Judge Orders Deleted Emails Turned Over

Anonymous Coward writes "In a lawsuit brought by the Federal Trade Commission, a subpoena sent to Google orders the turnover of the complete contents of a Gmail account, including deleted e-mail messages. The Judge has granted the subpoena and orders that all e-mail messages, including deleted messages, be divulged. Google's privacy policy says deleted e-mail messages 'may remain in our offline backup systems' in perpetuity. It does not guarantee that backups are ever deleted. So much for the Delete Forever button."

Hate to say 'I told you so', but...

I TOLD YOU SO.

I've maintained before [slashdot.org] that Google retains far too much information to make the use of Gmail anything less than a full-blown privacy nightmare. (For more information, please look here [epic.org] and here [gmail-is-too-creepy.com].)

And now, the chickens have come home to roost. From TFA:

The subpoena asks for not only current e-mail but also deleted e-mail: "All documents concerning all Gmail accounts of Baker...for the period from Jan. 1, 2003, to present, including but not limited to all e-mails and messages stored in all mailboxes, folders, in-boxes, sent items and deleted items, and all links to related Web pages contained in such e-mail messages."

A stunning victory for the Establishment and a horror show for private citizens everywhere. Welcome to 1984.

And before you start, please don't object that the person affected is a defendant in a criminal proceeding, because that's quite beside the point. The point is that Google has this information on you, and will hand it over upon request. This vindicates the caterwauling of all the privacy advocates concerning Google and Gmail, and establishes a dangerous legal precedent. Remember, as our 'inalienable' rights are systematically stripped away by the architects of the New World Order, more and more of the things you do become 'illegal'...and subject to criminal persecution...er...prosecution. It might not be long before you are being referred to as 'defendant'...what will you think of your Gmail account then?

Re:Hate to say 'I told you so', but...

This is one more reason why my email is a regular old email account and I access it via secure POP/SMTP. If I want to delete email, I can do it myself and make sure that it is gone forever. Maybe I'm paranoid. Better safe than sorry.

I think the real issue

Re:Hate to say 'I told you so', but...

Your ISP presumably backs up customer mail on a regular basis, and keeps those backups for God knows how long. POP accounts are no more secure than webmail accounts when talking about "deleted" mail.

Re:Hate to say 'I told you so', but...

This is why I'm my own ISP (so to speak). I run my own server, and do my own backups, which I retain ONLY for disaster recovery purposes. The system is backed-up each nite, with the backup files copied to another system. After 3 days, the backups are expunged with a secure erase program. It's all automated. It never hits tape, and as such, if I delete something, it's gone.

I also religiously encrypt outbound email, and ask my correspondants to encrypt mail they send to me.

Now, don't get me wrong - I don't think this is 100% secure, but it sure beats letting Google/Comcast/AT&T/Earthlink/MSN or whoever determine what gets kept and what doesn't.

I would never change back - come what may, as long as owning a server is legal, that's how I'm getting my email. And if they try to make it illegal, well, Jefferson told us how to deal with that problem.

Re:Hate to say 'I told you so', but...

This is why I'm my own ISP (so to speak). I run my own server, and do my own backups, which I retain ONLY for disaster recovery purposes. The system is backed-up each nite, with the backup files copied to another system. After 3 days, the backups are expunged with a secure erase program. It's all automated. It never hits tape, and as such, if I delete something, it's gone. I also religiously encrypt outbound email, and ask my correspondants to encrypt mail they send to me.

That's very commendable, and worthwhile.

But just so you know...

When the NSA goes datamining, they divide the intercepted traffic into two piles: clear and encrypted. Both piles get processed. Except yours has a red flag next to it.

Better to maintain a normal usage profile and be even sneakier about important correspondance, if you are worried about it. (And you should be.) Its all hassle vs security. If you are going to that much trouble already, why not go all the way and use stego or something that doesn't scream "I am encrypted info" like PGPMail? (for example)

Re:Hate to say 'I told you so', but...

