Gmail's 'Self-Destruct' Feature Will Probably Be Used To Illegally Destroy Government Records (vice.com) 98
An anonymous reader quotes a report from Motherboard: A new update rolling out for Gmail offers a "self destruct" feature that allows users to send messages that expire after a set amount of time. While this may sound great for personal use, activists fear that government organizations will use the feature to delete public records to hide them from reporters and others interested in government transparency. Normally, government emails are available to journalists, researchers, and citizens using Freedom of Information Act requests (and its state-level analogues.) The self destruct feature was announced on April 25 as part of Google's new confidential mode for G Suite. In addition to self destruct, confidential mode allows users to delete messages after they have been sent and places restrictions on how recipients can interact with received emails. "As more local and state governments and their various agencies seek to use Gmail, there is the potential that state public records laws will be circumvented by emails that 'disappear' after a period of time," the National Freedom of Information Coalition wrote in a letter to Google CEO Sundar Pichai. "The public's fundamental right to transparency and openness by their governments will be compromised. We urge you take steps to assure the 'self-destruct' feature be disabled on government Gmail accounts and on emails directed to a government entity."
Re: Clinton (Score:1, Troll)
Re: (Score:2)
16 of these were Russian "persons" pursuing Russian intelligence goal (sow FUD, amplify existing interval divisions and resentments) , and for the most part outside the jurisdiction of the U.S legal system.Just as (and actually probably to a lessor degree) the US agencies have been influencing politics and culture around the globe for the past 60 years. (especially to fight communism). A few of them were simply charged for making false statements to federal officials, without any real underlying crime, and
Re: (Score:2)
So it's not actually your pop-mail client, right?
Because if it is, then they can. All they need is you.
Re: POP mail ftw! (Score:1)
That assumes the email has the content. Not just a link to the content hosted on Googles servers.
Re: (Score:2)
Which is what this uses, BTW (a link).
Self destruct for whom? (Score:1)
Correct. They are only self-destruct when using Google's platform. Which means only when sent from AND to Google gmail accounts. They may be self destruct for the end users, but you know who they are not self destruct for? Google. They encourage people to send email that's even more sensitive than people already use email for by implying a time-limited duration, then they are the arbiters of what data is private and what isn't. Great scam.
right (Score:3)
I for one agree. We absolutely need to keep our government (which we pay for) accountable.
I personally think we need a transparent government much more than a small or weak (which borders with ineffective) government. If government is transparent, open and accountable, then many issues about limiting its power are moot, IMO.
You're not going to have a small gov't anyway (Score:5, Insightful)
Re: (Score:1)
This is what drives me nuts about the "small government" voters.
The stupid thing about the "small government" government mentality is it doesn't say what number small is, so how do you know when you've achieved your goal? It's like a license to be upset because no matter what happens you can scream smaller govt! and sound like you're right
If small government mean less employees, what number is the magic figure? What is adequately small for a country of 330 million people? 1% 0.01%? 1 person? Shouldn't government be based on needs and outcomes, not some artificially i
Re: (Score:2)
It's small enough when the government can't interfere with the small government types while still being big enough to interfere with those they don't like or agree with.
Re: (Score:1)
It's small enough when the government can't interfere with the small government types while still being big enough to interfere with those they don't like or agree with.
So how do we know when that is?
Re: (Score:2)
Probably one of those dynamic things where it is always changing.
Re: (Score:1)
Probably one of those dynamic things where it is always changing.
Which is the point. The appropriate size of government isn't really a thing that can be measured easily, so complaining that it's not correct amount is foolish.
Re: (Score:2)
I for one agree. We absolutely need to keep our government (which we pay for) accountable.
While I agree in principle, given the myriad of ways in which a government can already circumvent this (e.g. not sending an email, private server, private email address) I find it hard to get worked up about ${SPECIFIC_CASE}
Re: (Score:2)
Your sentiment is so ridiculous on its face, I don't know whether to slam you down with a poem or a proof technique.
Let's start with the poem:
First they came ... [wikipedia.org]
Re: (Score:2)
Your poem is stupid and irrelevant. The existance of a system that allows for unrecorded communication in a world full of systems that allow for unrecorded communication is not some threat. If you want to preserve the records then put policies in place to preserve the records. If you think the policies won't work then you have already lost.
