Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Privacy Communications Government Software United States News

Gmail's 'Self-Destruct' Feature Will Probably Be Used To Illegally Destroy Government Records (vice.com) 98

An anonymous reader quotes a report from Motherboard: A new update rolling out for Gmail offers a "self destruct" feature that allows users to send messages that expire after a set amount of time. While this may sound great for personal use, activists fear that government organizations will use the feature to delete public records to hide them from reporters and others interested in government transparency. Normally, government emails are available to journalists, researchers, and citizens using Freedom of Information Act requests (and its state-level analogues.) The self destruct feature was announced on April 25 as part of Google's new confidential mode for G Suite. In addition to self destruct, confidential mode allows users to delete messages after they have been sent and places restrictions on how recipients can interact with received emails. "As more local and state governments and their various agencies seek to use Gmail, there is the potential that state public records laws will be circumvented by emails that 'disappear' after a period of time," the National Freedom of Information Coalition wrote in a letter to Google CEO Sundar Pichai. "The public's fundamental right to transparency and openness by their governments will be compromised. We urge you take steps to assure the 'self-destruct' feature be disabled on government Gmail accounts and on emails directed to a government entity."
This discussion has been archived. No new comments can be posted.

Gmail's 'Self-Destruct' Feature Will Probably Be Used To Illegally Destroy Government Records

Comments Filter:
  • by giampy ( 592646 ) on Friday May 04, 2018 @08:13PM (#56556918) Homepage

    I for one agree. We absolutely need to keep our government (which we pay for) accountable.

    I personally think we need a transparent government much more than a small or weak (which borders with ineffective) government. If government is transparent, open and accountable, then many issues about limiting its power are moot, IMO.

    • by rsilvergun ( 571051 ) on Friday May 04, 2018 @08:33PM (#56557000)
      This is what drives me nuts about the "small government" voters. If people think the rich and powerful aren't just going to build a large government apparatus for their own use they haven't been paying attention to the last 2000+ years of history. The question is never, will there be a powerful government, it's always, who will that government work for?
      • This is what drives me nuts about the "small government" voters.

        The stupid thing about the "small government" government mentality is it doesn't say what number small is, so how do you know when you've achieved your goal? It's like a license to be upset because no matter what happens you can scream smaller govt! and sound like you're right

        If small government mean less employees, what number is the magic figure? What is adequately small for a country of 330 million people? 1% 0.01%? 1 person? Shouldn't government be based on needs and outcomes, not some artificially i

        • by dryeo ( 100693 )

          It's small enough when the government can't interfere with the small government types while still being big enough to interfere with those they don't like or agree with.

          • It's small enough when the government can't interfere with the small government types while still being big enough to interfere with those they don't like or agree with.

            So how do we know when that is?

            • by dryeo ( 100693 )

              Probably one of those dynamic things where it is always changing.

              • Probably one of those dynamic things where it is always changing.

                Which is the point. The appropriate size of government isn't really a thing that can be measured easily, so complaining that it's not correct amount is foolish.

    • I for one agree. We absolutely need to keep our government (which we pay for) accountable.

      While I agree in principle, given the myriad of ways in which a government can already circumvent this (e.g. not sending an email, private server, private email address) I find it hard to get worked up about ${SPECIFIC_CASE}

      • by epine ( 68316 )

        While I agree in principle, given the myriad of ways in which a government can already circumvent this (e.g. not sending an email, private server, private email address) I find it hard to get worked up about ${SPECIFIC_CASE}

        Your sentiment is so ridiculous on its face, I don't know whether to slam you down with a poem or a proof technique.

        Let's start with the poem:

        First they came ... [wikipedia.org]

        First they came for the Socialists, and I did not speak out—
        Because I was not a Socialist.
        Then they came for the Trade U

        • Your poem is stupid and irrelevant. The existance of a system that allows for unrecorded communication in a world full of systems that allow for unrecorded communication is not some threat. If you want to preserve the records then put policies in place to preserve the records. If you think the policies won't work then you have already lost.

          Seriously I can't believe you bothered to write all that shit.

  • And this is why (Score:5, Insightful)

    by rickb928 ( 945187 ) on Friday May 04, 2018 @08:16PM (#56556932) Homepage Journal

    we need to stop this foolishness of non-government mail and file servers, using personal resources for official business, and not properly archiving everything, period, not daily but continuously.

    Expensive but worth it.