I was in full agreement up until: "...much less analyze it in any form"

If I were a spook I would not want to figure out every message coursing through the interwebs, I would be more interested in tracking who is talking to whom. That way when I decide to piss all over peoples privacy I could seize and decrypt the accounts of the evil-doers and all their mates at slashdot. - The eternal problem that is easy to spot, is who decides what constitues evil? Are there non-binary levels of "evil", and if so what are they?

OTOH: This kind of social network monitoring and analysis has dismantled extremly vile networks involving child tourtue and sexual abuse of toddlers. Most notably in the mid 90's in Denmark where some very high profile Danes were implicated in an international child abuse network. The result in Denmark was public revultion with thousands of people attending mass protests.

How many people would peacfully tolerate privacy protection for that kind of activity sent over a global public network for profit? Should we refuse to employ bomb sniffing dogs to monitor snail mail because the dog might pick on an innocent package?

From anarchists all the way across the political spectrum to 1984, the spanish inquisition and the crucifiction of Christ, every one of us looks for nirvana in a personal "book of rules", this "nirvana rule book" only exists within the deluded individual's mind. The fact that "nirvana for all" can not be discovered through a single "book of rules" does not slow humanities enthusiaim for writing "rule books" and forcefully applying varying interpretations on to everyone they encounter. I'm not saying human nature is wrong, it just "is".

BTW: "1984" is a brilliantly insightfull book, "Animal Farm" is equally as brilliant and in my mind closer to the "truth" about ourselves.

Re:Hate to say 'I told you so', but...

Sorry, but If your email was ever on a computer (trust me, it was), and that computer was backed up when your email was on it (you hope it was), you're still open (oh crap).

Whoever your provider is just needs to be subpoena'd, and voila... everything you

Re:Hate to say 'I told you so', but...

I agree with you that gmail takes way too many liberties with personal privacy, but really any mail system other than your own will have a similar issue. Presumably, all of the webmail providers backup their data, and store it offline for unspecified leng

Sigh

Time to cancel some webmail accounts. I'm sure Yahoo and/or MSN (which I quit using long ago) will do this too.

I doubt I can set up my own MTA...any good howto's out there, or should I *urp* google it? :)

Re:Hate to say 'I told you so', but...

Before you fly off the handle here, keep in mind that Google has only been ordered to produce the emails. What will be interesting is whether or not Google is able to produce the emails. If so, how many of them will they be able to retrieve? The subpoena itself - which is scary, but unfortunately a part of the legal system - is really secondary to this. A judge can't magically make deleted data reappear, no matter what they order. But if the data is not deleted... well... then your fears are fully justified.

I've always wondered if that clause was more of a CYA clause meant to get around the fact that plenty of stuff may remain in the GoogleFS for a period of time after it has been "deleted", but without a live index. The results here may very well show if that is true or not.

Re:Hate to say 'I told you so', but...

I would think that they have Google Backup. Beta of course...And only employees can be invited.

Re:Hate to say 'I told you so', but...

I would think that they have Google Backup.

I don't see why that's a "safe" assumption. The Google search engine churns through terabytes of data that can easily be recreated. That safety net allowed them to test their GoogleFS system before using it on other applications like Mail. GoogleFS was very much built around the concept that the system is its own backup. If any one PC in the cluster fails, they simply yank it and throw in another. No recovery is attempted on the old PC. They simply repair and wipe it if it's feasible, or junk it if it would cost too much time.

Thus in this guy's case, the matter will likely depend on whether Google explicitly maintains an index of deleted email and accounts, or if they simply "delete" things by removing the indexes and waiting until the various GoogleFS rebuilds wipe out the extra data.

Re:Hate to say 'I told you so', but...

If you're concerned about your privacy, why are you sending sensitive information in the clear over email; through any provider?

Use PGP!

And would you mind telling me how gmail is any different than hotmail or yahoo mail in regards to managent's access to email contents?

what will you think of your Gmail account then?

"I refuse to divulge my PGP private key & passphrase."

You're Not Wrong, BUT...