Seriously I can't believe you bothered to write all that shit.
Re: (Score:2)
Hopefully they require more than just email retention - the emails only contain a link to the self-destructing message. The retention rules should apply to all electronic communication.
And this is why (Score:5, Insightful)
we need to stop this foolishness of non-government mail and file servers, using personal resources for official business, and not properly archiving everything, period, not daily but continuously.
Expensive but worth it.
Re: And this is why (Score:2)
I want competent government. I'll pay the fair price. What we have now is improperly institute and directed, wasteful, and partisan.
Re: (Score:1)
we need to stop this foolishness of non-government mail and file servers, using personal resources for official business, and not properly archiving everything, period, not daily but continuously.
Expensive but worth it.
Ok I don't know how this sort of thing get modded up since it's completely wrong.
What does non-government mail and file servers mean? A 'government' mail or file server is controlled by policy and law to behave a certain way. Since a government controls the everytihng that resides on the land it controls, it can implement those same policies and laws to any server whether public or private. Whatever risk you have with a public server is therefore the same with a private server (assume it resides within you
Re: And this is why (Score:2)
If we have to explain the difference between government and private servers, you're not really capable of participating further. It's obvious. Parsing it beyond that is not merely disingenuous, it's specious.
Re: (Score:1)
If we have to explain the difference between government and private servers, you're not really capable of participating further. .
You didn't say private, you said non-government, which is what I responded to. And even if you said private it is ambiguous as 'private' in Government-speak means non-government (as opposed to public).
Words mean things. Don't blame others when you use the wrong ones...
And? (Score:1)
It's not as if you or I can actually DO anything about it.
Isn't this part of every enterprise-grade e-mail? (Score:3)
I have not used Outlook for a few years, but even then automatic email deletions were standard. Gmail is actually late to the party with this feature.
Re: (Score:1)
Re: (Score:2)
Sure, but enterprise email also has a "archive this for x time period separate from the user inbox" for various reporting/legal requirements. The user doesn't get any input into it at all.
It's not always about the user!
Re:Isn't this part of every enterprise-grade e-mai (Score:4, Informative)
I have not used Outlook for a few years, but even then automatic email deletions were standard.
So far as the unrelated topic of deleting a sent email, yes Outlook has this ability.
It needs to be enabled, but in a company a group policy can both enable it and lock the setting so the user can't disable it.
By default without that, you get a deletion request and need to respond 'yes' before it deletes the email.
Gmails feature doesn't do anything like that, mainly because if the email leaves googles servers, they have zero control over it and beyond a similar "honor system" method, it's just not possible to do this using email protocols.
This is more like how Snapchat handles pictures with auto-destruct.
Google takes your email and stores it, then sends the recipient an email, not with your message content, but with a URL back to google.
Opening that URL then uses javascript to show an image with your message contents (to make copy/paste a pain), refuses to show the image without javascript (to make script blockers a pain), and deletes the message once viewed or after a certain time.
They probably also employ all the other silly javascript tricks to try and make it as hard as possible to store the image out of the browser, not that those were ever fully functional.
It doesn't take much to get a screen shot by someone who knows what they are doing, but it will stop the vast majority of i-have-zero-clue-computers-are-magic users that make up over 99% of the Internet.
Re: (Score:2)
I have not used Outlook for a few years, but even then automatic email deletions were standard.
No it wasn't. It was highly dependent on the end user's settings. In order for an email to automatically delete itself it would need to be sent with an expiry, the auto-archive feature needs to run, and the auto-archive feature needs to be permitted to delete emails. It was completely dependent on the end user's settings.
yeah no. (Score:3)
what an ignorant article (Score:2)
As far as I can tell, this "self destruct" feature simply sends a link to a webpage to the recipient. This webpage will be able to be taken down. This wouldn't prevent anyone from taking screenshots, and can already be easily done. But in essence: if someone can read it on their screen, it can be archived on the receiver's side. And probably somehow crypto-signed to prove that you didn't make it up later.
Governments obviously have to (or should) comply with certain IT
Re: (Score:3, Interesting)
This seems like uninformed nonsense.