    • we need to stop this foolishness of non-government mail and file servers, using personal resources for official business, and not properly archiving everything, period, not daily but continuously.

      Expensive but worth it.

      Ok I don't know how this sort of thing get modded up since it's completely wrong.
      What does non-government mail and file servers mean? A 'government' mail or file server is controlled by policy and law to behave a certain way. Since a government controls the everytihng that resides on the land it controls, it can implement those same policies and laws to any server whether public or private. Whatever risk you have with a public server is therefore the same with a private server (assume it resides within you

      • If we have to explain the difference between government and private servers, you're not really capable of participating further. It's obvious. Parsing it beyond that is not merely disingenuous, it's specious.

        • If we have to explain the difference between government and private servers, you're not really capable of participating further. .

          You didn't say private, you said non-government, which is what I responded to. And even if you said private it is ambiguous as 'private' in Government-speak means non-government (as opposed to public).
          Words mean things. Don't blame others when you use the wrong ones...

  • by GlennC ( 96879 )

    It's not as if you or I can actually DO anything about it.

  • I have not used Outlook for a few years, but even then automatic email deletions were standard. Gmail is actually late to the party with this feature.

    • by Anonymous Coward
      automatic deletion where YOU choose to delete yes, not the sender. outlook/exchange also support recall and remote delete and have for a long time. But the receiving system gets to decide whether to honour that request or not.
    • by adri ( 173121 )

      Sure, but enterprise email also has a "archive this for x time period separate from the user inbox" for various reporting/legal requirements. The user doesn't get any input into it at all.

      It's not always about the user!

    • by Anonymous Coward on Friday May 04, 2018 @11:18PM (#56557504)

      I have not used Outlook for a few years, but even then automatic email deletions were standard.

      So far as the unrelated topic of deleting a sent email, yes Outlook has this ability.
      It needs to be enabled, but in a company a group policy can both enable it and lock the setting so the user can't disable it.
      By default without that, you get a deletion request and need to respond 'yes' before it deletes the email.

      Gmails feature doesn't do anything like that, mainly because if the email leaves googles servers, they have zero control over it and beyond a similar "honor system" method, it's just not possible to do this using email protocols.

      This is more like how Snapchat handles pictures with auto-destruct.

      Google takes your email and stores it, then sends the recipient an email, not with your message content, but with a URL back to google.
      Opening that URL then uses javascript to show an image with your message contents (to make copy/paste a pain), refuses to show the image without javascript (to make script blockers a pain), and deletes the message once viewed or after a certain time.

      They probably also employ all the other silly javascript tricks to try and make it as hard as possible to store the image out of the browser, not that those were ever fully functional.
      It doesn't take much to get a screen shot by someone who knows what they are doing, but it will stop the vast majority of i-have-zero-clue-computers-are-magic users that make up over 99% of the Internet.

    • I have not used Outlook for a few years, but even then automatic email deletions were standard.

      No it wasn't. It was highly dependent on the end user's settings. In order for an email to automatically delete itself it would need to be sent with an expiry, the auto-archive feature needs to run, and the auto-archive feature needs to be permitted to delete emails. It was completely dependent on the end user's settings.

  • by gravewax ( 4772409 ) on Friday May 04, 2018 @09:01PM (#56557066)
    unlikely. This feature would mean government agencies and many regulated industries simply won't be permitted to use gmail as you can't have email that self destruct when you have mandatory data retention.
  • This seems like uninformed nonsense.

    As far as I can tell, this "self destruct" feature simply sends a link to a webpage to the recipient. This webpage will be able to be taken down. This wouldn't prevent anyone from taking screenshots, and can already be easily done. But in essence: if someone can read it on their screen, it can be archived on the receiver's side. And probably somehow crypto-signed to prove that you didn't make it up later.

    Governments obviously have to (or should) comply with certain IT
    • Re: (Score:3, Interesting)

      This seems like uninformed nonsense.

      Governments obviously have to (or should) comply with certain IT record keeping standards

      They do, which is why this article is pure crap. I worked on government agency messaging project and there's all sorts of policies about data residency, privacy, encryption, legal hold, archiving etc. We had O365 which archived a copy of every email regardless of what the user tried to do with it.

    • > As far as I can tell, this "self destruct" feature simply sends a link to a webpage to the recipient.

      Scammers are going to love this shit.

