Judge Thinks Delete Should Mean Delete 304
leighton writes: "According to The New York Times (free registration required, for those who care about such things), a prominent judge recently wrote an article saying that the delete key should actually delete things, not just hide them away where lawyers and skilled computer geeks can get at them years later. Specifically, he proposes that a statute of limitations be imposed upon electronic messages--that, for example, an obnoxious email you send today could be held against you for six months and six months only." This is an astonishingly insightful idea - since electronic communication has changed the lifespan of casual conversations from ephemeral to permanent, it's possible for the law to change its standards to restore that ephemerality. The judge's original paper is linked off of The Green Bag.
It is sad, but true. (Score:2)
Me? If it's senistive I shred the file - and then it was encrypted to begin with. but then my swap area isnt encrypted, and how about the temp file my word processor used.....
I'd love the law, but the feds will not allow it.
Statute of limitations... (Score:3)
--
Sorry, your honor, Carnivore comes first. (Score:2)
Big Brother is watching you, your honor. He is watching us all, and he is preparing to incarcerate me for what I just typed. I'm not afraid, though; I win either way, either as a martyr or a hero.
Dumpster Diving (Score:2)
Limitations vs. Hate Speech? (Score:2)
What about criminals conspiring to break the law - their emails to each other are inadmissable after 6 months?
Now admittedly the judge deals with both of these examples by saying glibly that there should be no statute of limitations on being a "jerk" or having a "pattern" of illegal communications.
I think that a law to have a "statute of limitations" on things said in emails would have to be so narrowly drafted as to be unenforceable.
Oh, btw, IANAL if it isn't obvious already!
How do you establish time? (Score:4)
Realistically, I don't think we should be held (legally) liable for those things that we post unless it has some sort of secure, verifable, signing mechanism- there is no way to tell who is really posting a message, or what has happened to it after it has left the author's system.
Delete = gone is nice- We have that option when it comes to shredders and incinerators for our paper correspondence, I think the concept has to be a bit more fleshed out to be truely applicable to the digital medium.
What about backspace? (Score:2)
Seriously, why won't they rethink keyboards and actually have both a Trash and Delete key?
Very dangerous idea (Score:2)
What usually happens is that the evidence is for far worse crimes than they were originally accused. For example, someone brought in for drunk driving may have a lot of large drugs deals hidden away somewhere. Or evidence of conspiracy with communist agents (One for the secret service)
So what should the police do if they find incriminating evidence like this when looking for something, if they then find that its 6 months out of date? Say "Oh sorry Mr. Evil. We thought you might be guilty, but it turns out that that was last year, so you're probably a decent law abiding citizen now"?
And while we're at it... (Score:5)
And the space bar.
I propose... (Score:4)
--
will this really be helpful? (Score:5)
What is the judge worried about, anyway -- his wife finding his online porn stash, or e-mails to his mistress? Just use decent encryption and utilities like PGP, and you'll be fine.
This judge really sounds paranoid. What he needs is a secure delete program, an operating system which doesn't store remnants of temp files everywhere, and an sledgehammer to "obfuscate" his disk when he gets a new PC.
---------///----------
All generalizations are false.
But what about those who save their e-mail? (Score:2)
And what determines how old is old, anyway? The headers? Does this mean my forged e-mail headers are now legally admittable evidence that my offensive letter is seven months old?
I hope this receives more careful thought than other bad recent computer laws, such as the DMCA.
John
Judge's Ideas : (Score:4)
Like anything, the solutions isn't as obvious as those non technical people would like it to be.
Re:Dumpster Diving (Score:3)
Anyway nothing requires criminals to place incriminating documents in the trash, they could shread, pulp or burn them. Why should electronic documents be treated any differently?
how is regular mail handled? (Score:2)
Re:It is sad, but true. (Score:2)
but then my swap area isnt encrypted
Well, if you used OpenBSD [openbsd.org], you wouldn't have to worry about things like that. For example, it has an encrypted swap space, using Blowfish 128bit encryption. Open Source software is likely to come out far ahead on this front, since they are uninhibited by things like slow response time to requests for software features. If there are enough people who want a feature, they just code it right into the OS themselves.
Really people (Score:4)
As for the "delete" key, anyone who works in sensitive information knows how to fully delete something. A lot of times (in fact most of the times) a normal Windows or whatever user would prefer that their data isn't permanantly lost when they accidentally hit the delete key. There's a reason that stupid "recycle bin" (or the original Trash Can from Mac) ever became popular-- people screw up.
email might not be that permanent (Score:2)
He's a bit paranoid, eh? (Score:2)
There are two ways of looking at this. This could be good (for those who do not mean any harm). Or this could be really bad. This means that people can now get away with death threats and such (it can't be used as evidence against them) if they don't get caught within 6 months.
I think the length should be 1 year. That way people should REALLY think hard before they write that flame for alt.your-fav-group.your-fav-fetish
There should be a road sign, everything you loggon to the net - "Beware, anything you say can and will be used against you in a court of law, now go have fun!" Hell, I don't remeber what I said posted last week, by
Cd
Re:And while we're at it... (Score:3)
Several times a day I lose ctrl, need to pause or even have a proper break, and at the end of the day, I go home.
