
'Deleted' Yahoo Emails Led to a 20-Year Drug Trafficking Conviction - walterbell
http://motherboard.vice.com/read/how-deleted-yahoo-emails-led-to-a-20-year-drug-trafficking-conviction
======
mohsinr
A section of Yahoo's recent filing, in which the company writes that drafts of
an email can remain on Yahoo's servers even though the user deleted the final
draft.

------
andrewclunn
I wrote about 4 versions of this comment before settling on this one. I did so
with developer tools open, just to make sure that no data was being
transferred as I did (nope looks like Hacker News is safe at least).

I think this may become standard practice for me. Actually, if somebody makes
(or knows of) a simple browser extension that simply alerts me of when I'm
sending data to the server, I'd use it.

~~~
ccvannorman
It may sound like paranoia, but Facebook and I'm sure many other sites report
_every keystroke_ during typing whether or not it's published or deleted
before you press enter.[1]

[1] [http://techland.time.com/2013/12/18/facebook-can-see-what-
yo...](http://techland.time.com/2013/12/18/facebook-can-see-what-you-type-
even-if-you-dont-publish-it/)

~~~
williamscales
In fact, to go farther, some of the live chat support widgets on sites have a
feature where they show the support rep what you've typed _as you 're typing,
before sending_.

~~~
dexterdog
There is a valid use for that and it's a faster response time by the rep

~~~
williamscales
Oh, yes, absolutely. I think it's a fantastic feature. Just one whose
existence I hadn't even considered until it was demonstrated to me.

------
throwthisaway_
If you are leaving something on a server for someone else to pick up then that
information will be saved and logged.

That information might be deleted eventually if they are not asked to do
otherwise.

Wasn't Facebook at one point bragging about their data-mining efforts on
"unposted" wall-posts?

What I notice most in this article is that it mentions NSA and not GCHQ but
the article says that the investigation started from the UK's SOCA.

------
HappyTypist
Every major tech company has deletion SLAs and treat them seriously.

How long were the emails deleted for when the snapshot was taken? That's the
important question.

~~~
jimrandomh
Free services generally do not give SLAs, and Yahoo's email service is free.

~~~
loosescrews
According to this (admittedly rather old) article, Gmail will fully delete
deleted emails within 60 days: [http://www.zdnet.com/article/does-delete-
forever-in-gmail-re...](http://www.zdnet.com/article/does-delete-forever-in-
gmail-really-mean-it/)

------
smoyer
If you really care about security, all data at rest must be encrypted (in
addition to the data in transit). We're so used to HTTPS, SSMPT, POPS, IMAPS,
etc and we tend to look for it. But the data at rest is actually much easier
to capture.

------
PhantomGremlin
A very similar Gmail "trick"[1] resulted in the humiliating downfall of CIA
Director (nee General) David Petraeus.

I'm not surprised that this tripped up a random crook, but the CIA director
should have been about 100x more paranoid about how he communicated.

[1] [http://www.networkworld.com/article/2223513/data-
center/gene...](http://www.networkworld.com/article/2223513/data-
center/general-david-petraeus-used-clever-gmail-trick-during-affair.html)

------
zaroth
The article could do a better job laying out the case for asserting that
shenanigans are taking place, but I understand the gist of what the defense is
claiming, and I hope they get the chance to pursue it. Chain of custody is
important, and what Yahoo is claiming does not quite square with what appears
to have happened. The crime or guilt of the accused is irrelevant -- if behind
the charade is a new mass-surveillance technique, the court and the public
deserve to know.

So how exactly were unsent drafts persisted on Yahoo servers, how many
snapshots are saved, and for how long? These are straight-forward questions
which deserve direct answers. Instead, Yahoo seems to be talking around the
core issue and perhaps hoping a technically challenged court will mistake
Yahoo's responses as actually forthcoming.

What we know is that law enforcement made a "preservation request" in
September 09, and then a search warrant in April 2010. We know that for both
the 'preservation request' and the search warrant, Yahoo claims they create a
snapshot at that time, which only sees account data at that instant and
nothing further. Crucially, Yahoo claims there is no special mode the email
account can be switched into by law enforcement to change the logging or
retention rules. And this is what makes this case particularly interesting --
whatever data was available in this case, the same retention rules apply
across all their users.

At first, Yahoo claimed in a written statement that, "If a user deletes a
communication from his or her account, the communication becomes inaccessible
to the proprietary tools Yahoo uses to gather communications data in response
to preservation requests and search warrants."

In a subsequent statement, Yahoo backpedaled and now claims that in fact,
"auto-save drafts remain on the Yahoo Mail server for some time after the
draft message is [deleted]." Furthermore, "multiple drafts of a single email
could remain on the Yahoo mail server, and accessible to Yahoo’s snapshot
tool, even though the user had deleted the final draft.”

Yahoo claims that at some point after a draft is deleted, the auto-saved
versions of the draft will also be deleted. They don't describe at all how
long that interval is, so for all we know it's 1000 years. We also don't know
if there's a limit to how many versions of a draft Yahoo will accumulate over
time. Really all we know if that Yahoo says the behavior is exactly the same
whether a 'preservation request' or a search warrant has been executed, or
not, so we're talking about their general purpose algorithm used across
hundred of millions of users.

------
buckbova
If you use others' technology platforms to commit crimes, don't cry about it
when it's all turned over to the feds.

~~~
jessaustin
If the evidence supposedly came from Y! but in a fashion that would be
impossible by Y!'s own descriptions of its "technology platforms", it's
reasonable to wonder whether the evidence came from NSA instead. Seeking to
clarify Y!'s position is part of that, and the fact that Y! refuses to respond
is more curious yet.

Also this is drugs so it's a travesty whether the accused did it or not.

------
smegel
> many users are aware that different versions of their draft emails are
> stored on Yahoo’s servers and are available for recovery by law enforcement,
> even if the user deletes their final draft

That is one hell of a slimy, weasel word definition of "delete". Basically
"delete will delete the email except for the copies of the email we keep for
the police".

~~~
tbrownaw
Are you _sure_ that being available for law enforcement isn't just a side-
effect of being available for "undelete" or a general "undo" mechanism, for
when the user inevitably fat-fingers something?

~~~
smegel
You can't "undelete" a deleted draft email, so no.

