When delete doesn’t mean delete

Big Brother Watch Team / June 23, 2016

Ever deleted a draft email because you’ve realised that it probably wasn’t suitable for your boss/mum/boyfriend/best friend* to read? Assumed it was gone for good? You may be in for a bit of a shock.

Motherboard published an article this week about two men convicted of drug smuggling, partially because of information gathered from a private email account. Once again we find a situation where firms don’t delete data the user assumed they had.

“A collaborator in Colombia would log into a Yahoo email account and write a message as a draft. Another accomplice in Europe would read the message, delete it, and then write his own. The point of this was to avoid creating any emails that could be found by law enforcement.
Yahoo, says that the emails handed over to law enforcement were obtained because of the company’s “auto-save” feature. Although the existence of this feature isn’t a revelation, it’s unlikely many users are aware that different versions of their draft emails are stored on Yahoo’s servers and are available for recovery by law enforcement, even if the user deletes their final draft.”

While we have no concerns about a visible auto-save function – it’s proved very helpful in writing this blog – there are clear issues with a system of text storage that is hidden from the user and clashes with what we would consider a typical user’s expectation of privacy. We doubt any user realises this is happening, and as far as we can tell they will never have access to these old drafts. So why do Yahoo feel the need to store this information? There doesn’t appear to be a legitimate reason for storing several stages of a draft email. Yahoo refuses to say how long the draft emails are kept for and why they bother saving old drafts at all. This lack of transparency raises serious privacy concerns, even if in this case it was part of the evidence used by law enforcement to solve a case.

All this is eerily similar to how Facebook records the words users type, even if they are deleted before being posted. As the author of the article writes, “They’re probably more concerned with why you end up ditching certain posts, which could help Facebook determine how to minimize self-censorship in the future.” To put it simply, it’s none of their business!

In both cases, words never meant for public eyes have been stored against any reasonable expectation of privacy with no warning. These examples are sadly symptomatic of how many companies imply data is deleted even when it is not. We simply ask that companies be clear that when it says “delete my data” it’s gone for good!

* Delete as appropriate