Software and hardware-based encryption... (Score:2)
Well, actually, we can. There are several companies out there that provide software and hardware-based data encryption solutions. If privacy and sigil are so paramount to us, we can use any of these to insure our deleted items stay deleted. For example, among these encryption packages, pgp.com has several useful utilities that will 'shred' your free diskspace, to prevent data recovey on Windows environments. A simple google search also yelds rought 34k matches for filesystem encryption under linux and other OSes.
Bear in mind that although you have the right to privacy, when you're working for someone, the fine print often says that anything you write/save/delete/is_on_hard_drive_of_computer_us
I doubt there will be any mainstream OSes with built-in file and filesystem encryption enbled by default, since it would make many people unconfortable. God help us all
what kind of fix does he propose? (Score:2)
Also, when something is deleted, what happens to it? I'm not terribly familiar with the inner workings of any OS (I'm a hardware person), but where does the information go? I mean, does it stay on the harddrive and is simply not referenced until you write over it? Once you write over the information can it be recovered? If I delete 2 GB of mp3's from my harddrive, I am told I now have 2 more GB of free space. Does that mean that the information is gone and unrecoverable without special tools, or it's just hidden and I should be able to get it back, or it's completely gone and the bits have been wiped? Or, are the bits not gone until they are overwritten?
Is there a way to change how an operating system or file system deletes files? Could a program or subroutine be made to go through and fill all dereferenced HD space with 0's or something? Or would the information still be recoverable from under those 0's somehow?
I don't know if suggesting legislation for this would be the best course of action. Especially if there isn't a way of telling when files are deleted. Even if there is a way to tell, what's to stop the people who can recover deleted information from changing the flag that says when a file was deleted (if such a flag exists)? If the only people who can retrieve deleted information are 'experts' and these 'experts' are employed by people with lots of money who are trying to find dirt on someone else...ok, I'm probably being too paranoid never mind.
::sigh:: one of these days I'll contribute something other than more questions.
Moller
Serves 'em right (Score:2)
If people are too bloody stupid to work out how to delete things properly, or use strong encryption to prevent invasion of privacy, then they deserve everything they get.
</Flamebait>
Discuss.
Actually, I believe you can make a case for this argument with some sensible provisos. Once such that immediately springs to mind is that the information so obtained (regardless of age) should have been obtained both Legally and Ethically (leaving open the argument that Carnivore, Echelon, UK's RIP etc fail at least 1 of those tests).
Personally, I'm in favour of providing technological solutions to technological problems, rather than wrapping-around a legal "hack". In An Ideal World, the technology would transparently handle secure deletion and/or copy-protection (for email) for you, thus negating the need to involve the blood-sucking fraternity in the first place.
<Slashdot-Flamebait>
If this statute of limitations had been in force, the DoJ's case against Microsoft would have been severely weakened (didn't they refer to years-old email from billg spouting anti-competitive tactics? or was that a previous lawsuit?)
</Slashdot-Flamebait>
Other keys (Score:2)
openBSD Encrypted swap (Score:2)
that would be really cool.
differences! (Score:2)
- Liability from something in the email. "Here is a copy of my windows Cd, here is how you install it..."
- Evidence from the email. "Hey Sal, if that guy doesn't pay that 5 large tonight, break both kneecaps this time."
In a case (either civil or criminal) it usually takes more than six months to discover the crime/wrongful act and get to discovering the email. If that was a law, a good lawyer would just delay for 6 months and claim that the emails are not admissible anymore.Re:Sorry, your honor, Carnivore comes first. (Score:2)
The recycle bin (Score:2)
The Delete key queues files for deletion. The recycle bin actually deletes the file and (if you have privacy utilities installed) wipes it.
Seriously, why won't they rethink keyboards and actually have both a Trash and Delete key?
I think there's a (Shift+Delete? Ctrl+Delete?) key shortcut that does this.
<O
( \
XPlay Tetris On Drugs [8m.com]!
"Shredding" Data Files (Score:2)
Right click on a file you want to delete in KDE2 and select the "Shred" option.
Watch the resulting progressmeter. Pretty neat, huh?
If you don't have KDE2, try out wipe.
A better idea (Score:2)
I agree, electronic evidence is no different (Score:2)
Here is a word to all you incompetent criminals, tough luck. Creep says, "That letter with the char marks on it should be thrown out!". Judge says, "Bullshit."
This is a seperate issue from unreasonable searches like Carnivore. We should not let one bad decision force us into even less reasonable laws. Reasonable searches should not be impeeded.
If it's not admissible... (Score:2)
Are you telling me the entire legal industry (police, courts etc) will just ignore evidence of crimes just because its 6 months and one day old?
No, the courts will.
<O
( \
XPlay Tetris On Drugs [8m.com]!
My company does this.. (Score:2)
Any items left in your Inbox or any other server-based mail folders are deleted if they are over 60 days old. Plus there is a "policy" that states that the emails are "no longer valid" after 60 days.
The reasoning behind this, I was told, was so that the company could not be sued or have other legal action taken against them for an email written more than two months ago.
Sure makes completing really large projects difficult, though. I can only remember things for 8 weeks!
I don't seriously see this happening in government though. Does the judge mean to apply this to Criminal cases? Civil ones?
you have the wrong idea..... (Score:4)
the expectation of his paper is to raise the idea of "when does something you deleted die?" his fear is that it doesn't. ever.
but as a general question: what makes email i delete any different that voice tapes i erase, which later can be recovered? are we going to excuse Nixon now? where do we draw the distinction between media types?
Re:Dumpster Diving (Score:2)
See this directory called "Deleted"? There's all your mail, nice and safe...
