Judge Orders Yahoo to Explain How It Recovered ‘Deleted’ Emails in Drugs Case (opens in new tab)

(motherboard.vice.com)

103 pointsalternize9y ago74 comments

74 comments

Relevant and coincidental personal anecdote: 10 years ago I caught my x-wife in an affair as she was using this same method the communicate with her lover. Her choice of email address for the shared account raised alarms on my firewall, so it was a simple matter to track to her machine. While she had gone to the similar trouble to delete all records on Yahoo (coincidentally), she had been browsing with IE which, due to some off-line setting, was cacheing locally all of the pages she had written. It was simply a matter of laying hands on her laptop and downloading all of that cache to expose the ruse.

I cannot find the article, but I believe this method of sharing access to one e-mail account to many parties was one of the comms methods employed by the 9/11 terrorists, pioneered by Columbian drug lords.

keketi9y ago

David Petraeus and his mistress were using the same trick: https://www.washingtonpost.com/news/worldviews/wp/2012/11/12...

616c9y ago

I was recently bored and watched, after years of avoiding it, The Traitor (2008), with Don Cheadle as a terrorist ... or not so-terrorist. The movie was pretty bad (there's the real spoiler!).

In that movie, which I just check the date for, seems like one of the first pop references to the idea of sharing email drafts in a free email account without sending anything.

https://www.washingtonpost.com/news/worldviews/wp/2012/11/12...

Now, can someone prove me one better and find where this idea got traction? I honestly laughed watching that movie, wondering if Petraeus watched it years earlier, and thought to himself, I wonder if this will work in real life ...

UPDATE: I could, gee, also try RTFWPA! It refers 2005 reports of AQ using the same tactic, you know, where probably he got it from.

Or he got it from the movie, which would make me in a die a fit of laughter!

1 more reply

jacquesm9y ago

Funny, I've run the mail server of our family for quite a while and it would never enter my head to read someone else's email.

cloudjacker9y ago

the mail server? how do you avoid being put in the spam bin of every email provider ever?

seems like it would have been a hassle to deal with for the last 15 years

3 more replies

pbhjpbhj9y ago

I wonder if this would now technically be an offence under the Computer Misuse Act (CMA) as presumably she didn't give you authorisation to access her laptop?

HarryHirsch9y ago

Diary-reading was bad form even before. If you want your adolescent child to never ever trust you again for the rest of their life, go read their diary.

1 more reply

kevin_thibedeau9y ago

Spouses share communal property. Hard to argue that your husband can't be allowed to use a common resource of the household.

2 more replies

gerdesj9y ago

"Her choice of email address for the shared account raised alarms on my firewall"

That's a pretty serious firewall you have there. Assuming that s/he was not using encrypted smtp and imap or pop, then you still have a L7 filter that reads and logs email addresses and alarms on them. Now it is unlikely (to me) that you would have a whitelist of acceptable email addresses with which to alarm. I can think of a few other things you might have done to trigger alarms and all of them are pretty distasteful.

So I will conclude you simply violated her civil rights and spied on her.

I feel sorrow for you, genuinely, that you have had a relationship problem but I suspect that it would have been easier to find out what was going on in the various old fashioned ways, rather than farting around with IT and being a bit creepy.

colejohnson669y ago

You don't have to save the messages. You just need to look at the logs. If you had traffic to/from mail.google.com, no problem. But if you have traffic /to/ ashleymadison.com or whatever, that's suspicious

1 more reply

brunoqc9y ago

> Her choice of email address for the shared account raised alarms on my firewall

What does that even mean?

satysin9y ago

I would assume he means it wasn't one of the big players such as Gmail or Outlook so when he saw traffic to mail.ru or whatever service it was it looked suspicious to his normal traffic profile.

fencepost9y ago

> bobbyandsue@example.com

"but my name's Jim...."

alexandrerond9y ago

Not really unhappy that someone cheats on husband who keeps tabs on family internet habits (to the point of analyzing http traffic destinations) and then has no reticences to running forensics on wife's computer.

dpark9y ago

I have trouble understanding why people go through such lengths to maintain a hidden affair. If you've decided to have a long-term relationship with the new person, why not just file for divorce instead of going through ridiculous lengths to hide your new relationship? It seems like a lot of trouble, plus it makes it very clear that you're a terrible person when it's discovered.

