
A Texting Truth Often Forgotten in Politics: Your Phone Remembers Everything - aaronbrethorst
http://www.nytimes.com/2016/08/12/nyregion/a-texting-truth-often-forgotten-in-politics-your-phone-remembers-everything.html
======
JoshTriplett
Another truth often forgotten: the _recipient 's_ phone remembers everything,
too. You might use full-disk encryption on your phone, but that doesn't matter
if the recipient doesn't.

~~~
Frqy3
And the networks on both the sender's and receiver's side keep a copy of the
messages for a certain time. Depending on local data retention laws, these may
then be kept for some mandatory longer period.

~~~
exDM69
It's a good idea to assume that texts are stored forever. There's no technical
reason to remove ~140 bytes of data when storage is cheap.

Your local data retention laws and the network's practices may vary or they
may be under pressure from law enforcement to keep things longer than
necessary. They will not disclose in public how long they are stored, so
better assume forever.

~~~
__s
Especially when that 140 bytes is text, one of the most compressible forms of
data

------
dredmorbius
"Data are liabilty" has become a mantra of mine.

And while it frequently afflicts those utterly disenfranchised (see the
parallel HN item on asset forfeitures, aided by scanning or having employees
hand over travel records), it also hits those in power. The difference is that
whilst the disenfranchised may find themselves arrested or disencashed, the
powerful seem to find a harsh spotlight shined on them, but largely avoid
harsher penalties.

Not always, and not entirely successfully. But information, it turns out, is
not _power_ , but a _power multiplier_. If you have a great deal of power,
information used _against_ you diminishes that somewhat, but can only multiply
your attackers' own power by so much.

It's a rather interesting dynamic.

~~~
mtgx
I wish politicians used that mantra, too, and made laws that basically split
information into various classes or levels of sensitivity. Companies would
still be free to collect whatever data they want. But the higher the
sensitivity level, the punishment becomes progressively bigger, too, in case
of a data breach that exposes that information (and the punishment should be
almost automatic when it happens).

I believe that should give companies enough incentive to:

1) collect only the absolutely necessary data that they need

2) if they do collect more sensitive data, invest heavily in protecting it

~~~
xg15
I disagree. Cynical me thinks this plan would first and foremost give
companies incentive to gain control about whichever agency is tasked with
setting the sensitivity levels - and make sure all interesting data is
classified as "minimum sensitive"...

You could even use this as a tool to gain an unfair market advantage:

1) develop some proprietary (reversable) obfuscation algorithm

2) market the algorithm as "data anonymization" and lobby to get the
"anonymized" data classified as insensitive

3) you can now collect the same data as your competitors but have to obey
lesser security standards than they have. Unless they purchase the algorithm
from you.

4) profit!

But even if that scheme worked, it doesn't seem to protect the end user
against things companies intentionally do with the data that are not in the
user's interest. Including "intentional data breaches", aka selling the data
to third parties. (or getting acquired by a third party)

~~~
anexprogrammer
"anonymized" is mostly a joke anyway. Seems more likely to indicate they
removed your name and email than any attempt to prevent identifiability.

Cynical me says 95% of everything in this area is profit, to hell with
anything else.

------
joezydeco
"Dance as if nobody is looking, write emails as if they will be read aloud in
a deposition"

~~~
dexterdog
But when you are dancing somebody could be filming and updating to YouTube so
maybe you should dance accordingly.

~~~
ptaipale
I guess the point of that proverb is that even if you dance badly, you'll at
most be ridiculed, but possibly become a hit. You will likely not be
imprisoned.

(Well, in Western countries anyway... except if the dance contains hand
movements or such that are illegal. I mean, if it's just a dance, no problem.)

~~~
hx87
Exactly, and once these sorts of videos become common enough in society that
everyone has at least one, they won't even harm your chances at employment.

------
jheriko
i'm not sure the problem is the careless messages - its the bad behaviour that
is 'let slip'

i know its not exactly the point of the article, but the way i deal with my
frustration over this is by doing whatever i can whenever i can. if everyone
did this our leaders might actually be doing the important work of maintaining
and improving society, law and order instead of the bullshit work of being
power hungry scum.

the fact that we call them politicians says it all imo...

------
zhte415
An additional node, or vector: You phone's IME.

You probably don't think about your IME that much. I started thinking about it
when it made typing various strings of pinyin (input of Romanised Chinese)
much easier because it recognised what I was typing.

------
sailfast
This is interesting - I can't tell from the article if the text message was
divulged by the receiving party or through a subpoena. I understand that SMS
can be captured by the provider and they can be subpoenad, but what about
messages sent via a third party service (iMessage, WhatsApp, etc) that are (at
least notionally) encrypted and not visible to the service? Would an
individual be compelled to present these in court?

------
ksk
How long until they start subpoena-ing your browsing history from Google?

~~~
pboutros
[https://www.aclu.org/blog/how-private-your-online-search-
his...](https://www.aclu.org/blog/how-private-your-online-search-history)

------
bhhaskin
This just ins't politics and it isn't just text messages. Anything you send
over the wire could comeback.

------
Freestyler_3
Yes, they are sorry they got caught. Next time you hope they will use better
ways to hide their secrets.

What great journalism.

*they = could be anyone.

------
gsmethells
So do photographs and screenshots. :)

~~~
Nadya
I disagree: [http://i.imgur.com/bkjvUCy.png](http://i.imgur.com/bkjvUCy.png)

Screenshots prove nothing. A better choice are 3rd-party archives (EG:
Internet Archive) where you can view a page or take a "snapshot" of what the
page looked like at a certain time.

While it isn't arguably 100% secure - it is far more trustworthy than random
screenshots since it adds several steps before anyone can say "it is
manipulated".

------
draw_down
This story is silly.

~~~
aethos
Why? (not agreeing or disagreeing, just asking)

------
jgrahamc
This is why you use Wickr instead.

PS Down vote is annoying. This is _precisely_ why I use Wickr for some
communications. It gives me a text message like experience with messages that
are automatically deleted from my phone and recipient's.

~~~
JoshTriplett
That assumes you can trust 1) the (proprietary) application on the recipient's
end to delete the message, 2) the recipient to not save the message some other
way, and 3) the opaqueness of the protocol preventing anyone from writing a
replacement client that doesn't delete messages.

There's no way to guarantee deletion; if the recipient can read it, the
recipient can save it.

~~~
taneq
In the end it will always come down to the 'analog hole' \- no matter how
airtight the digital implementation, you'll never stop the user at the other
end from taking a photo of the screen.

~~~
edisoncarter
Not an analog photo, no. However, an airtight digital implementation would
absolutely do stop anyone from recording anything they're not allowed to
record -- and it wouldn't be really airtight if ownership of non-aligned
equipment was tolerated :P