Re:will this really be helpful? (Score:2)
If it's private -- if you composed it on your own machine, and never sent it to anybody -- then, yeah, there should be protections. But in many cases the private sector already has protections that make legal reform unnecessary: As you say, a decent secure delete program should take care of it. I'd guess that the judge is unaware that such things exist, though we should applaud his effort to think about the rights involved nonetheless.
Francis Hwang
Re:An Internet with laws is not free. (Score:2)
Re:what kind of fix does he propose? (Score:2)
does it stay on the harddrive and is simply not referenced until you write over it?
In most systems, yes.
Once you write over the information can it be recovered?
Law enforcement can get at several layers of deleted data.
Is there a way to change how an operating system or file system deletes files?
Create several large files (to fill up the HD within epsilon), overwrite them several times with random data, and "delete" them.
<O
( \
XPlay Tetris On Drugs [8m.com]!
Re:Dumpster Diving (Score:2)
Here in .uk we have a character known as Benjy "The Binman" Pell, who's career is built on rummaging through the rubbish bins of the rich and famous (and more productively, those of their lawyers and agents) and selling stuff to newspapers.
Unfortunately in the Real World, many people who should know better can't even "delete" paper documents, let alone electronic ones. Whether ot not it's admissible in court, some of the stuff he comes up with can be very damaging to people's careers. A legal limitation would be nice, but there's no substitute for educating people about the value and persistence of information and the need to consider this.
Dave
Re:Judge's Ideas : (Score:3)
Of course, inadmissible evidence is extremely useful in persuading jurors from time to time.
Read the article before you post (Score:2)
And a little further on:
"If, to the contrary, there was an objective continuation of the challenged conduct, or a continuing pattern of wrongful acts, the cyber statute of limitations would be tolled as any other."
Shredder (Score:2)
Now for e-mail it's another story but I'm pretty sure that the same process could be implemented in a mail client. Anybody looking for a cool project to do?
"When I was a little kid my mother told me not to stare into the sun...
Practicality (Score:3)
The only practical way I could think of in the 30 seconds I devoted to making this work is through a trusted third party that stores timestamps in a secure manner, and can be used as a reference. But don't expect people to have a third party stamping mail for them. I certainly wouldn't trust this 'generally trusted' party.
Two sides to the matter (Score:2)
I don't like it because it is possible that a crime could be commited where the only evidence is in a digitally signed email sitting on some guys harddrive. If a statue of limitations is passed on the admission of emails (or other digital documents) into a court of law, that effectively changes the statue of limitations for crimes to 6 months if the only evidence is an electronic message. For instance, murder has no statue of limitation, but if the only evidence is an email... well then the statue of limitations suddenly becomes 6 months. I don't know if I like that idea.
There are also aspects of this idea I like. I like the idea that correspondence not meant for public consumption will not be legally admissable after six months. We all have said things in private that were stupid and that we regret later on.
Either way, I think that this should only apply to personal correspondence. If someone posts to some type of public forum (such as
We have to be responsible for the things we say in public.
Astonishingly bad idea for online business... (Score:2)
What a bad idea when it comes to businesses who make thier living online. There's no real boundry set here for the ideas - just the other day, it became 'legal' here in the US for an electronic signature to become a legally binding contract. This includes web forms, faxes, and yes, email. Now, if email becomes 'null and void' after a 6 month period, then what the heck... it kinda makes that worthless!
However, this gets into another debate - why should there be a difference between something you write in a magazine in the real world (or any other pen and paper medium) and email? You are held responsible in the real world for your actions, and I really do believe you should be held responsible for the crap you do on the Internet. Why should it be different?
Re:Just you wait (Score:2)
Re:It is sad, but true. (Score:2)
Overwriting tools are useless when forensics experts arrive on the scene. Even hard drives that have been wiped with the standard I can never remember (wipe with all ones, then with all zeroes, then with alternating ones and zeroes) are still recoverable.
It all boils down to how much is willing to be spent on recovering the data. "Shredding" computer files is not sufficient, especially when prosecutors are motivated by potential millions in settlement (ala Microsoft). Anything short of encrypted swap/file space is asking for it in the long run.
The point of the judge is that if someone has made a reasonable effort to delete something, then it should be considered to be deleted.
Otherwise, anything that you have ever said or typed which has ever been saved on a computer can and will come back to bite you. Ever posted a flame to usenet? Ever sent a naughty picture via email? Ever accidentally clicked on a goatse.cx link? It's been recorded, somewhere.
hymie
This could get messy.... (Score:2)
On a related note, it would be great if deletion were just as simple as emptying the trash bin in Windows every now and again. However, a lot of incriminating data can be found in the nooks and crannies of file formats like MS Word (yes, I know this wouldn't be a problem if we all used Linux or BSD but we don't). Your non-incriminating copy of a file might still contain a buffer full of incriminating text that you had carefully erased.
My personal opinion on this sort of thing is that it really depends on the nature of the crime. If one actually hurts someone, deleted information relating to that should be fair game. However, if the act of deletion makes the data harmless then it should be ignored. For example, if I write an e-mail message to a co-worker that could be construed as sexual harassment, but I cancel before sending it, it would be unfair to use the leftover draft of the unsent message to demonstrate a pattern of harassment. Similarly, if I write a letter in MS Word and delete a paragraph about how the recipient and I should kill my husband, but I delete the paragraph before I print and mail the letter, the file recovered from my hard drive should not be used as evidence of conspiracy to commit murder. The key question seems to be does deleting the data effectively reverse the intent behind creating the data? If it does then one shouldn't be held accountable for it, but if not then it should be fair game.
