, 5th paragraph. They claim that once deleted they cannot produce messages for law enforcement, even if presented with a valid warrant.
It seems that is inaccurate. So either they were lying to law enforcement, or they fabricated the messages, or they tried extra hard and found a way to do it which will now be subjected to rigorous scrutiny by the defence.
It's not a get-out-of-jail-free card but someone from Yahoo will have to explain what happened he
Re: (Score:2)
Actually there is another possibility. Yahoo was requested by the government to keep those messages. The process for doing that should be scrutinised.
Re: (Score:2)
And yet another possibility: The person used a draft message and not a sent message, rendering that document's content irrelevant.
It depends on the number of backups (Score:2)
data mining miners mine my mined data (Score:1)
If you give your email to a data broker company such as Yahoo, Google, Microsoft, LinkedIn, or whoever... then they have it. What happens to it is now out of your hands. They don't have to delete it, and in fact probably they will not because it holds commercial value for them. They will just flag it so it doesn't show up for you.
if you don't want these companies to have your data, do not give it to them. Really, this is not a complicated concept. End to end encrypt with PGP or whatever and send your d
Re: (Score:3)
If you give your email to a data broker company such as Yahoo, Google, Microsoft, LinkedIn, or whoever... then they have it.
Or even your local Mom and Pop ISP. My ISP decided to outsource email to Google. The day they did that, email I had deleted THREE YEARS PRIOR showed up again.
There is simply no more excuse for not having even the most basic comprehension of how it works.
Of course there is. Because of Eternal September there is a huge number of people who are using at tool without the need or desire to know how it works under the hood. And that analogy is deliberate, both because of the slashdot car meme and the fact that the vast majority of people who use automobiles have no clue how they work under the hood.
Re: (Score:2)
You should get some decent data protection laws and then you'd have a chance.
It was a draft, so it was never deleted (Score:2)
Uh, Your honor, (Score:2)
Re: (Score:2)
And therefore, your honor, my client should be let off the hook because he used the old "save draft" trickaroo.
It's why you over forecast rain (Score:2)
If you forecast that it's going to be sunny, and it rains, everyone is mad at you. If you forecast it'll rain, but it turns out sunny, people might be bothered, but aren't angry. So you over forecast rain predictions.
And then if you're running a free email service, and can recover some deleted items, but don't want to make promises about whatever internal garbage collection process you're using (and want the freedom to change it whenever you want), you say that you can never recover deleted items. That way
Backups are really painful in fishing expeditions (Score:2)
Re: (Score:2)
Ugh, Bit9 is pure evil, from a programmer POV.
It hashes every file you read and write and denies you access to them.
We had that configured on a whitelist basis. The programmers had the option of overriding it, but as you can imagine, clicking through a dialog every time you make a 1-char change to every script file can be quite frustrating.
It also took a file-heavy process that used to run in 90 seconds and made it consume 14 minutes.
Drafts are not Emails (Score:1)
Yahoo said they cannot recover deleted emails. They say nothing about recovering deleted drafts.
An email is the act of sending information from one account to another. It is nothing more than a set of transactions between servers along with a payload.
A draft, however, is a document or file stored on a server that is waiting to be sent as a payload. It is not in itself an email. So, when Yahoo says they cannot recover deleted emails, it says nothing to their ability to recover other deleted information that