I agree that there are definite privacy concerns about GMail. What I think you're doing, however, is mistaking Google's full disclosure for some kind of unique and sinister plot.

Google warns that "delete forever" does not mean that the message is necessarily gone. Their offline backup servers may contain copies of your messages in perpetuity. Can you think of why this might be?

Because I can. Like any responsible data company, they don't want you to lose important data... so they back it up. Independently. Into offline storage. And when you click the "delete forever" button, your message is not magically removed from media that is not connected to the system.

Google discloses this all very plainly. I use gmail, and while I guard my privacy, I recognize that electronic communication of any kind flat out has different risks than other kinds of communication. Life is full of risks, but the risks you take with Google are much easier to calculate than the risks you take with other companies.

Specifically, do you think Hotmail has an offline backup system? Yahoo? Juno? If they don't, you may lose some very important data... but I suspect that they do, and if they do, then they have this exact same problem When you delete things from their servers, do their tapes or whatever magically erase the same stuff?

Of course not.

But I don't see them warning anyone about that fact... so pick your poison. Google could probably violate your privacy at some point or another, and they are telling you that up front. Any other service you use could do the very same thing, but I don't see them coming right out and admitting it. Do you?

Re:You're Not Wrong, BUT...

Like any responsible data company, they don't want you to lose important data... so they back it up. Independently. Into offline storage. And when you click the "delete forever" button, your message is not magically removed from media that is not connected to the system.

I'm not buying it. Here's a way to test your theory. Delete an email message with a large pdf attachment. Wait a few days and contact Google. Tell them you had a hard drive failure and a message you deleted contained the only copy of your Ph.D. thesis. Beg, plead, cajole. Offer them anything.

I'll bet you a beer you won't get the message back. Google's long-term data retention policies have nothing to do with altruistic measures to protect users from data loss.

Re:Hate to say 'I told you so', but...

The point is that Google has this information on you, and will hand it over upon request

I think this would be better stated if you replace "will hand it over upon request" with "must hand it over when ordered to by a judge". I see a big difference there.

Re:Hate to say 'I told you so', but...

Yeah, I mean you wouldn't want the following email message to get out into the public

to: MOM
from: TripMasterMonkey
Subject: Second Post :(


Mom, I only got second post on the slashdot story about Gmail. Well, at least I got +5 interesting for mentioning 1984. If you need me, I'll be in the basement. A new story is coming out in 5 minutes and I have to do some serious copying and pasting and then mention privacy concerns. See you upstairs later tonight for dinner.

Love, Your son TMM ^_^

Re:Hate to say 'I told you so', but...

Maybe I'm missing something, but since when does email exist in a different universe than any other kind of mail? Courts have always had the power to subpoena (or whatever the legal term is) personal correspondence. This new ruling doesn't require Google to keep anybody's email forever, Google already does that on their own. The court is simply demanding to see specific correspondence during a specific time period. Same as it could demand a stack of love letters in someone's dresser drawer. People who want to keep their mail secret forever should burn it, and those same people shouldn't use GMail.

Re:Hate to say 'I told you so', but...

Mod down this alarmist. Records are subpoenaed all the time in criminal cases. There's nothing special about this case whatsoever. This shouldn't even be on Slashdot since this happens every single day.

I've maintained before that Google retains far too much information to make the use of Gmail anything less than a full-blown privacy nightmare.

Google doesn't claim that your email will remain private against government subpoenaes! Why does that make it a privacy nightmare? Hint: If you don't want it to be evidence against you, don't store it unencrypted on private company email servers. On a related note, don't write it down and lock it in a drawer, don't hide it under the mattress, and don't put it in a safe deposit box under your name. None of these things are safe from a subpoena.

And before you start, please don't object that the person affected is a defendant in a criminal proceeding, because that's quite beside the point.

Actually, that is the entire point. I would agree with you if this were Google being pressured or requested to give the information. But this was done with the proper documentation from a judge in a court of law. The fact that you hand wave it away and blame Google is quite beside the point.