Re:Really people (Score:5)
The judge is not talking about criminal law, but civil law. In criminal law, evidence does not "expire", but as you cannot be prosecuted for certain crimes after a given period of time has passed since the alleged offense, the evidence is moot. The idea is that you shouldn't throw a forty-year-old man in jail for a red light he ran when he was eighteen. I should point out that in most jurisdictions there is no statute of limitations on murder and other infamous crimes.
What the judge is trying to do is limit the viability of e-mail in civil litigation. Hypothetical situation: four years ago one of your coworkers made a huge, obsessive, gigantic stink about something, and you end up wasting an entire week chasing shadows as a result. When you tell her she was wrong and wasted your time, she fires off an angry e-mail to your boss. Your boss forwards it to you with a note attached, "What's this about?" You reply, "Remember how I showed you that Foobley component wouldn't work in the Warbley project? She's still bitching about it." He writes back one line: "I figured as much."
After four more years of similar raving nonsense on every single project she's on, nobody takes her seriously about anything anymore. Feeling like there must be some other reason she's been ostracized, she quits the company and sues for sexual harassment. All e-mail records from every employee she has ever worked with get subpoenaed. Your e-mail from four years ago is dredged up. And in it, ladies and gentlemen of the jury, this bigoted, sexist monster used the vile, derogatory term "bitch" to refer to my client, a person of gender! This degenerate, immature pig used vicious, defamatory language in the workplace, thereby creating a hostile work environment for my poor victimized client. And instead of taking immediate corrective action, this penis-monster's boss, another penis-monster, conspired to agree with the characterization! There was collusion, sexism, and conspiracy at every level of this corporation to single out this innocent victimized woman. Therefore this penis-monster and his employer owe her one million dollars plus another twenty million in punitive damages.
Fun, huh?
Look---I send a lot of e-mail to coworkers who are only two or three cubes away. That way, our conversations can be asynchronous. The fact that we are using a written medium does not mean the conversation is not intended to be casual and ephemeral. The fact that I delete a piece of e-mail means that I consider it no longer relevant; either that I no longer endorse what it says or that I believe its context has disappeared. Say your boss is a Cardinals fan. He starts ridiculing the Braves in front of you and another Braves fan coworker. You tell him right to his face that he's full of shit, and he laughs and asks what the weather will be like in Atlanta for the last game of the series. Later, you send coworker an email that says "He's so full of shit!" You weren't talking about his qualifications as a manager; you were discussing his bogus sports opinions. But taken outside the context of the previous conversation, and your company has grounds to deny you a raise or fire you. After all, there it is in black and white, you saying your boss is full of shit.
I believe these are the sort of situations Hizzoner was referring to.
--
Why treat electronic documents differently? (Score:4)
1) This is a recipe for disaster, where one can spend even more money litigating the virtual ephemerality than one spends on discovery. (We already spend more money on discovery than we do in preparing trial materials on the merits.) Still further, we can defeat this by simply replacing archives with "deletions," knowing that we can recover the data if we want it, but defeat discovery by claiming it was "deleted." Rather than create legal fictions in lieu of reality, why not simply put on those who intend to destroy things the burden if doing it well?
2) Even if it were practical, why are we treating discarded information differently from other non-discarded information? Why should we be permitted to go into the deep archives of a building to find smoking gun memoranda long thought destroyed, but not into the interstices of a hard disk?
3) It would be one thing to say, "no, we won't permit discovery." It is another thing to create some special-purpose exception to an exemption to a rule, knowing the rule to be filled with unanticipated consequences.
But the real problem I have with this proposal is more fundamental -- the proposal has the effect of concealing the truth without any other clear benefit.
It rewards a guy who meant to conceal some truth, probably reliable evidence in view of the effort, by concealing it after he screwed up in trying to destroy it.
There exist a host of rules (materiality, hearsay, best evidence, the exclusion rule for profits of an illegal search) during legal proceedings that keep evidence from finders of fact, but those rules tend to support other policies, such as reliabiity, civil liberties, and even oxymoronic judicial efficiency.
This proposed rule exists solely to make relevant, reliable evidence inadmissible. That doesn't, at least to me, seem just.
Re:Gnome-Terminal (Score:2)
Re:Judge's Ideas : (Score:5)
I don't see why electronic data should be any different than any other kind. If I write something down, it will still be admissible in 6 months. Same with something I say. Why should it be different if it's in an electronic format? If I throw something in the trash, is it forever gone? Not a chance. It's perfectly legal for the cops to search my trash, same with electronic files.
As far as true deleting goes, there are numerous programs that will do it for you. Many programs have a "shredder" function, which permanently deletes a file. It's no different than a paper copy. I can throw it away, but if I want to make sure it's really gone, I have to use a paper shredder. Same concept applies electronicly. I can delete it, but if I really want to make sure it's gone, I need to use a "file shredder". Just because it's electronic doesn't make it different.
Re:Really people (Score:2)
This example assumes so many things its ludicrous. Threatening to kill someone is a crime. The statue could easily include language that makes death threats exempt.
As for the "delete" key, anyone who works in sensitive information knows how to fully delete something.