  • by doktor-hladnjak ( 650513 ) on Friday May 04, 2018 @10:06PM (#56557286)

    Exchange has had this kind of functionality for over a decade and tons of government customers. If it wasn't a problem there, why is it now with Google?

    • by Anonymous Coward

      Even better is Exchange's ability to set an automatic deletion policy for emails older than X days. Combine that with deleting all .psts found on network shares and unless someone really wanted to save an email (e.g. saved it as a .msg), they cannot FOI what no longer exists...

    • AFAIK Exchange only ever marked the email as expired. The process relied on the end user's Outlook settings for auto-archiving to run, and for auto-archiving to delete expired emails, and for auto-archiving to empty the trash.

  • Doesn't anyone see a problem with this?

    "As more local and state governments and their various agencies seek to use Gmail..."

    For an organisation as large, powerful, influential, and as involved in US politics as Google, it sounds like a really bad idea to have sensitive govt. messages flowing through Google's servers. I mean, why not just use a Chinese, Russian, or EU email service for official govt. communications?

    National & state govt's should have publicly accountable email accounts with all messages and accesses fully available for audit and those should be the only email accounts th

  • Per this presentation [archives.gov] from DHS, any work-related e-mails are considered federal records, and thus subject to record keeping requirements.

    It really isn't up to private companies to enforce laws, nor should it be. Granted, with the current US government dedicated to dismantling effective governance, I don't trust the government to do this job. But private companies can't really do anything to prevent it besides lobbying, and I don't trust any private company to be concerned enough to bother with it.

  • I doubt that email clients such as thunderbird are going to honor any of these um, ideas.

    Mine won't

  • C'mon, everyone knows Big Brother Google doesn't really delete your "deleted" emails.

  • by aleph ( 14733 )

    Does anyone do research before going off the deep end?

    GSuite for Government is a separate product. There's no indication so far this is even enabled on that offering. The new interface (with the features) is current opt-in on standard GSuite, by the admins. Beyond that, governments using GSuite should have Vault enabled for compliance purposes. Vault doesn't allow users to delete emails before the end of the archive period.

    Why is there a preemptive strike against Google when this is basically an administrat

    • by aheath ( 628369 ) *
      This raises the question of what will happen when I use the "self destruct" feature to send an email from GMail to a .gov domain. Would this allow me to file a FOIA request and then penalize the recipient for not retaining my email? This could also have an effect upon any recipient who is required to retain records in order to maintain compliance with a regulation such as Sarbanes–Oxley.
  • Auto capture mods.

    It will take little time for people to write OS/browser tools for performing automated captures when the "open this webpage for the 'email' to be viewed" prompt is seen.

  • ...on the Right to Forget thing.

    This isn't the right way to go about this.
    If the worry is about government destroying records, what needs to be done is government being forced to conduct business using services that guarantees record keeping. Simple as that.
    Gmail is not the only mail server there is out there, people have plenty of choice to use services that already have a self destruct option for years now, so it makes no sense to put the burden on Gmail or any other singular service while taking the func

  • by mrdogi ( 82975 ) <mrdogi.sbcglobal@net> on Saturday May 05, 2018 @10:24PM (#56561522) Homepage

    As the network admin for a local government entity that uses gmail, and not having had a chance to see exactly how this will work, I have a fair amount of confidence that the 'destruction' may not be permanent. As long as a particular user's account exists, the email associated with that account exists in Google Vault. A user can delete all of their email, but that just means they don't have access to it anymore. As an admin for our Google domain, I am still able to get access to any and all emails.

    Yes, if the account is actually deleted, which in our case can only be done by a domain admin, either in our AD or in the Admin Console in Google, then all emails will be gone. Whomever does that, and there are records, will be in serious legal trouble if the account was deleted before the required period has expired, in our case 7 years. Yes, that could hide deeper criminal activity, but as an admin, it is my co-responsibility to keep those laws. This is the same as any other network/server administrator in any government entity anywhere. The trust is there, it's a matter of keeping it.

  • There doesn't seem to be any serious consequences for people in government retaining incrimination e-mails, either. Well, you might lose an election, but probably not. The loss was caused by the Russkies, or women voters being intimidated by their husbands and fathers, or whatever.
  • They won't actually delete the e-mail. They'll just mark it that it's supposed to be deleted and who did that. Then later it can come back and the fact they tried to get rid of it.

  • Think of all the crimes committed using the soil of North America by the criminals!

    North America should be evicted !!

I've got a bad feeling about this.

Working...