Re:Hate to say 'I told you so', but...

oh no the super evil gubermints have won by making us use teh gmails and outlawed all other email serviceZ and googles didn't say what they were doing with the email and you don't need a court odor to OH WAIT

You guys ever hear of a search warrant? A signed one of those can let people in your FUCKING HOUSE, nevermind your email. IT'S SCARY!

Oh, nice use of both "New World Order" and 1984 in one post. I award you double kook points for that.

Re:Hate to say 'I told you so', but...

Erosion of the expectation of privacy actually diminishes your rights to privacy. The 4th Amendment's use the the word "unreasonable" to describe what sorts of searches and seizures are forbidden makes this a problem.

What someone in 1789 considered "reasonable" might be very different from what someone today considers "reasonable". Imagine what sort of things a person will consider to be "reasonable" when they grew up expecting that the government would read their personal email and that they shouldn't care because they've got nothing to hide.

Re:Hate to say 'I told you so', but...

Why more so than Hotmail, Yahoo, or any other webmail? I'm sure all their "privacy" promises are at least as loose as Google's.

While any ISP, including your local pop3 box provider would likely comply with this request...

Only google claims to want to "organize all the worlds information", including the information *you* no longer value, like old emails you've deleted. They have value to them for their profiling/advertising efforts.

While any ISP *might* have an incidental backup of your email going back 3 years. Google is the only one that is likely to be systematically going to the trouble of keeping your email, all of it, going back forever.

It only remains a question of how much data Google has actually retained. Though they don't guarantee to delete mail when trashed, in practice they probably do eventually, and the case concerns events two or three years ago.

Exactly. No other ISP is likely to be able to produce much more than an incidental or partial backup that far back; but nobody here will be surprised if Google can bring back everything. (Complete with relevant ads down one side.)

Re:Hate to say 'I told you so', but...

Only google claims to want to "organize all the worlds information", including the information *you* no longer value, like old emails you've deleted. They have value to them for their profiling/advertising efforts.

A supposition. What's the point of matching ads to messages you've already deleted; meaning you will never display them again? If they wanted to process them for their "profile" they would already have done that. It seems more likely to me that Google does intend to delete trashed messages, but just doesn't want to promise exactly when they'll get around to it. Maybe a scheduled garbage collection once an hour/week/month. Anyway, this case may reveal just how it works.

Easiest way to deal with this in 2 easy steps

1. Stop using the web interface and enable POP
2. Start using a client and your favourite encryption software

Re:Easiest way to deal with this in 2 easy steps

Using the POP interface to Gmail, by default keeps a copy on the server. If you override this default, it then becomes deleted email that Google's privacy policy states 'may remain in our offline backup systems' in perpetuity.

Encryption would be the way to go with email if all your correspondents would agree to cooperate. In my case, there are perhaps two people I correspond with regularly via email who might consider making the effort.

Easier way to deal with this in 2 easy steps

1. Buy stamps, envelopes & paper
2. Use the Postal Service

email longevity & PGP

All email messages exist in perpetuity. They can be stored as backups in any server that they touch between the sender & the receiver.

If you're concerned about the contents of your emails being divulged - USE (open/gnu/etc...)PGP!

If that is still too insecure for you, meet the recipient in the middle of the park for a strolling conversation; and don't forget the white noise generator.

Please !!!!

Someone think of the poor people that will have to read through all the spam that goes through one mailbox!!!

Heck ... I can picture the defense getting a 80GB archive tape and being told that was all messages recieved. Yes, 99.999% of them are spam. Enjoy.

Talk about burying the opposition in paperwork.

This is Why...

...it makes much more sense to run your own mail server. That's what I do. I don't trust ANYONE but myself with my mail.

Re:This is Why...

And what about your mail sitting in relays on the net? I'd bet at least once in a while one of those gets picked up by a backup system.

If you want to tell someone something securely, you need to make up a language only you two know and whisper it in their ear.

What you're doing is only marginally more secure (and enormously more of a pain in the ass) than using GMail. At least when a disk croaks at Google you won't lose your mail. Disk croaks at your house, its gone.