Think so? My parents are lawyers. They work with sensitive information all the time, but every time I use one of their PCs I find the recycle bin containing hundreds of files they thought they deleted.
For argument's sake, lets say my mom writes a will for one of her clients. A week later, the client calls, prior to execution of the will (which is essentially making it legally binding) and says "I found another lawyer, you're fired, buh-bye." She would likely shred any existing paper copies and "delete" the document from the computer. A year later, the client dies with a will that excludes his children from inheriting anything. Should the children be able to get a copy of the will from the recycling bin on my mom's PC with which to contest the new will, claiming undue influence or something?
I've got one, too (Score:2)
--
An abstained vote is a vote for Bush and Gore.
Re:And while we're at it... (Score:3)
Rich
Using "bad" evidence (Score:2)
It seems to me, that if even if the evidence was collected illegally, as long as there is a high degree of confidence of its authenticity (e.g., the law enforcement hasn't cooked it up to try and frame the suspect), then it should be used.
_BUT_, the individuals responsible for collecting that evidence illegally should be punished in proportion to the manner that the illegal collection was performed (if they tortured a suspect for instance, then they should be charged under a criminal offense like anybody who tortured another person).
Not sure what to do if you're not sure who collected the illegal evidence (anonymous tipsters) though.
Re:Judge's Ideas : (Score:2)
That's not how you're supposed to eject disks, anyway. There's a menu that's supposed to be used, and it's in fact called "Put Away" (or "Eject" in OSX). The Trash can thing is just a shortcut.
There was actually a feature in OSX DP3 that didn't make it into DP4, and it's one I miss. If you dragged a disk over the Trash, it would change into an Eject button. Drop the disk on the Eject button, and it got ejected. Much nicer than the drag-to-the-Trash trick, which has initially scared the bejeezus out of every Mac newbie I've shown it to.
Anyone know what happened to that?
----------
Re:will this really be helpful? (Score:3)
It just sits around on backup tape at the dejanews offices.
Rich
Re:for those who don't want to wait (Score:2)
If you enable fast-saves, doesn't it just log only what's changed, rather than updating the whole file? I seem to remember reading something here on
Legislating Pi to be 3 (Score:2)
This is different from legislating Pi to be three, how?
The electronic record exists. Cope.
What needs to happen is not a change in evidentiary procedure, but a shift in western culture. When juries and judges are themselves familiar with what their own electronic traces are, then they will view the electronic traces of others in more reasonable proportion.
Sometimes they do . . . (Score:2)
I found it hysterical, but realized that there were tragically few people with whom I could share my amusement . . .
Re:And while we're at it... (Score:2)
"When I was a little kid my mother told me not to stare into the sun...
Step back from the keyboard... (Score:2)
Re:Judge's Ideas : (Score:2)
It would be a lot easier to make a program which emailed a person a program to connect via SSL with your system to read the real email, but did not allow them to cut and paste out of the program. Your system would delete the email after they read it once, i.e. a this message will self destruct type thing.
Clearly, a clever persn could still save the email (screen shot), but most windows users are not that clever. A bigger problem is that it would not work under Linux since Linux mail readers actually have some basic security (not executing code from email), but most Linux users are smart enough to use a screen shot, so it would not do any good anyway. Regardless, it would provide some encryption and security when sending obnoxious emails to stupid windows users.. a good thing.
I think most have missed the point (Score:3)
Instead of a trash bin it would be a shredder and you can set the time of when the files would be atomized completely. Thus there wouldn't be any evidence for authorities to find in the first place.
Now, is this something we really want? I don't know. But I do suspect tech criminals already scramble their files.
Not quite six months strictly speaking (Score:2)
It's a nice idea. It caused me to reflect on all the times I haven't posted on USENET or other places under my own name for precisely the reasons he's mentioned. Fear of my words coming back to haunt me (due to technical inaccuracy or being taken out of context, read by a future boss, etc.) has definitely led me to post less at times. Then again, maybe this is a good thing. ;-) But I agree; lack of a time horizon for computer-mediated communications definitely leads to self-censorship, something we should be wary of.
--LP
Re:Dumpster Diving (Score:2)
Re: (Score:2)
Murphy's eLaw (Score:2)
Murphy's eLaw #1
The files you thought you deleted (i.e., your browser history, old highschool love letters, and other such atrocities) never really go away. In fact, alot of times they get printed on WAN printer on the other side of town!
Murphy's eLaw #2
The logs for your server can never, ever, be re-constructed. Even if it was you who accidentally erased it! (don't tell your boss there was no hacker!)
to be continued...
Comment removed (Score:3)
Re:Legislating Pi to be 3 (Score:5)
Judge Rosenbaum points out that the incompleteness of deletions (as they stand now) is affecting the legal system and indirectly, everyday activity. Lawyers are going to go after any electronic record they can get and use it to their best advantage. Everybody has to cope with that and they do cope by restricting what they put in electronic writing. Judges and juries understand already what the status of such "deleted" records really is, but are you going to trust that a lawyer won't be able to make it appear more damning than it is? I'm not.
This de facto self-censorship of electronic discussions is what Judge Rosenbaum thinks is a bad thing that could be improved by making sure that "delete" means "delete."
It's unlikely to happen, but he has a point.
Re:Read the article before you post (Score:2)
Two years ago, you're manufacturing Meth in your basement. You get the mix a little hot, it combusts, and you manage to put the fire out before your neighbors notice, and before structural damage. "Geez," you think, "what a risk. I need to find a different hobby." You give up the Meth biz, and go straight. You delete all the recipees and customer lists from your computer.