Please forgive my nosy question, but was she financially dependent on you or was there some other reason for her to maintain the marriage?

DanBC9y ago

Affairs aren't about leaving your current partner and starting with someone new. The point of many affairs is the keeping it hidden stuff which adds to the excitement.

1 more reply

danieltillett9y ago

Some people like to have their cake and eat it.

beachstartup9y ago

i'm curious... what was her reaction when you recovered the data?

colejohnson669y ago

Divorce?

1 more reply

cloudjacker9y ago

TOTALLYNOTCHEATING@YAHOO.COM

pliny9y ago

Here's a thought: what if 'Yahoo gives FBI snapshots' is actually parallel construction, but Yahoo are not allowed (under PATRIOT or whatever) to admit the extent of their cooperation with three letter agencies (for instance, that they hand over everything they see without requests being made). Do they have to refuse to comply with the court?

anonymousab9y ago

There is likely leeway for them, or the government, to address the judge in private and get this all dismissed.

Or perhaps some immunity to any results.

tobylane9y ago

In that case I'm surprised the judges are permitted to ask this sort of question in public, it creates a warrant canary.

resoluteteeth9y ago

I suspect that yahoo and other companies haven't yet taken the issue of failing to delete data that should be deleted as seriously as that of losing data that shouldn't be deleted, but this has the potential to become a significant privacy issue.

HarryHirsch9y ago

Data retention is negotiated and spelled out in detail in NDAs for contract research organizations. It's easy to delete data from servers once a project is done, but the backup tapes also have copies. You can't throw the tapes out, because the company needs them, hence there are agreements what happens to the data and tapes, and nowadays these are standard practice.

This is a solved problem in the real world, but some companies would have us think it's the Wild West, when in fact it isn't.

TechnicalVault9y ago

The solution with backup tapes is obvious, you encrypt the files on the tapes with session keys and encrypt a copy of the session key with a client/project or project key stored on a separate random access medium. When the project needs to be deleted you destroy the key for that project, job done. The most difficult bit is enforcing the proper ownership and location of files so that you know which ones belong to which project. More complicated schemes can sllow files to be shared between projects but the basic principle remains the same.

rbobby9y ago

But what about the backups of where the encrypted session keys are kept? Wouldn't this be a "backups all the way down" situation?

1 more reply

greenyoda9y ago

But an NDA can't prevent a company from turning over their backup data to the authorities when presented with a legitimate warrant from a court.

HarryHirsch9y ago

At least you know what documents are retained, and in what form, and for how long, and you can plan around that. With all these free services you can only assume the worst.

falcolas9y ago

I'm curious if there will be blowback on Internet email companies if it turns out the emails were not deleted, just archived away from user's access.

gaius9y ago

If you ever see an auto-complete feature on a website, it's probable that that website is logging every keystroke. If you type "thermal detonators" into Google, but never actually click the button, it's still flagged up aboard the Imperial Command Ship.

Kenji9y ago

I once read an article about facebook even reporting back to the mothership messages that you typed out but did not actually send because you changed your mind. Never forget: The website owns the window you're operating in (if there's JavaScript), not just requests you send by clicking <a> links.

colejohnson669y ago

Doubt it. Remember the NSA "scandal" that lasted a few months before people went back to not caring? Remember Kony 2012? North Korea's human rights violations? You'll never fix the problems in America until you fix the horrifically apathetic attitude of Americans.

IgorPartola9y ago

Aren't backups basically a guarantee that you can never ever delete anything from anyone's server? Even if you hit delete on an email/post/photo/etc. if they made a backup before then, your data will now forever live on in some vault or maybe just Amazon Glacier. I can't imagine that Yahoo would go and retroactively remove your email from their backup tapes/optical discs/offline hard drives/clay tablets that they use.

scoot9y ago

The nearest thing to a "standard" for retention of operational backups is 30-60 days. For organisations retaining backups as part of some ill-conceived archive, 7 years is typical; for organisations retaining backups under legal hold, or whose backup process is out of control, indefinite retention is not unheard of.

So while it's possible that backups mean you can never be entirely certain your deleted data will stay deleted, it's most certainly not guaranteed.

In Europe, the recently enacted General Data Protection Regulations "GDPR" which will come into force in 2018 will in theory require organisations to ensure that personal information is removed in an appropriate timeframe - this would include disposing of backups, or where data is comingled, ensuring at a granular level that data is blacklisted for restore.