Oh wait, you have backups? Did your e-mails you deleted off your home system magically get deleted off of them, too?

Re:This is Why...

You better re-examine your idea of security here. For starters, your ISP that you connect your server to can easily store both sides of a conversation...it has to pass through their server *both ways* for you to communicate. Then it has to pass through their upstream tap, and so on.

Unless you use strong encryption, your email server is no more safe than using gmail, and the only person you're kidding is yourself.

The Government Hates Google

With everything that's been going on lately, it sounds like the American government really wants to take Google down in the war of public opinion. The gov't just keeps trying to make them look worse and worse. And since the American courts typically just allow the gov't to do whatever it wants, they're winning.

Re:The Government Hates Google

If you were a prosecutor with any amount of sense at all, wouldn't you request the same thing? It isn't some big conspiracy theory to hurt Google, this is someone doing their job, and a pretty good one from what it sounds like. It will be interesting to see what records pop up.

U R pwned.

Hey, I happen to know YOUR company does backups! You deleted your mail from the server, but you didn't hunt down those tapes in the vault, did you? Huh?

Does NO ONE remember Ollie North and the White House PROFS system? 20 years later, and people still think incriminating data will always just go away when you desire.

INFORMATION WANTS TO BE COPIED.

Encrypt everything.

If you don't want other people to read your mail, encrypt it. They can subpoena your mail all they want, but without the private keys they won't be able to read it.

Re:Encrypt everything.

Encrypt away, they'll subpoena the email, you're right. Then they'll subpoena the passphrase. If you don't comply with the subpoena for the passphrase, they'll obtain a search warrant, and find where you wrote it down, admit it, its in a card in your wallet, or in some pass store software, isn't it? Then they'll use good old fashioned forensics to decrypt the shadow cache and drag a list of passwords on your server out in the open.

And finally, if that doesn't work, they'll throw you in jail for contempt of court until such time as you do remember your passphrase.

Don't underestimate the power of the government to discover secrets, they've been in the business for years.

What concerns me more is this enforced compliance with a subpoena for a crime that might have been committed, but for which they have to conduct a search to determine if evidence exists that a crime was committed. This thing stinks to high heaven of unconstitutional and illegal search and seizure. Where are the lawyers screaming habeas corpus?

So if you really hate someone with a gmail account

Hey buddy, Here's that kiddy porn you wanted. -Anonymous

With apologies to Douglas Adams

"Doing No Evil - a HOWTO Guide, presented in Socratic Dialogue form, courtesy of Zaphod Beeblebrox"

Google: The gmail documents may remain present in our offline backup system.
IRS: I eventually had to go down to the cellar...
Google: That's the offline backup system's machine room.
IRS: ... with a torch.
Google: Ah, the lights had probably gone.
IRS: So had the stairs.
Google: But you found the tape, didn't you?
IRS: Yes. It was backed up on paper tape stored in the bottom of a locked drawer beneath a PC04/PC05 tape reader with a dot-matrix printed sign on the door saying 'ACHTUNG! ALLES LOOKENSPEEPERS.' Ever thought of going into search technology?

how appropriate!

Considering my first meeting today was regarding how best to redesign the mail system to make it easier to comply withsubpoenas in the future. Step one of that redesign: turn off the backups!

Just more proof that the 'e' in email doesn't stand for 'electronic', it's 'evidence'.

Procedural Note

It's worth noting that this fight isn't over yet. The defendant has lost his motion to squash the subpoena based on a privileged communications argument. That's really not surprising... the argument is tantamount to saying "I receive letters from my lawyer in the mail, so you can't have any of my mail." It's just not gonna fly in our civil justice system which has very liberal rules of discovery.

However, based on the article Google has not yet had the opportunity to respond to the subpoena. The third party can always move to squash, and that's where things will get interesting. Will Google be able to convince the court that certain messages are deleted and thus not retrievable. Or, perhaps, that the defendant believed he was deleting the messages and thus deserves to have the messages kept under lock?