You've now got a great job, life is good, and you decide to call your girlfriend for dinner. Problem is, you're in Philadelphia, you're dressed in black, and you're walking past the hotel where one of the WTO exec's just happens to be staying. The police grab you, throw you into a van, and charge you as being a leader of a some vague somethingorother directed against the WTO. They sieze all your belonging, and start snarfing through your hard drive(s).
They find and reconstruct enough of your old meth client list and sales receipts to charge you as a meth dealer, and a fragment of an old deleted JPG image of your sister's new baby, but since this is Philly, and since the kid's getting his nappies changed (and is naked), you're also going to be charged as a child porn king.
With a statute of limitations on deleted files, none of that is admissible, and you walk. In the current state of things, you'll be spending 10-25 in a Pennsylvania prison.
Not getting it (Score:5)
Expectations vs. Reality (Score:3)
There are two ways to match reality with expectations: bring reality closer to expectations (through legal and/or technical measures), or bring expectations closer to reality (through education).
Certainly it'd be nice to be able to permanently delete some things sometimes. But in general, it might hamper the industry if we force them to implement everything the user expects (and burn tax dollars for enforcement). Alternatively, the government could simply educate the user as to what's really happening, and explain to them how to get the desired results if they still deem it necessary.
This is one nice feature of a sensational press. The wider the gap between expectation and reality, the more of a scandal it will be when the press exposes it. So the press is encouraged to work hard to find the widest gaps and "educate" the citizens about them. And the citizens don't end up paying taxes for strict enforcement of relatively minor gaps. They just "pay" by viewing advertisements, and they only "pay" for the things that really matter to them.
--
Re:And while we're at it... (Score:2)
"When I was a little kid my mother told me not to stare into the sun...
Engineer Replies (Score:5)
<parody>
In a related story, prominent Silicon Valley computer engineer John Q. Programmer has written an article that legal briefs, should be brief.
Mr. Programmer has written, "Too long have we be burdened by misnamed legal 'briefs.' Brief should mean brief." He went on to write, "I am proposing a technical solution to this problem, we should develop a data structure to hold all legal briefs in a data field of char[256]."
</parody>
Re:2nd yes! (Score:2)
--
Enter should let you enter- what about Return? (Score:2)
Delete will delete
Enter will enter
Escape will escape
but what about Return, what about Return
Space will make space
And a Tab will tab text
Shift will shift your stuff
but what about Return, what about Return
Control will control something
Meta will do whatever
Caps Lock will lock our caps
but what about Return, what about Return
Home will get you home
End will put an end to this song
F1 will certainly help you
but what about Return, what about Return
PS. Speaking of which, what should Break break, and why doesn't Scroll Lock locks the scroll?
Re:Judge's Ideas : (Score:2)
I suppose the idea is that electronic communications are faster, less formalized and contextual and not practiced in the same way that physical correspondance is.
Personally I'd treat it equal to written correspondance for one year and after that I would give it the same legal weight as a non-recorded verbal conversation recounted from memory. The lack of context from a single email from a long exchange can be as distorting as a recounted conversation from a year ago.
Re:openBSD Encrypted swap (Score:2)
In Kevin Mitnick's case, having his data encrypted meant the government was allowed to keep his data indefinitely, on the theory that it might contain illegal/contraband content. Even though the content might have exonerated Mitnick and been used in his defense, the judge presiding over the government's case would not allow Mitnick to access it. In fact, Mitnick himself was not allowed to personally access any of the computer data used as evidence against him in the case -- only Mitnick's attorney and expert witness were allowed to at an off-site location under government supervision. Read that again: Mitnick was not allowed to review the evidence the government had against him.
You can read the court transcript here:
http://www.kevinmitn ick
--
Re:It is sad, but true. (Score:2)
I agree, though, that this judge's statement is nice --especially in the case of workstations at work, for which most files sit on fileservers or mail servers that get backed up regularly. No amount of deleting or file shredding hits the backup tapes. And I assume many corporations backup to a permanent backup at least once in a while, with incremental or daily backups in between.
Re:How do you establish time? (Score:2)
Try something a little more upscale! I've never walked out of a real watch shop or jewelry store with an unset watch; They insist on setting it on the premisis beforehand! Even when I have one in for cleaning or adjustment, or a new band, they'll make me stand there while they adjust my intentional three minutes of advance away.
It's a liability thing; If they see the watch working, the customer can't come back in three nights later and claim the watch never worked, and he wants his $500 back, causing them to eat a Submariner with cheese.
Re: (Score:2)
Re:Legislating Pi to be 3 (Score:2)
You missunderstand my point. The idea of changing evidenciary procedure (which would be a legislative act, necessarily, yes?) would be to create a legal fiction to the effect that file traces on hds did not exist after 6 months (or other arbitrary date).
But they do exist. And creating a legal fiction that they don't exist (in the context of a court of law) would have to have extraordinarily compelling arguments behind it. I truly cannot grant that "because people aren't adjusted to the affordances of the medium" is such.
The suppression of evidence on the grounds that it was illegally procured (such as in an unwarranted search and seizure), has a much more compelling reason: it is the only way to put teeth into the 4th amendment.