It remains to be seen how practical that will be, so moving to retentions appropriate for operational restore may be the more sensible solution.

lox9y ago

I could imagine drafts have much less diligent deletion policies vs sent emails. Auto-save mechanisms typically keep a long history of diffs, or whole versions.

catfood9y ago

UPDATE email SET deleted = 1 WHERE uuid = '3b431dc020cc404b8bbea290e91b9865';

geggam9y ago

Farm model replicated across regions backed by filers taking snapshots of the entire farm.

* my speculation

perseusprime119y ago

Is anything ever deleted?

satysin9y ago
If it is on a third-parties servers then hell no.

j / k navigate · click thread line to collapse

74 comments

codemogul9y ago

keketi9y ago
David Petraeus and his mistress were using the same trick: https://www.washingtonpost.com/news/worldviews/wp/2012/11/12...
616c9y ago
I was recently bored and watched, after years of avoiding it, The Traitor (2008), with Don Cheadle as a terrorist ... or not so-terrorist. The movie was pretty bad (there's the real spoiler!).
In that movie, which I just check the date for, seems like one of the first pop references to the idea of sharing email drafts in a free email account without sending anything.
https://www.washingtonpost.com/news/worldviews/wp/2012/11/12...
Now, can someone prove me one better and find where this idea got traction? I honestly laughed watching that movie, wondering if Petraeus watched it years earlier, and thought to himself, I wonder if this will work in real life ...
UPDATE: I could, gee, also try RTFWPA! It refers 2005 reports of AQ using the same tactic, you know, where probably he got it from.
Or he got it from the movie, which would make me in a die a fit of laughter!
1 more reply

jacquesm9y ago
Funny, I've run the mail server of our family for quite a while and it would never enter my head to read someone else's email.
cloudjacker9y ago
the mail server? how do you avoid being put in the spam bin of every email provider ever?
seems like it would have been a hassle to deal with for the last 15 years
3 more replies

pbhjpbhj9y ago
I wonder if this would now technically be an offence under the Computer Misuse Act (CMA) as presumably she didn't give you authorisation to access her laptop?
HarryHirsch9y ago
Diary-reading was bad form even before. If you want your adolescent child to never ever trust you again for the rest of their life, go read their diary.
1 more reply
kevin_thibedeau9y ago
Spouses share communal property. Hard to argue that your husband can't be allowed to use a common resource of the household.
2 more replies

gerdesj9y ago
"Her choice of email address for the shared account raised alarms on my firewall"
That's a pretty serious firewall you have there. Assuming that s/he was not using encrypted smtp and imap or pop, then you still have a L7 filter that reads and logs email addresses and alarms on them. Now it is unlikely (to me) that you would have a whitelist of acceptable email addresses with which to alarm. I can think of a few other things you might have done to trigger alarms and all of them are pretty distasteful.
So I will conclude you simply violated her civil rights and spied on her.
I feel sorrow for you, genuinely, that you have had a relationship problem but I suspect that it would have been easier to find out what was going on in the various old fashioned ways, rather than farting around with IT and being a bit creepy.
colejohnson669y ago
You don't have to save the messages. You just need to look at the logs. If you had traffic to/from mail.google.com, no problem. But if you have traffic /to/ ashleymadison.com or whatever, that's suspicious
1 more reply

brunoqc9y ago
> Her choice of email address for the shared account raised alarms on my firewall
What does that even mean?
satysin9y ago
I would assume he means it wasn't one of the big players such as Gmail or Outlook so when he saw traffic to mail.ru or whatever service it was it looked suspicious to his normal traffic profile.
fencepost9y ago
> bobbyandsue@example.com
"but my name's Jim...."
alexandrerond9y ago
Not really unhappy that someone cheats on husband who keeps tabs on family internet habits (to the point of analyzing http traffic destinations) and then has no reticences to running forensics on wife's computer.

dpark9y ago
I have trouble understanding why people go through such lengths to maintain a hidden affair. If you've decided to have a long-term relationship with the new person, why not just file for divorce instead of going through ridiculous lengths to hide your new relationship? It seems like a lot of trouble, plus it makes it very clear that you're a terrible person when it's discovered.
Please forgive my nosy question, but was she financially dependent on you or was there some other reason for her to maintain the marriage?
DanBC9y ago
Affairs aren't about leaving your current partner and starting with someone new. The point of many affairs is the keeping it hidden stuff which adds to the excitement.
1 more reply
danieltillett9y ago
Some people like to have their cake and eat it.