Governments obviously have to (or should) comply with certain IT record keeping standards
They do, which is why this article is pure crap. I worked on government agency messaging project and there's all sorts of policies about data residency, privacy, encryption, legal hold, archiving etc. We had O365 which archived a copy of every email regardless of what the user tried to do with it.
Re: (Score:1)
> As far as I can tell, this "self destruct" feature simply sends a link to a webpage to the recipient.
Scammers are going to love this shit.
Just like Exchange (Score:3)
Exchange has had this kind of functionality for over a decade and tons of government customers. If it wasn't a problem there, why is it now with Google?
Re: (Score:1)
Even better is Exchange's ability to set an automatic deletion policy for emails older than X days. Combine that with deleting all .psts found on network shares and unless someone really wanted to save an email (e.g. saved it as a .msg), they cannot FOI what no longer exists...
Re: (Score:2)
AFAIK Exchange only ever marked the email as expired. The process relied on the end user's Outlook settings for auto-archiving to run, and for auto-archiving to delete expired emails, and for auto-archiving to empty the trash.
Problem with this... (Score:2)
Doesn't anyone see a problem with this?
"As more local and state governments and their various agencies seek to use Gmail..."
For an organisation as large, powerful, influential, and as involved in US politics as Google, it sounds like a really bad idea to have sensitive govt. messages flowing through Google's servers. I mean, why not just use a Chinese, Russian, or EU email service for official govt. communications?
National & state govt's should have publicly accountable email accounts with all messages and accesses fully available for audit and those should be the only email accounts th
Should already be illegal (Score:2)
Per this presentation [archives.gov] from DHS, any work-related e-mails are considered federal records, and thus subject to record keeping requirements.
It really isn't up to private companies to enforce laws, nor should it be. Granted, with the current US government dedicated to dismantling effective governance, I don't trust the government to do this job. But private companies can't really do anything to prevent it besides lobbying, and I don't trust any private company to be concerned enough to bother with it.
I doubt (Score:2)
I doubt that email clients such as thunderbird are going to honor any of these um, ideas.
Mine won't
fake news (Score:2)
C'mon, everyone knows Big Brother Google doesn't really delete your "deleted" emails.
FFS (Score:1)
Does anyone do research before going off the deep end?
GSuite for Government is a separate product. There's no indication so far this is even enabled on that offering. The new interface (with the features) is current opt-in on standard GSuite, by the admins. Beyond that, governments using GSuite should have Vault enabled for compliance purposes. Vault doesn't allow users to delete emails before the end of the archive period.
Why is there a preemptive strike against Google when this is basically an administrat
Re: (Score:3)
comment subject (Score:2)
Auto capture mods.
It will take little time for people to write OS/browser tools for performing automated captures when the "open this webpage for the 'email' to be viewed" prompt is seen.
Same worries... (Score:2)
...on the Right to Forget thing.
This isn't the right way to go about this.
If the worry is about government destroying records, what needs to be done is government being forced to conduct business using services that guarantees record keeping. Simple as that.
Gmail is not the only mail server there is out there, people have plenty of choice to use services that already have a self destruct option for years now, so it makes no sense to put the burden on Gmail or any other singular service while taking the func
Maybe, maybe not (Score:3)
As the network admin for a local government entity that uses gmail, and not having had a chance to see exactly how this will work, I have a fair amount of confidence that the 'destruction' may not be permanent. As long as a particular user's account exists, the email associated with that account exists in Google Vault. A user can delete all of their email, but that just means they don't have access to it anymore. As an admin for our Google domain, I am still able to get access to any and all emails.
Yes, if the account is actually deleted, which in our case can only be done by a domain admin, either in our AD or in the Admin Console in Google, then all emails will be gone. Whomever does that, and there are records, will be in serious legal trouble if the account was deleted before the required period has expired, in our case 7 years. Yes, that could hide deeper criminal activity, but as an admin, it is my co-responsibility to keep those laws. This is the same as any other network/server administrator in any government entity anywhere. The trust is there, it's a matter of keeping it.
On the other hand, (Score:1)
Re: (Score:1)
Just a flag (Score:2)
They won't actually delete the e-mail. They'll just mark it that it's supposed to be deleted and who did that. Then later it can come back and the fact they tried to get rid of it.
North America Is The True Villian (Score:1)
North America should be evicted !!