But we have no right not to be recorded when we ourselves press the "record" button on a tape player. We have no right not to be recorded when we ourselves commit our words to paper. To think we have a right not to be recorded when we ourselves put our words on digital media is absurd.
To put that into the law is to privilege electronic media in a way that they are not in reality.
Consider: The judge might have well argued that, for instance, nothing writen on paper may be considered evidence after a fixed length of time. What he is doing is suggesting that we create a class of communications media which is especially privileged, for the purpose of advancing the free exchange of ideas, e.g. that we have a medium in which things may be said with more impunity (in this case from being used as evidence) than in other media. To make an analogy, what if he argued that there should be specially privileged public spaces, in which slander laws do not apply, so that there be more free flow of information? What he suggests is no less radical.
As interesting as that idea is, it is a massive change to both civic and cultural life in the US; it impacts all branches of government and the lives of every one of its citizen. It is literally revolutionary.
While I'll be the last person to say all is well in this country, I will be convinced that this is a good idea only by some pretty amazing philosophical underpinnings, with which this idea as of yet most certainly has not been presented. A vague ascertion that this will remedy self-censorship (so would repealing the slander and libel laws) doesn't cut it.
The creation of a legal fiction -- to yet further divorce law from reality, to yet further sculpt what juries see and hear -- is never a good thing; it is at best the lesser of two evils.
And it is the equivalent of legislating pi to be three.
Re:Very dangerous idea (Score:2)
Don't be naive. Just because you can't charge someone based only on their words doesn't mean their words are irrelevant. What you say or write can be either proof for the jury after you have been caught, or a pointer towards where to find evidence.
So lets say you are arrested and charged with buying crack, but you claim that you were just standing near the crack dealer and the cop lied when arresting you. Your email stating "I'm gonna go buy some crack tonight" is of course relevant in trying you for that night's arrest.
Or you are being investigated for a kidnapping, and the police find an email saying "I'm going to X to buy crack, that'll make a good lure." The police will go to X and try to get further information about your actions and plans.
They need to look for all evidence, and that includes speech. Your argument is as silly as saying "its the murder thats a crime and not touching the doorknob to get in, so why would police ever waste their time dusting a doorknob for prints at a crime scene?" Its a good thing you aren't actually involved in investigation or law enforcement.
-Kahuna Burger
Re:It is sad, but true. (Score:2)
Any data written to magnetic media can be recovered - well, there's a chance, anyway. Every time data is written to a magnetic domain, there will be SOME areas within that domain that remain biased the way it was previously written. For instance, you have a 1 in one spot, then you write a zero; some atoms are still biased towards 1. The reason for this is that the heads in your average ordinary everyday Hard Disk are designed to take an average over a relatively large area of the domain, and read that as the recorded value. The incorrectly biased atoms in that domain are tossed out as noise in your everyday mass-produced hard drive.
A forensics team can pop the platters out, and read them with an extremely sensitive head, and draw-out patterns of previous writes. It's probably extremely expensive, and AFAIK, largely theoretical; I do not know if they're actually doing this, or have ever done this. But I do know that it's possible. (as a former Seagate employee)
There was a
Now, as far as a single erasure goes, that's the way it works. Multiple-pass erasures increase your chances of obscuring the data, and overwriting with all 1's or all 0's is probably not the most effective means, nor is overwriting with noise, because it's randomness can be extracted by careful analysis. I would say that repeated overwriting of such data with other legitimate data, would be the best way to cover-up the residual domain biases from previous writes. How many rewrites, I couldn't say, because I'm not an expert. Maybe dozens? hundreds? thousands? It might also help to pre-load a drive with data, and overwrite it a few dozen or so times, BEFORE using it to store legitimate data. That way, there will be a noisy background on the disk prior to writing your kiddy porn.
Slashdotters just don't "get it" (Score:4)
1. I'm pissed off at someone and write an insulting and scathing letter to them. I save it to the hard drive.
2. After a few minutes, I calm down and "delete" the letter. I then write a new, more civil, letter and send it.
3. After a few months, my relationship with the recipient degrades even further. They file suit.
4. During discover, they sopoena (sp?) my computer and discover the original ("deleted") letter. The letter I never sent.
The question is, should that "deleted" letter be used against me in a court of law? The judge is saying, "no", it's the same as writing a draft and tossing it into the trash.
I have no idea what most slashdotters are rambling about.
Re:Very dangerous idea (Score:2)
Re:It is sad, but true. (Score:4)
> song and was then recorded over with white noise and then a clear signal
>is still possible to recover the Metallica song intact?
Actually, its not just like that, it is that.
A good introduction to the field: A 1996 paper on Secure Deletion of Data from Magnetic and Solid-State Memory [nondot.org].
Be warned that this paper was dated 1996. Technology has improved significantly since then. The state of the art in magnetic force microscopy and magnetic force scanning tunnelling microscopy is almost certainly highly classified.
Your audio analogy is excellent. In the case of your cassette tape, it's a virtual certainty that the record head was "off" by a fraction of an inch when it recorded the white noise over your Metallica. (And it went "off" by a different fraction of an inch when you recorded the clear signal on top of it).
So, a forensics dude will use tools to read the fraction of an inch that didn't get overwritten by the white noise, and the other fraction of an inch that escaped the clear tone, and reconstruct most of the Metallica song.
The same thing works with hard drives, except it's a hell of a lot more work.
That having been said, this technology is at the bleeding edge and costs a fortune. It's probably only used in to recover data of interest to national security.