These are questions only Google, as the third party, can raise. Now that the judge has issued the subpoena, Google is in a position to actually make those motions. And, if my legal education is worth anything, my money says Google/defendant will appeal if they lose because it's such a new area of the law that an Appeals Court really ought to announce a legal precedence.

Yippee; How is it unusual?

Yippee? SO they're asking for older backups from Google (as much as they have) in order too look at e-mail that may have been deleted in some sort of scramble before the order was in place. So what? Guess what? They order a history of transactions from your bank; They order a history of credit card purchases; They order a list of telephone calls from your telephone carrier; They order a list history from your ISP or employer.

So what? They're asking for a bit of a backlog. This is no surprise

What privacy?

Look folks.. Privacy simply does not exist. You'll get your search terms read, email copied, if you encrypt you have to give over the keys and if you don't then you get put into prison anyway.

Your phone will be tapped, mobile will be tracked, cars followed with "traffic enforcement cameras". Your DNA will be on file, biometrics saved and your Underground trips logged.

Everywhere you go there are CCTV cameras, face recognition. Your purchases are tracked with credit cards, store loyalty cards and RFID tags. Your bank transactions are flagged if they look interesting and the tax people peer into your account looking for money that suddenly appears.

1984 got here, oh, 22 years ago now...

Re:That's just like...

BadAnalogyGuy, is that you?

Re:That's life in America

And this shows why the most dangerous threat to liberty is not the black hats or the covert agents, it's the citizenry:

I think invasions of privacy like this are terrible, but I won't scold the US because I understand that they are doing it to protect me and everyone else in my country. I know that it opens up abuse, but *maybe* reading someone's email will save another person's life (or a lot of people).

Sure, maybe this time they're trying to protect you (though it seems it's actually more of a tax dispute). The possibility of abuse is huge and scary.

It might be that reading deleted emails, or wiretapping American citizens, or planting infiltrators in protest groups, will save some lives. You know what? Too bad. We hear all the time how "freedom has costs" and we honor "the greatest generation" and the current military for being willing to risk their lives for freedom. Here's the kicker: If you live in a free society, you must tolerate risks in the name of freedom too.

There's a chance unbridled surveillance will prevent a terrorist attack. There's a much higher chance that unbridled surveillance will destroy the Republic as we know it. I am for preserving the liberties that make the nation worth living in.

Re:That's life in America

next we will all be saying that it is alright that the gov't has our phone lines all tapped, just on the off chance a terrorist might call us and ask for help. why don't we all just back up all of our data online, let them read it all, and find the horrible people then.

now for me, If you live in a free society, you must tolerate risks in the name of freedom too. this sounds more reasonable. forget the injustices we "must" suffer to remain safe, and start taking a few more risks to ensure that we remain free. otherwise our government becomes no better than the old soviet government or the governmtner that orwell created in 1984 with big brother watching over us.

Re:Am I the only one who doesn't care?

I never understood what the big deal is with privacy.

Two hundred and some years ago some guys got all fed up with how they were being treated and so they wrote to the king, "When in the course of human events, it becomes necessary for one people to throw off the political bonds that have connected them with another..." Well, it turns out that the king wasn't all that gracious about the whole thing and there was a lot of killing and other "lashing out" kinds of behaviors.

Our boys finally prevailed and they realized that any government (even their new government) can fall into this same oppressive mindset, so they put some things in their new constitution that might either prevent oppression altogether, or at least provide a means for citizens to throw off oppression if it occurs.

One of those things is privacy. Our boys knew that if King George had been able to station a soldier in every private home, their little revolution would never have gotten off the ground.

We hear a lot of the phrase, "Who cares, I've got nothing to hide." Let's put the shoe on the other foot and ask, "If the government is doing such a good job of protecting us and not oppressing anyone, why should they fear their citizens having a lot of privacy?" In other words, the government's desire to "station a soldier" in eveyone's computer might indicate that they feel they should have something to fear.