beachstartup9y ago
i'm curious... what was her reaction when you recovered the data?
colejohnson669y ago
Divorce?
1 more reply

cloudjacker9y ago
TOTALLYNOTCHEATING@YAHOO.COM

pliny9y ago

anonymousab9y ago
There is likely leeway for them, or the government, to address the judge in private and get this all dismissed.
Or perhaps some immunity to any results.
tobylane9y ago
In that case I'm surprised the judges are permitted to ask this sort of question in public, it creates a warrant canary.

resoluteteeth9y ago

The idea that Yahoo is covering for a government surveillance program is entertaining, but it hardly seems difficult to believe that they aren't actually deleting what they say they are deleting. Of course, keeping copies of everything forever in violation of their own policy is not exactly going to make law enforcement unhappy.
I suspect that yahoo and other companies haven't yet taken the issue of failing to delete data that should be deleted as seriously as that of losing data that shouldn't be deleted, but this has the potential to become a significant privacy issue.

HarryHirsch9y ago

TechnicalVault9y ago
The solution with backup tapes is obvious, you encrypt the files on the tapes with session keys and encrypt a copy of the session key with a client/project or project key stored on a separate random access medium. When the project needs to be deleted you destroy the key for that project, job done. The most difficult bit is enforcing the proper ownership and location of files so that you know which ones belong to which project. More complicated schemes can sllow files to be shared between projects but the basic principle remains the same.
rbobby9y ago
But what about the backups of where the encrypted session keys are kept? Wouldn't this be a "backups all the way down" situation?
1 more reply

greenyoda9y ago
But an NDA can't prevent a company from turning over their backup data to the authorities when presented with a legitimate warrant from a court.
HarryHirsch9y ago
At least you know what documents are retained, and in what form, and for how long, and you can plan around that. With all these free services you can only assume the worst.

falcolas9y ago

I'm curious if there will be blowback on Internet email companies if it turns out the emails were not deleted, just archived away from user's access.

gaius9y ago
If you ever see an auto-complete feature on a website, it's probable that that website is logging every keystroke. If you type "thermal detonators" into Google, but never actually click the button, it's still flagged up aboard the Imperial Command Ship.
Kenji9y ago
I once read an article about facebook even reporting back to the mothership messages that you typed out but did not actually send because you changed your mind. Never forget: The website owns the window you're operating in (if there's JavaScript), not just requests you send by clicking <a> links.

colejohnson669y ago
Doubt it. Remember the NSA "scandal" that lasted a few months before people went back to not caring? Remember Kony 2012? North Korea's human rights violations? You'll never fix the problems in America until you fix the horrifically apathetic attitude of Americans.

IgorPartola9y ago

scoot9y ago
The nearest thing to a "standard" for retention of operational backups is 30-60 days. For organisations retaining backups as part of some ill-conceived archive, 7 years is typical; for organisations retaining backups under legal hold, or whose backup process is out of control, indefinite retention is not unheard of.
So while it's possible that backups mean you can never be entirely certain your deleted data will stay deleted, it's most certainly not guaranteed.
In Europe, the recently enacted General Data Protection Regulations "GDPR" which will come into force in 2018 will in theory require organisations to ensure that personal information is removed in an appropriate timeframe - this would include disposing of backups, or where data is comingled, ensuring at a granular level that data is blacklisted for restore.
It remains to be seen how practical that will be, so moving to retentions appropriate for operational restore may be the more sensible solution.

lox9y ago

I could imagine drafts have much less diligent deletion policies vs sent emails. Auto-save mechanisms typically keep a long history of diffs, or whole versions.

catfood9y ago

UPDATE email SET deleted = 1 WHERE uuid = '3b431dc020cc404b8bbea290e91b9865';

geggam9y ago

Farm model replicated across regions backed by filers taking snapshots of the entire farm.
* my speculation

perseusprime119y ago

Is anything ever deleted?

satysin9y ago
If it is on a third-parties servers then hell no.

j / k navigate · click thread line to collapse