Your typical criminal is st00pid, and your typical FBI goon merely looks at unallocated blocks containing data the criminal thought was erased.
A smart FBI goon will also use a tool to read sectors that have been marked as "bad" - there may be data there that the
A good data shredder, incidentally, will take into account the model of the hard drive and the encoding method used by the firmware - when you write "FF" to a drive, you're not actually writing eight "north poles" in sequence - and write a sequence of bytes geared to "even out" the magnetic flux as much as possible.
That said, even this isn't bulletproof. The last time I looked, the only acceptable standard in the military (and presumably in the intelligence community) for scrubbing highly sensitive data is physical destruction of the media.
If it's your nudie pics or your company's secrets, encrypt the volume or scrub the data when you're done with it. Better yet, do both.
If it's plans for compact nuclear warheads and you want to sell them to the Chinese government, make sure your friends give lots of money to the Democrats. Uh. I meant, "physically destroy the media after you've made the sale".
As long as the media is intact, if the data's important enough, someone will be able to recover it.
Re:Software and hardware-based encryption... (Score:2)
There's also the emails that were deleted, but backed up to tape and archived offsite for disaster recovery purposes (most companies I know with GOOD backup plans exclude their emails from DR backups, and back them up separately so archives can be purged).
Then there's also the issue I posted about earlier, where they can crack open a hard drive, and read the platters with a super-sensitive read-head, and extract data from the patterns - even when it's been overwritten. This is the really tricky stuff because most people don't know this is out there, so even when they try to use "shredder" programs, data can still be recovered.
Re:disappearing email... (Score:2)
cut.paste.
Any 'timebombed' message will be vulnerable to this attack, as much to the chagrin of RIAA and MPAA any digital data is perfectly reproducable in any state/format the original exists in and can be copied an unlimited number of times. If it's in a format where it can be read then it can be copied.
I don't understand how 'delete' helps either; the other 4 or so people a message goes out to may choose to save the message and therefore it's still available as evidence. Some people save email forever. Some of these out of UI ineptitude, and some like me archive and compress it for CYA.
-- Greg
Re:Judge's Ideas : (Score:3)
I think the Judge's point is that e-mail has become so common that if we don't add this protection normal e-mail conversation is/will become more stifled. Making people overly consious of their e-mail may have a detrimental effect greater than letting people "get away" from something they wrote 6 months after they said it. The permanence and ubiquity of e-mail is something that is significantly different from conversation and also writing (conversation usually gets "lost" immediately and writing tends to be much more careful than "e-mailing".).
Yes, there are programs that really will delete things, but what percentage of users do you think would know how to use them? Maybe 10%? Even if you know how to use these programs, what happens if you want to delete your e-mail a week later? Oopps you admin backed up your files. Now, there's really no practical way for you to delete it.
I find the Judge's ideas quite interesting and definitely worth thinking about and debating.
Re:Right....Sure....Uh Huh (Score:2)
Re:No. Are you illiterate or something? (Score:2)
--
Re:No. Are you illiterate or something? (Score:2)
With magnetic media, the position of the head on the track tends to drift; so while the new value may be laid down the middle, the old bits are often still detectable off to the sides if you've got the equipment to do so.
There are other means of recovery also.
Re:will this really be helpful? (Score:2)
Actually, this isn't always true. If you're encrypting a file to a key that you own (and only a key that you own!) then you are correct, but if you send me an email message which is encrypted to my key then you have no control over what I do with the content once I receive it. Additionally, it is still quite legally possible to supeona your key to decrypt the messages. Sure you can "lose" or "delete" your key, but there are pentalties for defying a supeona.
Once again, this is limited to files which are stored locally. Email, almost by definition, has recipients, which means that you lose control of the content as soon as you send it. That makes a technology solution much more complicated (and perhaps utterly infeasable).
Of course legal remedies have their problems as well...
--
So a modified Hushmail... (Score:2)
(Almost) Complete disagreement (Score:2)
These concerns don't exist with computerized data -- rather, they exist, but they are not related to time. You can falsify evidence at any time on a computer, so the problem becomes securing the evidence IMMEDIATELY after the investigations begin, rather than allowing hackers to mess with your forensics. Once that is done, you can be sure of the data's truthfulness (if not its bit-by-bit integrity) over any amount of time. When you're talking about Usenet and email, this task becomes even easier, because you've got redundant copies of the data distributed throughout the world -- you can only falsify a finite number of copies.
Finally, he proposes imposing a law to make a precise and literal system ephemeral and arbitrary. This goes against the grain of what computers do, and thus philosophy should teach us that it's doomed to failure.
For these reasons, I don't think there should be a statute of limitations on computerized data.
--
Here's a perfect example: 'Word' fast save (Score:2)
Basically, if you edit a Word doc with the 'fast save' feature ON, your recepient may be able to see the previous version (using 'strings' for ex). Real world example, create a doc offering someone $30,000 and save it. Then edit the offer to $22,000 and email it, they could dig into the doc and find your previous figure and hold out for a better deal, knowing you were thinking of offering more. W/ fast save, the changed are just appended to the file. I tried it and it's true.
I don't like this. (Score:2)
But if I want to *KEEP* my mail, then it should be my right to do so, and have it remain legally real forever.
If someone sends me a confirmation that they've cancelled my order, should they be able to bill my card six months later, knowing that the confirmation is "no longer legally valid"? Total bullshit.