They would know best, after all.

Re:Am I the only one who doesn't care?

I never understood what the big deal is with privacy.

The big deal is that no one in this world is free from having committed actions that many others would find objectionable. There are any number of everyday activities that you do everyday that would fall into this catagory. Eat a burger lately, PETA would like to know who you are. You have a DNA gene that predisposes you to a certain disease, your health insurance company sure would like to know that. You look at hardcore (but legal) porn, the police might like to keep tabs on you. You show interest in the plight of people who might be "associated with terrorism", all sorts of agencies would love to gather what they can about you.

These are just a few off the top of my head. Heck, here's a few more: a potential landlord would surely like a look at your bank balance. Your boyfriend/girlfriend might be interested in your visits to medical clinics. Your boss might like to know how much spare time you have on weekends. Your racist neighbour might like to know about your ethnic friends. Your parents might like to track where you go on your own time. And on and on and on...

All of your actions could be legal and ethical, but that doesn't stop people who frown upon (or could benefit from) your legitimate actions from using this information against you in some way. Do you really want people you don't like you, and that you don't like, knowing everything about you?

Privacy is something that may not be required in the distant future, when humanity evolves to the point where we no longer judge one another, and there exists no reason for fear of recrimmonations for holding beliefs and taking actions that are different than anyone else's. Human nature may never allow us to ever reach this level of trust and comfort with our fellow man. So until that happens, I will value privacy until it is no longer required.

Re:Retention of data - just curious

At a former employer, we moved from a PBX phone system to a VoIP (internal) phone system. In the VoIP system, voicemails were saved as .WAV files to a voice server, and also emailed to the recipient.

The company I worked for had come under subpoena in the past, and a lot of effort was expended to retrieve the data the subpoena requested. With the PBX, once a voicemail is deleted, it was gone. Not so with the VoIP system - voicemails would be found on the phone server, on mail servers, on workstation email client cache, and anywhere that end users decided to save the WAV files - and any backup tapes for the above. If another subpoena occurred, we may have been responsible to discover, transcribe and deliver information about voicemails going back to the beginning of the VoIP system.

That would be horrendously expensive. In order to circumvent this, investment was made in a third party system that would strip voicemail files out of everything. They wouldn't be backed up to tape they would be deleted from any system after some time period (30 days?). That way, we could state such in our data retention policy, and any subpoena including voicemails would only go back 30 days, and not forever.

If you don't have the data, and are destroying it in accordance with a data retention policy, it can't be subpoenaed.

I know this is all somewhat tangential to your question, but I figured you might find it interesting.

You have nothing to fear, Comrade!

I'm going to install cameras throughout your house. I don't see how this will harm you unless you're growing weed or bringing home prostitutes.

I'm going to install a satellite phone/monitor/GPS on your car that will phone the police if you exceed the current speed limit. I don't see how this will harm you unless you're breaking the speed limit.

I'm going to install a keystroke logger on your computer that will record everything you type. I don't see how this will harm you unless you use your computer to transfer money for gangsters.

I'm going to log every packet your computer sends that leaves the USA (Oh, wait, the NSA beat me to it...). I don't see how this will harm you unless you're secretly communicating with al Qaeda.

I'm going to steam every piece of mail that arrives in your mailbox open and photocopy it before it gets to you. I don't see how this will harm you unless you were the bastard who was sending the Anthrax letters.

I'm going to put a rootkit on that CD you bought that will contact me if you try to copy it and then break your computer. I don't see how this will harm you unless you like to rip and share music illegally.

Have I made my point?

Re:If you're not doing anything illegal

http://www.quotedb.com/quotes/2283 [quotedb.com]

See if you can understand the implications?

Question one: Does someone that refuses to implicate himself in a government witchhunt prove he is guilty?

Does someone that denies he is involved in the communist party mean he is guilty?

The point is that any american that is worth his salt SHOULD deny telling the government anything for fear that failure to state his position on something will be construed as anything other than defending his constutuional rights. Check www.papersplease.org for more information.

Erik